Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/M_Z5OG01qKfHRU0thM0hkTqyX4E.roa
File:                     M_Z5OG01qKfHRU0thM0hkTqyX4E.roa (raw, json)
Hash identifier:          hn+/oPvpd4mb7jjhlAfQomOPIaOtr1F9YOcPlnqwWgg=
Subject key identifier:   33:F6:79:38:6D:35:A8:A7:C7:45:4D:2D:84:CD:21:91:3A:B2:5F:81
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01942827E90D9FEDD644DFC1E6EDD7D73E03
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/M_Z5OG01qKfHRU0thM0hkTqyX4E.roa
Signing time:             Thu 02 Jan 2025 17:54:51 +0000
ROA not before:           Thu 02 Jan 2025 17:54:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        78.40.208.0/22 maxlen: 22
                          88.214.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:e9:0d:9f:ed:d6:44:df:c1:e6:ed:d7:d7:3e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  2 17:54:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33f679386d35a8a7c7454d2d84cd21913ab25f81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4f:1d:c4:a4:e1:49:5b:51:f0:72:ae:98:56:
                    fb:d9:34:89:65:cd:eb:3e:d3:2f:08:ce:99:93:de:
                    2e:c1:73:a9:58:fd:9b:76:b2:5e:65:a4:cf:24:17:
                    ad:81:a3:0d:a2:73:10:d4:48:a8:8c:5b:e9:13:44:
                    1b:10:38:29:4c:c5:bc:90:e8:a5:4c:b9:94:ff:b5:
                    05:c5:19:79:6c:0c:d3:e2:69:79:ff:01:f0:4e:62:
                    96:bd:84:8f:40:c3:c5:cc:41:c4:b9:9c:f8:2c:9b:
                    0d:5d:e5:02:01:50:d6:ec:82:41:27:c6:39:89:fe:
                    37:98:96:1c:7b:a0:aa:a6:e9:13:a4:24:08:72:5c:
                    d8:cf:04:46:12:a0:cc:84:8c:a7:aa:76:ec:23:4a:
                    4f:8f:b2:99:bb:ad:88:78:fe:db:7b:da:b1:1d:ed:
                    b4:1f:c8:e0:b5:4e:a8:f5:2e:c0:5d:77:cf:c0:ad:
                    50:14:49:48:d9:c0:e4:38:be:d1:c3:46:7a:f6:84:
                    43:5e:6c:86:c1:d3:59:32:35:29:a8:f8:5e:ca:a5:
                    f8:0a:ee:f1:2b:a0:8c:45:f1:9c:f2:25:34:c6:53:
                    58:9a:36:57:02:25:41:fc:0e:80:ad:95:d6:c9:19:
                    9b:cf:e1:6e:db:eb:9f:1a:64:85:d4:4d:20:b4:c0:
                    87:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:F6:79:38:6D:35:A8:A7:C7:45:4D:2D:84:CD:21:91:3A:B2:5F:81
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/M_Z5OG01qKfHRU0thM0hkTqyX4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.208.0/22
                  88.214.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:9e:6b:63:1d:f1:3c:dd:a1:09:81:74:52:f2:7a:df:2d:91:
         d6:f7:dc:89:d2:d8:f2:37:97:20:11:ce:5d:69:92:56:5f:77:
         7e:11:54:53:00:59:90:8a:c5:0c:70:a1:d1:93:5d:7b:a8:ae:
         81:77:38:b3:b8:07:f2:29:bb:37:92:e0:1a:bc:ca:05:75:20:
         8e:a4:59:50:b3:ae:cf:13:8c:76:6e:77:d0:61:51:11:58:70:
         49:bf:6a:4f:0a:6c:a4:8e:8f:e2:4e:ee:84:51:60:cd:53:ff:
         a9:8c:24:ee:2e:51:39:65:d6:7c:9e:49:1c:d4:d7:8f:18:2f:
         86:ab:56:4f:7b:ee:11:ad:0e:17:6f:2c:ac:bd:df:a3:ca:74:
         24:e6:33:87:f9:bc:1d:ee:36:d2:25:a3:f4:2f:4e:7c:a3:74:
         79:40:46:3f:22:a1:8e:e4:8f:96:11:02:cc:71:6e:2b:a1:8c:
         1c:1c:ef:4b:22:d6:b9:f9:f3:13:dc:13:37:a9:fe:37:a5:78:
         35:ae:f2:55:78:aa:a9:7f:71:21:0f:9c:b4:ec:57:a0:15:66:
         ed:90:a5:65:d5:60:03:3d:aa:06:80:51:07:a8:f6:61:54:90:
         2d:32:aa:a5:55:3a:b1:33:24:f3:eb:ce:97:49:0c:46:e3:28:
         22:d8:76:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ+kNn+3WRN/B5u3X1z4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMTAyMTc1NDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Y2NzkzODZkMzVhOGE3Yzc0NTRkMmQ4NGNkMjE5MTNhYjI1ZjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm08dxKThSVtR8HKumFb72TSJZc3r
PtMvCM6Zk94uwXOpWP2bdrJeZaTPJBetgaMNonMQ1EiojFvpE0QbEDgpTMW8kOil
TLmU/7UFxRl5bAzT4ml5/wHwTmKWvYSPQMPFzEHEuZz4LJsNXeUCAVDW7IJBJ8Y5
if43mJYce6CqpukTpCQIclzYzwRGEqDMhIynqnbsI0pPj7KZu62IeP7be9qxHe20
H8jgtU6o9S7AXXfPwK1QFElI2cDkOL7Rw0Z69oRDXmyGwdNZMjUpqPheyqX4Cu7x
K6CMRfGc8iU0xlNYmjZXAiVB/A6ArZXWyRmbz+Fu2+ufGmSF1E0gtMCHXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDP2eThtNainx0VNLYTNIZE6sl+BMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvTV9aNU9HMDFxS2ZIUlUwdGhNMGhrVHF5WDRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCTijQAwQC
WNY0MA0GCSqGSIb3DQEBCwUAA4IBAQBAnmtjHfE83aEJgXRS8nrfLZHW99yJ0tjy
N5cgEc5daZJWX3d+EVRTAFmQisUMcKHRk117qK6BdzizuAfyKbs3kuAavMoFdSCO
pFlQs67PE4x2bnfQYVERWHBJv2pPCmykjo/iTu6EUWDNU/+pjCTuLlE5ZdZ8nkkc
1NePGC+Gq1ZPe+4RrQ4Xbyysvd+jynQk5jOH+bwd7jbSJaP0L058o3R5QEY/IqGO
5I+WEQLMcW4roYwcHO9LIta5+fMT3BM3qf43pXg1rvJVeKqpf3EhD5y07FegFWbt
kKVl1WADPaoGgFEHqPZhVJAtMqqlVTqxMyTz686XSQxG4ygi2HY4
-----END CERTIFICATE-----