Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/3abe20-1e75-4abe-9e89-6ac35370fd73/1/nmBuzHJtZ8Dl8WdiCnqlxf6RBwE.roa
File:                     nmBuzHJtZ8Dl8WdiCnqlxf6RBwE.roa (raw, json)
Hash identifier:          5lO2yokCGdZ3wXh+anWEIpykoRp00iS8dYyJESAicQI=
Subject key identifier:   9E:60:6E:CC:72:6D:67:C0:E5:F1:67:62:0A:7A:A5:C5:FE:91:07:01
Certificate issuer:       /CN=51e0dfc9371a9491caa858700fd9452366d9eddc
Certificate serial:       019662190B9F329F07918F4FFC8E8722DB94
Authority key identifier: 51:E0:DF:C9:37:1A:94:91:CA:A8:58:70:0F:D9:45:23:66:D9:ED:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UeDfyTcalJHKqFhwD9lFI2bZ7dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/3abe20-1e75-4abe-9e89-6ac35370fd73/1/nmBuzHJtZ8Dl8WdiCnqlxf6RBwE.roa
Signing time:             Wed 23 Apr 2025 10:02:10 +0000
ROA not before:           Wed 23 Apr 2025 10:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213531
IP address blocks:        78.41.62.0/24 maxlen: 24
                          78.41.62.0/29 maxlen: 29
                          78.41.62.192/26 maxlen: 26
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/3abe20-1e75-4abe-9e89-6ac35370fd73/1/UeDfyTcalJHKqFhwD9lFI2bZ7dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/3abe20-1e75-4abe-9e89-6ac35370fd73/1/UeDfyTcalJHKqFhwD9lFI2bZ7dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UeDfyTcalJHKqFhwD9lFI2bZ7dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:19:0b:9f:32:9f:07:91:8f:4f:fc:8e:87:22:db:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51e0dfc9371a9491caa858700fd9452366d9eddc
        Validity
            Not Before: Apr 23 10:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e606ecc726d67c0e5f167620a7aa5c5fe910701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:59:a1:23:12:17:b1:d9:a2:5d:53:26:e3:e4:
                    fc:9b:af:37:cc:40:d1:7c:87:f7:2e:12:62:20:be:
                    71:04:37:6e:97:5a:55:54:16:47:73:57:9a:71:19:
                    82:82:35:19:1e:36:a8:e6:a3:aa:72:57:7c:0a:1f:
                    be:cf:24:5c:5e:7f:3b:71:50:fe:f0:96:cf:1f:29:
                    e8:b4:b1:00:8d:07:e7:a1:32:0d:ff:e8:57:10:c1:
                    b8:f9:53:cf:d6:ce:43:7f:0b:95:99:11:c9:ed:59:
                    f9:01:96:20:a7:ca:69:ad:f9:41:88:7a:f0:7d:b9:
                    c2:de:4d:2e:68:dd:eb:73:61:dc:ae:5e:05:4f:f1:
                    3e:39:f8:6f:95:be:a9:76:a5:9c:98:13:2d:4f:ba:
                    e9:36:07:83:73:d7:60:63:77:f5:d7:69:1b:ee:09:
                    c0:c3:9c:99:9e:6b:6f:d6:d8:a6:95:55:21:0d:9c:
                    e6:bc:d6:f5:23:cf:e5:56:73:76:97:04:2c:29:a3:
                    ec:a6:2e:b6:b4:6b:09:a6:1a:70:dc:1a:35:70:10:
                    1b:97:b5:08:c4:33:a1:72:7c:1d:19:80:71:3f:8f:
                    ca:57:e3:66:f4:fd:b9:13:a1:20:14:e6:97:4d:64:
                    35:41:6a:3e:cb:7a:53:3d:e2:30:57:a0:61:44:08:
                    bf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:60:6E:CC:72:6D:67:C0:E5:F1:67:62:0A:7A:A5:C5:FE:91:07:01
            X509v3 Authority Key Identifier:
                keyid:51:E0:DF:C9:37:1A:94:91:CA:A8:58:70:0F:D9:45:23:66:D9:ED:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UeDfyTcalJHKqFhwD9lFI2bZ7dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3abe20-1e75-4abe-9e89-6ac35370fd73/1/nmBuzHJtZ8Dl8WdiCnqlxf6RBwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3abe20-1e75-4abe-9e89-6ac35370fd73/1/UeDfyTcalJHKqFhwD9lFI2bZ7dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:f6:ec:c3:6c:87:df:6e:6e:7a:7c:89:ae:fc:fd:ff:57:ca:
         56:cd:dc:e6:07:9c:a4:33:84:98:81:6a:4d:44:fa:4a:3f:ff:
         ec:65:59:cc:1c:d0:c9:de:45:18:cf:69:eb:b2:a4:b2:23:b6:
         ba:46:2e:cf:97:87:43:c8:f8:c5:cf:69:eb:32:bc:bf:cd:2c:
         f8:fd:11:24:ca:f9:69:9b:49:8f:11:43:43:10:7c:b3:fb:be:
         c6:22:29:81:19:1b:ae:8e:e9:29:a2:38:fa:22:85:af:e8:73:
         26:be:ec:94:ee:c1:c5:67:fc:9a:7a:39:21:75:de:a0:76:71:
         7c:ee:94:61:be:98:f6:c5:e9:75:ce:96:5f:25:01:6c:8e:20:
         be:7a:92:95:2d:25:05:ca:e2:b1:fa:26:98:c5:b9:99:c6:69:
         24:72:4f:d5:ec:fd:7d:10:e6:c1:d1:1c:0a:59:6f:ca:2a:80:
         42:c5:f9:bb:90:66:48:84:e2:66:56:8e:08:92:5f:50:5e:b3:
         61:82:76:11:33:66:27:8d:ab:6c:09:f9:7e:e1:32:11:d0:e5:
         2b:d4:d5:14:c5:49:3b:79:49:d7:4e:49:35:b2:f5:00:cb:ec:
         fe:62:96:56:f4:88:cf:62:8f:be:f9:f8:ae:6d:40:6f:30:bd:
         ff:58:54:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZiGQufMp8HkY9P/I6HItuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZTBkZmM5MzcxYTk0OTFjYWE4NTg3MDBmZDk0NTIzNjZk
OWVkZGMwHhcNMjUwNDIzMTAwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTYwNmVjYzcyNmQ2N2MwZTVmMTY3NjIwYTdhYTVjNWZlOTEwNzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulmhIxIXsdmiXVMm4+T8m683zEDR
fIf3LhJiIL5xBDdul1pVVBZHc1eacRmCgjUZHjao5qOqcld8Ch++zyRcXn87cVD+
8JbPHynotLEAjQfnoTIN/+hXEMG4+VPP1s5DfwuVmRHJ7Vn5AZYgp8pprflBiHrw
fbnC3k0uaN3rc2Hcrl4FT/E+Ofhvlb6pdqWcmBMtT7rpNgeDc9dgY3f112kb7gnA
w5yZnmtv1timlVUhDZzmvNb1I8/lVnN2lwQsKaPspi62tGsJphpw3Bo1cBAbl7UI
xDOhcnwdGYBxP4/KV+Nm9P25E6EgFOaXTWQ1QWo+y3pTPeIwV6BhRAi/HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5gbsxybWfA5fFnYgp6pcX+kQcBMB8GA1UdIwQY
MBaAFFHg38k3GpSRyqhYcA/ZRSNm2e3cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWVEZnlUY2FsSkhLcUZod0Q5bEZJMmJaN2R3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8zYWJlMjAtMWU3NS00YWJlLTllODkt
NmFjMzUzNzBmZDczLzEvbm1CdXpISnRaOERsOFdkaUNucWx4ZjZSQndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8zYWJlMjAtMWU3NS00YWJlLTllODktNmFjMzUzNzBmZDcz
LzEvVWVEZnlUY2FsSkhLcUZod0Q5bEZJMmJaN2R3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATik+MA0G
CSqGSIb3DQEBCwUAA4IBAQCV9uzDbIffbm56fImu/P3/V8pWzdzmB5ykM4SYgWpN
RPpKP//sZVnMHNDJ3kUYz2nrsqSyI7a6Ri7Pl4dDyPjFz2nrMry/zSz4/REkyvlp
m0mPEUNDEHyz+77GIimBGRuujukpojj6IoWv6HMmvuyU7sHFZ/yaejkhdd6gdnF8
7pRhvpj2xel1zpZfJQFsjiC+epKVLSUFyuKx+iaYxbmZxmkkck/V7P19EObB0RwK
WW/KKoBCxfm7kGZIhOJmVo4Ikl9QXrNhgnYRM2YnjatsCfl+4TIR0OUr1NUUxUk7
eUnXTkk1svUAy+z+YpZW9IjPYo+++fiubUBvML3/WFRp
-----END CERTIFICATE-----