Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/zkX0tVSTFsoyaxd_5uUsOhnJd-4.roa
File:                     zkX0tVSTFsoyaxd_5uUsOhnJd-4.roa (raw, json)
Hash identifier:          +7/YlZRCmdBXU3YPbp3jELJ7uYVAAvsXumfUvYl8oRk=
Subject key identifier:   CE:45:F4:B5:54:93:16:CA:32:6B:17:7F:E6:E5:2C:3A:19:C9:77:EE
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       019427477DC5491593A9A65BCEF15EAE6FA5
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/zkX0tVSTFsoyaxd_5uUsOhnJd-4.roa
Signing time:             Thu 02 Jan 2025 13:49:44 +0000
ROA not before:           Thu 02 Jan 2025 13:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47632
IP address blocks:        194.153.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 04:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:7d:c5:49:15:93:a9:a6:5b:ce:f1:5e:ae:6f:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  2 13:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce45f4b5549316ca326b177fe6e52c3a19c977ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:a5:ca:c4:28:38:61:89:bb:3c:48:fd:75:5a:
                    74:df:0d:0a:75:c3:ba:b3:d2:27:40:51:45:7d:70:
                    47:5f:84:38:66:a0:04:6f:7c:50:f1:f3:ff:eb:53:
                    13:ab:4f:38:81:b2:73:b2:cf:a3:f2:0b:85:e7:67:
                    dc:a6:7c:19:96:f5:d5:ed:07:9c:72:c1:69:2f:87:
                    07:83:b8:4d:e6:65:1a:71:ff:fc:05:d2:2d:a7:03:
                    4b:9e:00:7f:95:9a:36:6b:6b:ab:66:76:a5:93:d2:
                    dc:f2:68:86:95:4d:08:fe:ee:48:ba:bc:be:a5:51:
                    08:21:4e:11:08:da:57:02:22:c9:5e:ea:62:0d:2e:
                    a6:8e:71:52:ff:f1:e6:85:20:e5:cb:b9:26:bf:cf:
                    10:36:ab:2e:e8:ed:71:72:a7:67:4d:fb:7c:63:0c:
                    fb:73:74:60:68:fa:0f:f0:8a:1f:4d:ce:bc:5a:39:
                    b3:c1:26:b2:76:88:8b:68:0e:a7:29:e4:af:c1:d2:
                    f6:35:7d:61:76:33:03:6e:d4:27:76:31:32:2c:0d:
                    90:ab:37:bd:23:ce:51:0f:74:fd:6c:0e:df:07:9a:
                    0a:7d:ad:83:ed:98:4c:e1:de:99:c8:c8:00:af:e8:
                    ca:0c:84:c8:46:97:d7:bd:c0:a4:07:f9:ff:67:cf:
                    1f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:45:F4:B5:54:93:16:CA:32:6B:17:7F:E6:E5:2C:3A:19:C9:77:EE
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/zkX0tVSTFsoyaxd_5uUsOhnJd-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:f3:62:d5:e9:71:e0:7a:c6:f4:31:14:bc:ae:25:a8:83:dc:
         52:87:15:b0:11:6a:c0:78:9d:64:03:94:32:c8:da:d4:ee:53:
         63:12:f6:3f:d2:85:32:44:b4:9c:54:3b:69:76:37:61:ec:8e:
         79:d5:a7:c7:6a:a8:c0:e9:a4:15:9a:0b:ad:c7:a8:76:b0:e5:
         78:ca:ab:95:76:1d:99:11:08:a4:f6:a2:a7:a0:72:2c:a3:25:
         95:ad:8b:1f:b7:a4:bb:65:c3:f9:56:0d:8e:67:3e:ae:63:c7:
         e3:f3:0f:25:80:55:8c:e1:4e:71:ea:85:41:56:86:a9:b7:93:
         72:72:bb:87:2b:03:30:c4:93:a8:cc:d6:5d:f2:a7:39:a5:d2:
         4a:49:32:cb:58:a9:62:c5:af:2b:6a:57:de:48:04:4d:24:af:
         d0:80:b2:ff:af:6e:32:b5:5a:de:fb:c2:89:ad:e4:0e:66:23:
         69:da:f4:02:b4:99:e7:2f:5a:e4:44:69:b3:5c:67:bb:a2:97:
         30:24:8f:55:e4:bd:84:8e:f4:91:c6:71:bc:79:5f:d0:c2:52:
         df:5c:6e:c5:27:5a:5b:b1:ef:ef:3e:a3:03:98:4d:7b:9f:67:
         08:b8:92:88:ae:b1:60:59:70:8c:29:80:7e:75:07:17:6f:34:
         3e:3b:9a:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR33FSRWTqaZbzvFerm+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjUwMTAyMTM0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTQ1ZjRiNTU0OTMxNmNhMzI2YjE3N2ZlNmU1MmMzYTE5Yzk3N2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5aXKxCg4YYm7PEj9dVp03w0KdcO6
s9InQFFFfXBHX4Q4ZqAEb3xQ8fP/61MTq084gbJzss+j8guF52fcpnwZlvXV7Qec
csFpL4cHg7hN5mUacf/8BdItpwNLngB/lZo2a2urZnalk9Lc8miGlU0I/u5Iury+
pVEIIU4RCNpXAiLJXupiDS6mjnFS//HmhSDly7kmv88QNqsu6O1xcqdnTft8Ywz7
c3RgaPoP8IofTc68WjmzwSaydoiLaA6nKeSvwdL2NX1hdjMDbtQndjEyLA2Qqze9
I85RD3T9bA7fB5oKfa2D7ZhM4d6ZyMgAr+jKDITIRpfXvcCkB/n/Z88fNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5F9LVUkxbKMmsXf+blLDoZyXfuMB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvemtYMHRWU1RGc295YXhkXzV1VXNPaG5KZC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwplOMA0G
CSqGSIb3DQEBCwUAA4IBAQCp82LV6XHgesb0MRS8riWog9xShxWwEWrAeJ1kA5Qy
yNrU7lNjEvY/0oUyRLScVDtpdjdh7I551afHaqjA6aQVmgutx6h2sOV4yquVdh2Z
EQik9qKnoHIsoyWVrYsft6S7ZcP5Vg2OZz6uY8fj8w8lgFWM4U5x6oVBVoapt5Ny
cruHKwMwxJOozNZd8qc5pdJKSTLLWKlixa8ralfeSARNJK/QgLL/r24ytVre+8KJ
reQOZiNp2vQCtJnnL1rkRGmzXGe7opcwJI9V5L2EjvSRxnG8eV/QwlLfXG7FJ1pb
se/vPqMDmE17n2cIuJKIrrFgWXCMKYB+dQcXbzQ+O5q2
-----END CERTIFICATE-----