Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/Bwqq8Z5AZL_2lUde5qk7oColHZI.roa
File:                     Bwqq8Z5AZL_2lUde5qk7oColHZI.roa (raw, json)
Hash identifier:          bFEzn3Yzi/n+R1SI5psM35DL7T0gcBGjte1Ppv7HbOc=
Subject key identifier:   07:0A:AA:F1:9E:40:64:BF:F6:95:47:5E:E6:A9:3B:A0:2A:25:1D:92
Certificate issuer:       /CN=f5d901201ff0b1b97ef3d1a72da41e18f0145762
Certificate serial:       0194206860D3D7C450B1FD607354CBBCAE08
Authority key identifier: F5:D9:01:20:1F:F0:B1:B9:7E:F3:D1:A7:2D:A4:1E:18:F0:14:57:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/Bwqq8Z5AZL_2lUde5qk7oColHZI.roa
Signing time:             Wed 01 Jan 2025 05:48:18 +0000
ROA not before:           Wed 01 Jan 2025 05:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30722
IP address blocks:        212.78.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9dkBIB_wsbl-89GnLaQeGPAUV2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9dkBIB_wsbl-89GnLaQeGPAUV2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:60:d3:d7:c4:50:b1:fd:60:73:54:cb:bc:ae:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5d901201ff0b1b97ef3d1a72da41e18f0145762
        Validity
            Not Before: Jan  1 05:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=070aaaf19e4064bff695475ee6a93ba02a251d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d2:d2:39:9a:17:e3:ae:ae:7a:5d:6b:c6:1e:
                    c1:29:20:e3:c6:59:61:1a:80:f5:08:42:ef:88:b6:
                    c6:70:33:dd:fc:75:97:bf:27:6c:f3:52:a8:fe:29:
                    e7:bb:bd:25:fe:22:1e:a5:d7:0c:cc:94:32:a7:13:
                    01:ba:81:e9:dc:ed:9f:f1:21:ae:ae:0f:a7:6c:ee:
                    e9:a0:6c:16:93:9d:45:79:cc:05:00:7f:0c:3f:26:
                    da:52:45:99:7b:d3:78:17:8f:0c:87:1e:6d:9e:9a:
                    0a:ea:e5:38:d9:ee:37:ee:c7:1e:e6:09:2e:76:0a:
                    b4:50:c2:67:40:60:23:75:88:d3:38:47:80:ae:0e:
                    92:f4:42:89:2a:dd:64:31:72:f4:b8:97:21:52:05:
                    d6:53:86:69:0a:47:fa:c4:30:05:81:e1:fe:8f:ec:
                    90:00:07:0c:a1:08:83:47:45:27:08:96:10:e1:ac:
                    37:67:6d:be:74:2f:ab:17:58:af:b3:e1:e9:a4:2b:
                    b3:2c:5b:b6:7c:7c:c8:c9:0e:81:94:6a:20:bd:55:
                    3a:8a:fc:82:6d:f7:87:93:5f:19:04:d3:ab:50:ed:
                    ae:bc:83:25:bf:9c:96:26:ce:0f:60:3e:9f:3f:06:
                    d9:cc:14:4d:27:93:0f:ad:a7:76:de:a2:ae:bf:1f:
                    6a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:0A:AA:F1:9E:40:64:BF:F6:95:47:5E:E6:A9:3B:A0:2A:25:1D:92
            X509v3 Authority Key Identifier:
                keyid:F5:D9:01:20:1F:F0:B1:B9:7E:F3:D1:A7:2D:A4:1E:18:F0:14:57:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9dkBIB_wsbl-89GnLaQeGPAUV2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/Bwqq8Z5AZL_2lUde5qk7oColHZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ad5545-f8af-4278-90a5-a3bbc87a77cc/1/9dkBIB_wsbl-89GnLaQeGPAUV2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.78.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:cb:fa:b0:79:6d:57:2b:85:e0:e7:3c:44:57:65:97:4e:dd:
         21:1a:3f:d1:04:c4:8c:dc:73:fc:48:8b:67:66:2d:19:3e:09:
         01:f5:02:b1:f7:b1:21:73:2b:a4:a4:10:a0:7c:a0:8d:64:49:
         21:c4:f3:5e:2d:b9:4e:33:b9:b8:9c:50:2b:1d:c3:a4:4e:9a:
         d6:cd:6b:3e:c8:f6:c1:f1:1a:b3:2b:16:45:57:ce:27:7b:b1:
         99:cf:a1:cb:61:26:ff:33:56:2e:6e:fa:ed:02:ce:cf:43:18:
         98:ec:93:68:76:7e:e1:66:46:52:85:bd:e2:8a:c8:19:af:6f:
         f9:54:b1:01:ac:ad:fc:1c:dc:50:e5:53:8e:3a:70:cb:45:da:
         fa:bf:59:34:4e:5c:14:18:fb:1f:a4:ab:1f:e0:2b:57:22:7d:
         3c:a5:28:75:8b:83:2b:06:69:5a:a8:52:aa:45:39:65:03:44:
         59:fb:78:1d:9d:6e:af:43:8b:aa:e9:86:09:2a:6a:73:d0:dc:
         91:5b:e9:78:89:71:e9:cf:68:ea:3d:9d:24:bf:67:b4:9b:8d:
         3c:16:cb:cb:5a:c7:b0:68:d5:0b:ff:61:18:a0:be:35:38:2b:
         c0:e0:44:35:9e:f4:94:ac:d0:f7:9a:a8:7b:c9:80:24:1b:81:
         36:dc:3d:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGDT18RQsf1gc1TLvK4IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZDkwMTIwMWZmMGIxYjk3ZWYzZDFhNzJkYTQxZTE4ZjAx
NDU3NjIwHhcNMjUwMTAxMDU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzBhYWFmMTllNDA2NGJmZjY5NTQ3NWVlNmE5M2JhMDJhMjUxZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dLSOZoX466uel1rxh7BKSDjxllh
GoD1CELviLbGcDPd/HWXvyds81Ko/innu70l/iIepdcMzJQypxMBuoHp3O2f8SGu
rg+nbO7poGwWk51FecwFAH8MPybaUkWZe9N4F48Mhx5tnpoK6uU42e437sce5gku
dgq0UMJnQGAjdYjTOEeArg6S9EKJKt1kMXL0uJchUgXWU4ZpCkf6xDAFgeH+j+yQ
AAcMoQiDR0UnCJYQ4aw3Z22+dC+rF1ivs+HppCuzLFu2fHzIyQ6BlGogvVU6ivyC
bfeHk18ZBNOrUO2uvIMlv5yWJs4PYD6fPwbZzBRNJ5MPrad23qKuvx9qVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcKqvGeQGS/9pVHXuapO6AqJR2SMB8GA1UdIwQY
MBaAFPXZASAf8LG5fvPRpy2kHhjwFFdiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWRrQklCX3dzYmwtODlHbkxhUWVHUEFVVjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9hZDU1NDUtZjhhZi00Mjc4LTkwYTUt
YTNiYmM4N2E3N2NjLzEvQndxcThaNUFaTF8ybFVkZTVxazdvQ29sSFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9hZDU1NDUtZjhhZi00Mjc4LTkwYTUtYTNiYmM4N2E3N2Nj
LzEvOWRrQklCX3dzYmwtODlHbkxhUWVHUEFVVjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1E4IMA0G
CSqGSIb3DQEBCwUAA4IBAQBKy/qweW1XK4Xg5zxEV2WXTt0hGj/RBMSM3HP8SItn
Zi0ZPgkB9QKx97EhcyukpBCgfKCNZEkhxPNeLblOM7m4nFArHcOkTprWzWs+yPbB
8RqzKxZFV84ne7GZz6HLYSb/M1YubvrtAs7PQxiY7JNodn7hZkZShb3iisgZr2/5
VLEBrK38HNxQ5VOOOnDLRdr6v1k0TlwUGPsfpKsf4CtXIn08pSh1i4MrBmlaqFKq
RTllA0RZ+3gdnW6vQ4uq6YYJKmpz0NyRW+l4iXHpz2jqPZ0kv2e0m408FsvLWsew
aNUL/2EYoL41OCvA4EQ1nvSUrND3mqh7yYAkG4E23D3o
-----END CERTIFICATE-----