Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/36e065-a1f6-4e14-b2d7-61e54cfc2abc/1/B-Er3iFbDhKHgZepd9cohq0cVQk.roa
File:                     B-Er3iFbDhKHgZepd9cohq0cVQk.roa (raw, json)
Hash identifier:          jtx1vXImr7yVpzKZUudCNhlkYJibcaWuKGAsJwBSbxY=
Subject key identifier:   07:E1:2B:DE:21:5B:0E:12:87:81:97:A9:77:D7:28:86:AD:1C:55:09
Certificate issuer:       /CN=8775e6408b8e05aa914b874635a47b7b820c6c32
Certificate serial:       0194B738E6180812CCECC9FE8385A1464C6B
Authority key identifier: 87:75:E6:40:8B:8E:05:AA:91:4B:87:46:35:A4:7B:7B:82:0C:6C:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3XmQIuOBaqRS4dGNaR7e4IMbDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/36e065-a1f6-4e14-b2d7-61e54cfc2abc/1/B-Er3iFbDhKHgZepd9cohq0cVQk.roa
Signing time:             Thu 30 Jan 2025 12:39:06 +0000
ROA not before:           Thu 30 Jan 2025 12:39:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215395
IP address blocks:        195.78.154.0/24 maxlen: 24
                          195.78.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/36e065-a1f6-4e14-b2d7-61e54cfc2abc/1/h3XmQIuOBaqRS4dGNaR7e4IMbDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/36e065-a1f6-4e14-b2d7-61e54cfc2abc/1/h3XmQIuOBaqRS4dGNaR7e4IMbDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3XmQIuOBaqRS4dGNaR7e4IMbDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:38:e6:18:08:12:cc:ec:c9:fe:83:85:a1:46:4c:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8775e6408b8e05aa914b874635a47b7b820c6c32
        Validity
            Not Before: Jan 30 12:39:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07e12bde215b0e12878197a977d72886ad1c5509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:32:fe:98:25:6b:f5:e1:94:b7:d4:8d:fd:a8:
                    0c:03:2d:d9:80:6f:f8:b9:8c:78:02:0b:4b:27:2e:
                    b8:d0:34:7a:35:27:d0:1b:50:75:b7:fa:32:fb:07:
                    ec:df:e9:61:65:55:f6:df:c6:c3:d4:ff:0b:6f:4c:
                    3a:6f:e1:00:45:29:4c:02:a3:e4:bc:9e:6a:28:29:
                    a0:5a:89:91:c5:a2:a9:1c:ee:50:79:76:4f:3f:71:
                    36:1f:64:a2:d4:7b:97:88:b9:f5:2d:2e:80:13:61:
                    ad:5f:d7:39:6c:71:51:66:cb:91:ba:10:ef:2d:e8:
                    ee:f5:69:35:66:dc:4a:db:e0:22:ba:01:0b:ea:09:
                    cb:2a:f7:07:a9:ab:d0:6a:4f:83:26:23:83:9f:78:
                    1c:53:62:7f:ff:cc:23:84:98:ca:6d:09:41:12:1c:
                    da:61:a6:8b:64:ba:79:59:ba:fa:42:85:50:e0:75:
                    7b:f1:47:28:ac:b0:78:e8:96:69:41:e0:a5:0f:1a:
                    80:de:bb:1d:72:96:0e:e1:96:33:a3:41:f0:a4:29:
                    19:51:4e:6f:0d:ee:fb:dc:e7:c0:77:18:b1:37:dd:
                    d6:fd:d0:10:d5:25:dc:79:3c:34:33:8e:db:a1:ce:
                    bd:cb:53:19:08:dd:9b:96:c2:39:8d:52:8e:ef:a5:
                    97:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E1:2B:DE:21:5B:0E:12:87:81:97:A9:77:D7:28:86:AD:1C:55:09
            X509v3 Authority Key Identifier:
                keyid:87:75:E6:40:8B:8E:05:AA:91:4B:87:46:35:A4:7B:7B:82:0C:6C:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3XmQIuOBaqRS4dGNaR7e4IMbDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/36e065-a1f6-4e14-b2d7-61e54cfc2abc/1/B-Er3iFbDhKHgZepd9cohq0cVQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/36e065-a1f6-4e14-b2d7-61e54cfc2abc/1/h3XmQIuOBaqRS4dGNaR7e4IMbDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.154.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:37:4f:66:d7:17:8b:93:78:a9:7a:c7:4b:9c:93:6f:75:60:
         5e:70:54:c8:5b:4e:f1:6e:ee:5b:a2:8e:7a:6e:d0:37:79:4f:
         20:88:3b:09:02:e3:6b:9d:4b:d9:bc:e8:a9:3e:c4:c8:21:36:
         af:a2:44:6b:d9:a8:67:de:ef:f5:86:a7:a5:fd:0e:1a:d9:f6:
         f6:b1:c0:b6:c3:a0:25:42:f3:33:1b:e9:86:a4:a8:c6:d3:5f:
         09:c0:7f:d7:92:b6:bd:92:6a:02:ba:17:a9:6d:86:a2:f3:b0:
         3a:8a:a3:38:6f:86:eb:38:65:4d:a9:66:ce:56:f5:ea:e5:57:
         b2:f1:1c:53:ca:f7:e7:df:01:57:cf:83:69:0e:1f:ab:8e:46:
         be:c6:83:a0:e2:36:42:6c:48:6f:72:6a:63:db:23:93:97:56:
         51:a2:86:04:a2:3a:48:04:05:a0:54:16:49:d8:eb:be:c9:9a:
         08:ae:9f:56:02:af:d5:91:8b:53:f9:f8:7e:8a:7d:23:3e:9e:
         31:70:0f:6d:31:73:95:e5:93:df:77:75:8f:80:06:fb:0f:69:
         52:b4:f5:24:67:af:3b:7a:f1:df:20:ca:d1:fb:8f:8d:79:f5:
         74:d3:9b:ed:22:ba:bb:02:2a:d0:a1:5d:81:0b:6a:b8:84:be:
         a5:aa:37:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS3OOYYCBLM7Mn+g4WhRkxrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzVlNjQwOGI4ZTA1YWE5MTRiODc0NjM1YTQ3YjdiODIw
YzZjMzIwHhcNMjUwMTMwMTIzOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2UxMmJkZTIxNWIwZTEyODc4MTk3YTk3N2Q3Mjg4NmFkMWM1NTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jL+mCVr9eGUt9SN/agMAy3ZgG/4
uYx4AgtLJy640DR6NSfQG1B1t/oy+wfs3+lhZVX238bD1P8Lb0w6b+EARSlMAqPk
vJ5qKCmgWomRxaKpHO5QeXZPP3E2H2Si1HuXiLn1LS6AE2GtX9c5bHFRZsuRuhDv
Leju9Wk1ZtxK2+AiugEL6gnLKvcHqavQak+DJiODn3gcU2J//8wjhJjKbQlBEhza
YaaLZLp5Wbr6QoVQ4HV78UcorLB46JZpQeClDxqA3rsdcpYO4ZYzo0HwpCkZUU5v
De773OfAdxixN93W/dAQ1SXceTw0M47boc69y1MZCN2blsI5jVKO76WXFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfhK94hWw4Sh4GXqXfXKIatHFUJMB8GA1UdIwQY
MBaAFId15kCLjgWqkUuHRjWke3uCDGwyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNYbVFJdU9CYXFSUzRkR05hUjdlNElNYkRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8zNmUwNjUtYTFmNi00ZTE0LWIyZDct
NjFlNTRjZmMyYWJjLzEvQi1FcjNpRmJEaEtIZ1plcGQ5Y29ocTBjVlFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8zNmUwNjUtYTFmNi00ZTE0LWIyZDctNjFlNTRjZmMyYWJj
LzEvaDNYbVFJdU9CYXFSUzRkR05hUjdlNElNYkRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw06aMA0G
CSqGSIb3DQEBCwUAA4IBAQC1N09m1xeLk3ipesdLnJNvdWBecFTIW07xbu5boo56
btA3eU8giDsJAuNrnUvZvOipPsTIITavokRr2ahn3u/1hqel/Q4a2fb2scC2w6Al
QvMzG+mGpKjG018JwH/Xkra9kmoCuhepbYai87A6iqM4b4brOGVNqWbOVvXq5Vey
8RxTyvfn3wFXz4NpDh+rjka+xoOg4jZCbEhvcmpj2yOTl1ZRooYEojpIBAWgVBZJ
2Ou+yZoIrp9WAq/VkYtT+fh+in0jPp4xcA9tMXOV5ZPfd3WPgAb7D2lStPUkZ687
evHfIMrR+4+NefV005vtIrq7AirQoV2BC2q4hL6lqjdm
-----END CERTIFICATE-----