Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/1tphX7duVxQmoCj6iTv4JAUaFg0.roa
File:                     1tphX7duVxQmoCj6iTv4JAUaFg0.roa (raw, json)
Hash identifier:          27/QMQNGQs+g1Yp+wtV2KRKQWUHGqze2SI6TtsCCM6Y=
Subject key identifier:   D6:DA:61:5F:B7:6E:57:14:26:A0:28:FA:89:3B:F8:24:05:1A:16:0D
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       019427484164883F60B786D803C4456C663F
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/1tphX7duVxQmoCj6iTv4JAUaFg0.roa
Signing time:             Thu 02 Jan 2025 13:50:34 +0000
ROA not before:           Thu 02 Jan 2025 13:50:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203408
IP address blocks:        78.159.82.0/24 maxlen: 24
                          78.159.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:41:64:88:3f:60:b7:86:d8:03:c4:45:6c:66:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  2 13:50:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6da615fb76e571426a028fa893bf824051a160d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f0:83:ae:cd:83:f2:b9:6b:13:a2:e2:ee:26:
                    e9:59:92:f8:73:a4:3a:14:ac:d6:a7:f1:56:0b:d1:
                    2f:25:ec:2a:a7:15:be:c0:c2:d8:c8:18:2f:f9:5a:
                    bc:3b:48:ba:85:a1:4e:23:bd:17:77:0a:82:94:6d:
                    10:92:02:1a:4e:c7:00:4d:5f:0e:b5:9b:bf:35:b9:
                    42:b3:99:fa:19:08:13:32:32:ee:e9:4f:9d:50:b8:
                    9f:3c:b8:23:15:3b:f7:15:80:80:0e:67:5b:da:4c:
                    c2:f7:b2:7a:ac:e0:c9:ad:c1:60:a5:97:dd:ff:ee:
                    44:5a:47:69:cf:27:68:b9:67:21:f2:d3:9b:09:8c:
                    19:9d:bf:a1:82:88:b4:8c:e5:bd:28:73:b9:45:f8:
                    c0:94:6a:e9:88:f3:30:79:e0:7a:35:c7:79:9a:01:
                    2b:22:a8:30:c3:b1:67:c0:6e:5e:f9:24:47:35:72:
                    4f:b0:88:05:7b:80:81:9b:5b:61:18:fd:7c:ca:9e:
                    d3:47:c0:0c:e6:72:06:92:3b:bc:68:71:55:06:6f:
                    9d:e2:91:d1:d3:c2:59:62:98:92:2f:c1:34:b5:2e:
                    70:69:52:1d:cd:0d:68:53:cf:84:b8:fe:b3:50:f7:
                    c3:bf:fd:7b:3e:7a:cb:0b:77:2d:3c:b9:e1:30:67:
                    86:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:DA:61:5F:B7:6E:57:14:26:A0:28:FA:89:3B:F8:24:05:1A:16:0D
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/1tphX7duVxQmoCj6iTv4JAUaFg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.82.0/24
                  78.159.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:0b:ee:cc:49:81:6d:b6:f7:52:c1:d2:b4:28:69:3d:6d:bf:
         07:28:44:1f:a6:20:59:11:1b:20:65:bb:b5:59:f8:13:4f:f5:
         78:c0:7e:c0:ae:fe:bf:ea:6e:be:9e:8c:45:0a:ae:de:39:36:
         37:14:97:76:a0:5a:fe:47:ab:a7:74:2a:19:be:3e:10:75:e8:
         6a:0d:22:db:e7:32:82:c4:81:5b:61:04:2b:42:f6:26:a0:9f:
         cb:fb:64:64:5b:4d:24:0b:ad:76:4c:b8:c9:02:fd:0f:f1:18:
         22:0f:c5:02:9a:77:a8:30:f2:c8:85:af:52:85:cd:68:c2:b1:
         3f:9a:47:0a:96:2a:c1:af:12:22:23:da:65:5d:e6:c1:48:40:
         b0:a6:08:d2:31:27:e2:08:34:05:40:f2:61:c6:99:89:11:a8:
         f8:81:bd:4d:14:72:c0:9c:3d:9d:28:64:b1:41:a1:79:b1:67:
         18:78:68:d3:39:73:c9:64:2f:63:25:ab:67:1b:b0:ac:62:15:
         ed:af:a1:72:97:c4:61:29:5a:29:4f:37:9e:a4:a6:3c:74:65:
         a0:6d:c1:b5:fb:d8:70:39:e7:e6:6f:df:b1:08:1e:51:13:f2:
         21:ad:74:d6:55:fd:40:ec:f1:e9:4e:6f:b0:37:2e:16:60:60:
         1f:ec:34:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSEFkiD9gt4bYA8RFbGY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjUwMTAyMTM1MDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmRhNjE1ZmI3NmU1NzE0MjZhMDI4ZmE4OTNiZjgyNDA1MWExNjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvCDrs2D8rlrE6Li7ibpWZL4c6Q6
FKzWp/FWC9EvJewqpxW+wMLYyBgv+Vq8O0i6haFOI70XdwqClG0QkgIaTscATV8O
tZu/NblCs5n6GQgTMjLu6U+dULifPLgjFTv3FYCADmdb2kzC97J6rODJrcFgpZfd
/+5EWkdpzydouWch8tObCYwZnb+hgoi0jOW9KHO5RfjAlGrpiPMweeB6Ncd5mgEr
Iqgww7FnwG5e+SRHNXJPsIgFe4CBm1thGP18yp7TR8AM5nIGkju8aHFVBm+d4pHR
08JZYpiSL8E0tS5waVIdzQ1oU8+EuP6zUPfDv/17PnrLC3ctPLnhMGeGuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNbaYV+3blcUJqAo+ok7+CQFGhYNMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvMXRwaFg3ZHVWeFFtb0NqNmlUdjRKQVVhRmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATp9SAwQA
Tp9XMA0GCSqGSIb3DQEBCwUAA4IBAQBYC+7MSYFttvdSwdK0KGk9bb8HKEQfpiBZ
ERsgZbu1WfgTT/V4wH7Arv6/6m6+noxFCq7eOTY3FJd2oFr+R6undCoZvj4Qdehq
DSLb5zKCxIFbYQQrQvYmoJ/L+2RkW00kC612TLjJAv0P8RgiD8UCmneoMPLIha9S
hc1owrE/mkcKlirBrxIiI9plXebBSECwpgjSMSfiCDQFQPJhxpmJEaj4gb1NFHLA
nD2dKGSxQaF5sWcYeGjTOXPJZC9jJatnG7CsYhXtr6Fyl8RhKVopTzeepKY8dGWg
bcG1+9hwOefmb9+xCB5RE/IhrXTWVf1A7PHpTm+wNy4WYGAf7DTo
-----END CERTIFICATE-----