Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/d9074d-77dc-49fc-acb3-03d9ba503dc1/1/jzM77P9xsYn5MAVakoO0HLR2EkI.roa
File:                     jzM77P9xsYn5MAVakoO0HLR2EkI.roa (raw, json)
Hash identifier:          h0SxsVCXMkdE1oBd8hWK7t+rP5KlnAbkMvVnkeRV7Cs=
Subject key identifier:   8F:33:3B:EC:FF:71:B1:89:F9:30:05:5A:92:83:B4:1C:B4:76:12:42
Certificate issuer:       /CN=bfac12dab75d9c09f3120179373e995ae3917911
Certificate serial:       01949E4E6A242A8BBDDE209C79BF0D2743EB
Authority key identifier: BF:AC:12:DA:B7:5D:9C:09:F3:12:01:79:37:3E:99:5A:E3:91:79:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v6wS2rddnAnzEgF5Nz6ZWuOReRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/d9074d-77dc-49fc-acb3-03d9ba503dc1/1/jzM77P9xsYn5MAVakoO0HLR2EkI.roa
Signing time:             Sat 25 Jan 2025 16:32:06 +0000
ROA not before:           Sat 25 Jan 2025 16:32:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210801
IP address blocks:        178.212.74.0/24 maxlen: 24
                          2a11:e880:565a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/d9074d-77dc-49fc-acb3-03d9ba503dc1/1/v6wS2rddnAnzEgF5Nz6ZWuOReRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/d9074d-77dc-49fc-acb3-03d9ba503dc1/1/v6wS2rddnAnzEgF5Nz6ZWuOReRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v6wS2rddnAnzEgF5Nz6ZWuOReRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9e:4e:6a:24:2a:8b:bd:de:20:9c:79:bf:0d:27:43:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfac12dab75d9c09f3120179373e995ae3917911
        Validity
            Not Before: Jan 25 16:32:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f333becff71b189f930055a9283b41cb4761242
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ba:8d:2b:54:9b:20:a2:65:d0:1f:67:9f:12:
                    66:ba:aa:67:1d:6c:ca:7b:2b:a8:fe:4a:3c:74:6e:
                    0f:38:f8:72:82:b8:02:ef:d5:99:7d:d0:a6:e8:15:
                    0d:d5:74:c9:d1:b0:ba:92:b7:9c:98:77:89:23:cc:
                    a5:bb:6b:14:cb:16:dc:48:07:af:42:b5:23:c9:3c:
                    3e:ef:10:42:c8:47:be:d2:7a:ca:b7:5a:92:6d:41:
                    f6:e1:82:b3:9c:8a:08:fc:d8:c6:56:c3:cd:c6:d8:
                    24:72:0b:fe:17:01:c4:87:fd:6f:e0:dd:91:02:f5:
                    e9:64:ca:06:0d:a4:0b:54:60:c9:fc:5f:93:07:e9:
                    96:3a:de:1e:9f:ad:4c:75:72:70:50:09:17:00:26:
                    c4:76:a5:dd:e2:48:b9:1e:b6:06:1f:8a:fc:54:e5:
                    49:dd:08:f3:27:bb:a1:8b:f3:83:cf:cb:59:ff:07:
                    fe:f6:d9:66:2a:aa:d1:99:aa:77:70:1f:27:38:ad:
                    e6:27:42:35:9f:5d:7d:66:a1:86:f4:5d:91:87:d0:
                    11:80:7a:40:92:b3:d6:37:ed:42:74:0c:31:82:68:
                    ee:1f:2e:89:9f:0e:80:1c:8a:e1:d7:c1:c2:90:9d:
                    7b:bb:66:c9:8e:50:a9:7d:63:fa:e4:0e:34:f0:a0:
                    ef:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:33:3B:EC:FF:71:B1:89:F9:30:05:5A:92:83:B4:1C:B4:76:12:42
            X509v3 Authority Key Identifier:
                keyid:BF:AC:12:DA:B7:5D:9C:09:F3:12:01:79:37:3E:99:5A:E3:91:79:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v6wS2rddnAnzEgF5Nz6ZWuOReRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/d9074d-77dc-49fc-acb3-03d9ba503dc1/1/jzM77P9xsYn5MAVakoO0HLR2EkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/d9074d-77dc-49fc-acb3-03d9ba503dc1/1/v6wS2rddnAnzEgF5Nz6ZWuOReRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.74.0/24
                IPv6:
                  2a11:e880:565a::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:21:e2:3c:4d:71:cb:18:3d:cc:f7:9c:be:d8:2a:5d:7e:07:
         44:82:8d:58:d8:72:22:1f:cb:9d:30:aa:4f:e2:44:9c:67:c6:
         da:1d:9d:9b:9c:03:39:cd:18:9b:f8:f8:2e:ce:8b:ab:c2:e5:
         9f:17:f7:e8:30:c4:27:22:41:4b:9f:f3:e6:60:f6:21:01:73:
         94:94:ff:82:12:c1:4b:bb:4b:06:8a:9d:db:8a:67:04:be:dc:
         99:c7:5b:b2:2c:b0:30:b5:ef:ba:a7:a0:a1:b4:f6:60:4f:b3:
         78:2c:ec:70:5c:f9:9a:f5:90:26:1c:3d:0a:38:7e:af:71:72:
         97:9d:bc:0b:c7:6b:8a:bc:51:9a:ad:af:dc:6f:d9:88:88:9c:
         8b:02:c5:7c:f6:23:47:23:20:c1:b6:00:e7:ea:5e:07:2a:18:
         36:98:69:de:c0:04:c3:50:92:97:fd:43:92:3a:47:d5:3c:17:
         cf:b5:d9:78:34:1b:1f:94:36:22:ce:5e:f7:97:68:77:30:f7:
         a1:cb:55:7b:46:c7:03:58:53:59:13:c1:12:a8:a9:79:e5:23:
         50:16:fa:d1:85:40:86:86:38:6f:61:98:13:11:d5:55:85:c4:
         ea:9b:c9:84:a0:19:6a:a7:93:bb:0b:12:5b:c1:af:a3:d0:74:
         59:72:5b:00
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZSeTmokKou93iCceb8NJ0PrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYWMxMmRhYjc1ZDljMDlmMzEyMDE3OTM3M2U5OTVhZTM5
MTc5MTEwHhcNMjUwMTI1MTYzMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjMzM2JlY2ZmNzFiMTg5ZjkzMDA1NWE5MjgzYjQxY2I0NzYxMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7qNK1SbIKJl0B9nnxJmuqpnHWzK
eyuo/ko8dG4POPhygrgC79WZfdCm6BUN1XTJ0bC6krecmHeJI8ylu2sUyxbcSAev
QrUjyTw+7xBCyEe+0nrKt1qSbUH24YKznIoI/NjGVsPNxtgkcgv+FwHEh/1v4N2R
AvXpZMoGDaQLVGDJ/F+TB+mWOt4en61MdXJwUAkXACbEdqXd4ki5HrYGH4r8VOVJ
3QjzJ7uhi/ODz8tZ/wf+9tlmKqrRmap3cB8nOK3mJ0I1n119ZqGG9F2Rh9ARgHpA
krPWN+1CdAwxgmjuHy6Jnw6AHIrh18HCkJ17u2bJjlCpfWP65A408KDvbwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI8zO+z/cbGJ+TAFWpKDtBy0dhJCMB8GA1UdIwQY
MBaAFL+sEtq3XZwJ8xIBeTc+mVrjkXkRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjZ3UzJyZGRuQW56RWdGNU56NlpXdU9SZVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9kOTA3NGQtNzdkYy00OWZjLWFjYjMt
MDNkOWJhNTAzZGMxLzEvanpNNzdQOXhzWW41TUFWYWtvTzBITFIyRWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9kOTA3NGQtNzdkYy00OWZjLWFjYjMtMDNkOWJhNTAzZGMx
LzEvdjZ3UzJyZGRuQW56RWdGNU56NlpXdU9SZVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAstRKMA8E
AgACMAkDBwAqEeiAVlowDQYJKoZIhvcNAQELBQADggEBABUh4jxNccsYPcz3nL7Y
Kl1+B0SCjVjYciIfy50wqk/iRJxnxtodnZucAznNGJv4+C7Oi6vC5Z8X9+gwxCci
QUuf8+Zg9iEBc5SU/4ISwUu7SwaKnduKZwS+3JnHW7IssDC177qnoKG09mBPs3gs
7HBc+Zr1kCYcPQo4fq9xcpedvAvHa4q8UZqtr9xv2YiInIsCxXz2I0cjIMG2AOfq
XgcqGDaYad7ABMNQkpf9Q5I6R9U8F8+12Xg0Gx+UNiLOXveXaHcw96HLVXtGxwNY
U1kTwRKoqXnlI1AW+tGFQIaGOG9hmBMR1VWFxOqbyYSgGWqnk7sLElvBr6PQdFly
WwA=
-----END CERTIFICATE-----