Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/09lPg3280N3ZZ86hKfoO1uBHQzU.roa
File:                     09lPg3280N3ZZ86hKfoO1uBHQzU.roa (raw, json)
Hash identifier:          nnylAsJyHM10QSoZPAI37zrHno/gVhQAjT+wCMZWOs0=
Subject key identifier:   D3:D9:4F:83:7D:BC:D0:DD:D9:67:CE:A1:29:FA:0E:D6:E0:47:43:35
Certificate issuer:       /CN=cbb7c20b55a470dab892f4c91ea0010bd1c39f34
Certificate serial:       0194258E6E6396D5F5434FD4CAEDA97310EB
Authority key identifier: CB:B7:C2:0B:55:A4:70:DA:B8:92:F4:C9:1E:A0:01:0B:D1:C3:9F:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y7fCC1WkcNq4kvTJHqABC9HDnzQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/09lPg3280N3ZZ86hKfoO1uBHQzU.roa
Signing time:             Thu 02 Jan 2025 05:47:58 +0000
ROA not before:           Thu 02 Jan 2025 05:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4134
IP address blocks:        147.78.134.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/y7fCC1WkcNq4kvTJHqABC9HDnzQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/y7fCC1WkcNq4kvTJHqABC9HDnzQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y7fCC1WkcNq4kvTJHqABC9HDnzQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:6e:63:96:d5:f5:43:4f:d4:ca:ed:a9:73:10:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbb7c20b55a470dab892f4c91ea0010bd1c39f34
        Validity
            Not Before: Jan  2 05:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3d94f837dbcd0ddd967cea129fa0ed6e0474335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e0:57:ac:50:a7:74:89:c7:11:f1:69:f2:4d:
                    a8:49:46:2d:88:d1:1d:e9:66:7d:f0:69:08:32:01:
                    d2:d7:2d:c7:7a:96:50:8b:5e:bd:47:d0:19:e0:20:
                    1b:e5:d1:7e:79:b9:f3:9d:1a:7d:69:13:58:09:0a:
                    af:c5:24:b6:b5:de:82:94:da:14:2b:45:25:4f:26:
                    a4:2e:ad:b2:1e:ef:d8:91:0c:4a:39:fe:ac:79:7f:
                    fb:09:5b:96:97:e9:31:4d:b6:cd:31:46:dd:ce:ef:
                    e3:c2:d6:99:6e:ca:0f:e0:92:fc:00:2b:d8:cf:25:
                    5e:27:ef:10:3a:a3:2c:e7:6e:a8:e2:60:87:6d:47:
                    70:af:27:3f:99:3a:52:4e:fc:72:66:12:97:37:71:
                    60:ce:2f:07:95:66:cd:b2:40:cf:c6:4e:36:5a:41:
                    1f:c9:28:35:d6:de:ee:4c:21:56:71:53:6b:c0:50:
                    c5:60:af:b5:ad:d2:ad:21:00:12:4d:03:ff:d9:3d:
                    ae:52:88:d7:cd:b8:09:d4:17:7b:56:db:8f:fe:db:
                    47:2f:be:58:74:80:a6:21:27:c3:dd:44:13:a3:f0:
                    d6:6f:51:25:90:07:12:90:2f:d9:00:62:eb:24:cc:
                    60:49:1f:4c:a1:94:df:0c:a3:a0:19:70:6a:70:ed:
                    9a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D9:4F:83:7D:BC:D0:DD:D9:67:CE:A1:29:FA:0E:D6:E0:47:43:35
            X509v3 Authority Key Identifier:
                keyid:CB:B7:C2:0B:55:A4:70:DA:B8:92:F4:C9:1E:A0:01:0B:D1:C3:9F:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y7fCC1WkcNq4kvTJHqABC9HDnzQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/09lPg3280N3ZZ86hKfoO1uBHQzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f0c24-440a-4ff7-a0c8-256339736c2b/1/y7fCC1WkcNq4kvTJHqABC9HDnzQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:44:7a:8d:01:bc:ea:09:ad:a9:04:ba:6e:43:8a:25:91:19:
         c8:60:66:f6:21:b1:47:7d:bf:c1:f7:ed:61:07:6b:f9:31:75:
         46:a4:d2:36:36:d5:8e:b3:11:fb:d8:c5:d0:d5:f7:ef:c4:76:
         82:75:fc:c0:08:c8:b1:5e:95:a8:4b:3d:c6:3e:b0:75:9a:4f:
         b7:62:21:fe:ee:6b:7b:51:5b:13:21:ff:a2:b6:6d:76:66:7c:
         95:9a:0f:7d:bb:d4:25:0d:00:0e:a8:87:4f:10:b4:10:38:10:
         95:63:ff:16:b9:d7:f5:6e:e4:51:59:42:50:3b:d3:5d:07:64:
         4c:94:f9:9d:74:b2:75:76:12:71:60:63:92:81:7f:21:30:65:
         55:61:e0:2e:a7:1c:3c:68:96:4b:96:5d:97:76:2e:44:01:72:
         1b:c9:f6:dd:cf:22:bd:88:d8:d0:92:7c:14:e5:8d:ca:64:6b:
         86:85:cb:67:7e:16:3d:6a:53:cf:60:17:fb:09:53:54:b6:6e:
         80:31:c9:46:d8:fa:2d:5f:b2:b6:71:2b:41:1f:2e:a8:51:ae:
         b7:5b:d3:ec:eb:68:88:50:2c:f6:13:dc:db:86:96:cf:99:3e:
         99:c3:97:d6:52:ff:69:7d:cf:86:8a:07:34:75:0c:04:e0:9c:
         ea:34:78:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljm5jltX1Q0/Uyu2pcxDrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYjdjMjBiNTVhNDcwZGFiODkyZjRjOTFlYTAwMTBiZDFj
MzlmMzQwHhcNMjUwMTAyMDU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Q5NGY4MzdkYmNkMGRkZDk2N2NlYTEyOWZhMGVkNmUwNDc0MzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOBXrFCndInHEfFp8k2oSUYtiNEd
6WZ98GkIMgHS1y3HepZQi169R9AZ4CAb5dF+ebnznRp9aRNYCQqvxSS2td6ClNoU
K0UlTyakLq2yHu/YkQxKOf6seX/7CVuWl+kxTbbNMUbdzu/jwtaZbsoP4JL8ACvY
zyVeJ+8QOqMs526o4mCHbUdwryc/mTpSTvxyZhKXN3Fgzi8HlWbNskDPxk42WkEf
ySg11t7uTCFWcVNrwFDFYK+1rdKtIQASTQP/2T2uUojXzbgJ1Bd7VtuP/ttHL75Y
dICmISfD3UQTo/DWb1ElkAcSkC/ZAGLrJMxgSR9MoZTfDKOgGXBqcO2aGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPZT4N9vNDd2WfOoSn6DtbgR0M1MB8GA1UdIwQY
MBaAFMu3wgtVpHDauJL0yR6gAQvRw580MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTdmQ0MxV2tjTnE0a3ZUSkhxQUJDOUhEbnpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi83ZjBjMjQtNDQwYS00ZmY3LWEwYzgt
MjU2MzM5NzM2YzJiLzEvMDlsUGczMjgwTjNaWjg2aEtmb08xdUJIUXpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi83ZjBjMjQtNDQwYS00ZmY3LWEwYzgtMjU2MzM5NzM2YzJi
LzEveTdmQ0MxV2tjTnE0a3ZUSkhxQUJDOUhEbnpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk06GMA0G
CSqGSIb3DQEBCwUAA4IBAQBfRHqNAbzqCa2pBLpuQ4olkRnIYGb2IbFHfb/B9+1h
B2v5MXVGpNI2NtWOsxH72MXQ1ffvxHaCdfzACMixXpWoSz3GPrB1mk+3YiH+7mt7
UVsTIf+itm12ZnyVmg99u9QlDQAOqIdPELQQOBCVY/8Wudf1buRRWUJQO9NdB2RM
lPmddLJ1dhJxYGOSgX8hMGVVYeAupxw8aJZLll2Xdi5EAXIbyfbdzyK9iNjQknwU
5Y3KZGuGhctnfhY9alPPYBf7CVNUtm6AMclG2PotX7K2cStBHy6oUa63W9Ps62iI
UCz2E9zbhpbPmT6Zw5fWUv9pfc+Gigc0dQwE4JzqNHgN
-----END CERTIFICATE-----