Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PrHO2P-G7v9kEKI4VdM8hL3HB9E.roa
File:                     PrHO2P-G7v9kEKI4VdM8hL3HB9E.roa (raw, json)
Hash identifier:          SwaThvuHw0gUsUVw2G1QyV/L27owruaGquiTfDkXeDI=
Subject key identifier:   3E:B1:CE:D8:FF:86:EE:FF:64:10:A2:38:55:D3:3C:84:BD:C7:07:D1
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64BE06A54DE24125A354D89806D42D
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PrHO2P-G7v9kEKI4VdM8hL3HB9E.roa
Signing time:             Thu 09 Jan 2025 09:28:23 +0000
ROA not before:           Thu 09 Jan 2025 09:28:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202325
IP address blocks:        78.128.112.0/24 maxlen: 24
                          83.222.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:be:06:a5:4d:e2:41:25:a3:54:d8:98:06:d4:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eb1ced8ff86eeff6410a23855d33c84bdc707d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:34:53:c5:4d:f4:ae:3d:bc:b9:8f:eb:26:38:
                    01:c7:f1:7b:3f:7a:53:41:b9:90:c5:e9:97:4e:cc:
                    22:e7:ad:11:39:af:df:02:3a:db:6f:a3:df:17:43:
                    90:00:2b:21:42:18:81:78:01:37:b7:20:67:a7:d9:
                    38:8f:6c:ae:ea:31:f2:7c:3e:1d:6b:e7:68:36:5d:
                    a5:da:44:a5:80:24:31:d9:a4:a8:bd:70:80:1f:bb:
                    fe:33:1b:b3:db:57:a2:54:42:a6:4f:11:52:61:13:
                    42:37:6f:a1:b1:fe:f9:c7:8b:36:aa:cc:a1:a5:c1:
                    dc:94:45:99:51:e4:8d:3b:f1:b0:96:cb:1e:39:66:
                    6c:7b:44:d6:91:ca:c3:cd:92:3a:48:a0:e8:3e:95:
                    e8:98:cf:f8:d3:01:7c:8e:f2:cc:70:d6:9f:5e:2f:
                    45:75:7b:5f:c4:1e:3d:19:49:02:d7:28:de:2c:6e:
                    a2:f4:e8:8e:53:25:c9:39:28:9e:57:27:94:37:1a:
                    41:87:40:f1:4f:8f:11:d5:d7:f1:ac:41:7d:01:bb:
                    ba:0d:77:03:2a:3b:33:3d:e2:19:58:0c:62:06:5f:
                    00:c6:34:95:e4:0a:7d:32:1f:df:52:b9:86:51:ae:
                    f8:d7:ba:ef:86:10:ee:ac:18:a3:1d:5d:08:ed:79:
                    e1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B1:CE:D8:FF:86:EE:FF:64:10:A2:38:55:D3:3C:84:BD:C7:07:D1
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/PrHO2P-G7v9kEKI4VdM8hL3HB9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.112.0/24
                  83.222.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:89:13:1e:54:d7:f0:48:15:d9:56:9a:3f:fc:dd:f5:80:34:
         d6:c8:ee:ee:3d:ff:78:b7:19:b9:d3:d3:18:78:88:14:7d:66:
         dc:7b:48:2d:4e:a9:d1:45:a2:f2:d6:97:1d:6c:4a:89:c5:9a:
         98:8e:cf:5b:84:23:c9:f6:ad:dd:1e:2d:63:a3:9d:a8:ff:75:
         30:cd:0f:ce:45:99:cf:f5:27:1c:3a:41:86:7a:9c:68:a5:38:
         a9:1a:2b:f6:a9:25:20:78:40:29:1d:3f:23:6f:e3:15:29:29:
         62:f6:8c:aa:68:b9:b7:8f:d5:aa:c6:9d:0e:f1:03:91:c0:86:
         9b:bf:10:60:8e:52:73:97:ca:48:58:df:d6:19:af:4d:45:03:
         1e:26:a8:7e:3e:b5:4b:76:24:86:ab:99:cf:cd:87:df:3d:bc:
         2e:f2:08:d5:7f:0b:c2:ea:4b:61:67:76:65:90:0a:25:62:d8:
         08:27:10:5c:02:c5:7a:fe:6c:2a:52:fb:18:0b:1f:c9:fd:b4:
         3a:66:3c:90:f9:e9:08:85:2c:9a:7d:35:62:13:a9:64:12:99:
         dc:b9:da:30:2e:aa:75:ca:8b:d5:04:6e:c8:d9:b5:97:5e:b3:
         4d:db:91:69:2c:5e:c4:08:fb:77:b8:6d:95:57:bd:37:60:fe:
         47:b4:80:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRKZL4GpU3iQSWjVNiYBtQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWIxY2VkOGZmODZlZWZmNjQxMGEyMzg1NWQzM2M4NGJkYzcwN2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TRTxU30rj28uY/rJjgBx/F7P3pT
QbmQxemXTswi560ROa/fAjrbb6PfF0OQACshQhiBeAE3tyBnp9k4j2yu6jHyfD4d
a+doNl2l2kSlgCQx2aSovXCAH7v+Mxuz21eiVEKmTxFSYRNCN2+hsf75x4s2qsyh
pcHclEWZUeSNO/GwlsseOWZse0TWkcrDzZI6SKDoPpXomM/40wF8jvLMcNafXi9F
dXtfxB49GUkC1yjeLG6i9OiOUyXJOSieVyeUNxpBh0DxT48R1dfxrEF9Abu6DXcD
KjszPeIZWAxiBl8AxjSV5Ap9Mh/fUrmGUa7417rvhhDurBijHV0I7Xnh1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD6xztj/hu7/ZBCiOFXTPIS9xwfRMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUHJITzJQLUc3djlrRUtJNFZkTThoTDNIQjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAToBwAwQB
U96+MA0GCSqGSIb3DQEBCwUAA4IBAQCyiRMeVNfwSBXZVpo//N31gDTWyO7uPf94
txm509MYeIgUfWbce0gtTqnRRaLy1pcdbEqJxZqYjs9bhCPJ9q3dHi1jo52o/3Uw
zQ/ORZnP9SccOkGGepxopTipGiv2qSUgeEApHT8jb+MVKSli9oyqaLm3j9Wqxp0O
8QORwIabvxBgjlJzl8pIWN/WGa9NRQMeJqh+PrVLdiSGq5nPzYffPbwu8gjVfwvC
6kthZ3ZlkAolYtgIJxBcAsV6/mwqUvsYCx/J/bQ6ZjyQ+ekIhSyafTViE6lkEpnc
udowLqp1yovVBG7I2bWXXrNN25FpLF7ECPt3uG2VV703YP5HtIC1
-----END CERTIFICATE-----