Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/t-NTnv2Ro8nWywZwXpvfbvg95_c.roa
File:                     t-NTnv2Ro8nWywZwXpvfbvg95_c.roa (raw, json)
Hash identifier:          nKK6UB3Rz/fAFcSsBek32u+mXGAo3Dx3MPDp3oR/j+8=
Subject key identifier:   B7:E3:53:9E:FD:91:A3:C9:D6:CB:06:70:5E:9B:DF:6E:F8:3D:E7:F7
Certificate issuer:       /CN=f62e0e55e5c5a30ec04bd6dc46d154b3e4b7b5f5
Certificate serial:       0194266C118F1EF6DBA251DDA21EE656C053
Authority key identifier: F6:2E:0E:55:E5:C5:A3:0E:C0:4B:D6:DC:46:D1:54:B3:E4:B7:B5:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9i4OVeXFow7AS9bcRtFUs-S3tfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/t-NTnv2Ro8nWywZwXpvfbvg95_c.roa
Signing time:             Thu 02 Jan 2025 09:50:04 +0000
ROA not before:           Thu 02 Jan 2025 09:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201218
IP address blocks:        78.24.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/9i4OVeXFow7AS9bcRtFUs-S3tfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/9i4OVeXFow7AS9bcRtFUs-S3tfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9i4OVeXFow7AS9bcRtFUs-S3tfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:11:8f:1e:f6:db:a2:51:dd:a2:1e:e6:56:c0:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62e0e55e5c5a30ec04bd6dc46d154b3e4b7b5f5
        Validity
            Not Before: Jan  2 09:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7e3539efd91a3c9d6cb06705e9bdf6ef83de7f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:82:24:8a:6a:96:1d:1e:89:c3:e0:a6:8c:f8:
                    40:4c:5c:65:2f:04:12:ac:cd:20:f0:56:42:61:d7:
                    cb:30:90:49:36:82:ff:e8:f7:ea:ef:1b:9a:84:4f:
                    3b:00:f7:7b:10:83:31:dd:b5:82:10:03:6b:df:8d:
                    e7:e3:8a:ca:ae:22:cf:2d:43:00:ee:60:48:09:60:
                    41:0b:e2:b1:24:89:8b:f5:82:18:c2:28:fe:4a:73:
                    9a:b2:1d:03:44:84:b4:89:d0:a0:0b:43:ba:0b:82:
                    98:bb:6f:92:94:7e:64:7d:04:f4:82:fd:7e:0b:79:
                    18:d1:22:71:c1:04:50:55:25:f1:bc:a9:37:c3:a8:
                    d8:a2:97:fb:ae:42:70:82:58:89:29:f7:e4:30:43:
                    0f:e2:85:ff:04:f4:a3:1b:61:bc:bb:79:8b:b2:23:
                    a4:20:ef:44:46:ce:48:2a:6d:30:2e:cb:6c:2d:47:
                    22:b3:3c:3c:74:51:18:67:3d:ac:eb:cb:46:26:6f:
                    dd:37:19:d6:38:78:a6:ee:55:3a:42:f5:fe:21:20:
                    33:09:65:8e:a2:3c:98:78:0b:d0:79:dd:37:d2:d6:
                    02:bb:75:11:17:9d:1c:e7:8e:27:b2:4f:d8:1d:48:
                    78:2d:85:4b:93:63:77:58:1d:10:d7:fb:05:41:ef:
                    3b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E3:53:9E:FD:91:A3:C9:D6:CB:06:70:5E:9B:DF:6E:F8:3D:E7:F7
            X509v3 Authority Key Identifier:
                keyid:F6:2E:0E:55:E5:C5:A3:0E:C0:4B:D6:DC:46:D1:54:B3:E4:B7:B5:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9i4OVeXFow7AS9bcRtFUs-S3tfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/t-NTnv2Ro8nWywZwXpvfbvg95_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f997c8-df70-4d7f-b86d-192cb369423f/1/9i4OVeXFow7AS9bcRtFUs-S3tfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.24.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:2d:d4:06:17:c1:ba:4e:6c:8d:09:17:fe:50:08:79:26:ad:
         f9:c3:aa:3b:3c:7d:a2:14:a3:5a:5c:40:6d:2d:c0:25:76:42:
         4f:f8:22:73:ba:e1:8b:0c:7a:51:03:03:3b:19:f4:08:26:8d:
         bf:6d:42:c4:70:5b:95:87:61:8c:2b:06:c7:38:95:38:b9:59:
         de:82:8e:28:1a:83:65:7a:a3:c0:d6:3a:5d:65:97:6c:1b:33:
         13:d8:16:55:4b:88:69:97:be:2b:ca:f2:96:42:3f:f1:da:36:
         d1:69:1a:b2:0d:27:b3:0c:c3:59:18:ef:33:e6:b1:59:f1:53:
         44:72:f6:70:1f:43:70:b3:21:92:98:81:79:48:21:54:ad:94:
         34:d2:17:76:30:7a:8b:16:7e:0f:fc:c1:10:01:0d:64:0c:92:
         f3:ec:6d:91:44:b5:65:22:0c:08:d8:8d:b3:07:b8:ca:ee:f6:
         96:09:a6:24:90:39:dd:41:c0:87:2a:d2:f2:bd:e0:a2:9e:51:
         ba:5e:b0:da:f6:6d:97:30:bb:22:7f:9a:13:37:6c:43:11:33:
         96:cb:7b:12:44:b0:79:50:97:87:13:a1:bd:a6:c8:99:92:96:
         98:cc:20:ac:4c:16:1e:3c:19:38:f1:0b:ae:0f:ae:7b:7f:c6:
         58:6f:dd:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBGPHvbbolHdoh7mVsBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MmUwZTU1ZTVjNWEzMGVjMDRiZDZkYzQ2ZDE1NGIzZTRi
N2I1ZjUwHhcNMjUwMTAyMDk1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2UzNTM5ZWZkOTFhM2M5ZDZjYjA2NzA1ZTliZGY2ZWY4M2RlN2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YIkimqWHR6Jw+CmjPhATFxlLwQS
rM0g8FZCYdfLMJBJNoL/6Pfq7xuahE87APd7EIMx3bWCEANr343n44rKriLPLUMA
7mBICWBBC+KxJImL9YIYwij+SnOash0DRIS0idCgC0O6C4KYu2+SlH5kfQT0gv1+
C3kY0SJxwQRQVSXxvKk3w6jYopf7rkJwgliJKffkMEMP4oX/BPSjG2G8u3mLsiOk
IO9ERs5IKm0wLstsLUciszw8dFEYZz2s68tGJm/dNxnWOHim7lU6QvX+ISAzCWWO
ojyYeAvQed030tYCu3URF50c544nsk/YHUh4LYVLk2N3WB0Q1/sFQe87BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfjU579kaPJ1ssGcF6b3274Pef3MB8GA1UdIwQY
MBaAFPYuDlXlxaMOwEvW3EbRVLPkt7X1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWk0T1ZlWEZvdzdBUzliY1J0RlVzLVMzdGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mOTk3YzgtZGY3MC00ZDdmLWI4NmQt
MTkyY2IzNjk0MjNmLzEvdC1OVG52MlJvOG5XeXdad1hwdmZidmc5NV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mOTk3YzgtZGY3MC00ZDdmLWI4NmQtMTkyY2IzNjk0MjNm
LzEvOWk0T1ZlWEZvdzdBUzliY1J0RlVzLVMzdGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAThjLMA0G
CSqGSIb3DQEBCwUAA4IBAQANLdQGF8G6TmyNCRf+UAh5Jq35w6o7PH2iFKNaXEBt
LcAldkJP+CJzuuGLDHpRAwM7GfQIJo2/bULEcFuVh2GMKwbHOJU4uVnego4oGoNl
eqPA1jpdZZdsGzMT2BZVS4hpl74ryvKWQj/x2jbRaRqyDSezDMNZGO8z5rFZ8VNE
cvZwH0NwsyGSmIF5SCFUrZQ00hd2MHqLFn4P/MEQAQ1kDJLz7G2RRLVlIgwI2I2z
B7jK7vaWCaYkkDndQcCHKtLyveCinlG6XrDa9m2XMLsif5oTN2xDETOWy3sSRLB5
UJeHE6G9psiZkpaYzCCsTBYePBk48QuuD657f8ZYb91v
-----END CERTIFICATE-----