Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/0vPCI0iEDukSsU1VER-PQ1DOh0o.roa
File:                     0vPCI0iEDukSsU1VER-PQ1DOh0o.roa (raw, json)
Hash identifier:          dfiNSm7LJQc9sBC4lYeDzdrfWZ6IVRt89m7i1RxnTHU=
Subject key identifier:   D2:F3:C2:23:48:84:0E:E9:12:B1:4D:55:11:1F:8F:43:50:CE:87:4A
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019428242D7F2CB969F689E0AEDAE5214F74
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/0vPCI0iEDukSsU1VER-PQ1DOh0o.roa
Signing time:             Thu 02 Jan 2025 17:50:47 +0000
ROA not before:           Thu 02 Jan 2025 17:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214032
IP address blocks:        78.128.119.0/24 maxlen: 24
                          2a01:8740:20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:2d:7f:2c:b9:69:f6:89:e0:ae:da:e5:21:4f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2f3c22348840ee912b14d55111f8f4350ce874a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:de:32:50:ba:6d:76:28:58:1d:78:2d:3b:c7:
                    a8:ce:0e:64:6c:3b:2d:0c:9a:75:37:31:a5:90:b3:
                    65:07:64:32:98:3d:76:d5:f6:90:f7:66:4c:29:d3:
                    6e:23:95:a7:ea:92:d0:ec:c2:0c:e1:02:05:07:ad:
                    a3:ba:24:13:a8:55:04:bc:54:f0:70:6c:df:73:a9:
                    0e:af:a8:0b:93:33:64:d1:5e:fe:c5:fd:19:0b:d7:
                    25:79:78:1f:13:02:aa:be:17:71:c8:ee:f0:17:e8:
                    50:40:44:86:a7:1a:a0:f7:bb:67:d8:26:cf:29:36:
                    8f:d1:4c:34:e3:fc:e1:cd:2c:cf:6f:a6:f6:3f:60:
                    19:c6:8b:3c:f6:27:f3:ec:e9:17:97:26:01:b6:d7:
                    04:15:fe:a9:dd:ad:ac:f1:57:dd:b4:24:63:c7:45:
                    9d:9c:cf:bd:0c:d9:f7:0b:7a:bc:d1:bb:af:05:fb:
                    be:72:8c:05:6b:71:83:ac:18:8b:2d:e4:01:38:e0:
                    87:8a:c0:5d:9c:48:95:0f:bc:cd:79:7b:24:f3:68:
                    2d:80:30:3d:e1:ef:c7:85:00:0b:55:8f:04:11:25:
                    eb:22:07:17:bd:61:c4:58:3b:8b:91:67:23:6c:51:
                    c7:ac:94:08:7e:22:a7:7c:94:aa:06:e3:ba:be:8a:
                    0e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:F3:C2:23:48:84:0E:E9:12:B1:4D:55:11:1F:8F:43:50:CE:87:4A
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/0vPCI0iEDukSsU1VER-PQ1DOh0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.119.0/24
                IPv6:
                  2a01:8740:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:dc:a8:a0:51:93:f4:90:e8:9b:f0:af:b9:5f:99:0d:c8:c1:
         23:92:a7:26:3d:00:ed:bf:50:17:1b:07:e6:0a:e2:56:8c:9f:
         cb:e7:7a:c3:69:e8:2b:db:65:1a:e2:6e:16:82:1f:5a:a2:31:
         52:89:2b:f4:fd:91:a5:f7:a8:35:70:a3:b5:cf:7a:8e:50:29:
         35:bb:ab:14:f0:58:9b:f1:81:8e:bb:c7:20:da:a1:d8:e7:98:
         cb:6d:e2:98:9b:7b:d3:b3:d7:94:f5:44:6e:91:45:1b:d0:6e:
         ce:72:65:3f:ed:f2:89:9f:64:63:10:e6:b1:66:95:3a:5d:e0:
         3e:cb:71:2e:8d:c0:f8:d4:b3:89:a9:cc:59:96:e1:81:22:71:
         cb:3e:77:31:46:0c:f7:39:e2:6c:ed:02:d6:56:c8:30:fe:0f:
         7d:da:ba:59:ee:af:33:14:fd:d6:46:c0:e9:fc:71:f7:49:59:
         72:39:87:fa:cd:6b:c1:c1:8b:8c:8b:e0:84:08:55:95:9e:d4:
         f8:3d:c8:5d:9b:6b:e7:c9:24:11:cc:51:b2:f4:0e:4f:58:b3:
         67:c1:ab:87:af:b9:0f:04:9d:aa:c4:5b:93:47:b6:03:e3:3a:
         85:38:82:74:31:e5:3e:6d:e5:be:a5:14:69:fb:10:47:7d:92:
         f4:7a:ce:58
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoJC1/LLlp9ongrtrlIU90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmYzYzIyMzQ4ODQwZWU5MTJiMTRkNTUxMTFmOGY0MzUwY2U4NzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAud4yULptdihYHXgtO8eozg5kbDst
DJp1NzGlkLNlB2QymD121faQ92ZMKdNuI5Wn6pLQ7MIM4QIFB62juiQTqFUEvFTw
cGzfc6kOr6gLkzNk0V7+xf0ZC9cleXgfEwKqvhdxyO7wF+hQQESGpxqg97tn2CbP
KTaP0Uw04/zhzSzPb6b2P2AZxos89ifz7OkXlyYBttcEFf6p3a2s8VfdtCRjx0Wd
nM+9DNn3C3q80buvBfu+cowFa3GDrBiLLeQBOOCHisBdnEiVD7zNeXsk82gtgDA9
4e/HhQALVY8EESXrIgcXvWHEWDuLkWcjbFHHrJQIfiKnfJSqBuO6vooOIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNLzwiNIhA7pErFNVREfj0NQzodKMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvMHZQQ0kwaUVEdWtTc1UxVkVSLVBRMURPaDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAToB3MA8E
AgACMAkDBwAqAYdAACAwDQYJKoZIhvcNAQELBQADggEBAB/cqKBRk/SQ6Jvwr7lf
mQ3IwSOSpyY9AO2/UBcbB+YK4laMn8vnesNp6CvbZRribhaCH1qiMVKJK/T9kaX3
qDVwo7XPeo5QKTW7qxTwWJvxgY67xyDaodjnmMtt4pibe9Oz15T1RG6RRRvQbs5y
ZT/t8omfZGMQ5rFmlTpd4D7LcS6NwPjUs4mpzFmW4YEiccs+dzFGDPc54mztAtZW
yDD+D33aulnurzMU/dZGwOn8cfdJWXI5h/rNa8HBi4yL4IQIVZWe1Pg9yF2ba+fJ
JBHMUbL0Dk9Ys2fBq4evuQ8EnarEW5NHtgPjOoU4gnQx5T5t5b6lFGn7EEd9kvR6
zlg=
-----END CERTIFICATE-----