Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/eP87Vey-9rBbyOrOh4YCvuO3c1M.roa
File:                     eP87Vey-9rBbyOrOh4YCvuO3c1M.roa (raw, json)
Hash identifier:          az6VMbDPubRZM135slIGEREK5WUZUt9MUwTRvHW3psg=
Subject key identifier:   78:FF:3B:55:EC:BE:F6:B0:5B:C8:EA:CE:87:86:02:BE:E3:B7:73:53
Certificate issuer:       /CN=3ca447fd0979b8a989355c354d304d114d20727a
Certificate serial:       0194228D26788192B5BACCC3C65F67EDFCD8
Authority key identifier: 3C:A4:47:FD:09:79:B8:A9:89:35:5C:35:4D:30:4D:11:4D:20:72:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PKRH_Ql5uKmJNVw1TTBNEU0gcno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/eP87Vey-9rBbyOrOh4YCvuO3c1M.roa
Signing time:             Wed 01 Jan 2025 15:47:43 +0000
ROA not before:           Wed 01 Jan 2025 15:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208967
IP address blocks:        194.76.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/PKRH_Ql5uKmJNVw1TTBNEU0gcno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/PKRH_Ql5uKmJNVw1TTBNEU0gcno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PKRH_Ql5uKmJNVw1TTBNEU0gcno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:26:78:81:92:b5:ba:cc:c3:c6:5f:67:ed:fc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ca447fd0979b8a989355c354d304d114d20727a
        Validity
            Not Before: Jan  1 15:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78ff3b55ecbef6b05bc8eace878602bee3b77353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b3:43:6b:6e:64:b5:f5:99:b4:26:a1:7e:69:
                    03:e7:ba:b7:35:63:9e:1a:c7:ff:2e:8d:3d:7c:2a:
                    96:b4:a1:27:37:47:27:3d:28:dd:fd:b5:bc:e3:3c:
                    47:c1:0f:5e:ec:de:35:09:10:0e:bc:8e:18:f6:0d:
                    28:0f:ba:82:c2:49:db:ee:21:da:7a:a9:e7:e2:e9:
                    76:83:86:85:de:a2:6c:9c:b3:92:fd:80:4c:6f:33:
                    38:36:8d:85:f5:e6:11:7c:7b:40:15:8d:90:ab:10:
                    06:5e:10:72:3b:55:9d:9d:4c:d9:c8:d7:8d:03:2a:
                    de:3f:02:49:d6:52:29:f4:4f:e6:6d:1b:56:3b:81:
                    44:94:81:4c:e8:0a:a5:e1:69:42:26:eb:8a:9b:d2:
                    f4:fd:94:e2:ce:95:1f:aa:80:ce:04:9f:1b:b0:22:
                    95:fd:bb:c5:62:57:73:4c:c8:a8:71:c4:cb:aa:e0:
                    4c:7c:36:55:29:7f:33:0e:73:d3:92:75:66:1b:4f:
                    59:18:18:d8:41:a4:1e:df:84:30:97:83:86:fb:6f:
                    22:6a:73:cd:bb:f5:34:c0:45:be:d9:10:c1:4f:3e:
                    d3:62:38:b8:80:51:da:f0:c5:df:25:65:26:98:77:
                    df:98:ab:94:3e:33:c3:2d:cf:d5:c5:2a:82:50:37:
                    ee:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:FF:3B:55:EC:BE:F6:B0:5B:C8:EA:CE:87:86:02:BE:E3:B7:73:53
            X509v3 Authority Key Identifier:
                keyid:3C:A4:47:FD:09:79:B8:A9:89:35:5C:35:4D:30:4D:11:4D:20:72:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PKRH_Ql5uKmJNVw1TTBNEU0gcno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/eP87Vey-9rBbyOrOh4YCvuO3c1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/b5a08f-d9f8-432d-ba4b-a6ef752c6dc2/1/PKRH_Ql5uKmJNVw1TTBNEU0gcno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:f9:1b:a8:db:ae:24:3e:7c:a7:ab:6e:e6:bc:ce:6c:ca:d4:
         53:cf:e6:75:41:27:b9:a6:74:22:f3:46:e0:11:14:c9:a9:8f:
         8a:e1:68:2a:53:c1:f0:06:47:9b:a0:65:e1:45:76:fd:e8:8b:
         e6:11:6c:61:10:a9:d4:9c:8f:46:31:91:b0:c0:44:c8:04:ce:
         1a:8e:8b:1d:be:fa:9a:7b:72:93:42:60:5c:d9:32:1c:61:a6:
         96:a2:c4:f8:a5:e9:0a:57:4a:05:20:80:92:a2:d4:77:98:f8:
         cd:3a:30:16:3d:1a:3e:4f:7a:be:38:c5:b7:ab:b4:64:91:05:
         79:c0:71:aa:e9:32:2d:dc:e2:6f:ae:eb:f8:9e:b9:ae:64:95:
         84:40:13:05:e2:ce:89:93:59:74:25:06:03:4f:c5:44:68:d7:
         5d:ac:7b:40:6d:78:d5:a9:06:1a:10:d9:36:ce:db:78:8b:fd:
         52:d9:af:af:25:d1:48:a5:40:0e:71:d0:1e:89:c9:9f:e8:ef:
         eb:24:79:43:76:d3:5f:c9:e1:a9:22:61:df:e0:55:fc:1a:0c:
         76:d2:ff:f1:ff:d4:e5:1d:58:99:54:8a:a4:4d:24:6d:19:6f:
         5e:82:cb:93:aa:ce:15:3f:9b:15:c7:41:35:18:f6:90:06:dd:
         55:a6:9c:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSZ4gZK1uszDxl9n7fzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYTQ0N2ZkMDk3OWI4YTk4OTM1NWMzNTRkMzA0ZDExNGQy
MDcyN2EwHhcNMjUwMTAxMTU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGZmM2I1NWVjYmVmNmIwNWJjOGVhY2U4Nzg2MDJiZWUzYjc3MzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7NDa25ktfWZtCahfmkD57q3NWOe
Gsf/Lo09fCqWtKEnN0cnPSjd/bW84zxHwQ9e7N41CRAOvI4Y9g0oD7qCwknb7iHa
eqnn4ul2g4aF3qJsnLOS/YBMbzM4No2F9eYRfHtAFY2QqxAGXhByO1WdnUzZyNeN
AyrePwJJ1lIp9E/mbRtWO4FElIFM6Aql4WlCJuuKm9L0/ZTizpUfqoDOBJ8bsCKV
/bvFYldzTMioccTLquBMfDZVKX8zDnPTknVmG09ZGBjYQaQe34Qwl4OG+28ianPN
u/U0wEW+2RDBTz7TYji4gFHa8MXfJWUmmHffmKuUPjPDLc/VxSqCUDfuSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHj/O1XsvvawW8jqzoeGAr7jt3NTMB8GA1UdIwQY
MBaAFDykR/0JebipiTVcNU0wTRFNIHJ6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEtSSF9RbDV1S21KTlZ3MVRUQk5FVTBnY25vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9iNWEwOGYtZDlmOC00MzJkLWJhNGIt
YTZlZjc1MmM2ZGMyLzEvZVA4N1ZleS05ckJieU9yT2g0WUN2dU8zYzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9iNWEwOGYtZDlmOC00MzJkLWJhNGItYTZlZjc1MmM2ZGMy
LzEvUEtSSF9RbDV1S21KTlZ3MVRUQk5FVTBnY25vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkwqMA0G
CSqGSIb3DQEBCwUAA4IBAQAn+Ruo264kPnynq27mvM5sytRTz+Z1QSe5pnQi80bg
ERTJqY+K4WgqU8HwBkeboGXhRXb96IvmEWxhEKnUnI9GMZGwwETIBM4ajosdvvqa
e3KTQmBc2TIcYaaWosT4pekKV0oFIICSotR3mPjNOjAWPRo+T3q+OMW3q7RkkQV5
wHGq6TIt3OJvruv4nrmuZJWEQBMF4s6Jk1l0JQYDT8VEaNddrHtAbXjVqQYaENk2
ztt4i/1S2a+vJdFIpUAOcdAeicmf6O/rJHlDdtNfyeGpImHf4FX8Ggx20v/x/9Tl
HViZVIqkTSRtGW9egsuTqs4VP5sVx0E1GPaQBt1VppwZ
-----END CERTIFICATE-----