Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/sevC8do58Ak7ZpfSev00ohlQsCw.roa
File:                     sevC8do58Ak7ZpfSev00ohlQsCw.roa (raw, json)
Hash identifier:          RIP/Kn2Nw+4bCLSCat6k83lkJst1obL4IJb40l8npXg=
Subject key identifier:   B1:EB:C2:F1:DA:39:F0:09:3B:66:97:D2:7A:FD:34:A2:19:50:B0:2C
Certificate issuer:       /CN=4ea65c7edba469d099d76aacd7dc263f4dfec5eb
Certificate serial:       018F70EB425498D31110C1E619333B1516CF
Authority key identifier: 4E:A6:5C:7E:DB:A4:69:D0:99:D7:6A:AC:D7:DC:26:3F:4D:FE:C5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TqZcftukadCZ12qs19wmP03-xes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/sevC8do58Ak7ZpfSev00ohlQsCw.roa
Signing time:             Mon 13 May 2024 07:46:57 +0000
ROA not before:           Mon 13 May 2024 07:46:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199949
IP address blocks:        178.60.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/TqZcftukadCZ12qs19wmP03-xes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/TqZcftukadCZ12qs19wmP03-xes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TqZcftukadCZ12qs19wmP03-xes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 01:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:70:eb:42:54:98:d3:11:10:c1:e6:19:33:3b:15:16:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ea65c7edba469d099d76aacd7dc263f4dfec5eb
        Validity
            Not Before: May 13 07:46:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1ebc2f1da39f0093b6697d27afd34a21950b02c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4d:4c:3a:78:88:8d:b6:56:57:8a:95:50:0b:
                    4c:bd:6c:72:5f:0f:ed:d5:d4:5a:4b:c0:2f:36:52:
                    a3:07:c7:85:2d:79:49:44:41:d0:99:4b:8b:2c:b1:
                    7b:f4:aa:c9:39:d9:2f:ae:dd:47:99:8c:8f:3b:84:
                    f9:52:3d:0a:44:6a:ad:09:3e:bd:66:64:39:37:3f:
                    6d:44:c4:ac:ab:8f:6a:ea:33:a8:d2:9a:3c:b5:94:
                    bb:02:f1:a7:6e:8d:6a:74:bb:c3:e5:00:c0:af:44:
                    df:45:f7:a3:e0:21:e8:b7:6f:47:db:71:0f:58:bd:
                    4e:95:d0:64:8f:fa:13:46:76:fd:56:cf:db:b4:62:
                    b9:8b:dc:69:96:99:ba:f4:54:f0:7e:39:c2:1d:1d:
                    ca:38:9e:f3:d0:e4:ae:24:f7:a0:cc:85:1b:e4:6d:
                    5d:12:dd:47:20:ce:ee:35:4d:51:3c:23:29:8c:33:
                    61:cf:ad:5b:07:98:e9:35:5d:06:9c:c2:a8:3f:3b:
                    e7:e5:56:9f:7d:5b:45:b9:10:6b:7b:da:d5:b8:82:
                    36:5b:62:57:89:8a:a8:61:75:ba:6f:14:e5:ad:50:
                    02:66:2e:16:b2:0a:fd:69:82:a5:e0:69:39:65:8f:
                    1b:5c:e6:59:88:c4:af:b5:17:97:48:3e:34:bc:68:
                    4f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:EB:C2:F1:DA:39:F0:09:3B:66:97:D2:7A:FD:34:A2:19:50:B0:2C
            X509v3 Authority Key Identifier:
                keyid:4E:A6:5C:7E:DB:A4:69:D0:99:D7:6A:AC:D7:DC:26:3F:4D:FE:C5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TqZcftukadCZ12qs19wmP03-xes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/sevC8do58Ak7ZpfSev00ohlQsCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/07f270-c6cc-49cd-ae46-5100a26d274b/1/TqZcftukadCZ12qs19wmP03-xes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.60.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a9:ee:03:7f:55:ca:1e:1c:32:b2:b6:a7:9a:8b:19:16:e5:
         29:32:a5:27:f9:34:9a:24:89:d2:bd:c5:bf:ec:73:20:16:f1:
         62:f1:30:29:2f:ee:b0:d3:f5:0d:53:2e:8c:4b:62:f5:1c:a8:
         fb:9b:38:a7:f5:23:09:1c:de:2f:53:05:71:af:3e:89:5c:42:
         20:b8:ee:71:19:72:8b:76:a8:45:94:53:58:f1:00:6f:a9:4c:
         b0:fb:ee:53:de:98:62:58:43:37:93:3e:08:9a:a0:a4:50:6b:
         7b:54:27:e2:8e:83:c0:89:ed:8d:56:62:68:e8:68:2f:2b:4a:
         59:e6:0a:e9:dc:6e:dc:c3:72:9b:80:f9:5c:22:85:14:22:80:
         d4:47:86:1f:1e:cc:28:e2:5c:b7:97:3d:e8:bf:94:d4:78:21:
         73:37:e8:be:55:c2:02:7b:5c:c7:69:3f:08:7a:57:cb:43:9b:
         f1:83:f3:13:54:74:2a:14:bd:46:b3:45:37:81:12:29:5e:2e:
         44:79:54:da:c7:cf:00:31:e9:18:bd:92:3f:90:2e:f8:48:4e:
         36:2e:15:b7:31:2a:37:70:02:e7:fd:ec:86:20:c5:c5:fe:8c:
         b4:47:bd:23:93:50:15:d8:60:35:31:b5:58:3d:17:ac:3f:8d:
         e2:88:08:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9w60JUmNMREMHmGTM7FRbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlYTY1YzdlZGJhNDY5ZDA5OWQ3NmFhY2Q3ZGMyNjNmNGRm
ZWM1ZWIwHhcNMjQwNTEzMDc0NjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWViYzJmMWRhMzlmMDA5M2I2Njk3ZDI3YWZkMzRhMjE5NTBiMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE1MOniIjbZWV4qVUAtMvWxyXw/t
1dRaS8AvNlKjB8eFLXlJREHQmUuLLLF79KrJOdkvrt1HmYyPO4T5Uj0KRGqtCT69
ZmQ5Nz9tRMSsq49q6jOo0po8tZS7AvGnbo1qdLvD5QDAr0TfRfej4CHot29H23EP
WL1OldBkj/oTRnb9Vs/btGK5i9xplpm69FTwfjnCHR3KOJ7z0OSuJPegzIUb5G1d
Et1HIM7uNU1RPCMpjDNhz61bB5jpNV0GnMKoPzvn5VaffVtFuRBre9rVuII2W2JX
iYqoYXW6bxTlrVACZi4Wsgr9aYKl4Gk5ZY8bXOZZiMSvtReXSD40vGhPxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHrwvHaOfAJO2aX0nr9NKIZULAsMB8GA1UdIwQY
MBaAFE6mXH7bpGnQmddqrNfcJj9N/sXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHFaY2Z0dWthZENaMTJxczE5d21QMDMteGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8wN2YyNzAtYzZjYy00OWNkLWFlNDYt
NTEwMGEyNmQyNzRiLzEvc2V2QzhkbzU4QWs3WnBmU2V2MDBvaGxRc0N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8wN2YyNzAtYzZjYy00OWNkLWFlNDYtNTEwMGEyNmQyNzRi
LzEvVHFaY2Z0dWthZENaMTJxczE5d21QMDMteGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsjzFMA0G
CSqGSIb3DQEBCwUAA4IBAQBsqe4Df1XKHhwysranmosZFuUpMqUn+TSaJInSvcW/
7HMgFvFi8TApL+6w0/UNUy6MS2L1HKj7mzin9SMJHN4vUwVxrz6JXEIguO5xGXKL
dqhFlFNY8QBvqUyw++5T3phiWEM3kz4ImqCkUGt7VCfijoPAie2NVmJo6GgvK0pZ
5grp3G7cw3KbgPlcIoUUIoDUR4YfHswo4ly3lz3ov5TUeCFzN+i+VcICe1zHaT8I
elfLQ5vxg/MTVHQqFL1Gs0U3gRIpXi5EeVTax88AMekYvZI/kC74SE42LhW3MSo3
cALn/eyGIMXF/oy0R70jk1AV2GA1MbVYPResP43iiAjC
-----END CERTIFICATE-----