Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/k_-rD0qGkNwGwcLu6HW3p8mmNtU.roa
File:                     k_-rD0qGkNwGwcLu6HW3p8mmNtU.roa (raw, json)
Hash identifier:          2oKRAJvxuw9ZlCxWfoLf08ddChOQxfTyMJhpORXiSP8=
Subject key identifier:   93:FF:AB:0F:4A:86:90:DC:06:C1:C2:EE:E8:75:B7:A7:C9:A6:36:D5
Certificate issuer:       /CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
Certificate serial:       0194228D883B38CE922AB1D1ED3479085064
Authority key identifier: 25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/k_-rD0qGkNwGwcLu6HW3p8mmNtU.roa
Signing time:             Wed 01 Jan 2025 15:48:08 +0000
ROA not before:           Wed 01 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201854
IP address blocks:        185.57.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:88:3b:38:ce:92:2a:b1:d1:ed:34:79:08:50:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258623ecc8dcb913d10228a9460a86e660cb8fb2
        Validity
            Not Before: Jan  1 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93ffab0f4a8690dc06c1c2eee875b7a7c9a636d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ce:46:ef:bd:45:8d:fc:90:ef:93:09:20:b7:
                    45:c7:23:23:24:60:9b:7c:27:e7:b9:10:88:f5:5c:
                    67:6c:58:08:11:c4:81:b4:fe:9b:47:97:e5:e7:0f:
                    c6:1e:63:a0:69:dd:4d:8f:e1:cd:0e:e4:c2:10:9c:
                    bb:f0:90:a6:84:9b:f0:e7:75:c6:f2:b6:10:ae:28:
                    3c:bc:54:11:f7:87:1e:f7:97:89:05:e6:e2:ce:fb:
                    54:92:95:ae:5b:3f:e4:c5:c4:66:75:26:c5:5f:5c:
                    25:7d:c9:5b:c3:5b:b8:25:ac:2c:77:60:05:31:97:
                    21:af:07:f8:09:02:46:85:58:54:be:b6:36:aa:6e:
                    a9:e7:3c:b3:b9:c6:3d:b2:60:d8:18:4c:6b:9c:5e:
                    94:14:20:66:70:66:32:29:2d:1e:bc:a3:96:b8:24:
                    8c:f5:a1:f4:24:79:49:dd:1b:df:1d:8c:07:3d:07:
                    47:2b:1a:7e:2b:e9:a9:f3:81:c6:2c:27:90:e9:90:
                    4c:23:ae:f5:e3:d7:cc:11:7b:e7:a9:4d:70:14:1c:
                    b0:c6:65:f6:d6:6a:81:a7:ea:25:57:82:8a:8f:16:
                    97:9d:2b:80:57:ae:16:24:cb:42:64:30:b8:fe:65:
                    fa:ee:54:0f:b1:55:f9:57:b8:60:66:58:22:b1:f2:
                    e3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:FF:AB:0F:4A:86:90:DC:06:C1:C2:EE:E8:75:B7:A7:C9:A6:36:D5
            X509v3 Authority Key Identifier:
                keyid:25:86:23:EC:C8:DC:B9:13:D1:02:28:A9:46:0A:86:E6:60:CB:8F:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JYYj7MjcuRPRAiipRgqG5mDLj7I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/k_-rD0qGkNwGwcLu6HW3p8mmNtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/96ab95-c2fe-4b93-9a2e-5689ee06e14c/1/JYYj7MjcuRPRAiipRgqG5mDLj7I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:72:27:c1:72:1e:ae:a9:fe:35:ae:71:b6:cd:c8:cc:0d:4b:
         82:8b:00:2b:f2:85:8f:ed:13:07:79:18:e3:53:12:68:8d:41:
         a5:a5:ee:72:74:29:65:60:45:8f:55:3e:52:fe:d0:23:4a:82:
         bd:cb:e5:ae:9a:38:86:67:8a:bb:bf:e8:62:ba:24:43:4e:a2:
         b9:b7:d4:cf:c2:ee:79:cc:03:a2:5c:68:57:95:75:62:74:36:
         5c:dc:64:9a:9c:e5:e6:9d:01:42:6d:b7:9f:f0:e7:82:95:91:
         0e:9c:6b:6a:4a:db:59:fd:77:79:55:a0:d9:fe:00:e7:00:6d:
         5d:14:d5:35:28:02:f0:2d:05:32:27:b3:13:0b:0e:7c:31:92:
         b6:0d:31:8f:0a:94:3e:9f:5e:13:98:b9:c5:d4:51:4f:c3:a7:
         d9:55:fd:07:78:11:26:ca:18:13:20:23:ad:27:13:98:c3:a3:
         6d:26:3c:b6:d1:52:7c:06:28:67:70:8c:d9:70:08:4a:16:80:
         ab:8f:8b:6c:ef:f5:68:70:8b:f9:33:06:27:0b:8c:10:ce:2a:
         8c:2b:fb:e9:31:b5:1a:55:ee:0a:ad:a9:54:85:cf:a2:a2:58:
         96:a9:d2:40:22:1b:ce:9d:a4:2b:4e:ac:c5:8d:fa:7c:39:a7:
         c6:3e:13:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYg7OM6SKrHR7TR5CFBkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ODYyM2VjYzhkY2I5MTNkMTAyMjhhOTQ2MGE4NmU2NjBj
YjhmYjIwHhcNMjUwMTAxMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2ZmYWIwZjRhODY5MGRjMDZjMWMyZWVlODc1YjdhN2M5YTYzNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkc5G771FjfyQ75MJILdFxyMjJGCb
fCfnuRCI9VxnbFgIEcSBtP6bR5fl5w/GHmOgad1Nj+HNDuTCEJy78JCmhJvw53XG
8rYQrig8vFQR94ce95eJBebizvtUkpWuWz/kxcRmdSbFX1wlfclbw1u4Jawsd2AF
MZchrwf4CQJGhVhUvrY2qm6p5zyzucY9smDYGExrnF6UFCBmcGYyKS0evKOWuCSM
9aH0JHlJ3RvfHYwHPQdHKxp+K+mp84HGLCeQ6ZBMI67149fMEXvnqU1wFBywxmX2
1mqBp+olV4KKjxaXnSuAV64WJMtCZDC4/mX67lQPsVX5V7hgZlgisfLjQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJP/qw9KhpDcBsHC7uh1t6fJpjbVMB8GA1UdIwQY
MBaAFCWGI+zI3LkT0QIoqUYKhuZgy4+yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUt
NTY4OWVlMDZlMTRjLzEva18tckQwcUdrTndHd2NMdTZIVzNwOG1tTnRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC85NmFiOTUtYzJmZS00YjkzLTlhMmUtNTY4OWVlMDZlMTRj
LzEvSllZajdNamN1UlBSQWlpcFJncUc1bURMajdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTlOMA0G
CSqGSIb3DQEBCwUAA4IBAQA8cifBch6uqf41rnG2zcjMDUuCiwAr8oWP7RMHeRjj
UxJojUGlpe5ydCllYEWPVT5S/tAjSoK9y+WumjiGZ4q7v+hiuiRDTqK5t9TPwu55
zAOiXGhXlXVidDZc3GSanOXmnQFCbbef8OeClZEOnGtqSttZ/Xd5VaDZ/gDnAG1d
FNU1KALwLQUyJ7MTCw58MZK2DTGPCpQ+n14TmLnF1FFPw6fZVf0HeBEmyhgTICOt
JxOYw6NtJjy20VJ8BihncIzZcAhKFoCrj4ts7/VocIv5MwYnC4wQziqMK/vpMbUa
Ve4KralUhc+ioliWqdJAIhvOnaQrTqzFjfp8OafGPhM1
-----END CERTIFICATE-----