Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/yHRB4Y2OAyzADCHywRZPrfJRG4I.roa
File:                     yHRB4Y2OAyzADCHywRZPrfJRG4I.roa (raw, json)
Hash identifier:          NribQFyQGW5J2lu2xgI9G6pKO663m0SkQqZCGrWC3Yw=
Subject key identifier:   C8:74:41:E1:8D:8E:03:2C:C0:0C:21:F2:C1:16:4F:AD:F2:51:1B:82
Certificate issuer:       /CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
Certificate serial:       01942748453D79318899FE27E86635BD5617
Authority key identifier: 5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/yHRB4Y2OAyzADCHywRZPrfJRG4I.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43709
IP address blocks:        78.157.160.0/19 maxlen: 21
                          2a02:d8a0::/32 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:45:3d:79:31:88:99:fe:27:e8:66:35:bd:56:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c87441e18d8e032cc00c21f2c1164fadf2511b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7e:8b:f0:db:58:56:22:47:2e:2d:52:98:22:
                    0e:f0:58:98:5a:50:c5:8a:5f:f1:5a:60:0c:6d:f0:
                    01:52:ac:bc:d3:aa:14:76:f1:94:f5:c7:8d:42:0d:
                    e8:ac:ae:ff:66:bb:42:36:53:11:e0:43:4b:e9:ca:
                    19:1d:5a:40:3d:d9:c6:04:8b:ab:aa:01:d3:f5:b8:
                    19:f0:e1:d3:19:f9:ad:54:b0:96:7e:fd:54:96:4c:
                    00:df:6b:05:a4:82:b5:db:8a:71:fd:56:68:24:9b:
                    e3:4d:71:49:91:89:86:cb:fa:78:61:0f:39:ea:30:
                    95:21:23:d3:a8:d2:9b:30:5a:81:ed:2d:bd:37:3a:
                    c9:07:9e:46:bc:27:a9:7b:6b:f7:ba:c9:fa:0c:aa:
                    c4:44:3c:58:ae:a3:69:6c:1a:a0:6f:42:2c:f6:6d:
                    a7:5b:de:c1:70:06:f0:1a:71:9e:3c:1f:d6:d9:7f:
                    b7:4e:e0:fe:72:53:db:50:ab:ad:fe:f0:0c:77:4b:
                    63:f5:9f:a3:46:82:67:eb:2e:59:a0:97:39:dc:3d:
                    fc:e7:43:e9:9f:c1:f3:a1:71:25:4e:cd:d6:5c:15:
                    fa:66:91:7c:d7:20:ea:84:de:41:59:c4:c4:f7:b0:
                    ce:00:9e:e3:ad:fd:a7:b3:fb:43:7b:a7:a9:b5:f6:
                    50:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:74:41:E1:8D:8E:03:2C:C0:0C:21:F2:C1:16:4F:AD:F2:51:1B:82
            X509v3 Authority Key Identifier:
                keyid:5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/yHRB4Y2OAyzADCHywRZPrfJRG4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.157.160.0/19
                IPv6:
                  2a02:d8a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:ef:47:0b:c1:30:ac:6b:9a:83:93:9e:3a:7d:9f:0c:c9:94:
         00:f4:23:58:66:d5:9e:2e:b3:ca:c4:8c:d6:df:ea:b1:9a:0e:
         82:a4:89:65:15:57:0c:34:85:6e:82:17:17:9b:9b:e9:cc:60:
         b5:eb:27:68:ac:c2:de:c9:ed:2e:eb:04:8c:c7:e9:c4:fa:af:
         ab:bf:50:8c:a1:b5:4c:c4:75:b1:6a:d9:92:77:4b:e0:62:9a:
         35:67:58:75:6e:8b:d0:8a:d8:9d:0a:ad:32:20:59:d2:9d:af:
         8c:ba:af:10:b4:14:b4:04:7a:d0:80:ff:62:25:e7:1b:11:ce:
         36:2c:04:e9:6e:27:97:2e:e8:ce:77:d2:c8:29:a7:66:72:81:
         8b:bc:4b:e1:13:4a:63:7b:8b:b3:8e:f7:4e:7b:5f:d5:cd:b8:
         a0:55:3b:13:19:7f:6c:0a:12:29:dc:57:33:76:00:bf:42:95:
         0b:b2:f8:15:45:7a:25:7a:4b:ac:29:4a:2a:bc:13:d2:13:71:
         d4:f4:c6:d6:b6:d4:66:21:9c:7e:04:99:37:4a:57:b1:25:e8:
         1d:95:74:1d:3f:96:11:7b:c3:ad:b2:5f:4d:6a:3f:24:04:d7:
         70:f2:7d:2c:3a:9e:8e:dc:42:ef:6f:7a:9e:ae:28:fe:79:3b:
         a7:5e:e6:b1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSEU9eTGImf4n6GY1vVYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMWRkNmVjNGEyZTFmMzc2Yzg1NWM1ODMxMjE5NWEwMDVj
ZGI4NTAwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODc0NDFlMThkOGUwMzJjYzAwYzIxZjJjMTE2NGZhZGYyNTExYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn6L8NtYViJHLi1SmCIO8FiYWlDF
il/xWmAMbfABUqy806oUdvGU9ceNQg3orK7/ZrtCNlMR4ENL6coZHVpAPdnGBIur
qgHT9bgZ8OHTGfmtVLCWfv1UlkwA32sFpIK124px/VZoJJvjTXFJkYmGy/p4YQ85
6jCVISPTqNKbMFqB7S29NzrJB55GvCepe2v3usn6DKrERDxYrqNpbBqgb0Is9m2n
W97BcAbwGnGePB/W2X+3TuD+clPbUKut/vAMd0tj9Z+jRoJn6y5ZoJc53D3850Pp
n8HzoXElTs3WXBX6ZpF81yDqhN5BWcTE97DOAJ7jrf2ns/tDe6eptfZQMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMh0QeGNjgMswAwh8sEWT63yURuCMB8GA1UdIwQY
MBaAFFwd1uxKLh83bIVcWDEhlaAFzbhQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYt
Mzk2NzFlMGI2MjY2LzEveUhSQjRZMk9BeXpBRENIeXdSWlByZkpSRzRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYtMzk2NzFlMGI2MjY2
LzEvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTp2gMA0E
AgACMAcDBQAqAtigMA0GCSqGSIb3DQEBCwUAA4IBAQCd70cLwTCsa5qDk546fZ8M
yZQA9CNYZtWeLrPKxIzW3+qxmg6CpIllFVcMNIVughcXm5vpzGC16ydorMLeye0u
6wSMx+nE+q+rv1CMobVMxHWxatmSd0vgYpo1Z1h1bovQitidCq0yIFnSna+Muq8Q
tBS0BHrQgP9iJecbEc42LATpbieXLujOd9LIKadmcoGLvEvhE0pje4uzjvdOe1/V
zbigVTsTGX9sChIp3FczdgC/QpULsvgVRXolekusKUoqvBPSE3HU9MbWttRmIZx+
BJk3SlexJegdlXQdP5YRe8Otsl9Naj8kBNdw8n0sOp6O3ELvb3qerij+eTunXuax
-----END CERTIFICATE-----