Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/14yzxnwqUSwvrrETahNiGeuMfU8.roa
File:                     14yzxnwqUSwvrrETahNiGeuMfU8.roa (raw, json)
Hash identifier:          1o8ogm8JdxPweWmu8YIDVjVj+f47mkWEWUna8WgNOgY=
Subject key identifier:   D7:8C:B3:C6:7C:2A:51:2C:2F:AE:B1:13:6A:13:62:19:EB:8C:7D:4F
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0195F02AC66261FBD9A4A6194B7A165C7367
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/14yzxnwqUSwvrrETahNiGeuMfU8.roa
Signing time:             Tue 01 Apr 2025 07:04:49 +0000
ROA not before:           Tue 01 Apr 2025 07:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        45.128.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f0:2a:c6:62:61:fb:d9:a4:a6:19:4b:7a:16:5c:73:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr  1 07:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d78cb3c67c2a512c2faeb1136a136219eb8c7d4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:50:ce:d0:a7:71:0c:38:65:1d:6e:55:0e:fd:
                    31:5d:0b:88:66:19:49:d8:3d:60:e2:c0:13:bc:ea:
                    81:2e:1d:bc:97:4e:b9:b6:3c:2d:f4:68:b1:e5:09:
                    7b:62:81:78:31:c7:72:73:72:6a:2c:81:8b:31:4f:
                    af:85:53:25:c2:d9:93:bd:b2:50:6e:81:94:11:92:
                    f5:ba:72:eb:a9:de:03:b4:f8:fb:df:27:e1:4f:95:
                    eb:5d:94:49:42:33:cb:77:60:38:de:cf:47:87:63:
                    1b:91:5f:12:d0:b5:f4:90:9b:ff:29:93:b1:cf:9b:
                    d9:2b:7d:5d:87:5f:b6:6e:ff:94:a4:6f:1a:a8:43:
                    03:59:1a:80:67:0e:69:7b:fb:de:93:14:9a:94:8a:
                    42:b1:70:3d:a2:9c:17:0e:8f:3b:66:c0:6e:a3:67:
                    ed:b0:f3:57:3f:ca:6f:5b:ef:5c:e3:75:f9:b2:76:
                    2f:ca:b6:ae:9d:50:0b:21:b4:c5:41:ab:18:87:13:
                    ad:92:d8:81:e8:e8:1b:0c:0a:15:4c:c8:c8:e2:72:
                    48:21:a1:a4:9c:ce:0c:f0:0c:7d:f7:3a:a1:64:77:
                    a3:76:74:49:c2:0b:bc:27:4c:81:fd:5d:e1:a4:d2:
                    7b:ac:97:fd:3b:46:22:a5:fe:47:3c:18:16:7c:23:
                    90:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8C:B3:C6:7C:2A:51:2C:2F:AE:B1:13:6A:13:62:19:EB:8C:7D:4F
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/14yzxnwqUSwvrrETahNiGeuMfU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:26:44:ec:75:e4:c6:d3:d5:52:4a:6d:aa:74:f7:88:45:95:
         84:95:2d:99:01:6e:59:51:93:71:36:8e:a9:2a:b8:b0:5c:fc:
         8a:a7:d2:a7:28:54:40:22:f5:48:39:2b:70:80:f5:e5:2a:02:
         56:ad:ec:80:aa:10:47:d3:c7:c0:c5:f9:eb:50:9d:6b:96:65:
         46:d5:c7:7c:81:5f:91:2c:8c:55:f3:b6:e4:fa:8b:be:72:f8:
         4d:39:15:e5:e3:dd:a1:08:53:cf:8b:99:d8:bf:a2:01:d6:dd:
         e2:32:31:0e:05:4b:ec:ee:ee:49:86:fd:b4:c4:0e:dc:7e:08:
         80:22:53:0d:9b:ad:d6:b4:48:31:f1:1d:1a:01:8d:5d:c8:67:
         66:b4:c3:a9:f4:09:d5:8f:f6:43:e3:34:d0:83:0b:05:fb:5d:
         2c:49:a7:b3:97:ce:e0:81:43:25:1c:2c:72:d1:df:6a:a4:c4:
         8e:cf:40:9a:38:41:21:2b:93:db:c4:ba:81:4e:52:02:d4:4a:
         75:4d:30:04:25:e0:ba:dd:a3:df:90:8d:fa:a0:34:56:38:b1:
         7e:d3:69:df:5b:f7:98:12:af:3f:09:04:81:be:15:2e:50:09:
         20:3c:1d:12:11:7e:6b:65:e0:41:54:d0:78:5c:41:8a:78:96:
         35:f9:31:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXwKsZiYfvZpKYZS3oWXHNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNDAxMDcwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzhjYjNjNjdjMmE1MTJjMmZhZWIxMTM2YTEzNjIxOWViOGM3ZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFDO0KdxDDhlHW5VDv0xXQuIZhlJ
2D1g4sATvOqBLh28l065tjwt9Gix5Ql7YoF4Mcdyc3JqLIGLMU+vhVMlwtmTvbJQ
boGUEZL1unLrqd4DtPj73yfhT5XrXZRJQjPLd2A43s9Hh2MbkV8S0LX0kJv/KZOx
z5vZK31dh1+2bv+UpG8aqEMDWRqAZw5pe/vekxSalIpCsXA9opwXDo87ZsBuo2ft
sPNXP8pvW+9c43X5snYvyraunVALIbTFQasYhxOtktiB6OgbDAoVTMjI4nJIIaGk
nM4M8Ax99zqhZHejdnRJwgu8J0yB/V3hpNJ7rJf9O0Yipf5HPBgWfCOQcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNeMs8Z8KlEsL66xE2oTYhnrjH1PMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMTR5enhud3FVU3d2cnJFVGFoTmlHZXVNZlU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYBOMA0G
CSqGSIb3DQEBCwUAA4IBAQAJJkTsdeTG09VSSm2qdPeIRZWElS2ZAW5ZUZNxNo6p
KriwXPyKp9KnKFRAIvVIOStwgPXlKgJWreyAqhBH08fAxfnrUJ1rlmVG1cd8gV+R
LIxV87bk+ou+cvhNORXl492hCFPPi5nYv6IB1t3iMjEOBUvs7u5Jhv20xA7cfgiA
IlMNm63WtEgx8R0aAY1dyGdmtMOp9AnVj/ZD4zTQgwsF+10sSaezl87ggUMlHCxy
0d9qpMSOz0CaOEEhK5PbxLqBTlIC1Ep1TTAEJeC63aPfkI36oDRWOLF+02nfW/eY
Eq8/CQSBvhUuUAkgPB0SEX5rZeBBVNB4XEGKeJY1+TEB
-----END CERTIFICATE-----