Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/afz7BRJzqEPxj8BZVsdOin_5y-4.roa
File:                     afz7BRJzqEPxj8BZVsdOin_5y-4.roa (raw, json)
Hash identifier:          8P/qRECRaiQdIehiJb8DPPkG7wuZbj1mnaUAo4ZwGHI=
Subject key identifier:   69:FC:FB:05:12:73:A8:43:F1:8F:C0:59:56:C7:4E:8A:7F:F9:CB:EE
Certificate issuer:       /CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Certificate serial:       0194266C100E79F32D6F381B4EC26F64171B
Authority key identifier: C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/afz7BRJzqEPxj8BZVsdOin_5y-4.roa
Signing time:             Thu 02 Jan 2025 09:50:03 +0000
ROA not before:           Thu 02 Jan 2025 09:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51405
IP address blocks:        78.111.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:10:0e:79:f3:2d:6f:38:1b:4e:c2:6f:64:17:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
        Validity
            Not Before: Jan  2 09:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69fcfb051273a843f18fc05956c74e8a7ff9cbee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ba:7f:75:68:cb:87:a1:27:b7:91:cb:29:5d:
                    e1:59:40:1c:b5:b5:6c:00:65:ba:c3:fd:6c:26:7b:
                    30:fc:92:11:b7:12:55:f9:81:ae:c4:f9:2f:6d:1f:
                    d1:f2:c4:c6:ad:61:cd:ce:20:7e:e2:f8:46:81:58:
                    35:c8:52:58:23:b4:04:2c:cd:f4:b4:86:cd:cb:fc:
                    ea:7c:a7:9e:64:63:5c:e4:bb:e2:bb:d9:19:b4:41:
                    b4:58:13:37:56:c6:ad:76:bf:f5:d2:a9:eb:b3:61:
                    6e:1c:31:0f:a9:16:2f:f6:83:18:98:f1:87:e1:b9:
                    c2:b6:b2:22:79:01:20:20:08:4b:2c:c6:00:aa:d1:
                    2f:15:d1:55:d8:e8:25:66:fe:48:6d:9e:a6:8e:95:
                    45:bc:b5:4c:43:02:a9:7a:89:42:23:87:41:b3:9e:
                    0c:37:18:77:4d:f5:b2:f4:16:96:61:d6:1b:da:b9:
                    b2:da:10:8a:05:b7:e0:a4:54:af:4a:c2:0d:b8:1f:
                    b6:c3:44:01:b7:ea:14:ae:a6:c9:18:4b:d4:4b:49:
                    07:eb:20:aa:6e:04:d6:0a:9d:b2:0e:76:bf:59:e3:
                    f1:2f:c5:b9:c4:5a:c1:92:f5:f6:fd:1f:37:19:ac:
                    43:7d:64:b4:0f:20:fd:0c:a2:b2:8c:de:8b:6c:1d:
                    8c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:FC:FB:05:12:73:A8:43:F1:8F:C0:59:56:C7:4E:8A:7F:F9:CB:EE
            X509v3 Authority Key Identifier:
                keyid:C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/afz7BRJzqEPxj8BZVsdOin_5y-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:bd:f7:05:99:e6:93:1a:e2:44:63:1d:7a:49:19:88:7f:ab:
         61:3a:14:ea:66:14:18:d3:03:5b:c3:f9:64:44:bc:76:14:90:
         3f:2c:35:9d:3e:fb:95:40:92:e7:5d:71:2a:f0:5d:b0:71:ce:
         a1:00:fe:fe:bb:60:35:ea:d3:9a:ff:0b:72:84:43:d1:8f:49:
         c6:1f:46:84:e5:92:9e:68:02:5c:fb:a8:11:c6:55:a7:0b:3d:
         c5:31:1b:3f:c9:32:fa:17:86:6e:ee:18:82:a5:d5:1e:9e:3b:
         89:0f:a7:38:69:e0:74:45:e4:fd:6b:0e:7f:bc:59:13:46:d6:
         fa:72:74:7f:40:4f:84:b4:38:f8:00:ae:6d:02:1d:ef:be:c5:
         b6:22:53:7f:2b:66:30:e9:57:cd:48:cf:75:e0:5f:4e:ea:41:
         3b:3d:22:be:f2:70:1b:b3:28:17:cb:48:df:46:b3:cc:79:03:
         0f:fc:90:59:c1:e0:b1:6f:74:b6:29:a7:a4:e5:93:f6:90:0d:
         e3:73:92:3c:56:63:d4:5b:4d:bd:50:bc:85:c6:14:b8:71:56:
         ce:3e:1d:4d:93:91:db:1d:3a:1c:44:81:ea:cc:47:c8:2c:46:
         3e:5b:27:64:d5:b4:4c:62:15:db:ca:09:a9:89:f8:4d:6f:c4:
         9a:97:6e:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBAOefMtbzgbTsJvZBcbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NTNmNWUyMzA0MjBiYzRhNzBkMGE2MWRlM2I0N2RjZGEx
YThkMGUwHhcNMjUwMTAyMDk1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWZjZmIwNTEyNzNhODQzZjE4ZmMwNTk1NmM3NGU4YTdmZjljYmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7p/dWjLh6Ent5HLKV3hWUActbVs
AGW6w/1sJnsw/JIRtxJV+YGuxPkvbR/R8sTGrWHNziB+4vhGgVg1yFJYI7QELM30
tIbNy/zqfKeeZGNc5Lviu9kZtEG0WBM3Vsatdr/10qnrs2FuHDEPqRYv9oMYmPGH
4bnCtrIieQEgIAhLLMYAqtEvFdFV2OglZv5IbZ6mjpVFvLVMQwKpeolCI4dBs54M
Nxh3TfWy9BaWYdYb2rmy2hCKBbfgpFSvSsINuB+2w0QBt+oUrqbJGEvUS0kH6yCq
bgTWCp2yDna/WePxL8W5xFrBkvX2/R83GaxDfWS0DyD9DKKyjN6LbB2MGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGn8+wUSc6hD8Y/AWVbHTop/+cvuMB8GA1UdIwQY
MBaAFMRT9eIwQgvEpw0KYd47R9zaGo0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1Njkt
ZTZjZjE3Y2RkYTRmLzEvYWZ6N0JSSnpxRVB4ajhCWlZzZE9pbl81eS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1NjktZTZjZjE3Y2RkYTRm
LzEveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATm+EMA0G
CSqGSIb3DQEBCwUAA4IBAQBvvfcFmeaTGuJEYx16SRmIf6thOhTqZhQY0wNbw/lk
RLx2FJA/LDWdPvuVQJLnXXEq8F2wcc6hAP7+u2A16tOa/wtyhEPRj0nGH0aE5ZKe
aAJc+6gRxlWnCz3FMRs/yTL6F4Zu7hiCpdUenjuJD6c4aeB0ReT9aw5/vFkTRtb6
cnR/QE+EtDj4AK5tAh3vvsW2IlN/K2Yw6VfNSM914F9O6kE7PSK+8nAbsygXy0jf
RrPMeQMP/JBZweCxb3S2Kaek5ZP2kA3jc5I8VmPUW029ULyFxhS4cVbOPh1Nk5Hb
HTocRIHqzEfILEY+Wydk1bRMYhXbygmpifhNb8Sal24I
-----END CERTIFICATE-----