Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3-Grh5jLZ10JU7OBJD1tp_47eyY.roa
File:                     3-Grh5jLZ10JU7OBJD1tp_47eyY.roa (raw, json)
Hash identifier:          2c45XwsvJy+h7TqtuH/GlyKMkqIf7Xkil5OLxUtEjls=
Subject key identifier:   DF:E1:AB:87:98:CB:67:5D:09:53:B3:81:24:3D:6D:A7:FE:3B:7B:26
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019420D5E77BBDBF097877818D7D5D018BA9
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3-Grh5jLZ10JU7OBJD1tp_47eyY.roa
Signing time:             Wed 01 Jan 2025 07:47:56 +0000
ROA not before:           Wed 01 Jan 2025 07:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215540
IP address blocks:        88.151.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e7:7b:bd:bf:09:78:77:81:8d:7d:5d:01:8b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfe1ab8798cb675d0953b381243d6da7fe3b7b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:58:c4:d7:72:e9:3f:a0:a3:15:4b:8c:78:b4:
                    91:c1:b0:ef:b3:bd:0e:75:c1:18:ee:0a:f0:6f:5d:
                    b4:e5:1a:08:b9:14:42:59:a4:e2:f2:ae:30:f3:45:
                    07:2a:dd:31:fe:0f:bb:7f:26:79:53:d4:1a:e0:b2:
                    e1:55:3e:ce:c5:d5:3c:bc:47:8c:10:47:4c:63:2e:
                    5e:00:e7:87:44:96:b8:00:86:18:5b:01:76:d5:b8:
                    0b:d0:49:4f:a4:1c:35:f8:e3:22:72:bb:8f:3d:75:
                    b2:0e:8e:f5:b3:f4:38:35:8c:57:ac:03:9a:1c:87:
                    b0:41:dc:97:7e:4a:9a:79:f5:b4:99:a0:61:c9:be:
                    a4:04:4d:2a:c8:e6:46:86:a4:86:4d:45:49:11:b5:
                    68:9b:2b:4c:b9:02:e7:19:1f:b0:10:17:f9:f4:70:
                    c3:ed:a2:dd:c7:e1:2c:02:4e:5c:3c:d3:72:40:46:
                    2c:df:7d:a3:b4:5b:88:1c:73:f0:d8:69:05:64:01:
                    15:9e:4f:16:74:ac:f9:be:b6:97:83:cd:e0:90:a4:
                    3f:cf:8b:e2:8f:54:9d:a6:dd:e8:c9:05:8f:57:24:
                    66:50:7b:a2:aa:ce:75:86:6f:e1:a9:8b:11:a7:d0:
                    01:93:58:0e:54:e4:e2:ea:d8:8f:b0:d8:58:35:32:
                    0e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:E1:AB:87:98:CB:67:5D:09:53:B3:81:24:3D:6D:A7:FE:3B:7B:26
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/3-Grh5jLZ10JU7OBJD1tp_47eyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:b6:ca:be:f2:c4:7c:6d:2b:9a:a5:e5:10:1f:dd:25:44:24:
         6b:e5:60:a7:63:fd:2b:00:58:96:97:ee:da:8d:cd:dc:0f:a9:
         30:b3:c6:6f:bb:49:5e:da:88:2f:d6:9e:b8:94:e1:99:98:a4:
         4b:ce:50:01:92:a6:4f:64:65:ed:38:c5:3f:86:a0:1c:d5:4b:
         1f:ad:d4:fd:47:6c:9a:b9:53:30:0b:08:65:58:93:50:ab:d9:
         13:fe:e5:4f:38:aa:09:49:d8:be:34:5e:de:27:b8:ee:70:87:
         22:5f:b4:73:5d:dc:3e:2d:85:2a:8d:3e:a5:b1:ec:7a:eb:22:
         a1:1c:a9:43:99:3a:28:31:83:11:45:47:cb:63:a9:43:00:a2:
         3d:13:7b:10:fa:f8:e0:d8:71:35:a2:31:b5:88:c7:8a:50:50:
         f9:33:e8:fa:ea:7d:f1:2b:9f:ab:e2:db:9e:bf:68:0b:1b:b1:
         89:86:10:cb:a1:68:44:4c:65:55:70:04:d2:e0:65:82:c8:bb:
         a5:94:32:6f:1a:8e:2a:f6:fd:ba:de:6a:c3:63:a4:74:bc:b3:
         22:57:fb:88:84:10:31:56:6e:91:5b:98:b2:ab:14:37:11:a5:
         4a:23:eb:fa:28:a6:e5:bb:e5:6a:80:b0:5c:7b:f8:5f:38:b4:
         1a:c8:f4:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ed7vb8JeHeBjX1dAYupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwMTAxMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmUxYWI4Nzk4Y2I2NzVkMDk1M2IzODEyNDNkNmRhN2ZlM2I3YjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVjE13LpP6CjFUuMeLSRwbDvs70O
dcEY7grwb1205RoIuRRCWaTi8q4w80UHKt0x/g+7fyZ5U9Qa4LLhVT7OxdU8vEeM
EEdMYy5eAOeHRJa4AIYYWwF21bgL0ElPpBw1+OMicruPPXWyDo71s/Q4NYxXrAOa
HIewQdyXfkqaefW0maBhyb6kBE0qyOZGhqSGTUVJEbVomytMuQLnGR+wEBf59HDD
7aLdx+EsAk5cPNNyQEYs332jtFuIHHPw2GkFZAEVnk8WdKz5vraXg83gkKQ/z4vi
j1Sdpt3oyQWPVyRmUHuiqs51hm/hqYsRp9ABk1gOVOTi6tiPsNhYNTIOuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/hq4eYy2ddCVOzgSQ9baf+O3smMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvMy1Hcmg1akxaMTBKVTdPQkpEMXRwXzQ3ZXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfAMA0G
CSqGSIb3DQEBCwUAA4IBAQDHtsq+8sR8bSuapeUQH90lRCRr5WCnY/0rAFiWl+7a
jc3cD6kws8Zvu0le2ogv1p64lOGZmKRLzlABkqZPZGXtOMU/hqAc1UsfrdT9R2ya
uVMwCwhlWJNQq9kT/uVPOKoJSdi+NF7eJ7jucIciX7RzXdw+LYUqjT6lsex66yKh
HKlDmTooMYMRRUfLY6lDAKI9E3sQ+vjg2HE1ojG1iMeKUFD5M+j66n3xK5+r4tue
v2gLG7GJhhDLoWhETGVVcATS4GWCyLullDJvGo4q9v263mrDY6R0vLMiV/uIhBAx
Vm6RW5iyqxQ3EaVKI+v6KKblu+VqgLBce/hfOLQayPQl
-----END CERTIFICATE-----