Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/nZJPQb2Q1PTGlp2DfymYULd1iRo.roa
File:                     nZJPQb2Q1PTGlp2DfymYULd1iRo.roa (raw, json)
Hash identifier:          ocVab7q0TajckslbwweO4x6Z46pdonJrWMEBlZtTcCc=
Subject key identifier:   9D:92:4F:41:BD:90:D4:F4:C6:96:9D:83:7F:29:98:50:B7:75:89:1A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       0197A609F864BA6E9A4D98FC248D352EB771
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/nZJPQb2Q1PTGlp2DfymYULd1iRo.roa
Signing time:             Wed 25 Jun 2025 07:42:40 +0000
ROA not before:           Wed 25 Jun 2025 07:42:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39521
IP address blocks:        78.143.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:09:f8:64:ba:6e:9a:4d:98:fc:24:8d:35:2e:b7:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jun 25 07:42:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d924f41bd90d4f4c6969d837f299850b775891a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c7:97:42:b3:01:be:c3:83:af:0e:6b:4b:2b:
                    1b:27:b3:ff:4a:d8:d6:d2:f2:ff:b6:c5:e2:a2:33:
                    25:bc:8a:c1:f4:8c:e0:2e:81:da:6a:f9:38:2b:48:
                    ba:8d:28:1c:98:4c:3d:5e:f5:bd:a1:2f:46:98:c1:
                    9b:f5:a1:ce:a8:37:cd:80:9a:d2:56:21:80:f0:4e:
                    17:7e:43:f2:ee:e5:10:61:7c:0f:21:fb:31:80:1e:
                    54:95:f0:81:7a:17:c2:e9:95:bd:dc:74:21:b4:e5:
                    3e:9b:87:40:37:38:87:fa:d5:98:30:1d:12:01:91:
                    97:11:28:22:f8:9c:c9:54:e5:4e:3b:4b:40:65:68:
                    e4:81:16:dd:9a:63:09:62:09:73:41:8d:17:8f:4c:
                    a9:33:64:2a:04:ee:ea:17:66:50:fa:a2:1b:cd:0a:
                    9e:9d:7f:e4:f6:9a:a2:5a:18:3c:7e:02:05:a7:49:
                    e0:d2:fd:2d:00:39:b3:47:19:5c:b7:3f:6b:d2:ae:
                    d4:4f:51:4e:69:d6:65:42:06:79:3d:86:44:2c:4f:
                    ea:9d:84:ac:01:db:e9:4b:3d:5e:79:d2:e5:2d:ef:
                    85:99:39:c6:65:96:99:ea:c4:0c:bd:a7:a8:57:ce:
                    57:f1:52:d2:e0:7e:ca:70:55:aa:0f:17:62:15:97:
                    26:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:92:4F:41:BD:90:D4:F4:C6:96:9D:83:7F:29:98:50:B7:75:89:1A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/nZJPQb2Q1PTGlp2DfymYULd1iRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:47:a5:ab:f4:6a:9e:c1:99:83:39:45:eb:3e:0a:cb:b5:6a:
         c7:1c:f5:ae:65:36:cc:86:ff:c0:96:5c:94:62:a3:b5:3a:36:
         ca:4d:54:af:2d:43:d0:37:74:fb:73:69:58:e8:ae:9f:14:62:
         5b:3d:2e:2a:73:1a:c8:80:24:9f:2e:cd:c7:76:a7:70:5c:bf:
         f5:30:9e:d7:43:ac:e4:ca:19:e7:6a:76:a6:33:c0:51:7a:c1:
         ec:94:8a:39:a6:7c:52:21:ff:ff:9f:18:75:83:43:da:25:05:
         4f:59:61:da:ca:6b:25:40:f5:ba:82:25:96:a0:ba:e9:5f:69:
         be:0c:eb:8e:82:43:cf:4c:ed:87:76:fb:dc:67:c3:4c:8c:45:
         36:fb:dc:df:43:a9:cc:b1:6a:bf:0c:93:d7:6f:cd:03:7f:ca:
         97:0a:f3:35:17:98:53:fb:cb:c8:67:93:94:28:78:56:fb:24:
         90:eb:99:93:a1:05:60:72:c7:94:88:59:d7:2f:03:9f:2f:82:
         a1:c0:e9:9a:36:40:ff:2c:03:99:52:d1:c3:a7:90:e4:19:2b:
         c8:5b:38:f4:05:df:01:53:00:9e:b2:88:3b:46:ff:8c:68:d6:
         a6:8d:e4:70:15:4e:d7:bd:73:9f:6f:d7:76:7b:6d:9e:7e:b3:
         bd:30:78:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZemCfhkum6aTZj8JI01LrdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwNjI1MDc0MjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDkyNGY0MWJkOTBkNGY0YzY5NjlkODM3ZjI5OTg1MGI3NzU4OTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8eXQrMBvsODrw5rSysbJ7P/StjW
0vL/tsXiojMlvIrB9IzgLoHaavk4K0i6jSgcmEw9XvW9oS9GmMGb9aHOqDfNgJrS
ViGA8E4XfkPy7uUQYXwPIfsxgB5UlfCBehfC6ZW93HQhtOU+m4dANziH+tWYMB0S
AZGXESgi+JzJVOVOO0tAZWjkgRbdmmMJYglzQY0Xj0ypM2QqBO7qF2ZQ+qIbzQqe
nX/k9pqiWhg8fgIFp0ng0v0tADmzRxlctz9r0q7UT1FOadZlQgZ5PYZELE/qnYSs
AdvpSz1eedLlLe+FmTnGZZaZ6sQMvaeoV85X8VLS4H7KcFWqDxdiFZcm4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2ST0G9kNT0xpadg38pmFC3dYkaMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvblpKUFFiMlExUFRHbHAyRGZ5bVlVTGQxaVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTo/oMA0G
CSqGSIb3DQEBCwUAA4IBAQAbR6Wr9GqewZmDOUXrPgrLtWrHHPWuZTbMhv/AllyU
YqO1OjbKTVSvLUPQN3T7c2lY6K6fFGJbPS4qcxrIgCSfLs3HdqdwXL/1MJ7XQ6zk
yhnnanamM8BResHslIo5pnxSIf//nxh1g0PaJQVPWWHaymslQPW6giWWoLrpX2m+
DOuOgkPPTO2HdvvcZ8NMjEU2+9zfQ6nMsWq/DJPXb80Df8qXCvM1F5hT+8vIZ5OU
KHhW+ySQ65mToQVgcseUiFnXLwOfL4KhwOmaNkD/LAOZUtHDp5DkGSvIWzj0Bd8B
UwCesog7Rv+MaNamjeRwFU7XvXOfb9d2e22efrO9MHiP
-----END CERTIFICATE-----