Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/5fbc20-1367-4d64-ae05-e15339f772c5/1/3y2tjY2wv2hPWo8Jjs9g1G9k2XU.roa
File:                     3y2tjY2wv2hPWo8Jjs9g1G9k2XU.roa (raw, json)
Hash identifier:          qyjRMAEUAmhHrAhDYNjvXf2jg8IqGPd2UJBcfxCKTEk=
Subject key identifier:   DF:2D:AD:8D:8D:B0:BF:68:4F:5A:8F:09:8E:CF:60:D4:6F:64:D9:75
Certificate issuer:       /CN=b8a516bfec92b1c8c7573ff884d841680e6f783f
Certificate serial:       0196CECE9047DDD973DBB56FE80159F2BAC9
Authority key identifier: B8:A5:16:BF:EC:92:B1:C8:C7:57:3F:F8:84:D8:41:68:0E:6F:78:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uKUWv-ySscjHVz_4hNhBaA5veD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/5fbc20-1367-4d64-ae05-e15339f772c5/1/3y2tjY2wv2hPWo8Jjs9g1G9k2XU.roa
Signing time:             Wed 14 May 2025 12:39:25 +0000
ROA not before:           Wed 14 May 2025 12:39:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41492
IP address blocks:        195.78.64.0/24 maxlen: 24
                          195.78.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/5fbc20-1367-4d64-ae05-e15339f772c5/1/uKUWv-ySscjHVz_4hNhBaA5veD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/5fbc20-1367-4d64-ae05-e15339f772c5/1/uKUWv-ySscjHVz_4hNhBaA5veD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uKUWv-ySscjHVz_4hNhBaA5veD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:ce:90:47:dd:d9:73:db:b5:6f:e8:01:59:f2:ba:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8a516bfec92b1c8c7573ff884d841680e6f783f
        Validity
            Not Before: May 14 12:39:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df2dad8d8db0bf684f5a8f098ecf60d46f64d975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9f:2f:13:cf:28:c7:fc:55:d6:6f:95:54:52:
                    77:b0:d6:e1:cd:06:39:4f:5a:51:63:05:f5:2c:75:
                    ae:21:1c:3f:2b:42:e2:6b:38:78:2d:c8:73:20:19:
                    40:1e:5c:80:86:9f:b1:66:18:83:39:47:71:5e:2a:
                    4c:bc:76:4f:7e:4e:77:70:86:d9:05:ac:ee:11:b4:
                    97:fd:81:12:0f:dd:bf:93:33:1b:ed:b8:ab:75:a1:
                    c0:ac:da:17:e6:a7:4b:69:de:7d:34:39:52:60:2d:
                    65:ea:71:52:c4:49:93:a3:30:27:cd:b5:77:1c:e4:
                    a4:31:26:d2:e7:47:05:fd:60:4e:8e:b5:3d:5e:17:
                    35:9e:85:a8:43:4f:98:fc:7d:2f:69:34:0e:6a:fb:
                    a7:66:9d:c3:49:03:76:ca:28:61:3a:63:bc:d8:39:
                    5f:c8:37:be:05:7f:12:8e:18:50:f1:33:78:47:98:
                    bf:61:a1:ae:c9:c4:1b:ba:e1:99:df:b4:88:25:5a:
                    61:3b:18:75:02:54:9a:dd:cd:ca:ac:e8:cd:2a:8f:
                    bb:0f:18:67:ae:97:1e:5c:ee:30:25:f6:4e:a5:29:
                    1a:74:07:68:fa:46:08:a9:ad:0a:cd:1c:2e:7b:84:
                    ab:a3:a3:32:e8:f9:9c:ef:2e:6f:97:23:3c:9a:19:
                    e2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:2D:AD:8D:8D:B0:BF:68:4F:5A:8F:09:8E:CF:60:D4:6F:64:D9:75
            X509v3 Authority Key Identifier:
                keyid:B8:A5:16:BF:EC:92:B1:C8:C7:57:3F:F8:84:D8:41:68:0E:6F:78:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uKUWv-ySscjHVz_4hNhBaA5veD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5fbc20-1367-4d64-ae05-e15339f772c5/1/3y2tjY2wv2hPWo8Jjs9g1G9k2XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/5fbc20-1367-4d64-ae05-e15339f772c5/1/uKUWv-ySscjHVz_4hNhBaA5veD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:aa:bb:e0:3d:4e:ff:e2:b6:40:f1:e2:46:46:03:bf:04:c5:
         e7:04:14:da:01:f3:74:6a:ec:e8:ca:15:72:97:8d:40:1b:a8:
         8e:38:dc:6f:e2:f8:3c:6e:13:4c:01:f4:11:f0:71:ec:78:dd:
         95:6a:d5:25:9b:16:de:c9:82:20:15:ce:ea:ab:19:1f:e0:32:
         1e:36:dd:99:a5:16:29:66:50:32:64:73:53:fd:d6:93:1a:18:
         b2:11:cd:10:9c:85:22:89:2a:33:af:ff:f1:34:af:a3:ad:4d:
         66:b9:16:b3:e9:8f:d1:86:d7:38:6b:b2:af:14:a8:38:e0:df:
         27:2b:a7:04:ed:93:4d:fe:4c:ac:75:ed:84:be:b3:5c:63:25:
         c7:c8:5d:56:fb:57:39:6b:34:18:90:a9:1a:1d:8b:0a:11:9a:
         3a:2f:69:e2:14:78:8e:86:52:bf:c0:3f:ea:f9:88:c2:22:cf:
         dc:cb:bd:16:11:48:d6:90:ba:b3:d2:a8:b4:e0:f4:63:9d:f3:
         9b:0c:0d:55:10:73:d8:ee:c1:5c:aa:35:6d:a1:41:24:ae:9c:
         aa:94:78:f8:9f:a8:3d:ea:79:62:cf:7a:fa:54:2a:c9:51:69:
         ee:b6:63:6a:bb:e7:de:b9:7c:2b:27:57:f2:e5:ac:a7:68:2a:
         10:82:fc:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbOzpBH3dlz27Vv6AFZ8rrJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4YTUxNmJmZWM5MmIxYzhjNzU3M2ZmODg0ZDg0MTY4MGU2
Zjc4M2YwHhcNMjUwNTE0MTIzOTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjJkYWQ4ZDhkYjBiZjY4NGY1YThmMDk4ZWNmNjBkNDZmNjRkOTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv58vE88ox/xV1m+VVFJ3sNbhzQY5
T1pRYwX1LHWuIRw/K0Liazh4LchzIBlAHlyAhp+xZhiDOUdxXipMvHZPfk53cIbZ
BazuEbSX/YESD92/kzMb7birdaHArNoX5qdLad59NDlSYC1l6nFSxEmTozAnzbV3
HOSkMSbS50cF/WBOjrU9Xhc1noWoQ0+Y/H0vaTQOavunZp3DSQN2yihhOmO82Dlf
yDe+BX8SjhhQ8TN4R5i/YaGuycQbuuGZ37SIJVphOxh1AlSa3c3KrOjNKo+7Dxhn
rpceXO4wJfZOpSkadAdo+kYIqa0KzRwue4Sro6My6Pmc7y5vlyM8mhniJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8trY2NsL9oT1qPCY7PYNRvZNl1MB8GA1UdIwQY
MBaAFLilFr/skrHIx1c/+ITYQWgOb3g/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUtVV3YteVNzY2pIVnpfNGhOaEJhQTV2ZUQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy81ZmJjMjAtMTM2Ny00ZDY0LWFlMDUt
ZTE1MzM5Zjc3MmM1LzEvM3kydGpZMnd2MmhQV284SmpzOWcxRzlrMlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy81ZmJjMjAtMTM2Ny00ZDY0LWFlMDUtZTE1MzM5Zjc3MmM1
LzEvdUtVV3YteVNzY2pIVnpfNGhOaEJhQTV2ZUQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw05AMA0G
CSqGSIb3DQEBCwUAA4IBAQBGqrvgPU7/4rZA8eJGRgO/BMXnBBTaAfN0auzoyhVy
l41AG6iOONxv4vg8bhNMAfQR8HHseN2VatUlmxbeyYIgFc7qqxkf4DIeNt2ZpRYp
ZlAyZHNT/daTGhiyEc0QnIUiiSozr//xNK+jrU1muRaz6Y/Rhtc4a7KvFKg44N8n
K6cE7ZNN/kysde2EvrNcYyXHyF1W+1c5azQYkKkaHYsKEZo6L2niFHiOhlK/wD/q
+YjCIs/cy70WEUjWkLqz0qi04PRjnfObDA1VEHPY7sFcqjVtoUEkrpyqlHj4n6g9
6nliz3r6VCrJUWnutmNqu+feuXwrJ1fy5aynaCoQgvw4
-----END CERTIFICATE-----