Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/4806a5-6fa3-4832-b740-47a5f481e6f5/1/_sGWnEAm6H3GQnFAjvcpfjYmmpU.roa
File:                     _sGWnEAm6H3GQnFAjvcpfjYmmpU.roa (raw, json)
Hash identifier:          e0wmcRqP7ldHP1lF0Smi9FCBdi4Vz7I53Q9ZET+MPRw=
Subject key identifier:   FE:C1:96:9C:40:26:E8:7D:C6:42:71:40:8E:F7:29:7E:36:26:9A:95
Certificate issuer:       /CN=58cd563a2ae6529c9f43fe4b5c67db70e779a09b
Certificate serial:       0195C7FAFDDF5E5B9034EEFF3B4DCCFE8EEB
Authority key identifier: 58:CD:56:3A:2A:E6:52:9C:9F:43:FE:4B:5C:67:DB:70:E7:79:A0:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WM1WOirmUpyfQ_5LXGfbcOd5oJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/4806a5-6fa3-4832-b740-47a5f481e6f5/1/_sGWnEAm6H3GQnFAjvcpfjYmmpU.roa
Signing time:             Mon 24 Mar 2025 11:47:49 +0000
ROA not before:           Mon 24 Mar 2025 11:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12567
IP address blocks:        78.138.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/4806a5-6fa3-4832-b740-47a5f481e6f5/1/WM1WOirmUpyfQ_5LXGfbcOd5oJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/4806a5-6fa3-4832-b740-47a5f481e6f5/1/WM1WOirmUpyfQ_5LXGfbcOd5oJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WM1WOirmUpyfQ_5LXGfbcOd5oJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:c7:fa:fd:df:5e:5b:90:34:ee:ff:3b:4d:cc:fe:8e:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58cd563a2ae6529c9f43fe4b5c67db70e779a09b
        Validity
            Not Before: Mar 24 11:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fec1969c4026e87dc64271408ef7297e36269a95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e8:e1:eb:3c:91:10:d4:8c:5f:34:ab:93:f2:
                    7e:38:e7:79:80:5d:36:4c:8d:65:3c:f8:44:ef:1d:
                    cd:fe:2e:57:81:fd:91:73:0b:8a:0f:9e:cd:c5:ee:
                    1d:2d:85:2f:b9:ff:46:56:6c:ee:fd:f4:3e:8b:c6:
                    3f:0e:b3:06:d4:65:39:aa:18:2d:1d:16:4b:93:77:
                    95:53:5a:e3:5e:06:df:51:ed:14:63:fa:89:b0:ea:
                    4c:7f:ab:61:61:ae:31:49:69:3d:91:87:48:a9:39:
                    c3:cb:32:fe:64:d1:bb:19:05:79:6a:d1:22:21:4a:
                    f7:c6:9f:83:71:0f:dd:37:b0:44:cc:54:71:55:43:
                    6d:02:c0:23:c0:d8:38:49:13:ec:e2:a6:f3:ce:e0:
                    28:d2:13:75:e8:05:6b:9d:e8:dc:6b:18:2e:26:13:
                    f0:ae:df:c7:d8:9b:b0:24:56:2b:bb:ef:e3:5d:32:
                    d8:97:ed:20:27:0f:28:f3:25:be:a4:93:1c:57:62:
                    fd:c0:b5:fe:a9:ae:26:72:a6:08:4d:9f:f4:36:80:
                    06:96:c7:a4:b2:34:9f:69:ca:89:01:e3:b3:e9:09:
                    bd:b2:01:78:f1:34:50:52:5a:db:10:e2:e3:63:1a:
                    06:e7:ef:95:d9:2b:47:1b:7a:e0:c1:28:23:c2:e1:
                    16:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:C1:96:9C:40:26:E8:7D:C6:42:71:40:8E:F7:29:7E:36:26:9A:95
            X509v3 Authority Key Identifier:
                keyid:58:CD:56:3A:2A:E6:52:9C:9F:43:FE:4B:5C:67:DB:70:E7:79:A0:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WM1WOirmUpyfQ_5LXGfbcOd5oJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/4806a5-6fa3-4832-b740-47a5f481e6f5/1/_sGWnEAm6H3GQnFAjvcpfjYmmpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/4806a5-6fa3-4832-b740-47a5f481e6f5/1/WM1WOirmUpyfQ_5LXGfbcOd5oJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.138.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:dd:34:30:9c:13:67:ac:c4:d2:ae:92:62:1a:6b:f5:c5:33:
         99:0c:11:ac:7a:7b:ff:d8:8a:51:58:1f:a4:d7:8e:aa:8f:24:
         87:94:b4:df:a6:20:be:b5:ba:60:71:72:19:5c:48:51:f6:af:
         da:54:d5:b8:1f:6d:56:d1:a3:68:94:8a:6a:91:33:ec:7b:85:
         57:bd:87:fe:b3:40:3a:3c:c4:01:61:bb:75:2e:9d:9c:5f:fc:
         2c:ab:6c:0b:75:b2:56:32:1a:bd:4c:78:fb:ad:bc:90:5e:ab:
         41:51:5b:75:e0:32:b9:e2:76:14:f6:9c:3e:7a:fe:19:3f:a2:
         37:2e:3c:dc:05:d7:e4:7f:fa:7c:63:b9:ab:97:92:66:74:50:
         2f:c0:a5:52:c1:1f:60:4b:e9:57:90:e2:ec:7a:4a:3a:d8:b2:
         bf:0f:f3:0d:36:92:30:66:ac:8d:b8:a1:fb:a2:fe:f9:cd:cc:
         36:38:20:54:66:be:b0:2f:77:fa:c4:c8:35:dc:28:94:38:54:
         bf:8e:1a:00:d2:04:35:5d:f1:5b:68:bb:9f:db:73:5e:0a:e0:
         76:cc:d0:9c:3f:46:b9:f9:c2:43:16:a8:2c:79:46:8a:50:8a:
         c5:2b:34:6d:e6:2e:96:a8:73:69:25:fa:af:b0:af:ce:bc:b6:
         ad:b5:1d:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXH+v3fXluQNO7/O03M/o7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4Y2Q1NjNhMmFlNjUyOWM5ZjQzZmU0YjVjNjdkYjcwZTc3
OWEwOWIwHhcNMjUwMzI0MTE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWMxOTY5YzQwMjZlODdkYzY0MjcxNDA4ZWY3Mjk3ZTM2MjY5YTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ojh6zyRENSMXzSrk/J+OOd5gF02
TI1lPPhE7x3N/i5Xgf2RcwuKD57Nxe4dLYUvuf9GVmzu/fQ+i8Y/DrMG1GU5qhgt
HRZLk3eVU1rjXgbfUe0UY/qJsOpMf6thYa4xSWk9kYdIqTnDyzL+ZNG7GQV5atEi
IUr3xp+DcQ/dN7BEzFRxVUNtAsAjwNg4SRPs4qbzzuAo0hN16AVrnejcaxguJhPw
rt/H2JuwJFYru+/jXTLYl+0gJw8o8yW+pJMcV2L9wLX+qa4mcqYITZ/0NoAGlsek
sjSfacqJAeOz6Qm9sgF48TRQUlrbEOLjYxoG5++V2StHG3rgwSgjwuEWNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP7BlpxAJuh9xkJxQI73KX42JpqVMB8GA1UdIwQY
MBaAFFjNVjoq5lKcn0P+S1xn23DneaCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV00xV09pcm1VcHlmUV81TFhHZmJjT2Q1b0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS80ODA2YTUtNmZhMy00ODMyLWI3NDAt
NDdhNWY0ODFlNmY1LzEvX3NHV25FQW02SDNHUW5GQWp2Y3BmalltbXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS80ODA2YTUtNmZhMy00ODMyLWI3NDAtNDdhNWY0ODFlNmY1
LzEvV00xV09pcm1VcHlmUV81TFhHZmJjT2Q1b0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAToosMA0G
CSqGSIb3DQEBCwUAA4IBAQAX3TQwnBNnrMTSrpJiGmv1xTOZDBGsenv/2IpRWB+k
146qjySHlLTfpiC+tbpgcXIZXEhR9q/aVNW4H21W0aNolIpqkTPse4VXvYf+s0A6
PMQBYbt1Lp2cX/wsq2wLdbJWMhq9THj7rbyQXqtBUVt14DK54nYU9pw+ev4ZP6I3
LjzcBdfkf/p8Y7mrl5JmdFAvwKVSwR9gS+lXkOLseko62LK/D/MNNpIwZqyNuKH7
ov75zcw2OCBUZr6wL3f6xMg13CiUOFS/jhoA0gQ1XfFbaLuf23NeCuB2zNCcP0a5
+cJDFqgseUaKUIrFKzRt5i6WqHNpJfqvsK/OvLattR3i
-----END CERTIFICATE-----