Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/pdp4IWD2UyEeve8KeCwpZyeSJ_w.roa
File:                     pdp4IWD2UyEeve8KeCwpZyeSJ_w.roa (raw, json)
Hash identifier:          sCyo59s5/aOAb3/R/bOCxzJ2qxCJ1t7yaYP6ORycius=
Subject key identifier:   A5:DA:78:21:60:F6:53:21:1E:BD:EF:0A:78:2C:29:67:27:92:27:FC
Certificate issuer:       /CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
Certificate serial:       0195FAB5BF2D52D9CE57A023232DE33D9026
Authority key identifier: FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/pdp4IWD2UyEeve8KeCwpZyeSJ_w.roa
Signing time:             Thu 03 Apr 2025 08:12:49 +0000
ROA not before:           Thu 03 Apr 2025 08:12:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16339
IP address blocks:        212.78.79.0/24 maxlen: 24
                          212.78.81.0/24 maxlen: 24
                          212.78.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fa:b5:bf:2d:52:d9:ce:57:a0:23:23:2d:e3:3d:90:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
        Validity
            Not Before: Apr  3 08:12:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5da782160f653211ebdef0a782c2967279227fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:2d:4b:61:e7:78:90:e6:f5:4c:e1:0d:8f:3e:
                    51:d3:eb:29:74:c8:56:48:f8:76:c9:2b:6f:d1:09:
                    b5:14:5d:62:50:80:f3:46:b8:9c:f7:1b:ed:aa:ca:
                    ca:c6:d2:eb:35:70:5e:66:11:8a:52:0b:ec:14:c6:
                    dc:5c:59:31:90:f8:bd:31:6f:91:23:0e:7b:8e:30:
                    53:c9:67:d1:13:69:27:eb:bf:36:65:dd:6b:28:4b:
                    d4:fc:05:27:ac:4b:d6:0d:42:38:29:b0:76:56:d4:
                    02:88:25:d6:1e:70:7b:b6:39:88:f2:c0:be:e7:de:
                    c7:73:84:4c:d9:9e:52:e5:e4:90:5e:58:cb:33:90:
                    1c:f5:27:e4:f9:05:26:c3:51:31:a1:17:79:a6:93:
                    37:c0:9c:aa:dd:55:ff:02:b7:1c:fd:19:db:59:48:
                    77:5c:77:f6:9a:27:c0:97:dd:a5:98:85:2a:f9:94:
                    f7:67:ef:a5:07:50:38:53:f2:64:b2:8c:39:3a:e3:
                    39:fd:71:f7:8b:5a:76:89:07:e7:d4:91:08:30:b8:
                    85:23:8c:58:4b:07:18:b0:fd:82:01:72:4e:6d:8d:
                    d9:35:ed:7d:61:58:3f:58:4b:22:24:67:af:a2:f8:
                    f1:3b:ad:77:7c:a3:79:6a:09:2f:dc:ec:71:f0:56:
                    2b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:DA:78:21:60:F6:53:21:1E:BD:EF:0A:78:2C:29:67:27:92:27:FC
            X509v3 Authority Key Identifier:
                keyid:FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/pdp4IWD2UyEeve8KeCwpZyeSJ_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.79.0/24
                  212.78.81.0/24
                  212.78.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:42:c6:e3:35:19:74:c8:42:e2:d4:72:7a:06:f4:8d:a7:30:
         94:29:ae:32:0f:49:ca:59:ea:02:68:8b:8e:14:63:01:d6:8f:
         0b:ce:87:49:cf:79:12:e7:75:7e:f1:2c:3c:51:92:26:d0:5e:
         b2:0b:8a:59:21:d1:35:8a:fc:f9:0a:0d:06:a5:e0:e9:04:34:
         11:42:bc:41:33:7e:98:87:6b:87:0f:b0:c8:70:2e:4a:e0:97:
         97:10:5f:51:95:a6:60:73:f7:e7:48:1c:10:78:ca:dd:0d:60:
         c1:2b:19:82:32:0e:06:71:c1:fd:38:50:09:a1:4a:ef:1a:a9:
         42:26:9f:a4:77:d1:4d:87:82:25:fa:93:b8:d0:89:3c:e1:d6:
         97:3b:6e:c3:b8:d5:b0:34:5e:d7:5f:d4:2d:98:a2:8f:4b:53:
         4a:d9:6f:08:8e:56:f9:35:4e:7e:67:cd:17:cf:3d:04:7c:e4:
         27:f5:20:79:08:6c:d0:80:a0:2a:c1:5e:fd:f5:db:3d:33:5e:
         5c:3a:69:6c:b8:4d:df:e6:79:c4:d7:a7:03:61:c3:12:57:f0:
         4a:71:b5:e7:f5:ef:95:31:8a:ad:2f:e3:54:96:a5:87:78:7f:
         28:da:d4:87:3e:9a:86:af:1f:34:38:5e:fd:36:86:81:ef:6f:
         af:ee:7f:59
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZX6tb8tUtnOV6AjIy3jPZAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYzM4MWY1M2YyNWRiYzJhMGVmYWJmODg5ZmNhMzI0MTk5
NThkZDAwHhcNMjUwNDAzMDgxMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWRhNzgyMTYwZjY1MzIxMWViZGVmMGE3ODJjMjk2NzI3OTIyN2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxi1LYed4kOb1TOENjz5R0+spdMhW
SPh2yStv0Qm1FF1iUIDzRric9xvtqsrKxtLrNXBeZhGKUgvsFMbcXFkxkPi9MW+R
Iw57jjBTyWfRE2kn6782Zd1rKEvU/AUnrEvWDUI4KbB2VtQCiCXWHnB7tjmI8sC+
597Hc4RM2Z5S5eSQXljLM5Ac9Sfk+QUmw1ExoRd5ppM3wJyq3VX/Arcc/RnbWUh3
XHf2mifAl92lmIUq+ZT3Z++lB1A4U/Jksow5OuM5/XH3i1p2iQfn1JEIMLiFI4xY
SwcYsP2CAXJObY3ZNe19YVg/WEsiJGevovjxO613fKN5agkv3Oxx8FYrwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKXaeCFg9lMhHr3vCngsKWcnkif8MB8GA1UdIwQY
MBaAFP/DgfU/JdvCoO+r+In8oyQZlY3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDkt
NmZlMzQ4MDVhNmM2LzEvcGRwNElXRDJVeUVldmU4S2VDd3BaeWVTSl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDktNmZlMzQ4MDVhNmM2
LzEvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1E5PAwQA
1E5RAwQA1E5fMA0GCSqGSIb3DQEBCwUAA4IBAQAUQsbjNRl0yELi1HJ6BvSNpzCU
Ka4yD0nKWeoCaIuOFGMB1o8LzodJz3kS53V+8Sw8UZIm0F6yC4pZIdE1ivz5Cg0G
peDpBDQRQrxBM36Yh2uHD7DIcC5K4JeXEF9RlaZgc/fnSBwQeMrdDWDBKxmCMg4G
ccH9OFAJoUrvGqlCJp+kd9FNh4Il+pO40Ik84daXO27DuNWwNF7XX9QtmKKPS1NK
2W8Ijlb5NU5+Z80Xzz0EfOQn9SB5CGzQgKAqwV799ds9M15cOmlsuE3f5nnE16cD
YcMSV/BKcbXn9e+VMYqtL+NUlqWHeH8o2tSHPpqGrx80OF79NoaB72+v7n9Z
-----END CERTIFICATE-----