Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/fYY6oB-XLtd7Q2enVsqPd7a4HOg.roa
File:                     fYY6oB-XLtd7Q2enVsqPd7a4HOg.roa (raw, json)
Hash identifier:          exj9HwbCMh/e1MJTbzVQsBB522FSDFLpTf5AGpVjr4k=
Subject key identifier:   7D:86:3A:A0:1F:97:2E:D7:7B:43:67:A7:56:CA:8F:77:B6:B8:1C:E8
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019428241EF62CC602C18922958F853A0533
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/fYY6oB-XLtd7Q2enVsqPd7a4HOg.roa
Signing time:             Thu 02 Jan 2025 17:50:43 +0000
ROA not before:           Thu 02 Jan 2025 17:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8877
IP address blocks:        78.128.0.0/24 maxlen: 24
                          78.142.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:1e:f6:2c:c6:02:c1:89:22:95:8f:85:3a:05:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d863aa01f972ed77b4367a756ca8f77b6b81ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b6:6a:bb:58:29:b9:4c:79:26:fd:10:ed:9b:
                    24:22:8a:c2:5d:aa:14:9d:1d:5b:3f:f3:c0:5d:67:
                    f9:14:c4:8e:ec:ce:d2:7b:13:de:fc:e4:f2:36:c8:
                    62:16:59:7e:89:68:19:a4:eb:f7:b0:d8:59:06:85:
                    b7:37:bd:df:a5:4f:a3:e3:65:d5:2b:6f:f7:ca:7a:
                    06:5d:62:95:3d:6b:72:c9:de:40:12:08:13:c9:2a:
                    96:be:9b:2a:2c:79:67:7d:7d:7a:af:1f:59:6a:18:
                    47:6d:ff:04:37:f0:84:14:db:2f:b3:02:72:37:1d:
                    a6:2f:99:8a:6b:c5:40:0c:0d:9b:83:83:8d:58:f0:
                    28:55:f2:dc:1a:27:b5:47:e0:a8:b0:df:86:09:97:
                    a3:34:ae:e4:cd:2a:05:1d:94:1a:1c:76:86:16:b0:
                    78:6a:99:5a:af:d8:54:17:c4:69:9f:2e:c9:d5:e6:
                    9d:91:f9:a0:bd:0b:69:e3:01:26:6a:56:da:f1:65:
                    fd:ef:32:4a:3b:3d:f9:b0:27:61:eb:07:62:da:c5:
                    8a:ea:0a:6c:42:03:13:00:24:70:53:1b:68:2b:29:
                    7f:20:44:49:ce:ac:96:d0:77:3a:45:a2:25:5f:92:
                    a5:ee:75:f5:73:64:24:49:51:eb:41:29:3b:d2:16:
                    a1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:86:3A:A0:1F:97:2E:D7:7B:43:67:A7:56:CA:8F:77:B6:B8:1C:E8
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/fYY6oB-XLtd7Q2enVsqPd7a4HOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.0.0/24
                  78.142.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:52:45:c1:a5:f5:26:ca:b8:d8:5a:35:51:29:cc:f9:f8:72:
         d1:74:59:35:96:89:d9:2a:61:4a:0a:e8:c9:2c:c0:c0:69:cb:
         2f:7a:0a:91:3e:8c:66:a6:32:09:8e:0c:2d:24:fc:a3:dd:e1:
         57:07:e6:76:e1:7e:de:b8:40:1b:82:80:2d:9f:e9:98:41:3f:
         ed:82:58:9c:1e:fa:ed:c1:92:40:b4:da:b3:e4:75:3a:cf:91:
         5f:a2:06:03:ae:c5:1f:ad:7f:db:7a:7e:3a:b4:7f:e9:da:cb:
         40:0d:da:2e:8c:4d:ae:71:e7:6b:5b:97:1b:2f:95:6f:0d:77:
         1f:7b:3f:55:c5:80:0a:5c:2f:32:5b:a3:99:38:12:ce:a1:3f:
         66:6e:17:6c:d8:ef:7a:e9:4a:1b:7b:7e:d6:e2:f7:aa:b9:2f:
         7c:36:5c:40:f1:ad:76:7e:4b:92:62:7b:ac:e6:3f:c2:4a:36:
         db:9e:a2:9c:77:9b:c7:22:38:31:69:0c:38:e2:0c:06:4e:f9:
         70:18:f5:55:91:9b:a2:ee:7d:a1:8e:26:fa:3b:9f:24:07:43:
         22:55:5a:cd:c3:05:99:70:16:3c:e0:46:8e:61:2c:9c:40:15:
         a1:ba:9e:78:d6:5b:a7:77:33:8d:9a:aa:7c:cf:30:6e:c2:88:
         a1:8c:12:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJB72LMYCwYkilY+FOgUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDg2M2FhMDFmOTcyZWQ3N2I0MzY3YTc1NmNhOGY3N2I2YjgxY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7Zqu1gpuUx5Jv0Q7ZskIorCXaoU
nR1bP/PAXWf5FMSO7M7SexPe/OTyNshiFll+iWgZpOv3sNhZBoW3N73fpU+j42XV
K2/3ynoGXWKVPWtyyd5AEggTySqWvpsqLHlnfX16rx9ZahhHbf8EN/CEFNsvswJy
Nx2mL5mKa8VADA2bg4ONWPAoVfLcGie1R+CosN+GCZejNK7kzSoFHZQaHHaGFrB4
aplar9hUF8Rpny7J1eadkfmgvQtp4wEmalba8WX97zJKOz35sCdh6wdi2sWK6gps
QgMTACRwUxtoKyl/IERJzqyW0Hc6RaIlX5Kl7nX1c2QkSVHrQSk70hahVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH2GOqAfly7Xe0Nnp1bKj3e2uBzoMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvZllZNm9CLVhMdGQ3UTJlblZzcVBkN2E0SE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAToAAAwQA
To48MA0GCSqGSIb3DQEBCwUAA4IBAQB1UkXBpfUmyrjYWjVRKcz5+HLRdFk1lonZ
KmFKCujJLMDAacsvegqRPoxmpjIJjgwtJPyj3eFXB+Z24X7euEAbgoAtn+mYQT/t
glicHvrtwZJAtNqz5HU6z5FfogYDrsUfrX/ben46tH/p2stADdoujE2ucedrW5cb
L5VvDXcfez9VxYAKXC8yW6OZOBLOoT9mbhds2O966Uobe37W4vequS98NlxA8a12
fkuSYnus5j/CSjbbnqKcd5vHIjgxaQw44gwGTvlwGPVVkZui7n2hjib6O58kB0Mi
VVrNwwWZcBY84EaOYSycQBWhup541lundzONmqp8zzBuwoihjBL9
-----END CERTIFICATE-----