Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/cri3ULh6Rj8r6ZDUmdSIkYBmP1o.roa
File:                     cri3ULh6Rj8r6ZDUmdSIkYBmP1o.roa (raw, json)
Hash identifier:          Lisc7jMorS/4tIMBDxqrdkl7lwX530FUMpT0ozDszqE=
Subject key identifier:   72:B8:B7:50:B8:7A:46:3F:2B:E9:90:D4:99:D4:88:91:80:66:3F:5A
Certificate issuer:       /CN=4c101ff51b67eefe0d67800e76d3606df4c94721
Certificate serial:       019423D7D32592D99CFEF7419206F76E0D96
Authority key identifier: 4C:10:1F:F5:1B:67:EE:FE:0D:67:80:0E:76:D3:60:6D:F4:C9:47:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/cri3ULh6Rj8r6ZDUmdSIkYBmP1o.roa
Signing time:             Wed 01 Jan 2025 21:48:54 +0000
ROA not before:           Wed 01 Jan 2025 21:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215447
IP address blocks:        78.110.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 20:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:d3:25:92:d9:9c:fe:f7:41:92:06:f7:6e:0d:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c101ff51b67eefe0d67800e76d3606df4c94721
        Validity
            Not Before: Jan  1 21:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72b8b750b87a463f2be990d499d4889180663f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:99:7f:96:10:0f:a5:c6:7c:be:2b:06:8f:c0:
                    32:40:af:8c:8c:c5:26:99:eb:d6:e3:b4:79:2e:b3:
                    96:27:2e:98:a9:38:cc:15:4a:e9:6a:80:16:bc:76:
                    c0:9b:ba:71:51:a6:20:8d:51:67:73:d5:de:d3:4f:
                    a1:c4:f3:80:76:a7:81:a1:83:88:68:ae:4d:22:67:
                    0c:42:cc:4c:00:fd:28:d0:bb:1b:29:bd:8e:8f:b8:
                    25:4d:a5:63:82:35:81:6e:fa:93:09:72:ee:21:9f:
                    c8:19:e4:b8:1a:34:e2:45:50:95:2b:bc:da:d4:ef:
                    af:62:50:db:b9:9e:6c:7e:77:b8:51:d2:5c:51:b8:
                    a7:ef:f9:86:37:81:be:65:cf:0d:eb:50:72:4e:0e:
                    71:49:97:c2:06:1d:25:7f:99:34:3d:8b:99:5e:b2:
                    2e:fd:97:cf:68:85:d6:9e:5d:55:67:37:1f:69:b3:
                    21:29:ae:06:0b:09:c3:ec:df:95:26:bb:87:84:d4:
                    79:e5:48:ba:0c:18:a9:a2:ce:0e:81:3e:60:a3:cb:
                    a2:b8:e3:a3:27:f1:a9:d0:06:f4:4e:6e:1c:4c:80:
                    f6:02:e7:86:c6:98:97:b4:73:d6:3e:ac:84:06:f6:
                    27:05:4e:02:6f:0a:fc:cb:54:5c:ce:52:01:0e:d4:
                    0b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B8:B7:50:B8:7A:46:3F:2B:E9:90:D4:99:D4:88:91:80:66:3F:5A
            X509v3 Authority Key Identifier:
                keyid:4C:10:1F:F5:1B:67:EE:FE:0D:67:80:0E:76:D3:60:6D:F4:C9:47:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/cri3ULh6Rj8r6ZDUmdSIkYBmP1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/59dcbd-78bf-48ed-954d-ccaa6eb3c513/1/TBAf9Rtn7v4NZ4AOdtNgbfTJRyE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:bf:01:80:27:f9:fc:f3:e9:10:41:5b:1e:14:e9:87:ca:a7:
         96:6e:4b:73:73:2b:a1:22:a5:53:09:b2:b8:1e:1c:9a:17:d4:
         2e:57:f9:af:14:68:1e:92:7e:2f:a9:61:e7:a0:d0:49:f0:c3:
         3f:ce:2d:be:f7:b2:8e:ac:69:e8:4f:d4:dc:75:7e:c3:97:04:
         4a:5e:47:d5:28:95:4e:9e:2d:d8:db:cc:db:44:0f:f1:9d:ae:
         d9:33:1e:cc:56:d9:37:96:e3:c3:2e:f9:8e:94:86:76:b4:ae:
         26:e8:69:7b:84:85:87:41:9f:6b:7f:f1:a0:e8:c4:25:df:63:
         0f:a9:ba:86:62:ac:56:8f:9b:3f:0b:0c:9b:d8:61:98:89:03:
         97:b3:97:d7:eb:42:0e:e2:3e:e4:d5:18:a8:f7:3c:e1:47:95:
         a2:27:4e:1f:77:31:d9:79:fd:a2:78:c9:58:e5:4e:b7:ad:aa:
         c9:8d:d2:46:6b:f1:2d:3c:05:a2:fc:fe:b6:ad:82:f2:91:33:
         64:17:4f:e1:1c:c5:97:c7:19:20:d8:35:31:40:f7:cc:4e:c0:
         50:f9:2f:f7:62:99:61:3f:cd:66:0c:a2:4e:5e:6b:60:96:22:
         de:56:73:36:60:2f:b6:f2:f0:e3:e3:88:c0:7b:4a:e6:fb:8f:
         09:8f:05:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj19Mlktmc/vdBkgb3bg2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMTAxZmY1MWI2N2VlZmUwZDY3ODAwZTc2ZDM2MDZkZjRj
OTQ3MjEwHhcNMjUwMTAxMjE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmI4Yjc1MGI4N2E0NjNmMmJlOTkwZDQ5OWQ0ODg5MTgwNjYzZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Jl/lhAPpcZ8visGj8AyQK+MjMUm
mevW47R5LrOWJy6YqTjMFUrpaoAWvHbAm7pxUaYgjVFnc9Xe00+hxPOAdqeBoYOI
aK5NImcMQsxMAP0o0LsbKb2Oj7glTaVjgjWBbvqTCXLuIZ/IGeS4GjTiRVCVK7za
1O+vYlDbuZ5sfne4UdJcUbin7/mGN4G+Zc8N61ByTg5xSZfCBh0lf5k0PYuZXrIu
/ZfPaIXWnl1VZzcfabMhKa4GCwnD7N+VJruHhNR55Ui6DBipos4OgT5go8uiuOOj
J/Gp0Ab0Tm4cTID2AueGxpiXtHPWPqyEBvYnBU4Cbwr8y1RczlIBDtQLzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHK4t1C4ekY/K+mQ1JnUiJGAZj9aMB8GA1UdIwQY
MBaAFEwQH/UbZ+7+DWeADnbTYG30yUchMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJBZjlSdG43djROWjRBT2R0TmdiZlRKUnlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC81OWRjYmQtNzhiZi00OGVkLTk1NGQt
Y2NhYTZlYjNjNTEzLzEvY3JpM1VMaDZSajhyNlpEVW1kU0lrWUJtUDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC81OWRjYmQtNzhiZi00OGVkLTk1NGQtY2NhYTZlYjNjNTEz
LzEvVEJBZjlSdG43djROWjRBT2R0TmdiZlRKUnlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATm4jMA0G
CSqGSIb3DQEBCwUAA4IBAQBfvwGAJ/n88+kQQVseFOmHyqeWbktzcyuhIqVTCbK4
HhyaF9QuV/mvFGgekn4vqWHnoNBJ8MM/zi2+97KOrGnoT9TcdX7DlwRKXkfVKJVO
ni3Y28zbRA/xna7ZMx7MVtk3luPDLvmOlIZ2tK4m6Gl7hIWHQZ9rf/Gg6MQl32MP
qbqGYqxWj5s/Cwyb2GGYiQOXs5fX60IO4j7k1Rio9zzhR5WiJ04fdzHZef2ieMlY
5U63rarJjdJGa/EtPAWi/P62rYLykTNkF0/hHMWXxxkg2DUxQPfMTsBQ+S/3Yplh
P81mDKJOXmtgliLeVnM2YC+28vDj44jAe0rm+48JjwUJ
-----END CERTIFICATE-----