Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/07xDYJMQGtX3bu-Gjz3tr03ZptQ.roa
File:                     07xDYJMQGtX3bu-Gjz3tr03ZptQ.roa (raw, json)
Hash identifier:          jRqp8AvSce1M+/uCvyngxO+52T75/mHbap4okJHjsAM=
Subject key identifier:   D3:BC:43:60:93:10:1A:D5:F7:6E:EF:86:8F:3D:ED:AF:4D:D9:A6:D4
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0196C910E7F75F88F71A5827B2E813DB25F0
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/07xDYJMQGtX3bu-Gjz3tr03ZptQ.roa
Signing time:             Tue 13 May 2025 09:54:10 +0000
ROA not before:           Tue 13 May 2025 09:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213438
IP address blocks:        78.142.18.0/24 maxlen: 24
                          79.124.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:10:e7:f7:5f:88:f7:1a:58:27:b2:e8:13:db:25:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: May 13 09:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3bc436093101ad5f76eef868f3dedaf4dd9a6d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:74:52:88:65:1b:65:b2:cb:cd:fc:6d:f3:be:
                    e4:1d:a5:32:84:b2:4e:ed:97:af:2d:2f:67:1c:50:
                    44:df:a8:e3:4e:05:f8:f5:57:67:c9:cf:97:07:ae:
                    0f:51:57:66:cd:c3:e4:b0:21:44:7b:4c:09:d2:c4:
                    eb:36:79:6a:89:28:b4:40:34:71:c2:30:5d:5e:89:
                    0c:83:e9:29:93:27:cd:4e:f5:c7:e4:d5:35:a4:0c:
                    98:04:66:df:83:a8:0e:a8:9c:df:10:10:0d:3e:24:
                    e4:93:ad:f4:51:82:00:1e:83:03:89:e8:ee:2e:2e:
                    0f:23:58:ec:09:c9:a5:8f:2f:ae:11:31:c6:b6:01:
                    3c:db:84:83:8b:ec:70:b2:77:8b:3d:1e:fb:c5:bc:
                    4e:0c:a3:fe:d2:15:a6:68:09:07:21:82:e5:5b:44:
                    dd:a4:df:ad:2a:f4:72:ba:03:f6:4a:95:ec:61:8e:
                    60:3c:83:60:f9:47:5c:73:f9:c2:cc:6b:c7:d0:6e:
                    31:d5:a1:fd:e9:da:02:00:b6:09:28:23:92:ac:85:
                    8d:49:aa:71:b3:f4:31:62:0a:67:d3:4f:e2:92:a8:
                    b2:f5:c3:7b:57:17:39:62:e5:9b:6b:be:44:06:45:
                    3d:b5:87:5a:bc:6e:25:45:b1:23:a4:df:c6:28:59:
                    c8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:BC:43:60:93:10:1A:D5:F7:6E:EF:86:8F:3D:ED:AF:4D:D9:A6:D4
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/07xDYJMQGtX3bu-Gjz3tr03ZptQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.18.0/24
                  79.124.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e6:48:11:28:57:00:41:c9:32:a0:b5:c1:02:ad:c5:09:2d:
         9c:3b:4f:43:c6:66:46:65:c4:f4:c1:7e:9a:6e:4c:8b:6d:6f:
         67:1e:6a:56:7e:7b:9c:a9:f7:1a:75:35:70:76:52:e5:b8:90:
         67:43:8a:5a:22:15:cb:af:7f:ae:47:17:fa:55:56:cb:06:92:
         8e:b3:d9:9c:64:80:3c:3c:cd:b2:5b:fe:1c:90:65:76:e3:5a:
         ca:56:ec:d6:ae:21:64:9b:66:bb:16:d4:ba:37:63:ce:b8:20:
         8f:47:cf:01:29:a4:be:4e:f4:ba:cc:9a:2c:1e:08:85:71:dc:
         c4:fb:0b:62:5a:46:95:43:53:ed:62:65:92:4f:ef:78:c4:b1:
         ba:58:6c:26:a6:6d:f8:9a:9c:87:11:2b:ac:5a:65:b9:62:d7:
         9b:55:6a:70:a3:f1:b4:9e:c1:2b:55:fa:5c:83:61:f5:47:51:
         6c:2f:de:0f:fe:c4:21:9b:0f:94:fa:4d:31:ef:07:71:a2:e9:
         0d:1b:3d:ff:c9:ee:17:f8:70:a0:0f:80:47:b1:ef:42:e5:02:
         69:25:28:48:7b:43:bb:02:be:ff:c0:94:6d:c4:b4:26:a9:dd:
         6b:68:8f:fa:e0:b4:0c:90:ff:a3:b3:ea:c4:83:54:a6:e1:ca:
         f9:dc:93:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbJEOf3X4j3GlgnsugT2yXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwNTEzMDk1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2JjNDM2MDkzMTAxYWQ1Zjc2ZWVmODY4ZjNkZWRhZjRkZDlhNmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXRSiGUbZbLLzfxt877kHaUyhLJO
7ZevLS9nHFBE36jjTgX49Vdnyc+XB64PUVdmzcPksCFEe0wJ0sTrNnlqiSi0QDRx
wjBdXokMg+kpkyfNTvXH5NU1pAyYBGbfg6gOqJzfEBANPiTkk630UYIAHoMDieju
Li4PI1jsCcmljy+uETHGtgE824SDi+xwsneLPR77xbxODKP+0hWmaAkHIYLlW0Td
pN+tKvRyugP2SpXsYY5gPINg+Udcc/nCzGvH0G4x1aH96doCALYJKCOSrIWNSapx
s/QxYgpn00/ikqiy9cN7Vxc5YuWba75EBkU9tYdavG4lRbEjpN/GKFnIAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNO8Q2CTEBrV927vho897a9N2abUMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvMDd4RFlKTVFHdFgzYnUtR2p6M3RyMDNacHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATo4SAwQA
T3wIMA0GCSqGSIb3DQEBCwUAA4IBAQAS5kgRKFcAQckyoLXBAq3FCS2cO09DxmZG
ZcT0wX6abkyLbW9nHmpWfnucqfcadTVwdlLluJBnQ4paIhXLr3+uRxf6VVbLBpKO
s9mcZIA8PM2yW/4ckGV241rKVuzWriFkm2a7FtS6N2POuCCPR88BKaS+TvS6zJos
HgiFcdzE+wtiWkaVQ1PtYmWST+94xLG6WGwmpm34mpyHESusWmW5YtebVWpwo/G0
nsErVfpcg2H1R1FsL94P/sQhmw+U+k0x7wdxoukNGz3/ye4X+HCgD4BHse9C5QJp
JShIe0O7Ar7/wJRtxLQmqd1raI/64LQMkP+js+rEg1Sm4cr53JNv
-----END CERTIFICATE-----