Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/U6C1AThZ3cfm0MDYlUugncejlL8.roa
File:                     U6C1AThZ3cfm0MDYlUugncejlL8.roa (raw, json)
Hash identifier:          oZk6tnIlV6MbUrBJEnokao6P+z5QUP2KHjIILn3C4go=
Subject key identifier:   53:A0:B5:01:38:59:DD:C7:E6:D0:C0:D8:95:4B:A0:9D:C7:A3:94:BF
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0194282424355C0E9F650B7327277589C37E
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/U6C1AThZ3cfm0MDYlUugncejlL8.roa
Signing time:             Thu 02 Jan 2025 17:50:44 +0000
ROA not before:           Thu 02 Jan 2025 17:50:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42805
IP address blocks:        78.142.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 22:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:24:35:5c:0e:9f:65:0b:73:27:27:75:89:c3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53a0b5013859ddc7e6d0c0d8954ba09dc7a394bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:41:1a:96:38:0e:c1:f3:94:80:1e:3f:93:1e:
                    86:de:2e:3b:68:4c:8c:69:db:92:6e:80:11:41:1b:
                    71:27:3e:95:39:7b:85:14:ca:f9:74:b0:e7:1f:69:
                    cd:6f:23:26:15:35:96:94:6c:0e:67:43:6f:b1:47:
                    9e:f4:00:3c:4c:b8:7b:32:41:ca:d3:07:0f:0c:54:
                    37:c0:42:ba:6a:53:62:93:09:60:39:3b:4e:17:e2:
                    4d:00:46:53:c2:f4:6b:d0:26:8a:ab:39:cc:4e:42:
                    c2:f7:f7:48:62:98:24:0e:34:e7:5c:d9:60:24:19:
                    f0:f1:3f:77:97:cc:c8:f1:ea:94:ef:ae:cc:9f:d3:
                    21:66:69:3b:0c:8b:85:7d:08:8e:92:5c:e8:67:bd:
                    d8:ed:9d:90:d9:53:9b:26:cb:77:2a:ee:2a:0d:b3:
                    48:22:e8:8a:11:f8:75:0d:f1:6f:6c:7b:46:6d:58:
                    0c:96:17:57:5a:e8:19:07:bc:73:5e:7e:4b:a3:a2:
                    07:ea:9e:57:cb:08:f3:72:13:2b:7d:cc:c4:2b:77:
                    3d:58:a7:65:d8:e1:87:9b:12:65:5c:56:9b:20:38:
                    0a:03:a1:88:71:b9:e8:57:77:69:82:b6:fd:51:22:
                    fc:55:b9:e2:f4:e5:4e:17:8c:4e:15:65:5b:b5:1a:
                    23:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A0:B5:01:38:59:DD:C7:E6:D0:C0:D8:95:4B:A0:9D:C7:A3:94:BF
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/U6C1AThZ3cfm0MDYlUugncejlL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.142.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:cb:1d:07:a2:95:f5:07:83:b8:40:a9:e2:20:63:44:cd:e1:
         08:7d:f8:ce:4d:e3:d3:00:2c:13:2d:f3:e3:91:9e:d0:e5:0c:
         78:70:c3:b4:af:1d:10:e0:21:b3:41:07:6f:24:97:8a:64:c4:
         0a:59:52:f7:03:d7:fb:0a:32:8b:4a:53:e7:1a:ee:0c:a8:88:
         2b:df:92:14:11:03:17:b2:95:97:73:04:a5:50:4b:59:c9:41:
         13:40:2c:21:0f:f9:da:a0:13:62:51:ae:4e:db:18:b3:ee:70:
         98:ae:2c:ba:76:30:32:c9:7b:9f:dc:e5:87:62:9a:a5:91:02:
         0d:87:49:8f:2e:6b:fd:a2:b4:c8:4a:e1:1b:23:d2:58:b9:1d:
         dc:19:5e:c5:ee:5e:6e:e6:c0:3a:ba:0c:59:fe:c3:ff:2c:69:
         58:82:d3:f5:7a:87:4d:e3:92:f0:42:20:09:fe:62:ad:48:a2:
         71:6c:09:ea:b0:99:01:e0:9a:71:55:b0:d6:32:b2:11:17:aa:
         78:fb:dc:77:1c:32:45:ae:b2:71:ba:68:68:ad:ff:61:f7:e0:
         4b:73:78:b2:1f:ce:51:85:a9:b8:d6:f2:de:da:8f:12:1c:5f:
         0e:e3:25:a3:fc:3c:43:53:5e:90:01:5e:cf:fa:05:c7:23:f2:
         e3:5a:c2:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJCQ1XA6fZQtzJyd1icN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2EwYjUwMTM4NTlkZGM3ZTZkMGMwZDg5NTRiYTA5ZGM3YTM5NGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkEaljgOwfOUgB4/kx6G3i47aEyM
aduSboARQRtxJz6VOXuFFMr5dLDnH2nNbyMmFTWWlGwOZ0NvsUee9AA8TLh7MkHK
0wcPDFQ3wEK6alNikwlgOTtOF+JNAEZTwvRr0CaKqznMTkLC9/dIYpgkDjTnXNlg
JBnw8T93l8zI8eqU767Mn9MhZmk7DIuFfQiOklzoZ73Y7Z2Q2VObJst3Ku4qDbNI
IuiKEfh1DfFvbHtGbVgMlhdXWugZB7xzXn5Lo6IH6p5XywjzchMrfczEK3c9WKdl
2OGHmxJlXFabIDgKA6GIcbnoV3dpgrb9USL8Vbni9OVOF4xOFWVbtRojQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOgtQE4Wd3H5tDA2JVLoJ3Ho5S/MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvVTZDMUFUaFozY2ZtME1EWWxVdWduY2VqbEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATo4uMA0G
CSqGSIb3DQEBCwUAA4IBAQBMyx0HopX1B4O4QKniIGNEzeEIffjOTePTACwTLfPj
kZ7Q5Qx4cMO0rx0Q4CGzQQdvJJeKZMQKWVL3A9f7CjKLSlPnGu4MqIgr35IUEQMX
spWXcwSlUEtZyUETQCwhD/naoBNiUa5O2xiz7nCYriy6djAyyXuf3OWHYpqlkQIN
h0mPLmv9orTISuEbI9JYuR3cGV7F7l5u5sA6ugxZ/sP/LGlYgtP1eodN45LwQiAJ
/mKtSKJxbAnqsJkB4JpxVbDWMrIRF6p4+9x3HDJFrrJxumhorf9h9+BLc3iyH85R
ham41vLe2o8SHF8O4yWj/DxDU16QAV7P+gXHI/LjWsKI
-----END CERTIFICATE-----