Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3IWq37gplUSah5H8l_mykIg3r_0.roa
File:                     3IWq37gplUSah5H8l_mykIg3r_0.roa (raw, json)
Hash identifier:          nW74xFWdSJ0q18zh60xEFwg4qYnGrCe+zwcWIKJE6bI=
Subject key identifier:   DC:85:AA:DF:B8:29:95:44:9A:87:91:FC:97:F9:B2:90:88:37:AF:FD
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FC334F31AB351045C27B82BA3BFCA
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3IWq37gplUSah5H8l_mykIg3r_0.roa
Signing time:             Wed 01 Jan 2025 13:48:14 +0000
ROA not before:           Wed 01 Jan 2025 13:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51277
IP address blocks:        78.133.153.0/24 maxlen: 24
                          78.133.170.0/23 maxlen: 23
                          94.42.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c3:34:f3:1a:b3:51:04:5c:27:b8:2b:a3:bf:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc85aadfb82995449a8791fc97f9b2908837affd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bc:1b:5f:8e:4f:cc:c3:01:b5:b5:93:78:97:
                    da:a1:f1:71:ea:77:53:13:3a:53:1e:99:4b:2e:27:
                    4b:f9:53:26:78:de:8b:f8:06:94:8f:e2:93:68:9e:
                    28:2d:59:29:8b:43:03:c5:b5:8a:4f:3a:de:bc:c1:
                    96:77:a5:75:28:a7:ea:3d:cb:12:6c:ed:60:2a:76:
                    62:4d:86:94:6d:bc:56:b9:11:36:25:39:f2:a9:7d:
                    70:8d:00:a4:d7:77:ae:4b:fe:a7:f7:08:0f:a1:87:
                    40:f3:af:18:dc:48:dc:44:59:44:33:04:53:e7:2b:
                    7b:fa:80:3f:15:4e:f6:a5:8b:e8:fd:d0:e9:52:9a:
                    c8:bf:a5:5a:ae:0c:be:fe:53:cb:7e:73:e5:c7:68:
                    44:6f:e4:39:2d:f8:5a:5e:bb:fd:c7:75:8e:93:d7:
                    79:30:ec:db:1f:34:3e:89:78:86:11:99:49:bb:9e:
                    a4:06:2d:45:b0:f7:ed:9a:e4:af:80:8a:5a:b9:a6:
                    b2:ce:c5:1d:70:4f:b2:a8:9f:9f:95:b4:bd:67:6f:
                    17:51:26:8f:82:0c:f6:b5:95:03:d9:4c:65:4e:fa:
                    15:68:51:68:10:f3:cc:c3:30:6d:2c:14:e8:11:c2:
                    31:af:b5:31:56:e7:ce:fc:fe:43:86:60:21:bc:1f:
                    48:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:85:AA:DF:B8:29:95:44:9A:87:91:FC:97:F9:B2:90:88:37:AF:FD
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/3IWq37gplUSah5H8l_mykIg3r_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.133.153.0/24
                  78.133.170.0/23
                  94.42.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:2a:5f:e9:5a:41:4c:90:c3:e2:c3:79:c7:a1:3c:6b:06:1e:
         97:a4:da:eb:57:b0:67:7f:e2:ee:3d:43:34:51:08:24:6a:fc:
         7c:a6:95:76:f9:c0:68:e6:3c:2a:40:fc:5f:ba:45:bb:54:0b:
         0b:f3:7c:52:8d:3e:a3:1b:69:8b:82:69:09:27:c3:40:70:87:
         a3:6d:e4:80:41:cf:8c:05:da:1e:84:a2:16:3a:35:e6:d9:1b:
         22:fc:36:14:d9:a3:37:22:47:d7:07:1a:28:17:05:b1:30:8b:
         6b:99:dd:4f:d6:15:b4:89:39:d8:36:79:3c:40:de:a5:49:28:
         a2:c2:62:db:e2:41:6d:61:e5:d1:22:4b:15:a4:1f:70:3c:5c:
         fb:2f:bb:02:50:d7:19:02:f3:1b:40:86:a1:80:a0:13:33:e1:
         1c:5d:9f:ab:63:cb:11:6c:d6:6c:1b:87:58:c1:21:52:86:f8:
         c6:27:bf:00:8c:2e:40:3c:60:e5:3b:df:32:ad:70:f7:42:9a:
         6a:95:7b:94:46:79:54:da:04:bf:46:22:41:91:90:18:52:f9:
         85:58:ec:25:69:5e:ef:c2:ff:bb:b4:8c:08:ab:a8:37:04:e0:
         ca:8f:3d:10:a6:80:de:c6:ca:bb:62:0b:d6:c2:94:1a:a0:62:
         30:ce:d5:db
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiH8M08xqzUQRcJ7gro7/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzg1YWFkZmI4Mjk5NTQ0OWE4NzkxZmM5N2Y5YjI5MDg4MzdhZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7wbX45PzMMBtbWTeJfaofFx6ndT
EzpTHplLLidL+VMmeN6L+AaUj+KTaJ4oLVkpi0MDxbWKTzrevMGWd6V1KKfqPcsS
bO1gKnZiTYaUbbxWuRE2JTnyqX1wjQCk13euS/6n9wgPoYdA868Y3EjcRFlEMwRT
5yt7+oA/FU72pYvo/dDpUprIv6Vargy+/lPLfnPlx2hEb+Q5LfhaXrv9x3WOk9d5
MOzbHzQ+iXiGEZlJu56kBi1FsPftmuSvgIpauaayzsUdcE+yqJ+flbS9Z28XUSaP
ggz2tZUD2UxlTvoVaFFoEPPMwzBtLBToEcIxr7UxVufO/P5DhmAhvB9I5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNyFqt+4KZVEmoeR/Jf5spCIN6/9MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvM0lXcTM3Z3BsVVNhaDVIOGxfbXlrSWczcl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAToWZAwQB
ToWqAwQAXiqEMA0GCSqGSIb3DQEBCwUAA4IBAQCEKl/pWkFMkMPiw3nHoTxrBh6X
pNrrV7Bnf+LuPUM0UQgkavx8ppV2+cBo5jwqQPxfukW7VAsL83xSjT6jG2mLgmkJ
J8NAcIejbeSAQc+MBdoehKIWOjXm2Rsi/DYU2aM3IkfXBxooFwWxMItrmd1P1hW0
iTnYNnk8QN6lSSiiwmLb4kFtYeXRIksVpB9wPFz7L7sCUNcZAvMbQIahgKATM+Ec
XZ+rY8sRbNZsG4dYwSFShvjGJ78AjC5APGDlO98yrXD3QppqlXuURnlU2gS/RiJB
kZAYUvmFWOwlaV7vwv+7tIwIq6g3BODKjz0QpoDexsq7YgvWwpQaoGIwztXb
-----END CERTIFICATE-----