Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/d4426b-ad25-44f1-98af-bcdd13495291/1/QXhXOb69R-6LwMYFMKWZze76zPM.roa
File:                     QXhXOb69R-6LwMYFMKWZze76zPM.roa (raw, json)
Hash identifier:          eIFuk3TcS1CKNj+kDqIT+aNwYSr4f3EMWJAijhvNXoU=
Subject key identifier:   41:78:57:39:BE:BD:47:EE:8B:C0:C6:05:30:A5:99:CD:EE:FA:CC:F3
Certificate issuer:       /CN=0448896a1c4ac9d801bf1d6b20bdef5974d5b4f6
Certificate serial:       0194221F71AE648F26E78757141AA430D181
Authority key identifier: 04:48:89:6A:1C:4A:C9:D8:01:BF:1D:6B:20:BD:EF:59:74:D5:B4:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BEiJahxKydgBvx1rIL3vWXTVtPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/d4426b-ad25-44f1-98af-bcdd13495291/1/QXhXOb69R-6LwMYFMKWZze76zPM.roa
Signing time:             Wed 01 Jan 2025 13:47:53 +0000
ROA not before:           Wed 01 Jan 2025 13:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47526
IP address blocks:        78.138.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/d4426b-ad25-44f1-98af-bcdd13495291/1/BEiJahxKydgBvx1rIL3vWXTVtPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/d4426b-ad25-44f1-98af-bcdd13495291/1/BEiJahxKydgBvx1rIL3vWXTVtPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BEiJahxKydgBvx1rIL3vWXTVtPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:71:ae:64:8f:26:e7:87:57:14:1a:a4:30:d1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0448896a1c4ac9d801bf1d6b20bdef5974d5b4f6
        Validity
            Not Before: Jan  1 13:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41785739bebd47ee8bc0c60530a599cdeefaccf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:30:08:1c:8a:33:91:79:8e:65:3d:12:6d:6a:
                    0c:7d:6c:1f:62:bc:f0:bf:c6:21:8d:a2:32:5b:2d:
                    b4:e7:53:80:97:48:d0:a9:75:1e:06:9f:bb:2e:0c:
                    31:bf:75:4d:8f:52:be:87:87:a8:1d:17:e0:8f:52:
                    df:b8:6a:e0:c7:d1:71:ff:19:90:ea:99:db:b0:54:
                    8f:b5:c2:d3:0d:ae:ea:68:68:00:05:27:9b:51:fe:
                    40:eb:d7:67:26:ca:8f:5b:3e:05:4f:8a:de:9b:88:
                    db:dc:50:9b:2d:98:b9:d0:63:34:91:25:42:75:be:
                    c3:49:0f:19:1b:37:28:a6:38:b3:2d:f4:33:e8:2a:
                    c3:3d:24:bb:e7:21:bd:2e:fe:44:81:34:e9:b4:64:
                    8f:f2:c9:ed:45:7d:3d:c5:1b:27:07:64:ea:23:c0:
                    93:f9:0f:84:59:06:26:a4:b6:9a:59:24:bf:19:7e:
                    fd:0a:b3:b6:0b:19:e3:9d:ca:d1:bd:16:71:91:70:
                    ad:d8:2a:28:37:2c:c6:5d:c0:ab:7b:be:7e:f6:2e:
                    89:a7:a9:a8:c7:fa:e7:ba:24:0d:7c:cb:56:56:c8:
                    29:cb:5c:54:18:83:69:60:3c:0d:b0:4a:de:ad:64:
                    e2:7a:52:00:0a:1d:9b:68:f1:f0:35:b6:4f:4b:9f:
                    39:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:78:57:39:BE:BD:47:EE:8B:C0:C6:05:30:A5:99:CD:EE:FA:CC:F3
            X509v3 Authority Key Identifier:
                keyid:04:48:89:6A:1C:4A:C9:D8:01:BF:1D:6B:20:BD:EF:59:74:D5:B4:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BEiJahxKydgBvx1rIL3vWXTVtPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d4426b-ad25-44f1-98af-bcdd13495291/1/QXhXOb69R-6LwMYFMKWZze76zPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/d4426b-ad25-44f1-98af-bcdd13495291/1/BEiJahxKydgBvx1rIL3vWXTVtPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.138.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:a3:bf:c0:63:31:2c:ca:64:0b:cf:86:b2:c7:46:19:ab:e0:
         5a:30:1e:9b:03:c6:6c:38:de:dc:af:75:3f:30:7e:9e:26:50:
         79:1e:7f:9b:a7:7b:03:c8:4e:a2:72:eb:44:64:26:92:3a:c4:
         cb:9b:f2:ed:48:6a:a0:3e:b4:f0:0f:a6:38:8d:27:2d:f6:8f:
         7c:8e:57:2e:16:70:b8:f3:fa:c7:b2:bb:16:11:e8:48:a9:74:
         6e:6e:d6:4c:53:f4:47:c5:3b:d6:32:8b:c5:ac:a8:e7:11:9c:
         ee:8d:a0:eb:b9:da:69:fe:aa:ba:d2:3f:57:31:dd:ce:c6:c2:
         37:9b:a5:3e:95:d0:48:09:ba:61:26:10:6c:ee:7d:76:ed:69:
         20:70:53:70:1d:41:1d:9f:d2:ce:97:0a:78:e8:85:90:f8:87:
         50:eb:ea:67:c9:68:71:41:fc:75:d6:67:97:82:bb:ba:c3:d1:
         10:a8:84:4f:2e:85:1c:7b:c9:86:ec:62:00:ac:cc:15:34:3c:
         0c:85:d1:57:0d:47:e3:92:19:be:2e:e4:fc:1f:80:3c:3d:51:
         13:6d:07:08:76:7a:29:54:04:73:71:80:95:a9:0e:89:cd:3a:
         d9:b0:d3:bd:80:55:f1:37:ef:29:ff:74:91:f7:32:ae:2e:fb:
         e0:9d:6b:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH3GuZI8m54dXFBqkMNGBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NDg4OTZhMWM0YWM5ZDgwMWJmMWQ2YjIwYmRlZjU5NzRk
NWI0ZjYwHhcNMjUwMTAxMTM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTc4NTczOWJlYmQ0N2VlOGJjMGM2MDUzMGE1OTljZGVlZmFjY2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTAIHIozkXmOZT0SbWoMfWwfYrzw
v8YhjaIyWy2051OAl0jQqXUeBp+7Lgwxv3VNj1K+h4eoHRfgj1LfuGrgx9Fx/xmQ
6pnbsFSPtcLTDa7qaGgABSebUf5A69dnJsqPWz4FT4rem4jb3FCbLZi50GM0kSVC
db7DSQ8ZGzcopjizLfQz6CrDPSS75yG9Lv5EgTTptGSP8sntRX09xRsnB2TqI8CT
+Q+EWQYmpLaaWSS/GX79CrO2CxnjncrRvRZxkXCt2CooNyzGXcCre75+9i6Jp6mo
x/rnuiQNfMtWVsgpy1xUGINpYDwNsErerWTielIACh2baPHwNbZPS585YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEF4Vzm+vUfui8DGBTClmc3u+szzMB8GA1UdIwQY
MBaAFARIiWocSsnYAb8dayC971l01bT2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkVpSmFoeEt5ZGdCdngxcklMM3ZXWFRWdFBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9kNDQyNmItYWQyNS00NGYxLTk4YWYt
YmNkZDEzNDk1MjkxLzEvUVhoWE9iNjlSLTZMd01ZRk1LV1p6ZTc2elBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9kNDQyNmItYWQyNS00NGYxLTk4YWYtYmNkZDEzNDk1Mjkx
LzEvQkVpSmFoeEt5ZGdCdngxcklMM3ZXWFRWdFBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToo9MA0G
CSqGSIb3DQEBCwUAA4IBAQAEo7/AYzEsymQLz4ayx0YZq+BaMB6bA8ZsON7cr3U/
MH6eJlB5Hn+bp3sDyE6icutEZCaSOsTLm/LtSGqgPrTwD6Y4jSct9o98jlcuFnC4
8/rHsrsWEehIqXRubtZMU/RHxTvWMovFrKjnEZzujaDrudpp/qq60j9XMd3OxsI3
m6U+ldBICbphJhBs7n127WkgcFNwHUEdn9LOlwp46IWQ+IdQ6+pnyWhxQfx11meX
gru6w9EQqIRPLoUce8mG7GIArMwVNDwMhdFXDUfjkhm+LuT8H4A8PVETbQcIdnop
VARzcYCVqQ6JzTrZsNO9gFXxN+8p/3SR9zKuLvvgnWtI
-----END CERTIFICATE-----