Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/Kw550ydpOki0PWOYy-6z5BR-VIE.roa
File:                     Kw550ydpOki0PWOYy-6z5BR-VIE.roa (raw, json)
Hash identifier:          DJKKlAPQ1FQMVESwtaTdBMt71sNwkspOh/dlMgsjkTY=
Subject key identifier:   2B:0E:79:D3:27:69:3A:48:B4:3D:63:98:CB:EE:B3:E4:14:7E:54:81
Certificate issuer:       /CN=dfea4e9bff294e20bd749ed2eeb9184f208bc9d6
Certificate serial:       019427B5FEAD1DCDFDB8FC0B3B99F36B7613
Authority key identifier: DF:EA:4E:9B:FF:29:4E:20:BD:74:9E:D2:EE:B9:18:4F:20:8B:C9:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3-pOm_8pTiC9dJ7S7rkYTyCLydY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/Kw550ydpOki0PWOYy-6z5BR-VIE.roa
Signing time:             Thu 02 Jan 2025 15:50:26 +0000
ROA not before:           Thu 02 Jan 2025 15:50:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200088
IP address blocks:        185.89.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/3-pOm_8pTiC9dJ7S7rkYTyCLydY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/3-pOm_8pTiC9dJ7S7rkYTyCLydY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3-pOm_8pTiC9dJ7S7rkYTyCLydY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:fe:ad:1d:cd:fd:b8:fc:0b:3b:99:f3:6b:76:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfea4e9bff294e20bd749ed2eeb9184f208bc9d6
        Validity
            Not Before: Jan  2 15:50:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b0e79d327693a48b43d6398cbeeb3e4147e5481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:38:95:c8:db:19:53:8e:fb:e7:f7:3b:cb:b4:
                    9e:7f:2d:bb:cd:14:98:c3:f6:8e:c2:ad:46:ab:be:
                    11:76:7d:97:10:5c:ef:c0:4a:4d:bf:0a:19:eb:60:
                    1a:10:91:04:4b:de:7a:ed:1b:82:2d:5b:6e:f9:c9:
                    57:e9:04:72:fb:0f:84:74:0f:50:68:0b:2a:9c:57:
                    a5:99:79:72:52:b2:78:61:2c:c8:f5:19:57:e2:2d:
                    ad:9a:b4:78:03:8c:bd:4b:d1:84:aa:31:f5:1c:5f:
                    ae:43:f4:18:31:34:18:09:f3:36:04:1e:e5:78:0f:
                    e0:da:f9:89:20:40:f8:5d:f0:a4:fc:bb:5d:3b:39:
                    33:52:6d:7b:33:a5:fa:49:1f:1e:26:bf:7c:29:89:
                    78:2f:6f:70:4d:67:3a:19:55:b9:a6:4a:18:b7:54:
                    86:a4:43:5b:64:5f:3a:54:f3:e9:30:75:04:ca:38:
                    ea:40:d6:f4:ad:7c:b6:cc:34:74:fb:ea:b9:ed:92:
                    28:82:c4:e7:82:8e:12:fd:b6:73:9c:d0:88:17:40:
                    12:f3:3e:bd:52:cd:32:8e:35:c1:9d:54:ee:be:35:
                    aa:9a:56:3c:5a:f8:29:c4:a4:94:15:8c:77:c1:f7:
                    a0:67:1a:e3:ec:7c:88:4b:72:eb:9e:11:4a:20:7d:
                    86:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:0E:79:D3:27:69:3A:48:B4:3D:63:98:CB:EE:B3:E4:14:7E:54:81
            X509v3 Authority Key Identifier:
                keyid:DF:EA:4E:9B:FF:29:4E:20:BD:74:9E:D2:EE:B9:18:4F:20:8B:C9:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-pOm_8pTiC9dJ7S7rkYTyCLydY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/Kw550ydpOki0PWOYy-6z5BR-VIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/73f4ab-b3e6-426d-b284-69bfc925979d/1/3-pOm_8pTiC9dJ7S7rkYTyCLydY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:10:89:d9:7b:70:68:a2:86:fd:ec:6a:da:2d:84:3e:51:75:
         d5:90:8a:10:eb:b5:8e:21:76:57:39:78:a3:0c:93:88:26:92:
         ff:81:2e:0a:7c:21:77:d3:74:bd:af:b5:ba:6e:89:a7:ab:c7:
         6a:0a:48:02:23:7d:ca:df:f6:c6:a3:70:6e:d9:84:1a:8d:79:
         d0:93:22:6e:dd:26:73:d8:7a:38:3f:c7:37:5e:41:e6:f6:a2:
         89:05:ee:d7:86:55:70:69:c5:64:b7:e3:54:57:43:8d:02:d0:
         a7:d4:24:b8:31:63:d1:7a:f9:a3:a7:1d:f6:4d:b7:6c:89:44:
         32:9d:53:84:a3:b2:99:26:b8:5b:dd:7e:1a:d9:ba:cd:15:0e:
         fc:7f:38:d8:2c:fb:ce:06:60:8e:fd:5c:87:a6:53:08:47:c5:
         7c:7a:f7:bd:cb:a3:e0:00:d1:8e:38:fe:2c:e5:8d:4c:63:22:
         b4:96:94:90:a8:8c:25:5d:94:86:3a:ee:39:b6:9f:05:03:91:
         70:8d:5e:99:54:67:ec:4e:72:c4:05:a5:e2:72:77:83:98:32:
         67:65:7e:38:77:05:77:b6:3f:90:6f:d0:c8:4c:36:18:25:2d:
         0e:80:a3:03:8d:11:b5:7c:bd:50:28:a3:26:e9:4a:a4:ce:f8:
         1f:76:e4:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntf6tHc39uPwLO5nza3YTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWE0ZTliZmYyOTRlMjBiZDc0OWVkMmVlYjkxODRmMjA4
YmM5ZDYwHhcNMjUwMTAyMTU1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjBlNzlkMzI3NjkzYTQ4YjQzZDYzOThjYmVlYjNlNDE0N2U1NDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTiVyNsZU4775/c7y7Sefy27zRSY
w/aOwq1Gq74Rdn2XEFzvwEpNvwoZ62AaEJEES9567RuCLVtu+clX6QRy+w+EdA9Q
aAsqnFelmXlyUrJ4YSzI9RlX4i2tmrR4A4y9S9GEqjH1HF+uQ/QYMTQYCfM2BB7l
eA/g2vmJIED4XfCk/LtdOzkzUm17M6X6SR8eJr98KYl4L29wTWc6GVW5pkoYt1SG
pENbZF86VPPpMHUEyjjqQNb0rXy2zDR0++q57ZIogsTngo4S/bZznNCIF0AS8z69
Us0yjjXBnVTuvjWqmlY8WvgpxKSUFYx3wfegZxrj7HyIS3LrnhFKIH2GJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCsOedMnaTpItD1jmMvus+QUflSBMB8GA1UdIwQY
MBaAFN/qTpv/KU4gvXSe0u65GE8gi8nWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy1wT21fOHBUaUM5ZEo3Uzdya1lUeUNMeWRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS83M2Y0YWItYjNlNi00MjZkLWIyODQt
NjliZmM5MjU5NzlkLzEvS3c1NTB5ZHBPa2kwUFdPWXktNno1QlItVklFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS83M2Y0YWItYjNlNi00MjZkLWIyODQtNjliZmM5MjU5Nzlk
LzEvMy1wT21fOHBUaUM5ZEo3Uzdya1lUeUNMeWRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVlOMA0G
CSqGSIb3DQEBCwUAA4IBAQACEInZe3Booob97GraLYQ+UXXVkIoQ67WOIXZXOXij
DJOIJpL/gS4KfCF303S9r7W6bomnq8dqCkgCI33K3/bGo3Bu2YQajXnQkyJu3SZz
2Ho4P8c3XkHm9qKJBe7XhlVwacVkt+NUV0ONAtCn1CS4MWPRevmjpx32TbdsiUQy
nVOEo7KZJrhb3X4a2brNFQ78fzjYLPvOBmCO/VyHplMIR8V8eve9y6PgANGOOP4s
5Y1MYyK0lpSQqIwlXZSGOu45tp8FA5FwjV6ZVGfsTnLEBaXicneDmDJnZX44dwV3
tj+Qb9DITDYYJS0OgKMDjRG1fL1QKKMm6UqkzvgfduSg
-----END CERTIFICATE-----