Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/qHajeM7KS0OkvXZ6gKIN6UcTzPg.roa
File:                     qHajeM7KS0OkvXZ6gKIN6UcTzPg.roa (raw, json)
Hash identifier:          9Inme+UM24UQgsOmhNMhOS7m0XYuhceY/GRE7b5eI94=
Subject key identifier:   A8:76:A3:78:CE:CA:4B:43:A4:BD:76:7A:80:A2:0D:E9:47:13:CC:F8
Certificate issuer:       /CN=db239685409f64ba1c3a54a8ef141c924e71d892
Certificate serial:       01942067FF8D18161E2C9477D632DBE93FB7
Authority key identifier: DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/qHajeM7KS0OkvXZ6gKIN6UcTzPg.roa
Signing time:             Wed 01 Jan 2025 05:47:54 +0000
ROA not before:           Wed 01 Jan 2025 05:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34948
IP address blocks:        78.109.80.0/20 maxlen: 20
                          193.189.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ff:8d:18:16:1e:2c:94:77:d6:32:db:e9:3f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db239685409f64ba1c3a54a8ef141c924e71d892
        Validity
            Not Before: Jan  1 05:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a876a378ceca4b43a4bd767a80a20de94713ccf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:53:e4:1c:83:78:0d:37:9e:eb:e0:5f:af:86:
                    87:c0:db:de:af:c5:19:2e:70:32:78:4a:92:a8:66:
                    64:a7:4a:03:a2:42:a4:ce:88:e8:f3:d8:ca:c6:f8:
                    1d:89:68:4c:3a:26:80:5f:25:37:6f:c2:63:11:bc:
                    c8:26:af:d9:ba:a9:d0:e1:7a:4f:25:d1:1c:a2:ea:
                    f6:0f:3e:44:a9:47:d9:e1:c6:2d:ef:1b:ff:9c:96:
                    df:fd:0e:ed:04:4a:9e:a7:30:8b:b5:87:9a:c2:ae:
                    b3:f4:a2:81:68:d0:b9:67:5a:59:45:ff:c1:e9:03:
                    60:53:c7:1d:ce:7e:78:ee:a6:7e:58:15:9b:8a:67:
                    9c:98:a9:96:9a:61:75:db:64:e8:1a:30:6f:19:86:
                    00:ab:69:a3:21:83:ca:5a:78:a9:eb:78:72:35:e5:
                    46:45:7f:a9:ee:21:a6:dc:d7:c0:7f:8e:64:65:7c:
                    59:37:a7:04:a5:8c:60:6b:e3:50:0d:04:cc:18:3d:
                    fc:f7:d0:96:f4:00:e6:6b:01:48:46:34:94:c1:9f:
                    18:77:f0:41:11:76:86:f9:3b:9a:1c:70:be:cd:c3:
                    d1:63:66:17:09:2f:14:1d:04:59:92:b0:56:9f:52:
                    63:86:38:f8:3a:99:c3:3c:47:92:8a:3b:f1:29:da:
                    ae:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:76:A3:78:CE:CA:4B:43:A4:BD:76:7A:80:A2:0D:E9:47:13:CC:F8
            X509v3 Authority Key Identifier:
                keyid:DB:23:96:85:40:9F:64:BA:1C:3A:54:A8:EF:14:1C:92:4E:71:D8:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2yOWhUCfZLocOlSo7xQckk5x2JI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/qHajeM7KS0OkvXZ6gKIN6UcTzPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8d6fd7-1cb3-413c-a32b-2ef447e1b08c/1/2yOWhUCfZLocOlSo7xQckk5x2JI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.109.80.0/20
                  193.189.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:eb:10:53:72:1c:93:68:0d:07:ef:da:41:78:d2:51:c4:2f:
         d0:8c:3c:cf:56:92:54:12:d2:b4:f5:63:dd:f6:dc:e2:de:db:
         76:20:82:c9:b6:f8:07:40:6a:68:09:0f:b2:d5:0e:b8:c5:f4:
         b3:36:6b:1e:b5:5d:22:63:9a:65:57:24:a4:be:a9:36:e3:e8:
         5a:f6:0f:e2:99:a8:c9:bd:3e:77:96:1d:da:3a:63:07:59:25:
         a0:78:b5:c8:8c:68:27:d3:7a:bc:da:3e:c3:09:64:71:80:3a:
         5a:a4:f2:fb:d1:37:e7:12:5f:c2:08:1c:5d:60:81:9b:53:ab:
         18:35:dc:84:2e:26:f0:7b:8c:70:e3:d7:88:8b:bc:e5:95:bc:
         78:a0:7a:c0:5c:cc:01:d8:ed:f1:ca:8c:52:f6:e4:d6:ba:b9:
         56:34:6e:51:1a:02:84:4f:5d:95:e9:7c:88:ce:88:a4:77:3b:
         8f:3a:ac:38:eb:d4:c4:ca:a8:73:f1:b9:1c:87:60:9f:25:72:
         0c:8f:0c:46:41:f0:62:71:1e:07:6c:ba:71:a1:4e:d1:26:1a:
         dd:84:74:19:8a:3c:55:24:1c:85:92:5d:88:0a:e0:65:4e:5c:
         b5:ed:7a:21:59:4f:e4:e5:fd:41:95:28:1b:56:eb:83:5d:5d:
         2b:f0:25:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgZ/+NGBYeLJR31jLb6T+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMjM5Njg1NDA5ZjY0YmExYzNhNTRhOGVmMTQxYzkyNGU3
MWQ4OTIwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODc2YTM3OGNlY2E0YjQzYTRiZDc2N2E4MGEyMGRlOTQ3MTNjY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFPkHIN4DTee6+Bfr4aHwNver8UZ
LnAyeEqSqGZkp0oDokKkzojo89jKxvgdiWhMOiaAXyU3b8JjEbzIJq/ZuqnQ4XpP
JdEcour2Dz5EqUfZ4cYt7xv/nJbf/Q7tBEqepzCLtYeawq6z9KKBaNC5Z1pZRf/B
6QNgU8cdzn547qZ+WBWbimecmKmWmmF122ToGjBvGYYAq2mjIYPKWnip63hyNeVG
RX+p7iGm3NfAf45kZXxZN6cEpYxga+NQDQTMGD3899CW9ADmawFIRjSUwZ8Yd/BB
EXaG+TuaHHC+zcPRY2YXCS8UHQRZkrBWn1Jjhjj4OpnDPEeSijvxKdqu7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKh2o3jOyktDpL12eoCiDelHE8z4MB8GA1UdIwQY
MBaAFNsjloVAn2S6HDpUqO8UHJJOcdiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmIt
MmVmNDQ3ZTFiMDhjLzEvcUhhamVNN0tTME9rdlhaNmdLSU42VWNUelBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84ZDZmZDctMWNiMy00MTNjLWEzMmItMmVmNDQ3ZTFiMDhj
LzEvMnlPV2hVQ2ZaTG9jT2xTbzd4UWNrazV4MkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQETm1QAwQA
wb2PMA0GCSqGSIb3DQEBCwUAA4IBAQAF6xBTchyTaA0H79pBeNJRxC/QjDzPVpJU
EtK09WPd9tzi3tt2IILJtvgHQGpoCQ+y1Q64xfSzNmsetV0iY5plVySkvqk24+ha
9g/imajJvT53lh3aOmMHWSWgeLXIjGgn03q82j7DCWRxgDpapPL70TfnEl/CCBxd
YIGbU6sYNdyELibwe4xw49eIi7zllbx4oHrAXMwB2O3xyoxS9uTWurlWNG5RGgKE
T12V6XyIzoikdzuPOqw469TEyqhz8bkch2CfJXIMjwxGQfBicR4HbLpxoU7RJhrd
hHQZijxVJByFkl2ICuBlTly17XohWU/k5f1BlSgbVuuDXV0r8CXc
-----END CERTIFICATE-----