Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a55553-2975-4244-b260-5bdbf6f847f9/1/tCV34_eFEm-bBTr3p-Dum9J6ZzA.roa
File:                     tCV34_eFEm-bBTr3p-Dum9J6ZzA.roa (raw, json)
Hash identifier:          lJs/8jun541iQ5FmJ+SShA8Wi27D6ss5N6YmTLmASl4=
Subject key identifier:   B4:25:77:E3:F7:85:12:6F:9B:05:3A:F7:A7:E0:EE:9B:D2:7A:67:30
Certificate issuer:       /CN=bd73747f78bd328d0ae1c89171b381aa19011ace
Certificate serial:       019736664145B688F18B68B3BB32E081BEDC
Authority key identifier: BD:73:74:7F:78:BD:32:8D:0A:E1:C8:91:71:B3:81:AA:19:01:1A:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vXN0f3i9Mo0K4ciRcbOBqhkBGs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a55553-2975-4244-b260-5bdbf6f847f9/1/tCV34_eFEm-bBTr3p-Dum9J6ZzA.roa
Signing time:             Tue 03 Jun 2025 15:26:00 +0000
ROA not before:           Tue 03 Jun 2025 15:26:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40513
IP address blocks:        147.78.60.0/24 maxlen: 24
                          147.78.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/a55553-2975-4244-b260-5bdbf6f847f9/1/vXN0f3i9Mo0K4ciRcbOBqhkBGs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/a55553-2975-4244-b260-5bdbf6f847f9/1/vXN0f3i9Mo0K4ciRcbOBqhkBGs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vXN0f3i9Mo0K4ciRcbOBqhkBGs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:66:41:45:b6:88:f1:8b:68:b3:bb:32:e0:81:be:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd73747f78bd328d0ae1c89171b381aa19011ace
        Validity
            Not Before: Jun  3 15:26:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b42577e3f785126f9b053af7a7e0ee9bd27a6730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c4:94:52:0f:a8:09:56:b2:6d:fa:66:9d:1a:
                    ca:53:83:1e:1b:84:90:bb:5c:67:1f:a7:f1:c6:9f:
                    64:51:42:86:52:1f:f3:94:91:13:ff:d4:ab:ad:f3:
                    20:5d:7d:8d:75:3b:d9:ae:be:56:74:64:ee:48:ed:
                    75:78:01:15:c1:f8:41:0f:f1:3b:b4:e8:35:e4:03:
                    0a:af:4c:35:99:a3:f0:60:8c:d2:01:e8:8d:d6:3a:
                    aa:aa:1e:ed:f9:60:67:6d:f9:95:d3:32:d4:db:66:
                    71:18:d1:c6:d1:cf:c1:1d:af:ed:7e:e1:6c:da:2a:
                    6f:bf:80:03:bf:c8:bf:0c:4d:3c:ee:66:89:0c:f6:
                    8b:01:db:8d:e2:09:68:0d:8f:88:79:f4:35:f3:d8:
                    57:c1:9b:aa:e2:e5:6a:e1:4d:d5:57:39:68:1f:4d:
                    71:42:e4:9e:48:e7:87:73:ea:6f:fb:d3:56:47:ce:
                    07:09:f9:fa:f6:bb:54:5a:1e:95:6f:f3:e9:f6:5a:
                    80:05:e0:53:d8:77:c7:aa:69:1d:da:cb:69:12:f8:
                    2b:ea:5d:0f:12:e0:d7:13:52:d5:5b:c8:24:88:44:
                    bf:2a:13:8a:16:b1:27:f8:b3:1b:9a:49:28:4a:c5:
                    d1:e8:ee:6c:5c:39:49:86:17:c4:f9:7c:f4:ea:bc:
                    c4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:25:77:E3:F7:85:12:6F:9B:05:3A:F7:A7:E0:EE:9B:D2:7A:67:30
            X509v3 Authority Key Identifier:
                keyid:BD:73:74:7F:78:BD:32:8D:0A:E1:C8:91:71:B3:81:AA:19:01:1A:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vXN0f3i9Mo0K4ciRcbOBqhkBGs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a55553-2975-4244-b260-5bdbf6f847f9/1/tCV34_eFEm-bBTr3p-Dum9J6ZzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a55553-2975-4244-b260-5bdbf6f847f9/1/vXN0f3i9Mo0K4ciRcbOBqhkBGs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:d6:65:32:a4:46:54:b5:f6:81:d9:39:cb:18:30:13:52:e8:
         bb:37:17:ea:71:dd:78:57:8f:ac:92:d7:56:27:7a:cd:bf:87:
         1b:04:70:f9:fa:09:b8:47:23:99:6b:eb:8c:97:d7:cb:ca:d0:
         20:3f:53:e7:73:5d:d2:bb:89:a7:ee:e1:f1:35:c8:fb:8a:a4:
         04:3e:ff:67:fb:31:1a:28:62:e6:83:4a:37:a1:b4:8b:e6:3d:
         d2:48:19:66:02:93:c7:7e:95:1b:ce:08:96:c4:4d:4b:c6:e1:
         8f:ac:fa:0d:d5:2b:f5:0f:95:21:ab:16:5e:3e:26:42:5d:84:
         0d:9b:3e:51:dd:b7:76:ff:3d:1a:7a:88:c7:ad:25:fe:31:a9:
         61:00:eb:05:93:5d:d4:ab:59:c6:71:cf:65:38:85:cc:10:eb:
         c3:a2:bf:41:6f:14:c8:6c:88:11:c5:73:a6:c0:8d:dc:4f:f0:
         ef:f9:a1:12:f1:e7:b0:8d:c3:01:7f:6c:ba:11:cf:f7:66:13:
         9e:32:7d:72:2d:d0:ea:76:fe:0d:08:02:28:98:3c:f7:3a:9f:
         23:aa:85:67:68:ff:07:77:7f:b2:62:d8:64:47:6a:e5:6a:82:
         e4:b5:02:ed:d3:ac:7a:45:b3:f2:6b:3a:56:0f:dd:a5:2f:56:
         f3:a6:6d:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc2ZkFFtojxi2izuzLggb7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNzM3NDdmNzhiZDMyOGQwYWUxYzg5MTcxYjM4MWFhMTkw
MTFhY2UwHhcNMjUwNjAzMTUyNjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDI1NzdlM2Y3ODUxMjZmOWIwNTNhZjdhN2UwZWU5YmQyN2E2NzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMSUUg+oCVaybfpmnRrKU4MeG4SQ
u1xnH6fxxp9kUUKGUh/zlJET/9SrrfMgXX2NdTvZrr5WdGTuSO11eAEVwfhBD/E7
tOg15AMKr0w1maPwYIzSAeiN1jqqqh7t+WBnbfmV0zLU22ZxGNHG0c/BHa/tfuFs
2ipvv4ADv8i/DE087maJDPaLAduN4gloDY+IefQ189hXwZuq4uVq4U3VVzloH01x
QuSeSOeHc+pv+9NWR84HCfn69rtUWh6Vb/Pp9lqABeBT2HfHqmkd2stpEvgr6l0P
EuDXE1LVW8gkiES/KhOKFrEn+LMbmkkoSsXR6O5sXDlJhhfE+Xz06rzEpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQld+P3hRJvmwU696fg7pvSemcwMB8GA1UdIwQY
MBaAFL1zdH94vTKNCuHIkXGzgaoZARrOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlhOMGYzaTlNbzBLNGNpUmNiT0JxaGtCR3M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hNTU1NTMtMjk3NS00MjQ0LWIyNjAt
NWJkYmY2Zjg0N2Y5LzEvdENWMzRfZUZFbS1iQlRyM3AtRHVtOUo2WnpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hNTU1NTMtMjk3NS00MjQ0LWIyNjAtNWJkYmY2Zjg0N2Y5
LzEvdlhOMGYzaTlNbzBLNGNpUmNiT0JxaGtCR3M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk048MA0G
CSqGSIb3DQEBCwUAA4IBAQBs1mUypEZUtfaB2TnLGDATUui7Nxfqcd14V4+sktdW
J3rNv4cbBHD5+gm4RyOZa+uMl9fLytAgP1Pnc13Su4mn7uHxNcj7iqQEPv9n+zEa
KGLmg0o3obSL5j3SSBlmApPHfpUbzgiWxE1LxuGPrPoN1Sv1D5UhqxZePiZCXYQN
mz5R3bd2/z0aeojHrSX+MalhAOsFk13Uq1nGcc9lOIXMEOvDor9BbxTIbIgRxXOm
wI3cT/Dv+aES8eewjcMBf2y6Ec/3ZhOeMn1yLdDqdv4NCAIomDz3Op8jqoVnaP8H
d3+yYthkR2rlaoLktQLt06x6RbPyazpWD92lL1bzpm06
-----END CERTIFICATE-----