Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/jSbiesDgF1BjYr1K6jnTWbKgx4o.roa
File:                     jSbiesDgF1BjYr1K6jnTWbKgx4o.roa (raw, json)
Hash identifier:          Oe/Y66dWQyjSuf4Xd/fvNzxL7OXnyluh/diNnzBb2/g=
Subject key identifier:   8D:26:E2:7A:C0:E0:17:50:63:62:BD:4A:EA:39:D3:59:B2:A0:C7:8A
Certificate issuer:       /CN=a72472c3f004b0b71f118e872b9838a4e0c721c7
Certificate serial:       0196B4794DEC195C42965677BD92E8171B20
Authority key identifier: A7:24:72:C3:F0:04:B0:B7:1F:11:8E:87:2B:98:38:A4:E0:C7:21:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/jSbiesDgF1BjYr1K6jnTWbKgx4o.roa
Signing time:             Fri 09 May 2025 09:56:10 +0000
ROA not before:           Fri 09 May 2025 09:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        158.120.254.0/24 maxlen: 24
                          2001:678:d48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b4:79:4d:ec:19:5c:42:96:56:77:bd:92:e8:17:1b:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a72472c3f004b0b71f118e872b9838a4e0c721c7
        Validity
            Not Before: May  9 09:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d26e27ac0e017506362bd4aea39d359b2a0c78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:65:4e:f2:b2:a6:55:a5:c1:6f:ed:d7:e9:5b:
                    43:01:6c:39:da:ac:e3:79:eb:19:e3:0f:56:45:ec:
                    b5:c7:64:fb:ae:d5:74:1b:9c:32:71:ba:f5:53:1b:
                    f7:64:c3:e9:2a:9b:84:49:2e:2f:9c:40:bc:3a:d8:
                    8e:90:e8:f4:6f:91:f5:4f:41:60:34:d1:95:bd:5f:
                    c5:2b:96:36:ee:5e:6c:e4:56:75:94:00:5e:2b:ea:
                    f0:d8:93:d7:2a:9e:c6:47:8e:f1:a4:32:dd:52:9f:
                    4d:6f:48:74:d9:a2:93:7d:ae:73:f5:22:f4:20:8d:
                    6e:98:d8:24:2e:1a:41:17:84:39:95:40:b1:e2:28:
                    ba:dd:9f:6b:88:4e:fe:49:b2:9d:6e:ce:ff:a9:68:
                    09:db:a3:cc:5c:9e:37:81:6e:60:16:49:9e:44:e7:
                    a7:41:12:d9:97:1c:12:34:c0:ae:bd:02:b0:68:58:
                    23:85:67:3e:a4:46:70:ff:b9:bc:3c:f7:a6:1e:b4:
                    b7:5f:53:4c:b7:23:35:53:3e:48:75:20:f8:7e:77:
                    5a:12:7d:0c:8f:b9:f8:f0:e4:0d:ce:2a:7c:86:97:
                    ec:85:ba:6d:1a:76:dd:61:88:52:6d:6f:2a:e1:b8:
                    e9:2e:b4:d4:68:32:65:e1:41:4f:fc:98:fd:d1:e8:
                    00:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:26:E2:7A:C0:E0:17:50:63:62:BD:4A:EA:39:D3:59:B2:A0:C7:8A
            X509v3 Authority Key Identifier:
                keyid:A7:24:72:C3:F0:04:B0:B7:1F:11:8E:87:2B:98:38:A4:E0:C7:21:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pyRyw_AEsLcfEY6HK5g4pODHIcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/jSbiesDgF1BjYr1K6jnTWbKgx4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/998a1d-3095-4643-873d-d8c950cacab5/1/pyRyw_AEsLcfEY6HK5g4pODHIcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.120.254.0/24
                IPv6:
                  2001:678:d48::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:44:54:9e:35:e4:d5:f4:d4:a8:95:d6:f6:ef:b4:24:72:04:
         85:67:f1:2d:a9:65:10:5d:3b:ab:e1:c8:d6:90:96:ea:9e:5e:
         1f:4f:fb:9a:e4:35:e1:96:04:8b:21:9f:45:4c:26:ca:40:21:
         81:4e:4b:8f:e9:3f:ab:9c:e8:2a:51:d3:92:97:4c:3f:7d:20:
         ea:a1:e9:c5:c2:2e:b5:67:1f:93:91:68:67:38:aa:fa:dc:95:
         55:77:5f:28:89:59:1e:54:9c:36:e4:a5:4e:c9:da:1a:41:37:
         6d:5d:69:74:d8:9e:2e:a0:ca:d5:78:32:98:83:c3:48:f5:18:
         a1:9e:e5:e4:d7:75:97:8e:c5:58:89:8b:60:33:44:a7:d5:b9:
         a3:b0:1a:8f:3a:7c:bf:9e:24:37:bf:53:50:fa:1f:e5:fa:d3:
         cd:c4:ea:cf:33:c0:cf:8d:a6:47:27:34:a7:cf:45:d1:3c:16:
         f4:ca:c8:78:22:cb:0a:12:8e:c5:17:a5:0c:62:4b:cb:3b:4e:
         a6:e0:d5:bb:50:ee:a6:2e:40:c0:51:57:af:b4:9b:64:92:67:
         ff:85:94:e4:5f:8f:37:05:2e:18:e0:c9:d2:41:13:91:f0:6c:
         8b:48:e5:7f:94:1e:79:72:2a:83:5d:31:ce:96:ae:62:19:52:
         18:d9:84:a9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZa0eU3sGVxCllZ3vZLoFxsgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3MjQ3MmMzZjAwNGIwYjcxZjExOGU4NzJiOTgzOGE0ZTBj
NzIxYzcwHhcNMjUwNTA5MDk1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDI2ZTI3YWMwZTAxNzUwNjM2MmJkNGFlYTM5ZDM1OWIyYTBjNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWVO8rKmVaXBb+3X6VtDAWw52qzj
eesZ4w9WRey1x2T7rtV0G5wycbr1Uxv3ZMPpKpuESS4vnEC8OtiOkOj0b5H1T0Fg
NNGVvV/FK5Y27l5s5FZ1lABeK+rw2JPXKp7GR47xpDLdUp9Nb0h02aKTfa5z9SL0
II1umNgkLhpBF4Q5lUCx4ii63Z9riE7+SbKdbs7/qWgJ26PMXJ43gW5gFkmeROen
QRLZlxwSNMCuvQKwaFgjhWc+pEZw/7m8PPemHrS3X1NMtyM1Uz5IdSD4fndaEn0M
j7n48OQNzip8hpfshbptGnbdYYhSbW8q4bjpLrTUaDJl4UFP/Jj90egALQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI0m4nrA4BdQY2K9Suo501myoMeKMB8GA1UdIwQY
MBaAFKckcsPwBLC3HxGOhyuYOKTgxyHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHlSeXdfQUVzTGNmRVk2SEs1ZzRwT0RISWNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS85OThhMWQtMzA5NS00NjQzLTg3M2Qt
ZDhjOTUwY2FjYWI1LzEvalNiaWVzRGdGMUJqWXIxSzZqblRXYktneDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS85OThhMWQtMzA5NS00NjQzLTg3M2QtZDhjOTUwY2FjYWI1
LzEvcHlSeXdfQUVzTGNmRVk2SEs1ZzRwT0RISWNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAnnj+MA8E
AgACMAkDBwAgAQZ4DUgwDQYJKoZIhvcNAQELBQADggEBAE1EVJ415NX01KiV1vbv
tCRyBIVn8S2pZRBdO6vhyNaQluqeXh9P+5rkNeGWBIshn0VMJspAIYFOS4/pP6uc
6CpR05KXTD99IOqh6cXCLrVnH5ORaGc4qvrclVV3XyiJWR5UnDbkpU7J2hpBN21d
aXTYni6gytV4MpiDw0j1GKGe5eTXdZeOxViJi2AzRKfVuaOwGo86fL+eJDe/U1D6
H+X6083E6s8zwM+NpkcnNKfPRdE8FvTKyHgiywoSjsUXpQxiS8s7Tqbg1btQ7qYu
QMBRV6+0m2SSZ/+FlORfjzcFLhjgydJBE5HwbItI5X+UHnlyKoNdMc6WrmIZUhjZ
hKk=
-----END CERTIFICATE-----