Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/aQIwDIawgGX7FKBRRFcahkTWcLo.roa
File:                     aQIwDIawgGX7FKBRRFcahkTWcLo.roa (raw, json)
Hash identifier:          l1nHtOEisbcLIc+XTKC3k/D6u2meHAPucl/rkv0n5nE=
Subject key identifier:   69:02:30:0C:86:B0:80:65:FB:14:A0:51:44:57:1A:86:44:D6:70:BA
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       0196FD08325383C47A44819071D21AE62F27
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/aQIwDIawgGX7FKBRRFcahkTWcLo.roa
Signing time:             Fri 23 May 2025 12:04:54 +0000
ROA not before:           Fri 23 May 2025 12:04:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15924
IP address blocks:        78.135.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fd:08:32:53:83:c4:7a:44:81:90:71:d2:1a:e6:2f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: May 23 12:04:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6902300c86b08065fb14a05144571a8644d670ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f0:51:de:e1:4e:64:14:0f:15:e2:5a:27:de:
                    b0:94:93:9c:85:ed:a4:ff:20:12:f6:60:17:ac:22:
                    83:97:91:8e:2e:4b:dc:55:de:2b:7b:57:af:d5:33:
                    5a:c6:e1:97:9b:bd:e5:f8:52:9e:e5:8f:a0:56:19:
                    6c:ca:84:d8:36:6d:e6:ed:8a:15:65:60:f7:ee:61:
                    8d:e0:2a:cb:31:47:37:88:4b:47:63:34:99:a1:e7:
                    07:83:69:9e:56:7c:ca:75:60:96:0f:83:1a:10:32:
                    11:2f:34:dd:d0:93:36:d4:27:a0:2c:c1:80:4d:db:
                    95:13:2d:fb:7d:48:77:0a:1b:9d:88:b0:07:6b:75:
                    c8:51:04:8d:ef:70:bb:6a:3f:76:37:2e:92:9a:b0:
                    79:42:2e:96:ce:48:ff:61:4c:cb:b8:d4:88:0c:f0:
                    d7:e0:f8:82:6e:7b:b7:b4:49:58:85:9d:9d:5d:b2:
                    4c:71:9c:32:34:33:43:e1:68:dd:d4:61:09:22:d2:
                    b8:4b:f5:ff:c3:6d:39:d1:f0:81:82:0f:c5:34:65:
                    d8:c4:87:d7:4d:ee:8e:6b:b3:6d:a2:1d:24:42:c6:
                    16:e9:ce:bc:2f:06:1c:7c:69:e5:c0:a4:3a:12:05:
                    a3:42:8b:a0:5d:30:7a:94:25:32:3e:65:0e:26:06:
                    16:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:02:30:0C:86:B0:80:65:FB:14:A0:51:44:57:1A:86:44:D6:70:BA
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/aQIwDIawgGX7FKBRRFcahkTWcLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:15:ad:cd:a3:17:a1:5e:2e:11:bc:1c:6e:ad:e6:a3:3e:03:
         84:4c:72:b2:71:97:f2:ca:21:44:45:2e:24:dd:94:bd:c9:7d:
         d4:98:0a:78:b2:4e:ca:65:14:e7:02:b4:00:45:cd:08:75:18:
         12:cb:f8:e4:89:50:d0:f1:5f:8c:89:31:82:05:0e:18:d7:a4:
         ef:0f:59:f9:81:1e:d5:47:b7:70:4b:d6:40:e7:c1:b5:57:7a:
         72:d6:0c:4d:b9:ce:16:4b:05:3f:f0:70:8e:2f:d0:15:99:3a:
         d2:22:12:11:de:7c:a2:5b:7c:e5:f0:fc:50:4c:de:34:05:4b:
         73:90:78:92:e1:ef:a0:39:fb:aa:6a:71:09:14:d1:b6:f5:41:
         c3:b0:7a:53:04:fa:30:2a:7d:03:53:99:95:8a:84:e2:a4:25:
         b6:79:5b:73:1b:63:55:c6:d5:82:da:b8:1f:91:da:a6:e1:97:
         73:31:68:a0:4d:f4:41:a1:fa:d3:7e:f6:e3:22:aa:ef:32:bd:
         47:2e:d4:a6:63:cf:07:0f:28:55:9c:07:fd:42:aa:83:c8:57:
         c0:66:91:30:49:79:f2:dc:bf:6e:06:06:f5:be:ca:6e:58:bc:
         29:80:c2:0d:6a:07:d0:6f:91:86:03:a4:f4:77:8f:f8:14:18:
         f0:1c:b6:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZb9CDJTg8R6RIGQcdIa5i8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjUwNTIzMTIwNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTAyMzAwYzg2YjA4MDY1ZmIxNGEwNTE0NDU3MWE4NjQ0ZDY3MGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvBR3uFOZBQPFeJaJ96wlJOche2k
/yAS9mAXrCKDl5GOLkvcVd4re1ev1TNaxuGXm73l+FKe5Y+gVhlsyoTYNm3m7YoV
ZWD37mGN4CrLMUc3iEtHYzSZoecHg2meVnzKdWCWD4MaEDIRLzTd0JM21CegLMGA
TduVEy37fUh3ChudiLAHa3XIUQSN73C7aj92Ny6SmrB5Qi6Wzkj/YUzLuNSIDPDX
4PiCbnu3tElYhZ2dXbJMcZwyNDND4Wjd1GEJItK4S/X/w2050fCBgg/FNGXYxIfX
Te6Oa7Ntoh0kQsYW6c68LwYcfGnlwKQ6EgWjQougXTB6lCUyPmUOJgYWGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkCMAyGsIBl+xSgUURXGoZE1nC6MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvYVFJd0RJYXdnR1g3RktCUlJGY2Foa1RXY0xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATodYMA0G
CSqGSIb3DQEBCwUAA4IBAQADFa3NoxehXi4RvBxureajPgOETHKycZfyyiFERS4k
3ZS9yX3UmAp4sk7KZRTnArQARc0IdRgSy/jkiVDQ8V+MiTGCBQ4Y16TvD1n5gR7V
R7dwS9ZA58G1V3py1gxNuc4WSwU/8HCOL9AVmTrSIhIR3nyiW3zl8PxQTN40BUtz
kHiS4e+gOfuqanEJFNG29UHDsHpTBPowKn0DU5mVioTipCW2eVtzG2NVxtWC2rgf
kdqm4ZdzMWigTfRBofrTfvbjIqrvMr1HLtSmY88HDyhVnAf9QqqDyFfAZpEwSXny
3L9uBgb1vspuWLwpgMINagfQb5GGA6T0d4/4FBjwHLah
-----END CERTIFICATE-----