Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/uuIJKqiCxY0y0ubT_4hw3Wt6jMM.roa
File:                     uuIJKqiCxY0y0ubT_4hw3Wt6jMM.roa (raw, json)
Hash identifier:          TI9xM3TPmO4fMpIDW+jIQ02asi9SHU57FeoO9kxLWzY=
Subject key identifier:   BA:E2:09:2A:A8:82:C5:8D:32:D2:E6:D3:FF:88:70:DD:6B:7A:8C:C3
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0195478D096BB0C4D851604D6F095C4285B3
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/uuIJKqiCxY0y0ubT_4hw3Wt6jMM.roa
Signing time:             Thu 27 Feb 2025 13:16:20 +0000
ROA not before:           Thu 27 Feb 2025 13:16:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        194.147.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:47:8d:09:6b:b0:c4:d8:51:60:4d:6f:09:5c:42:85:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Feb 27 13:16:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bae2092aa882c58d32d2e6d3ff8870dd6b7a8cc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:97:89:30:fd:7c:d9:18:c4:4e:b8:18:2f:3c:
                    28:50:0a:64:b0:15:38:c4:0b:69:54:5f:1f:6c:d7:
                    20:48:8c:98:cb:8c:18:ad:d7:96:c2:0a:1a:52:4f:
                    5a:34:93:48:db:08:6c:30:eb:d6:1f:a2:84:bd:03:
                    e9:7f:f2:62:92:25:5e:15:d7:6a:5b:5e:ea:53:87:
                    05:43:05:d5:e1:6c:82:e2:08:5a:8c:95:13:ff:d6:
                    be:95:7b:3d:f9:ed:1d:f9:57:0b:1c:c4:52:fa:d4:
                    40:f0:9f:44:34:8e:a9:c6:b4:2d:ea:25:5b:84:e2:
                    6c:a1:44:53:8f:3b:60:16:8a:a0:f8:7e:78:cf:70:
                    ce:a4:ff:91:20:d2:ad:9d:c1:59:a4:38:54:7e:2e:
                    55:92:e3:cb:48:64:1a:8a:e7:fd:30:97:7f:55:7d:
                    6e:e4:5d:29:52:66:ec:3f:34:bd:fe:9f:d3:5d:b6:
                    fa:53:a8:35:ca:b8:81:b5:95:43:52:db:6e:b1:d4:
                    76:e0:5d:75:18:d6:7f:63:e1:8c:2d:3d:40:36:6a:
                    88:ce:7d:ec:39:d1:3a:5f:54:39:ba:56:28:6a:8f:
                    1a:23:78:40:d8:d0:57:09:3c:46:9b:79:4f:ba:12:
                    48:66:e3:9d:e6:09:d5:05:38:72:40:ca:c2:13:92:
                    14:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:E2:09:2A:A8:82:C5:8D:32:D2:E6:D3:FF:88:70:DD:6B:7A:8C:C3
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/uuIJKqiCxY0y0ubT_4hw3Wt6jMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:20:a0:87:dd:c8:64:50:36:93:a8:05:ca:ef:f1:88:6f:4a:
         33:f9:42:30:5e:70:ba:f6:f3:0d:9d:f9:b0:b4:42:a6:fd:b9:
         3d:c6:b9:bc:20:44:e0:2e:c4:cd:d7:e8:8e:50:11:0b:3b:f0:
         66:9d:f5:92:32:43:36:0b:57:8d:50:3f:06:42:3f:69:8b:fe:
         35:94:80:2c:3d:c9:4a:f6:f4:50:9d:fe:5c:d4:73:8f:1e:ae:
         c3:73:96:31:fa:9d:bd:75:0b:f7:8f:af:aa:7c:78:1e:36:e8:
         d5:6e:35:28:c5:ca:43:cb:f7:d5:f5:ba:aa:5e:14:9f:86:93:
         32:dd:0d:1f:19:81:4b:20:cd:2f:d1:3a:eb:be:6e:cc:3d:24:
         bc:94:82:fd:56:d8:a1:ee:4f:e2:8d:ff:5b:22:29:e4:30:7d:
         a6:3f:4e:84:c7:d7:af:a4:bc:5b:e1:53:cb:fc:4a:2e:3d:b4:
         96:93:e6:0b:6d:3a:97:38:09:3f:3f:a1:a4:fc:d2:4e:d1:f7:
         9b:6d:5b:40:5d:d8:44:2b:17:8a:ac:a1:f8:e2:df:c3:3f:b5:
         64:6e:92:93:8f:8f:0c:29:4d:5f:0a:23:73:a6:44:d8:d8:01:
         c4:41:28:11:f2:eb:43:8e:05:c4:7d:f0:0b:6b:0a:73:45:e7:
         8d:54:e0:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVHjQlrsMTYUWBNbwlcQoWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMjI3MTMxNjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWUyMDkyYWE4ODJjNThkMzJkMmU2ZDNmZjg4NzBkZDZiN2E4Y2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpeJMP182RjETrgYLzwoUApksBU4
xAtpVF8fbNcgSIyYy4wYrdeWwgoaUk9aNJNI2whsMOvWH6KEvQPpf/JikiVeFddq
W17qU4cFQwXV4WyC4ghajJUT/9a+lXs9+e0d+VcLHMRS+tRA8J9ENI6pxrQt6iVb
hOJsoURTjztgFoqg+H54z3DOpP+RINKtncFZpDhUfi5VkuPLSGQaiuf9MJd/VX1u
5F0pUmbsPzS9/p/TXbb6U6g1yriBtZVDUttusdR24F11GNZ/Y+GMLT1ANmqIzn3s
OdE6X1Q5ulYoao8aI3hA2NBXCTxGm3lPuhJIZuOd5gnVBThyQMrCE5IUIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLriCSqogsWNMtLm0/+IcN1reozDMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvdXVJSktxaUN4WTB5MHViVF80aHczV3Q2ak1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNOMA0G
CSqGSIb3DQEBCwUAA4IBAQB+IKCH3chkUDaTqAXK7/GIb0oz+UIwXnC69vMNnfmw
tEKm/bk9xrm8IETgLsTN1+iOUBELO/BmnfWSMkM2C1eNUD8GQj9pi/41lIAsPclK
9vRQnf5c1HOPHq7Dc5Yx+p29dQv3j6+qfHgeNujVbjUoxcpDy/fV9bqqXhSfhpMy
3Q0fGYFLIM0v0Trrvm7MPSS8lIL9Vtih7k/ijf9bIinkMH2mP06Ex9evpLxb4VPL
/EouPbSWk+YLbTqXOAk/P6Gk/NJO0febbVtAXdhEKxeKrKH44t/DP7VkbpKTj48M
KU1fCiNzpkTY2AHEQSgR8utDjgXEffALawpzReeNVOAW
-----END CERTIFICATE-----