Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/kT72_rs6FeeCr3dDSGrEzG7Qc-Y.roa
File:                     kT72_rs6FeeCr3dDSGrEzG7Qc-Y.roa (raw, json)
Hash identifier:          aU4YilQ/j5WNVY1Q5u9ZzL1FCZbvOH4ANv0D/Jw9+To=
Subject key identifier:   91:3E:F6:FE:BB:3A:15:E7:82:AF:77:43:48:6A:C4:CC:6E:D0:73:E6
Certificate issuer:       /CN=80c028ad0e60d7ea8914b13c3a53d8f089160315
Certificate serial:       019421B24795475D93A64D305EA7B42F37C5
Authority key identifier: 80:C0:28:AD:0E:60:D7:EA:89:14:B1:3C:3A:53:D8:F0:89:16:03:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gMAorQ5g1-qJFLE8OlPY8IkWAxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/kT72_rs6FeeCr3dDSGrEzG7Qc-Y.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39745
IP address blocks:        195.60.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/gMAorQ5g1-qJFLE8OlPY8IkWAxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/gMAorQ5g1-qJFLE8OlPY8IkWAxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gMAorQ5g1-qJFLE8OlPY8IkWAxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:47:95:47:5d:93:a6:4d:30:5e:a7:b4:2f:37:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80c028ad0e60d7ea8914b13c3a53d8f089160315
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=913ef6febb3a15e782af7743486ac4cc6ed073e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:94:76:74:dc:0e:66:ea:53:03:48:9a:4d:16:
                    d3:d8:10:a1:6d:65:08:37:5e:77:9f:eb:7e:82:53:
                    1c:60:bd:a2:a5:f5:65:31:1e:7c:94:72:a8:cc:08:
                    0c:58:77:64:29:b4:8f:48:d2:0f:98:b5:17:9f:6d:
                    cd:af:15:08:6c:01:b5:9e:c2:59:cc:31:7d:3f:4d:
                    e5:df:7e:2a:70:f9:23:5e:30:a8:a3:e4:ad:4d:3a:
                    e2:10:e1:cf:fd:02:a9:58:d7:fd:34:a1:cc:58:fc:
                    78:f2:f5:6d:12:29:c6:e2:62:1e:57:4b:54:17:69:
                    84:9d:51:8d:0f:73:c0:13:0d:d3:10:08:4e:5a:df:
                    4b:c2:e6:24:81:54:26:90:f0:76:6d:b2:94:d0:ce:
                    8f:59:f4:e0:cf:fb:09:bd:13:27:97:75:82:0f:60:
                    dd:70:1b:38:a3:51:e2:33:0c:bf:d6:7a:7c:a1:a7:
                    bd:b4:70:91:51:d4:a8:04:db:6c:cb:ce:75:09:95:
                    60:87:53:c6:9d:fb:88:07:44:ff:64:90:32:0c:e7:
                    39:8f:ce:10:b6:4d:af:52:0b:22:51:8c:b6:98:89:
                    f8:4a:84:8f:c7:46:57:4a:61:13:92:71:2b:ca:83:
                    36:b3:86:73:f8:f3:48:c9:d8:0f:8b:cf:8f:b6:7c:
                    6a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:3E:F6:FE:BB:3A:15:E7:82:AF:77:43:48:6A:C4:CC:6E:D0:73:E6
            X509v3 Authority Key Identifier:
                keyid:80:C0:28:AD:0E:60:D7:EA:89:14:B1:3C:3A:53:D8:F0:89:16:03:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gMAorQ5g1-qJFLE8OlPY8IkWAxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/kT72_rs6FeeCr3dDSGrEzG7Qc-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b5ff66-807d-4bf1-abe9-a3b4c900241f/1/gMAorQ5g1-qJFLE8OlPY8IkWAxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.60.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:87:74:8c:2c:9f:ee:28:41:3f:49:7a:a0:a5:90:48:a6:0e:
         ba:8f:2f:70:de:43:b6:f3:fd:42:01:b0:d9:66:92:14:d3:9f:
         1f:98:f1:c6:8b:f3:fa:59:81:20:2d:2c:6d:27:9e:e7:8f:a2:
         b6:5f:df:18:76:3b:7d:a3:65:41:7b:52:9f:23:10:01:52:86:
         b8:74:24:dc:03:75:b5:6d:f6:1a:ed:c9:f9:59:89:b4:da:9f:
         e1:15:4c:62:9e:42:98:5e:7a:dd:8a:3d:92:b4:1e:65:17:dd:
         b3:55:cf:8a:31:6b:a3:52:66:d8:44:06:22:70:6e:b3:0d:d9:
         90:b0:0f:3d:60:64:77:a1:2e:40:d4:b3:d2:48:52:97:31:e5:
         46:5c:b9:f4:a9:54:5e:e1:38:74:02:c1:66:85:79:de:44:81:
         38:18:72:e8:38:50:de:44:7d:1f:9f:73:a8:54:3f:ef:6a:4d:
         b9:66:1e:cd:c7:34:d1:78:3a:22:fb:c8:39:4e:2d:e6:5e:86:
         5d:d6:1a:2e:8f:be:0a:24:c6:14:0c:64:e4:79:62:bf:10:97:
         75:30:6f:23:d6:2c:83:a9:48:ee:34:d3:1d:bf:5a:98:53:ec:
         96:70:b4:df:e4:e8:7d:74:9c:7c:07:83:77:14:bf:33:a3:8c:
         dc:f9:6d:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskeVR12Tpk0wXqe0LzfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYzAyOGFkMGU2MGQ3ZWE4OTE0YjEzYzNhNTNkOGYwODkx
NjAzMTUwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTNlZjZmZWJiM2ExNWU3ODJhZjc3NDM0ODZhYzRjYzZlZDA3M2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5R2dNwOZupTA0iaTRbT2BChbWUI
N153n+t+glMcYL2ipfVlMR58lHKozAgMWHdkKbSPSNIPmLUXn23NrxUIbAG1nsJZ
zDF9P03l334qcPkjXjCoo+StTTriEOHP/QKpWNf9NKHMWPx48vVtEinG4mIeV0tU
F2mEnVGND3PAEw3TEAhOWt9LwuYkgVQmkPB2bbKU0M6PWfTgz/sJvRMnl3WCD2Dd
cBs4o1HiMwy/1np8oae9tHCRUdSoBNtsy851CZVgh1PGnfuIB0T/ZJAyDOc5j84Q
tk2vUgsiUYy2mIn4SoSPx0ZXSmETknEryoM2s4Zz+PNIydgPi8+PtnxqhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJE+9v67OhXngq93Q0hqxMxu0HPmMB8GA1UdIwQY
MBaAFIDAKK0OYNfqiRSxPDpT2PCJFgMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ01Bb3JRNWcxLXFKRkxFOE9sUFk4SWtXQXhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iNWZmNjYtODA3ZC00YmYxLWFiZTkt
YTNiNGM5MDAyNDFmLzEva1Q3Ml9yczZGZWVDcjNkRFNHckV6RzdRYy1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iNWZmNjYtODA3ZC00YmYxLWFiZTktYTNiNGM5MDAyNDFm
LzEvZ01Bb3JRNWcxLXFKRkxFOE9sUFk4SWtXQXhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzxOMA0G
CSqGSIb3DQEBCwUAA4IBAQByh3SMLJ/uKEE/SXqgpZBIpg66jy9w3kO28/1CAbDZ
ZpIU058fmPHGi/P6WYEgLSxtJ57nj6K2X98Ydjt9o2VBe1KfIxABUoa4dCTcA3W1
bfYa7cn5WYm02p/hFUxinkKYXnrdij2StB5lF92zVc+KMWujUmbYRAYicG6zDdmQ
sA89YGR3oS5A1LPSSFKXMeVGXLn0qVRe4Th0AsFmhXneRIE4GHLoOFDeRH0fn3Oo
VD/vak25Zh7NxzTReDoi+8g5Ti3mXoZd1houj74KJMYUDGTkeWK/EJd1MG8j1iyD
qUjuNNMdv1qYU+yWcLTf5Oh9dJx8B4N3FL8zo4zc+W3P
-----END CERTIFICATE-----