Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iHqHOmwrVyrtHOqJBGU-h4gTPGE.roa
File:                     iHqHOmwrVyrtHOqJBGU-h4gTPGE.roa (raw, json)
Hash identifier:          LgyVv3T9GhaxHLbeG0cUmNnr3zf3ppvzWIBGJwHUSNg=
Subject key identifier:   88:7A:87:3A:6C:2B:57:2A:ED:1C:EA:89:04:65:3E:87:88:13:3C:61
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019420D5E3ECB7A91512C7EC9B1C4B4B63BA
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iHqHOmwrVyrtHOqJBGU-h4gTPGE.roa
Signing time:             Wed 01 Jan 2025 07:47:55 +0000
ROA not before:           Wed 01 Jan 2025 07:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211059
IP address blocks:        5.10.250.0/24 maxlen: 24
                          5.178.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e3:ec:b7:a9:15:12:c7:ec:9b:1c:4b:4b:63:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=887a873a6c2b572aed1cea8904653e8788133c61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:03:de:82:38:bb:a2:c9:c9:df:a4:37:2a:74:
                    4c:68:26:fd:49:90:68:f4:8e:80:ca:7e:3c:95:01:
                    28:7f:23:f6:d5:c4:72:3c:85:d3:31:bf:f7:76:81:
                    69:76:f2:c1:f6:78:b8:6e:e9:e5:d1:c7:2e:d7:42:
                    e1:54:00:78:08:c6:a7:86:d1:8d:5e:fd:0e:3d:a9:
                    da:6c:90:83:c9:84:ed:72:5a:e5:25:bf:08:26:8a:
                    88:bb:7d:08:99:c9:a0:05:3f:af:0e:45:5a:eb:4c:
                    dc:95:f5:d6:b9:46:0b:d4:30:0b:45:90:d2:d5:98:
                    f8:d5:67:74:ab:46:f8:5b:4e:a4:77:c3:4d:fc:8b:
                    de:fb:c2:29:5e:65:a1:3d:99:95:41:6d:27:ec:bd:
                    12:80:7d:37:00:fa:72:9e:92:55:87:dc:b2:78:91:
                    14:18:d2:ad:ae:d2:2c:a1:40:95:02:32:ad:a8:cb:
                    71:c7:21:38:dc:ec:49:2b:f8:c4:a6:9d:e3:09:58:
                    2f:49:0c:d3:84:41:50:54:21:f7:da:52:b9:39:c5:
                    78:64:f0:84:c2:92:35:b2:3e:ef:b1:08:43:6e:31:
                    d2:1a:d9:7c:b0:0c:06:bb:9f:4f:04:15:d5:5d:21:
                    8c:6c:65:7c:a5:e9:7f:bb:8e:e3:60:9d:4c:20:dd:
                    67:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:7A:87:3A:6C:2B:57:2A:ED:1C:EA:89:04:65:3E:87:88:13:3C:61
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iHqHOmwrVyrtHOqJBGU-h4gTPGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.250.0/24
                  5.178.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:ee:23:36:6b:d0:24:37:5b:8b:09:b5:ce:f5:18:0f:3b:b1:
         24:0b:d1:c7:0e:2b:ba:56:27:5d:0a:c5:e0:e8:19:01:68:0b:
         55:16:db:1c:28:f4:81:76:f1:c9:b3:d1:a1:0b:a7:fc:18:2d:
         24:2f:92:8e:1f:17:bc:7f:75:77:4c:0b:1e:db:db:2f:24:7e:
         51:15:7d:5e:c7:fb:53:60:42:cb:23:29:49:39:80:25:d3:01:
         85:84:37:d0:ba:ef:1b:a3:68:df:ff:06:3b:58:8f:10:02:ef:
         f1:60:1d:17:fd:21:19:6c:f6:a3:b4:27:fb:8b:7a:ac:3b:af:
         7a:d6:84:e0:0d:8e:20:aa:a0:1d:5b:01:f8:7b:47:21:e7:60:
         b2:b6:fe:e5:fe:59:01:37:8e:84:2a:87:be:eb:1d:e3:a1:d7:
         65:8b:0e:db:2c:bf:41:5f:44:be:6a:e5:22:6d:b2:bf:f5:24:
         33:20:26:86:74:dc:0c:88:2f:f4:91:c8:c1:40:1e:33:89:9e:
         c3:ec:c8:a2:0a:64:1f:f6:57:d1:f9:ae:9c:fe:ca:bd:f6:8a:
         87:c7:ae:b8:e0:c1:36:c9:9e:74:64:1e:b8:15:4b:aa:2f:24:
         9f:e7:d3:80:e9:be:52:8a:95:1e:90:72:64:57:8d:ef:22:14:
         be:65:cb:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1ePst6kVEsfsmxxLS2O6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwMTAxMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODdhODczYTZjMmI1NzJhZWQxY2VhODkwNDY1M2U4Nzg4MTMzYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugPegji7osnJ36Q3KnRMaCb9SZBo
9I6Ayn48lQEofyP21cRyPIXTMb/3doFpdvLB9ni4bunl0ccu10LhVAB4CManhtGN
Xv0OPanabJCDyYTtclrlJb8IJoqIu30ImcmgBT+vDkVa60zclfXWuUYL1DALRZDS
1Zj41Wd0q0b4W06kd8NN/Ive+8IpXmWhPZmVQW0n7L0SgH03APpynpJVh9yyeJEU
GNKtrtIsoUCVAjKtqMtxxyE43OxJK/jEpp3jCVgvSQzThEFQVCH32lK5OcV4ZPCE
wpI1sj7vsQhDbjHSGtl8sAwGu59PBBXVXSGMbGV8pel/u47jYJ1MIN1nyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIh6hzpsK1cq7RzqiQRlPoeIEzxhMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvaUhxSE9td3JWeXJ0SE9xSkJHVS1oNGdUUEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABQr6AwQA
BbIBMA0GCSqGSIb3DQEBCwUAA4IBAQAB7iM2a9AkN1uLCbXO9RgPO7EkC9HHDiu6
ViddCsXg6BkBaAtVFtscKPSBdvHJs9GhC6f8GC0kL5KOHxe8f3V3TAse29svJH5R
FX1ex/tTYELLIylJOYAl0wGFhDfQuu8bo2jf/wY7WI8QAu/xYB0X/SEZbPajtCf7
i3qsO6961oTgDY4gqqAdWwH4e0ch52Cytv7l/lkBN46EKoe+6x3joddliw7bLL9B
X0S+auUibbK/9SQzICaGdNwMiC/0kcjBQB4ziZ7D7MiiCmQf9lfR+a6c/sq99oqH
x6644ME2yZ50ZB64FUuqLySf59OA6b5SipUekHJkV43vIhS+Zcuo
-----END CERTIFICATE-----