Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/nP4rck9MBbLjYhdgPqBtPEaXK0E.roa
File:                     nP4rck9MBbLjYhdgPqBtPEaXK0E.roa (raw, json)
Hash identifier:          vJKaNY9ELcV2t+pojBROffWMx12sIsPeYlrkTBAoHJ8=
Subject key identifier:   9C:FE:2B:72:4F:4C:05:B2:E3:62:17:60:3E:A0:6D:3C:46:97:2B:41
Certificate issuer:       /CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
Certificate serial:       01942826D2DB5E165D1D24463FD37B6EBD36
Authority key identifier: FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/nP4rck9MBbLjYhdgPqBtPEaXK0E.roa
Signing time:             Thu 02 Jan 2025 17:53:40 +0000
ROA not before:           Thu 02 Jan 2025 17:53:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16339
IP address blocks:        212.78.64.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:d2:db:5e:16:5d:1d:24:46:3f:d3:7b:6e:bd:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
        Validity
            Not Before: Jan  2 17:53:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cfe2b724f4c05b2e36217603ea06d3c46972b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e5:ba:cf:dd:86:b6:e8:f4:d8:a4:f8:b1:73:
                    2d:ef:5d:5e:e3:fb:03:d6:c1:1b:10:7c:da:b5:13:
                    e0:74:3a:b2:ee:f5:d3:aa:7c:8e:92:9e:e5:f8:32:
                    73:be:eb:86:12:60:55:0c:9a:02:8b:c1:08:86:b2:
                    ce:e8:ae:73:c1:91:88:e2:a3:81:a4:39:fe:4a:4c:
                    97:9f:ba:0a:3a:70:33:ad:98:18:2d:bf:76:62:aa:
                    a7:88:6d:e6:91:33:c3:2a:eb:2e:7f:db:3f:84:91:
                    c4:37:d4:d4:b6:5b:f9:92:56:8f:60:21:e8:e7:0d:
                    5d:92:46:4a:2d:d5:60:5c:b7:1c:63:42:63:bd:45:
                    e9:87:ba:c1:58:9c:70:d9:c3:f7:07:d9:0a:09:f7:
                    ba:cf:22:c5:d9:24:f7:65:01:1f:3f:6b:5c:7c:f1:
                    74:9f:18:32:28:ca:7b:04:84:a7:0d:f6:ad:ce:1f:
                    d8:88:d5:db:21:47:c7:ee:45:b7:5a:12:ff:69:66:
                    fc:07:0e:3a:26:74:be:3f:c4:e7:98:03:34:a2:d5:
                    74:10:da:fc:a5:fe:02:78:57:f0:7e:3f:b1:85:52:
                    78:7b:0c:ef:76:13:f0:4c:ce:63:b5:e3:85:00:f5:
                    b2:1d:9d:07:e6:43:da:b4:2c:5f:a6:4d:20:6d:48:
                    21:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:FE:2B:72:4F:4C:05:B2:E3:62:17:60:3E:A0:6D:3C:46:97:2B:41
            X509v3 Authority Key Identifier:
                keyid:FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/nP4rck9MBbLjYhdgPqBtPEaXK0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:8f:07:65:94:15:df:b2:9d:38:fb:4a:4b:01:b4:05:cc:d4:
         d6:c2:58:25:9b:d5:d1:0c:ba:4f:40:ed:72:c8:40:9b:33:1a:
         4d:d8:31:32:7a:46:19:3a:40:0d:4e:91:33:de:41:8b:b5:62:
         e6:83:eb:aa:6c:6c:b7:ab:66:74:43:fb:94:3e:95:e9:bd:e6:
         97:00:10:d1:a5:d8:ad:ac:3f:66:2e:38:a6:9c:45:6f:3f:03:
         15:d6:07:40:87:50:93:1c:be:a4:0f:ae:ab:2c:81:10:48:d0:
         c1:ae:b5:8a:8f:97:07:c6:f8:94:b1:3e:d3:49:34:d5:0f:5d:
         71:43:f9:ee:bd:93:72:cd:2e:05:a9:f5:4a:2d:fa:82:b9:53:
         e9:b9:cd:6e:6e:2d:ed:7b:f5:72:83:ed:11:a7:1b:89:9b:86:
         c0:1b:01:72:1a:81:75:fd:64:0b:00:01:07:48:f0:9a:80:2f:
         e9:1f:0c:a4:34:b8:3e:8f:3a:db:9d:de:8e:d5:8b:ba:89:76:
         f0:da:82:db:50:16:6b:14:56:2e:33:43:72:fc:ab:4f:f9:9a:
         0d:27:5c:36:f2:a8:75:72:ad:4b:52:19:2f:67:75:79:67:61:
         ad:cd:52:61:7e:ee:ec:ed:61:16:b4:1f:cb:c7:e6:d5:a3:63:
         1b:60:92:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJtLbXhZdHSRGP9N7br02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYzM4MWY1M2YyNWRiYzJhMGVmYWJmODg5ZmNhMzI0MTk5
NThkZDAwHhcNMjUwMTAyMTc1MzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ZlMmI3MjRmNGMwNWIyZTM2MjE3NjAzZWEwNmQzYzQ2OTcyYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0+W6z92Gtuj02KT4sXMt711e4/sD
1sEbEHzatRPgdDqy7vXTqnyOkp7l+DJzvuuGEmBVDJoCi8EIhrLO6K5zwZGI4qOB
pDn+SkyXn7oKOnAzrZgYLb92YqqniG3mkTPDKusuf9s/hJHEN9TUtlv5klaPYCHo
5w1dkkZKLdVgXLccY0JjvUXph7rBWJxw2cP3B9kKCfe6zyLF2ST3ZQEfP2tcfPF0
nxgyKMp7BISnDfatzh/YiNXbIUfH7kW3WhL/aWb8Bw46JnS+P8TnmAM0otV0ENr8
pf4CeFfwfj+xhVJ4ewzvdhPwTM5jteOFAPWyHZ0H5kPatCxfpk0gbUghpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJz+K3JPTAWy42IXYD6gbTxGlytBMB8GA1UdIwQY
MBaAFP/DgfU/JdvCoO+r+In8oyQZlY3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDkt
NmZlMzQ4MDVhNmM2LzEvblA0cmNrOU1CYkxqWWhkZ1BxQnRQRWFYSzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDktNmZlMzQ4MDVhNmM2
LzEvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1E5AMA0G
CSqGSIb3DQEBCwUAA4IBAQA4jwdllBXfsp04+0pLAbQFzNTWwlglm9XRDLpPQO1y
yECbMxpN2DEyekYZOkANTpEz3kGLtWLmg+uqbGy3q2Z0Q/uUPpXpveaXABDRpdit
rD9mLjimnEVvPwMV1gdAh1CTHL6kD66rLIEQSNDBrrWKj5cHxviUsT7TSTTVD11x
Q/nuvZNyzS4FqfVKLfqCuVPpuc1ubi3te/Vyg+0RpxuJm4bAGwFyGoF1/WQLAAEH
SPCagC/pHwykNLg+jzrbnd6O1Yu6iXbw2oLbUBZrFFYuM0Ny/KtP+ZoNJ1w28qh1
cq1LUhkvZ3V5Z2GtzVJhfu7s7WEWtB/Lx+bVo2MbYJJb
-----END CERTIFICATE-----