Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RwYrasm9m8eqzmPP5jcKjuyYGvM.roa
File:                     RwYrasm9m8eqzmPP5jcKjuyYGvM.roa (raw, json)
Hash identifier:          0zWr4mPidgpLVqBV2NyXkgaOEvRc8827RSKO2fuDm/s=
Subject key identifier:   47:06:2B:6A:C9:BD:9B:C7:AA:CE:63:CF:E6:37:0A:8E:EC:98:1A:F3
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0194AC36E75DB8328B0D923FE7B946A0D238
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RwYrasm9m8eqzmPP5jcKjuyYGvM.roa
Signing time:             Tue 28 Jan 2025 09:21:06 +0000
ROA not before:           Tue 28 Jan 2025 09:21:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213509
IP address blocks:        78.128.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:36:e7:5d:b8:32:8b:0d:92:3f:e7:b9:46:a0:d2:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan 28 09:21:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47062b6ac9bd9bc7aace63cfe6370a8eec981af3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9f:5e:90:06:9c:1e:04:db:dd:12:53:80:8f:
                    2c:06:45:6d:b8:d6:7d:10:9c:18:a7:14:78:af:f6:
                    82:68:98:3f:f9:75:94:1a:55:1e:65:4b:c6:8e:e3:
                    bf:ef:14:a6:78:9d:c2:de:e7:9b:59:46:ce:9b:d9:
                    43:f6:f7:fa:fd:05:40:f5:24:54:1b:19:55:bd:f5:
                    9c:42:31:34:f6:3e:36:fd:cd:30:73:d0:ee:cd:a9:
                    22:36:04:b6:d9:fd:da:ae:ca:75:af:ed:c5:b9:b6:
                    82:79:72:43:5f:ed:43:b5:bc:51:d5:55:bc:ff:b4:
                    fc:b8:db:f6:5b:44:9c:2c:ef:21:e5:67:d3:88:6c:
                    d2:ac:8f:93:0a:f7:c7:34:81:df:1e:dd:5c:07:b8:
                    65:ae:27:48:59:ee:ab:3f:04:99:c4:72:b5:fb:68:
                    41:7d:49:94:d6:6c:63:f9:68:21:6d:33:4a:e0:ca:
                    26:7a:8e:bb:47:90:df:16:5a:d7:83:91:c4:62:08:
                    26:7e:5e:a8:8e:e8:f4:44:de:01:71:55:9d:12:32:
                    d5:bb:3c:63:9d:0c:fa:29:96:90:01:91:3e:46:c8:
                    a7:2e:b9:29:55:cb:2c:54:51:4f:56:10:79:5a:c8:
                    e2:26:33:c3:ed:ab:41:51:2c:a7:13:95:e7:e9:0e:
                    f5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:06:2B:6A:C9:BD:9B:C7:AA:CE:63:CF:E6:37:0A:8E:EC:98:1A:F3
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RwYrasm9m8eqzmPP5jcKjuyYGvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:cb:4d:6f:6d:12:94:a0:8b:9c:7d:61:f4:0a:ee:2f:16:35:
         de:09:8c:b1:58:f4:4c:3c:ca:33:78:59:87:25:02:58:81:06:
         7f:3e:6b:9c:25:85:aa:21:08:40:0a:4b:dc:16:d4:a4:61:03:
         e9:44:6f:2b:3e:38:8e:7f:be:eb:c5:de:12:e7:29:54:13:71:
         f4:12:54:5b:57:f9:95:f1:37:3b:e4:53:e4:d9:d2:30:4b:01:
         f3:87:28:15:b8:ac:0f:99:18:56:08:32:33:e4:a3:14:64:3d:
         e5:57:7f:cb:4f:3c:e2:1d:f1:87:27:90:a4:e0:ec:50:21:42:
         a7:b3:90:b8:76:a7:b2:47:21:a1:8c:5c:4a:84:36:e5:dc:f9:
         04:77:96:36:de:b8:a3:1e:f8:3f:d0:bf:f7:6a:12:50:cd:0b:
         f1:88:0b:e7:80:82:d3:04:db:69:14:1a:df:e8:83:00:ca:4a:
         b3:e2:c0:a6:ff:37:04:f2:04:74:06:b5:c5:da:39:a6:9a:04:
         41:7f:f4:81:8b:1d:56:82:55:c9:cd:2e:20:08:3b:8e:56:70:
         aa:7e:5d:b8:09:15:c9:cb:dd:b5:03:48:d5:f8:f6:63:57:93:
         d4:d7:90:5e:a3:00:93:56:69:be:7f:b7:b2:18:f0:ff:36:a5:
         70:3f:67:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSsNudduDKLDZI/57lGoNI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTI4MDkyMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzA2MmI2YWM5YmQ5YmM3YWFjZTYzY2ZlNjM3MGE4ZWVjOTgxYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJ9ekAacHgTb3RJTgI8sBkVtuNZ9
EJwYpxR4r/aCaJg/+XWUGlUeZUvGjuO/7xSmeJ3C3uebWUbOm9lD9vf6/QVA9SRU
GxlVvfWcQjE09j42/c0wc9DuzakiNgS22f3arsp1r+3FubaCeXJDX+1DtbxR1VW8
/7T8uNv2W0ScLO8h5WfTiGzSrI+TCvfHNIHfHt1cB7hlridIWe6rPwSZxHK1+2hB
fUmU1mxj+WghbTNK4Momeo67R5DfFlrXg5HEYggmfl6ojuj0RN4BcVWdEjLVuzxj
nQz6KZaQAZE+RsinLrkpVcssVFFPVhB5WsjiJjPD7atBUSynE5Xn6Q71oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcGK2rJvZvHqs5jz+Y3Co7smBrzMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUndZcmFzbTltOGVxem1QUDVqY0tqdXlZR3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToA/MA0G
CSqGSIb3DQEBCwUAA4IBAQBBy01vbRKUoIucfWH0Cu4vFjXeCYyxWPRMPMozeFmH
JQJYgQZ/PmucJYWqIQhACkvcFtSkYQPpRG8rPjiOf77rxd4S5ylUE3H0ElRbV/mV
8Tc75FPk2dIwSwHzhygVuKwPmRhWCDIz5KMUZD3lV3/LTzziHfGHJ5Ck4OxQIUKn
s5C4dqeyRyGhjFxKhDbl3PkEd5Y23rijHvg/0L/3ahJQzQvxiAvngILTBNtpFBrf
6IMAykqz4sCm/zcE8gR0BrXF2jmmmgRBf/SBix1WglXJzS4gCDuOVnCqfl24CRXJ
y921A0jV+PZjV5PU15BeowCTVmm+f7eyGPD/NqVwP2dL
-----END CERTIFICATE-----