Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/d36409-8845-4fa3-9dbd-9834171eb7d6/1/WvOZemqg-ypHTTal2SMuUFTSuok.roa
File:                     WvOZemqg-ypHTTal2SMuUFTSuok.roa (raw, json)
Hash identifier:          2VHKeSfOF/+IIaH05goA5gK0Fp6ZUSiibX9gEoU9FvE=
Subject key identifier:   5A:F3:99:7A:6A:A0:FB:2A:47:4D:36:A5:D9:23:2E:50:54:D2:BA:89
Certificate issuer:       /CN=7083c2efd4133541b645b661784cddd49c489c5b
Certificate serial:       019778BD8D1CDA59BF93DC365839A2BC9C06
Authority key identifier: 70:83:C2:EF:D4:13:35:41:B6:45:B6:61:78:4C:DD:D4:9C:48:9C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIPC79QTNUG2RbZheEzd1JxInFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/d36409-8845-4fa3-9dbd-9834171eb7d6/1/WvOZemqg-ypHTTal2SMuUFTSuok.roa
Signing time:             Mon 16 Jun 2025 12:36:17 +0000
ROA not before:           Mon 16 Jun 2025 12:36:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35316
IP address blocks:        193.47.78.0/24 maxlen: 24
                          193.239.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/d36409-8845-4fa3-9dbd-9834171eb7d6/1/cIPC79QTNUG2RbZheEzd1JxInFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/d36409-8845-4fa3-9dbd-9834171eb7d6/1/cIPC79QTNUG2RbZheEzd1JxInFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIPC79QTNUG2RbZheEzd1JxInFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:bd:8d:1c:da:59:bf:93:dc:36:58:39:a2:bc:9c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7083c2efd4133541b645b661784cddd49c489c5b
        Validity
            Not Before: Jun 16 12:36:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5af3997a6aa0fb2a474d36a5d9232e5054d2ba89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:26:bb:d8:5e:7b:7f:30:2c:cc:93:4e:4e:aa:
                    b1:c7:76:22:82:d5:3b:d6:6c:87:57:19:e0:c9:66:
                    c2:f1:40:c9:dd:56:a9:b4:ed:46:cf:78:de:3f:05:
                    a7:5e:0f:14:48:aa:46:61:c5:69:6d:d3:ad:c6:dc:
                    30:ed:93:ed:3c:82:80:0f:4b:76:05:fe:62:75:dd:
                    f7:ef:b4:a5:2f:b6:86:36:a5:74:6d:1d:1f:bf:ff:
                    94:90:d3:c6:39:f4:4d:f6:b6:37:dd:bf:e2:9c:6f:
                    27:c2:f8:bd:e9:84:d5:e3:21:b0:2c:73:3b:55:82:
                    2d:d9:61:1a:45:95:11:92:35:2b:91:c7:4c:36:62:
                    8f:41:d0:12:d0:b9:72:50:a1:dd:b3:ac:4b:93:3c:
                    85:46:7c:99:fd:48:07:a6:e8:62:84:70:5b:43:f8:
                    56:df:bd:cc:90:4c:7a:5e:74:f7:4a:84:20:37:81:
                    8d:99:47:0b:1f:da:5d:dd:0f:57:68:47:86:15:b2:
                    54:15:90:0e:dc:e5:9e:c5:d8:68:4c:d5:5f:cd:99:
                    7d:21:ad:c4:b0:51:1b:d7:e0:de:27:e4:2b:f6:14:
                    81:51:b5:a9:76:36:63:b8:b7:6b:43:09:32:fd:34:
                    a0:85:13:2e:47:85:ab:be:a6:77:34:9e:64:26:81:
                    3a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:F3:99:7A:6A:A0:FB:2A:47:4D:36:A5:D9:23:2E:50:54:D2:BA:89
            X509v3 Authority Key Identifier:
                keyid:70:83:C2:EF:D4:13:35:41:B6:45:B6:61:78:4C:DD:D4:9C:48:9C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIPC79QTNUG2RbZheEzd1JxInFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d36409-8845-4fa3-9dbd-9834171eb7d6/1/WvOZemqg-ypHTTal2SMuUFTSuok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/d36409-8845-4fa3-9dbd-9834171eb7d6/1/cIPC79QTNUG2RbZheEzd1JxInFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.78.0/24
                  193.239.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:8c:7b:a1:a8:6b:7c:f2:0b:e1:a9:29:b1:26:7b:0b:d7:89:
         8b:d6:21:f4:26:46:ac:70:32:bf:f8:8b:63:1d:91:da:01:a6:
         d7:84:bd:bd:4a:55:95:d1:8c:4b:a0:31:50:32:f1:6d:88:26:
         c3:da:ad:fe:c4:3c:88:3a:49:5e:83:a9:95:fc:23:7b:2c:bf:
         ed:b7:91:a0:65:12:03:20:85:a2:ea:ee:0d:be:62:62:89:9d:
         b2:db:bc:c1:df:ae:71:c5:80:6a:56:02:54:50:b8:64:33:f9:
         b4:d2:b1:00:f8:72:15:1b:18:5b:8f:86:e2:a3:01:75:fa:8b:
         a7:df:51:0a:06:29:0f:ed:b0:d6:0c:2d:49:44:d1:a1:0c:3f:
         21:69:21:19:86:dd:9d:55:ab:22:61:1b:c5:5b:8d:6c:98:c1:
         f6:62:20:69:e8:bc:ed:2f:6b:06:c8:98:88:f5:cf:b2:37:81:
         d9:79:f7:07:a8:87:c5:63:08:f3:e5:49:d5:cb:6d:f0:a7:11:
         d1:31:cf:79:1f:24:0c:66:ae:d7:46:e1:65:38:a8:e4:92:6a:
         bf:76:13:b4:0c:b6:2a:b4:c4:85:de:df:8f:42:a9:2d:56:2f:
         f9:2f:3d:99:32:02:b9:69:dd:5f:22:78:1b:d2:86:5d:21:67:
         5c:4c:55:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZd4vY0c2lm/k9w2WDmivJwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODNjMmVmZDQxMzM1NDFiNjQ1YjY2MTc4NGNkZGQ0OWM0
ODljNWIwHhcNMjUwNjE2MTIzNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWYzOTk3YTZhYTBmYjJhNDc0ZDM2YTVkOTIzMmU1MDU0ZDJiYTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxia72F57fzAszJNOTqqxx3YigtU7
1myHVxngyWbC8UDJ3VaptO1Gz3jePwWnXg8USKpGYcVpbdOtxtww7ZPtPIKAD0t2
Bf5idd3377SlL7aGNqV0bR0fv/+UkNPGOfRN9rY33b/inG8nwvi96YTV4yGwLHM7
VYIt2WEaRZURkjUrkcdMNmKPQdAS0LlyUKHds6xLkzyFRnyZ/UgHpuhihHBbQ/hW
373MkEx6XnT3SoQgN4GNmUcLH9pd3Q9XaEeGFbJUFZAO3OWexdhoTNVfzZl9Ia3E
sFEb1+DeJ+Qr9hSBUbWpdjZjuLdrQwky/TSghRMuR4WrvqZ3NJ5kJoE60QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFrzmXpqoPsqR002pdkjLlBU0rqJMB8GA1UdIwQY
MBaAFHCDwu/UEzVBtkW2YXhM3dScSJxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lQQzc5UVROVUcyUmJaaGVFemQxSnhJbkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9kMzY0MDktODg0NS00ZmEzLTlkYmQt
OTgzNDE3MWViN2Q2LzEvV3ZPWmVtcWcteXBIVFRhbDJTTXVVRlRTdW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9kMzY0MDktODg0NS00ZmEzLTlkYmQtOTgzNDE3MWViN2Q2
LzEvY0lQQzc5UVROVUcyUmJaaGVFemQxSnhJbkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwS9OAwQB
we/eMA0GCSqGSIb3DQEBCwUAA4IBAQBIjHuhqGt88gvhqSmxJnsL14mL1iH0Jkas
cDK/+ItjHZHaAabXhL29SlWV0YxLoDFQMvFtiCbD2q3+xDyIOkleg6mV/CN7LL/t
t5GgZRIDIIWi6u4NvmJiiZ2y27zB365xxYBqVgJUULhkM/m00rEA+HIVGxhbj4bi
owF1+oun31EKBikP7bDWDC1JRNGhDD8haSEZht2dVasiYRvFW41smMH2YiBp6Lzt
L2sGyJiI9c+yN4HZefcHqIfFYwjz5UnVy23wpxHRMc95HyQMZq7XRuFlOKjkkmq/
dhO0DLYqtMSF3t+PQqktVi/5Lz2ZMgK5ad1fIngb0oZdIWdcTFUA
-----END CERTIFICATE-----