Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/ajS1l9bTEjVqB1ygFPAWcG-Q9kQ.roa
File:                     ajS1l9bTEjVqB1ygFPAWcG-Q9kQ.roa (raw, json)
Hash identifier:          uL6fZ/UsSnnW3wqVpmK15xjLej5W2U7a16D6Y1oklZo=
Subject key identifier:   6A:34:B5:97:D6:D3:12:35:6A:07:5C:A0:14:F0:16:70:6F:90:F6:44
Certificate issuer:       /CN=5673fa6842973edf62d579b4efec2fa64fdbf8c8
Certificate serial:       01942143C54A687D3B3099B047C8A3EAA2AD
Authority key identifier: 56:73:FA:68:42:97:3E:DF:62:D5:79:B4:EF:EC:2F:A6:4F:DB:F8:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/ajS1l9bTEjVqB1ygFPAWcG-Q9kQ.roa
Signing time:             Wed 01 Jan 2025 09:47:57 +0000
ROA not before:           Wed 01 Jan 2025 09:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42910
IP address blocks:        78.135.123.0/24 maxlen: 24
                          212.68.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c5:4a:68:7d:3b:30:99:b0:47:c8:a3:ea:a2:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5673fa6842973edf62d579b4efec2fa64fdbf8c8
        Validity
            Not Before: Jan  1 09:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a34b597d6d312356a075ca014f016706f90f644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:98:de:a2:09:64:d4:d0:1c:26:b1:6e:21:3d:
                    26:84:e1:5b:97:80:60:26:71:e1:6b:5f:7f:d1:24:
                    09:7e:e6:13:04:de:a8:f7:c9:a3:2d:b3:bb:68:87:
                    03:83:d9:32:43:33:f7:dc:22:1a:6d:7d:59:f1:e5:
                    d7:ad:53:a6:11:52:37:99:93:92:b5:c6:5f:55:5c:
                    2f:c7:8c:8c:c8:b2:31:d9:b4:30:6f:50:a2:64:0e:
                    59:25:68:aa:10:47:76:18:e5:de:ea:61:54:f8:ec:
                    54:ad:e8:2c:18:99:f7:11:a3:45:72:66:b2:c2:dc:
                    bd:05:27:f5:2d:5f:78:0b:5f:8c:b3:b8:c5:d2:04:
                    71:a9:87:60:08:3f:22:63:b8:16:c1:18:b0:dd:65:
                    20:bc:86:39:c5:a2:77:4f:06:43:45:d3:c4:a7:ab:
                    18:d9:25:c0:e6:8d:cf:5c:ff:87:da:19:4e:b7:4e:
                    bd:0d:3c:07:8e:4b:bd:de:69:79:78:8a:df:c1:e8:
                    c8:ba:0f:1f:c8:ea:32:6e:3d:7a:96:28:60:3d:02:
                    5d:c9:c2:04:95:30:07:bf:17:d1:b3:40:4a:be:b1:
                    a0:f4:4f:ee:bf:51:d7:05:e3:24:ec:4e:38:c8:09:
                    74:9f:0e:08:8d:a1:aa:8f:a8:0b:41:af:b5:84:fc:
                    22:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:34:B5:97:D6:D3:12:35:6A:07:5C:A0:14:F0:16:70:6F:90:F6:44
            X509v3 Authority Key Identifier:
                keyid:56:73:FA:68:42:97:3E:DF:62:D5:79:B4:EF:EC:2F:A6:4F:DB:F8:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/ajS1l9bTEjVqB1ygFPAWcG-Q9kQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/78e5eb-c2af-4462-b859-898996c861df/1/VnP6aEKXPt9i1Xm07-wvpk_b-Mg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.123.0/24
                  212.68.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:fc:e2:d6:c8:78:53:36:7a:80:85:bc:9f:c7:a7:23:d9:78:
         3a:99:31:4b:a6:8e:3b:d9:31:c5:f5:f9:66:55:45:5d:78:8b:
         d5:50:42:4d:03:63:9a:68:54:00:2e:c1:d4:9b:2a:2e:41:83:
         ae:03:f7:67:0f:08:62:d2:1a:7c:f6:d8:f1:c2:27:da:04:3c:
         c1:eb:80:5e:45:27:78:40:d3:e9:01:3d:b7:5d:53:65:50:df:
         ae:68:8f:da:0e:2b:ca:c8:e5:95:5a:64:b3:ee:61:a7:18:23:
         44:d9:c8:3c:a0:ab:0b:51:dd:a1:a3:5b:c1:61:57:60:d8:2f:
         af:6e:e9:f2:80:cd:93:67:88:7a:d1:cb:92:61:d8:cc:73:d1:
         29:5d:18:f7:60:93:8a:7e:bf:08:99:53:86:f0:a1:c2:6e:54:
         3b:d5:38:93:7a:33:86:c2:63:ea:3b:59:7e:65:28:ae:79:f8:
         c1:c8:89:38:b3:8d:22:b9:71:0e:1a:73:11:ca:36:aa:28:cd:
         89:38:0b:b0:3e:2b:08:71:9b:2d:3c:bb:a6:90:2b:df:b8:4d:
         db:73:50:68:65:90:50:29:a7:06:78:0d:97:f6:37:6c:92:2a:
         98:1f:f8:3c:ab:85:78:bd:95:36:4b:97:a3:43:7f:70:d8:bf:
         d5:44:ab:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ8VKaH07MJmwR8ij6qKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NzNmYTY4NDI5NzNlZGY2MmQ1NzliNGVmZWMyZmE2NGZk
YmY4YzgwHhcNMjUwMTAxMDk0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTM0YjU5N2Q2ZDMxMjM1NmEwNzVjYTAxNGYwMTY3MDZmOTBmNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZjeoglk1NAcJrFuIT0mhOFbl4Bg
JnHha19/0SQJfuYTBN6o98mjLbO7aIcDg9kyQzP33CIabX1Z8eXXrVOmEVI3mZOS
tcZfVVwvx4yMyLIx2bQwb1CiZA5ZJWiqEEd2GOXe6mFU+OxUregsGJn3EaNFcmay
wty9BSf1LV94C1+Ms7jF0gRxqYdgCD8iY7gWwRiw3WUgvIY5xaJ3TwZDRdPEp6sY
2SXA5o3PXP+H2hlOt069DTwHjku93ml5eIrfwejIug8fyOoybj16lihgPQJdycIE
lTAHvxfRs0BKvrGg9E/uv1HXBeMk7E44yAl0nw4IjaGqj6gLQa+1hPwiywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGo0tZfW0xI1agdcoBTwFnBvkPZEMB8GA1UdIwQY
MBaAFFZz+mhClz7fYtV5tO/sL6ZP2/jIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5QNmFFS1hQdDlpMVhtMDctd3Zwa19iLU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83OGU1ZWItYzJhZi00NDYyLWI4NTkt
ODk4OTk2Yzg2MWRmLzEvYWpTMWw5YlRFalZxQjF5Z0ZQQVdjRy1ROWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83OGU1ZWItYzJhZi00NDYyLWI4NTktODk4OTk2Yzg2MWRm
LzEvVm5QNmFFS1hQdDlpMVhtMDctd3Zwa19iLU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATod7AwQA
1EQvMA0GCSqGSIb3DQEBCwUAA4IBAQAw/OLWyHhTNnqAhbyfx6cj2Xg6mTFLpo47
2THF9flmVUVdeIvVUEJNA2OaaFQALsHUmyouQYOuA/dnDwhi0hp89tjxwifaBDzB
64BeRSd4QNPpAT23XVNlUN+uaI/aDivKyOWVWmSz7mGnGCNE2cg8oKsLUd2ho1vB
YVdg2C+vbunygM2TZ4h60cuSYdjMc9EpXRj3YJOKfr8ImVOG8KHCblQ71TiTejOG
wmPqO1l+ZSiuefjByIk4s40iuXEOGnMRyjaqKM2JOAuwPisIcZstPLumkCvfuE3b
c1BoZZBQKacGeA2X9jdskiqYH/g8q4V4vZU2S5ejQ39w2L/VRKtW
-----END CERTIFICATE-----