Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/X3Q0SNhCbMHeUBwGf788wp_czsU.roa
File:                     X3Q0SNhCbMHeUBwGf788wp_czsU.roa (raw, json)
Hash identifier:          091XmsdNMlLYLPcTwFanyKRL1REvB0J6UE48TAdGAMo=
Subject key identifier:   5F:74:34:48:D8:42:6C:C1:DE:50:1C:06:7F:BF:3C:C2:9F:DC:CE:C5
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019420D5DA8BD86F36070B2994F15A7708F6
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/X3Q0SNhCbMHeUBwGf788wp_czsU.roa
Signing time:             Wed 01 Jan 2025 07:47:53 +0000
ROA not before:           Wed 01 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47674
IP address blocks:        88.151.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:da:8b:d8:6f:36:07:0b:29:94:f1:5a:77:08:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f743448d8426cc1de501c067fbf3cc29fdccec5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3e:61:d5:c7:9f:00:6e:63:15:41:92:5a:55:
                    4d:12:28:bf:e1:60:98:94:c0:78:7c:17:2a:21:c0:
                    de:33:4a:73:35:df:97:68:7c:f5:bd:bb:93:fe:6f:
                    4e:28:ad:dc:a7:3c:3f:d4:84:22:d7:2f:18:8a:86:
                    ba:c2:b9:43:d4:29:dd:11:a2:fb:f4:38:d5:54:55:
                    94:7f:c8:56:0f:6c:f5:57:bb:f6:30:5a:6b:75:29:
                    25:5d:c3:d5:ee:c6:e2:15:91:e1:ca:c1:75:f7:42:
                    fd:4c:9a:2c:4d:03:27:65:1f:ae:74:c6:b7:27:e0:
                    3e:12:d3:87:24:ce:20:34:bf:2b:cd:2a:0a:05:fc:
                    f4:32:c7:40:f7:a3:66:e9:38:b6:30:a7:41:92:a1:
                    c6:73:bb:04:d2:8c:0e:0b:86:40:77:42:96:70:54:
                    30:13:51:e1:67:dc:98:97:42:e1:47:34:c9:66:f6:
                    7e:fa:8f:0e:36:6e:00:c6:04:9b:12:33:3f:e1:21:
                    0d:f0:36:f8:5d:f0:f3:27:9f:99:28:da:c9:12:18:
                    6b:0a:33:31:ef:3f:3c:2c:60:b6:cf:73:ea:18:92:
                    05:00:58:87:17:03:e2:04:77:13:79:ae:ca:df:b6:
                    b6:a0:01:a0:6a:d6:7b:c9:78:eb:b3:7a:5e:95:d8:
                    92:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:74:34:48:D8:42:6C:C1:DE:50:1C:06:7F:BF:3C:C2:9F:DC:CE:C5
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/X3Q0SNhCbMHeUBwGf788wp_czsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.151.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:26:05:d2:e6:e7:4c:95:5f:c4:5c:4b:80:34:d4:76:dc:18:
         02:fd:f4:bc:fc:96:a9:dc:62:6e:88:d4:fd:ab:f2:76:b9:30:
         23:5f:fe:17:d8:83:be:d7:f9:51:21:a5:6c:23:00:f6:9a:fa:
         f7:af:98:0c:46:77:6b:e0:6b:f6:08:0b:eb:0a:61:fd:be:c2:
         59:2b:10:12:ec:1d:f8:74:8e:56:ff:99:ee:a8:6e:e1:23:8f:
         a9:4d:8b:e9:3a:c1:6b:fb:37:84:4d:94:18:b4:51:0f:f9:29:
         34:23:d5:c8:84:f7:49:73:18:e0:fc:5d:46:df:c0:25:16:14:
         3f:18:2b:18:5e:ef:59:16:cb:0e:96:d3:2f:ad:92:17:9d:be:
         b6:8f:43:23:5e:11:f9:0f:33:76:51:b0:20:ba:b8:ce:57:68:
         d0:a9:4b:41:a6:33:f1:57:a0:66:ef:10:1e:53:0f:44:34:d1:
         59:aa:11:28:9a:be:8b:e3:a0:d7:cc:30:f4:37:5b:16:c9:d9:
         0d:68:dc:40:26:54:e8:d0:f5:95:61:b2:ee:fc:26:af:2b:84:
         c9:7a:7a:73:e9:53:85:ec:46:6f:4e:6b:a5:ca:ac:e3:fa:d7:
         d0:cf:6e:26:5d:7b:c7:e8:9a:f8:8a:c6:a6:c2:3b:c1:70:c7:
         52:fe:85:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dqL2G82BwsplPFadwj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwMTAxMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc0MzQ0OGQ4NDI2Y2MxZGU1MDFjMDY3ZmJmM2NjMjlmZGNjZWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxD5h1cefAG5jFUGSWlVNEii/4WCY
lMB4fBcqIcDeM0pzNd+XaHz1vbuT/m9OKK3cpzw/1IQi1y8Yioa6wrlD1CndEaL7
9DjVVFWUf8hWD2z1V7v2MFprdSklXcPV7sbiFZHhysF190L9TJosTQMnZR+udMa3
J+A+EtOHJM4gNL8rzSoKBfz0MsdA96Nm6Ti2MKdBkqHGc7sE0owOC4ZAd0KWcFQw
E1HhZ9yYl0LhRzTJZvZ++o8ONm4AxgSbEjM/4SEN8Db4XfDzJ5+ZKNrJEhhrCjMx
7z88LGC2z3PqGJIFAFiHFwPiBHcTea7K37a2oAGgatZ7yXjrs3peldiS4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF90NEjYQmzB3lAcBn+/PMKf3M7FMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvWDNRMFNOaENiTUhlVUJ3R2Y3ODh3cF9jenNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWJfGMA0G
CSqGSIb3DQEBCwUAA4IBAQDIJgXS5udMlV/EXEuANNR23BgC/fS8/Jap3GJuiNT9
q/J2uTAjX/4X2IO+1/lRIaVsIwD2mvr3r5gMRndr4Gv2CAvrCmH9vsJZKxAS7B34
dI5W/5nuqG7hI4+pTYvpOsFr+zeETZQYtFEP+Sk0I9XIhPdJcxjg/F1G38AlFhQ/
GCsYXu9ZFssOltMvrZIXnb62j0MjXhH5DzN2UbAgurjOV2jQqUtBpjPxV6Bm7xAe
Uw9ENNFZqhEomr6L46DXzDD0N1sWydkNaNxAJlTo0PWVYbLu/CavK4TJenpz6VOF
7EZvTmulyqzj+tfQz24mXXvH6Jr4isamwjvBcMdS/oVl
-----END CERTIFICATE-----