Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/IMiFsNnN_p3sRoFH_C0d3qAaG_Q.roa
File:                     IMiFsNnN_p3sRoFH_C0d3qAaG_Q.roa (raw, json)
Hash identifier:          oWqS9ieXKn+2R3xoqT+UPllXbLVMb7LbQgSB908taWQ=
Subject key identifier:   20:C8:85:B0:D9:CD:FE:9D:EC:46:81:47:FC:2D:1D:DE:A0:1A:1B:F4
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       0194274844416F170B2ED5CDFF440126DB95
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/IMiFsNnN_p3sRoFH_C0d3qAaG_Q.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212908
IP address blocks:        78.159.64.0/21 maxlen: 21
                          78.159.86.0/24 maxlen: 24
                          2a02:7f0:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:44:41:6f:17:0b:2e:d5:cd:ff:44:01:26:db:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20c885b0d9cdfe9dec468147fc2d1ddea01a1bf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e4:50:e2:20:c0:ce:e7:c9:4c:87:39:e3:76:
                    42:68:df:6a:11:73:01:23:00:c6:f3:b8:f4:ab:ff:
                    3e:a7:4b:bc:8c:5c:a3:e9:a7:cd:b2:68:12:99:17:
                    ef:52:c4:db:28:1f:43:3c:95:48:2d:0f:16:57:7a:
                    18:7b:a8:94:0d:ed:5d:24:b8:17:14:a2:6f:2d:6a:
                    ed:8c:3d:d8:54:74:7a:e3:53:6c:19:ef:64:97:61:
                    88:d4:6c:e6:d5:84:2f:5f:8b:42:61:94:cd:fe:8b:
                    a1:ab:22:97:86:98:c9:bc:11:c2:f8:91:c8:62:32:
                    98:53:4d:eb:a8:8e:2f:53:f8:2a:a2:2b:c5:04:b7:
                    f2:4a:6c:64:41:40:bb:5c:c3:98:21:a0:36:11:8b:
                    92:99:f0:bd:b3:1c:23:43:46:8e:bd:60:2b:da:93:
                    e6:0e:51:dc:2f:ba:5c:74:8c:25:00:37:d5:df:d0:
                    f4:a9:d1:a1:36:ae:dc:a4:85:c4:d4:e9:65:f7:c3:
                    89:3d:f4:c1:6a:fd:da:79:89:bd:31:25:1c:24:0a:
                    b6:c2:37:df:37:0d:61:3d:6d:c5:33:da:ef:fd:94:
                    6d:aa:a1:f8:5d:98:5c:c9:c5:9f:30:15:40:8f:8c:
                    53:bc:3a:fa:76:13:cd:9b:24:60:cf:78:11:bb:60:
                    0f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C8:85:B0:D9:CD:FE:9D:EC:46:81:47:FC:2D:1D:DE:A0:1A:1B:F4
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/IMiFsNnN_p3sRoFH_C0d3qAaG_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.159.64.0/21
                  78.159.86.0/24
                IPv6:
                  2a02:7f0:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:a9:12:eb:8a:3f:2b:cf:61:b5:56:b4:6c:69:40:45:49:f7:
         6e:64:59:1f:78:dd:be:c1:f0:62:ed:77:98:50:10:6e:8c:37:
         6d:b5:92:18:6d:bc:8a:e2:04:3f:c2:68:4e:ee:fd:20:e4:6e:
         ac:2a:11:77:fa:7f:41:2c:89:31:ce:50:a9:08:cb:56:22:d8:
         3c:51:fc:f7:e7:6a:cc:ce:56:e3:28:4b:2f:cd:3b:09:33:11:
         9c:9c:80:8e:44:b3:9c:50:df:bc:ec:04:bf:97:49:4c:30:a7:
         ef:2f:c2:6a:e0:86:f1:79:6d:6b:c7:d0:2f:06:5e:7c:74:44:
         cb:3b:90:70:63:c6:16:f8:f5:48:be:c8:31:6c:bd:c6:d6:1a:
         f5:10:bd:e9:96:06:2b:b9:82:01:6e:32:47:a8:55:55:3f:b3:
         03:7a:c6:f9:41:b4:96:d8:29:8a:ba:d5:d7:22:88:94:c1:45:
         93:d3:fb:9a:15:07:99:98:1b:fb:73:88:68:9e:13:92:38:8e:
         1d:ad:c5:5b:ef:f8:a9:02:be:13:a6:0e:3c:36:77:d4:7e:4b:
         c0:b3:75:ff:57:bc:1f:3b:cb:1a:46:fd:f5:93:17:de:fb:0d:
         99:23:4c:8a:5f:cc:a7:39:cf:63:8e:e0:7b:6c:36:79:ea:fb:
         06:90:fc:f0
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQnSERBbxcLLtXN/0QBJtuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGM4ODViMGQ5Y2RmZTlkZWM0NjgxNDdmYzJkMWRkZWEwMWExYmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlORQ4iDAzufJTIc543ZCaN9qEXMB
IwDG87j0q/8+p0u8jFyj6afNsmgSmRfvUsTbKB9DPJVILQ8WV3oYe6iUDe1dJLgX
FKJvLWrtjD3YVHR641NsGe9kl2GI1Gzm1YQvX4tCYZTN/ouhqyKXhpjJvBHC+JHI
YjKYU03rqI4vU/gqoivFBLfySmxkQUC7XMOYIaA2EYuSmfC9sxwjQ0aOvWAr2pPm
DlHcL7pcdIwlADfV39D0qdGhNq7cpIXE1Oll98OJPfTBav3aeYm9MSUcJAq2wjff
Nw1hPW3FM9rv/ZRtqqH4XZhcycWfMBVAj4xTvDr6dhPNmyRgz3gRu2APlwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCDIhbDZzf6d7EaBR/wtHd6gGhv0MB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvSU1pRnNObk5fcDNzUm9GSF9DMGQzcUFhR19RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQDTp9AAwQA
Tp9WMA4EAgACMAgDBgAqAgfwAjANBgkqhkiG9w0BAQsFAAOCAQEAOakS64o/K89h
tVa0bGlARUn3bmRZH3jdvsHwYu13mFAQbow3bbWSGG28iuIEP8JoTu79IORurCoR
d/p/QSyJMc5QqQjLViLYPFH89+dqzM5W4yhLL807CTMRnJyAjkSznFDfvOwEv5dJ
TDCn7y/CauCG8Xlta8fQLwZefHREyzuQcGPGFvj1SL7IMWy9xtYa9RC96ZYGK7mC
AW4yR6hVVT+zA3rG+UG0ltgpirrV1yKIlMFFk9P7mhUHmZgb+3OIaJ4TkjiOHa3F
W+/4qQK+E6YOPDZ31H5LwLN1/1e8HzvLGkb99ZMX3vsNmSNMil/MpznPY47ge2w2
eer7BpD88A==
-----END CERTIFICATE-----