Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_wSwn5NFRi2a2k7jocpdxb1rtF8.roa
File:                     _wSwn5NFRi2a2k7jocpdxb1rtF8.roa (raw, json)
Hash identifier:          203hVT8qEj9PzrZs/g+KWmNJgmMT9Oz2QvIV6iH9dN4=
Subject key identifier:   FF:04:B0:9F:93:45:46:2D:9A:DA:4E:E3:A1:CA:5D:C5:BD:6B:B4:5F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0196F3D48911A7C595DAA83BAFBBFA33836D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_wSwn5NFRi2a2k7jocpdxb1rtF8.roa
Signing time:             Wed 21 May 2025 17:11:54 +0000
ROA not before:           Wed 21 May 2025 17:11:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153393
IP address blocks:        185.223.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 21:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:d4:89:11:a7:c5:95:da:a8:3b:af:bb:fa:33:83:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May 21 17:11:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff04b09f9345462d9ada4ee3a1ca5dc5bd6bb45f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:85:b1:e1:e6:88:36:ac:09:e6:c8:41:3d:93:
                    8e:c7:c0:4e:4d:29:94:e5:6a:8d:97:15:e7:74:3b:
                    97:48:7a:66:07:1b:16:a4:18:16:09:ea:31:f1:16:
                    9d:99:37:3c:78:52:cb:45:96:b1:0e:1b:aa:de:3b:
                    ba:2e:a6:f4:ee:5e:55:7c:8c:cd:2c:9c:d5:87:41:
                    d0:ee:49:a8:dd:f3:98:74:8e:a3:79:04:c9:d3:45:
                    17:a3:80:a7:4a:4d:8d:9e:06:72:15:52:0a:82:8e:
                    fe:bd:b6:2d:17:f4:b2:a6:ba:b2:70:fa:f0:c9:c7:
                    82:bd:21:47:c2:7b:09:76:25:52:c7:47:c0:21:2b:
                    12:7b:cb:10:4b:fb:d6:53:c6:33:b5:31:c6:1e:8c:
                    7d:44:8d:e1:b2:64:f6:f8:13:6e:f8:48:ea:2f:aa:
                    40:f5:30:7f:e6:20:d1:53:04:62:21:fa:9f:5b:9b:
                    fc:6b:57:70:b4:df:52:80:af:fd:5f:a8:a3:d8:a6:
                    1b:0d:7f:6e:0c:ea:ec:88:0f:57:c9:54:82:dd:0c:
                    50:0d:e7:3e:9e:63:92:94:2a:c8:ab:bb:50:f0:6e:
                    45:27:af:e7:e1:5f:ad:2c:d8:a9:df:d3:1d:5f:70:
                    30:5f:12:73:84:4f:9b:c1:08:cf:a3:97:4d:13:78:
                    cc:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:04:B0:9F:93:45:46:2D:9A:DA:4E:E3:A1:CA:5D:C5:BD:6B:B4:5F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_wSwn5NFRi2a2k7jocpdxb1rtF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:63:13:57:7b:d6:49:e7:b0:88:bf:2c:82:3a:ff:a0:77:aa:
         6d:d8:40:81:fa:b2:56:92:ed:84:8f:33:81:e1:4c:eb:2d:b4:
         87:27:42:a7:97:33:78:78:e6:07:c2:93:7d:b7:07:11:12:1e:
         1e:c7:e4:0b:8a:ee:84:06:a8:27:2a:19:69:28:73:a2:ee:7b:
         79:79:e1:35:09:31:1f:10:16:47:7b:7a:9e:e7:75:8f:1d:55:
         be:3d:ef:f9:52:2b:30:be:8c:69:e1:1b:f1:f4:a0:84:9d:32:
         d5:12:2a:b8:2a:9b:b3:ca:14:13:84:6b:e0:79:9a:8d:00:f4:
         f4:ed:a0:2d:3f:d5:d1:75:2a:42:da:f5:dd:44:70:17:8d:77:
         3f:db:a5:d0:48:e6:c3:21:9f:3a:5b:b4:29:10:7b:04:6b:11:
         96:9c:ea:9c:34:97:b9:d5:56:d9:24:5b:85:bc:15:43:ea:54:
         88:1d:9a:b9:ac:44:9f:16:d3:f6:68:c9:66:a6:52:3f:5c:89:
         11:c0:33:14:4a:12:0e:9d:7c:98:36:48:f3:68:fd:ac:d2:7e:
         a4:8e:8d:db:2c:39:5e:36:56:4b:93:09:41:77:cf:8c:bf:8e:
         39:88:7c:71:3d:c6:4a:b1:6c:5f:e5:6f:58:6e:18:07:10:3a:
         47:25:73:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbz1IkRp8WV2qg7r7v6M4NtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNTIxMTcxMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjA0YjA5ZjkzNDU0NjJkOWFkYTRlZTNhMWNhNWRjNWJkNmJiNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYWx4eaINqwJ5shBPZOOx8BOTSmU
5WqNlxXndDuXSHpmBxsWpBgWCeox8RadmTc8eFLLRZaxDhuq3ju6Lqb07l5VfIzN
LJzVh0HQ7kmo3fOYdI6jeQTJ00UXo4CnSk2NngZyFVIKgo7+vbYtF/SyprqycPrw
yceCvSFHwnsJdiVSx0fAISsSe8sQS/vWU8YztTHGHox9RI3hsmT2+BNu+EjqL6pA
9TB/5iDRUwRiIfqfW5v8a1dwtN9SgK/9X6ij2KYbDX9uDOrsiA9XyVSC3QxQDec+
nmOSlCrIq7tQ8G5FJ6/n4V+tLNip39MdX3AwXxJzhE+bwQjPo5dNE3jMtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8EsJ+TRUYtmtpO46HKXcW9a7RfMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvX3dTd241TkZSaTJhMms3am9jcGR4YjFydEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud9OMA0G
CSqGSIb3DQEBCwUAA4IBAQBRYxNXe9ZJ57CIvyyCOv+gd6pt2ECB+rJWku2EjzOB
4UzrLbSHJ0KnlzN4eOYHwpN9twcREh4ex+QLiu6EBqgnKhlpKHOi7nt5eeE1CTEf
EBZHe3qe53WPHVW+Pe/5Uiswvoxp4Rvx9KCEnTLVEiq4KpuzyhQThGvgeZqNAPT0
7aAtP9XRdSpC2vXdRHAXjXc/26XQSObDIZ86W7QpEHsEaxGWnOqcNJe51VbZJFuF
vBVD6lSIHZq5rESfFtP2aMlmplI/XIkRwDMUShIOnXyYNkjzaP2s0n6kjo3bLDle
NlZLkwlBd8+Mv445iHxxPcZKsWxf5W9YbhgHEDpHJXPt
-----END CERTIFICATE-----