Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/7GkjYZdaSii6HrojXZvxYQXipWM.roa
File:                     7GkjYZdaSii6HrojXZvxYQXipWM.roa (raw, json)
Hash identifier:          /XQPERaOZ1cHm7yWcEmI1viHyqVH+QrX6/03PBr5VIc=
Subject key identifier:   EC:69:23:61:97:5A:4A:28:BA:1E:BA:23:5D:9B:F1:61:05:E2:A5:63
Certificate issuer:       /CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
Certificate serial:       018CF3ABF0001055B1AEBA30273161282981
Authority key identifier: D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/7GkjYZdaSii6HrojXZvxYQXipWM.roa
Signing time:             Wed 10 Jan 2024 13:59:40 +0000
ROA not before:           Wed 10 Jan 2024 13:59:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149457
IP address blocks:        178.20.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:ab:f0:00:10:55:b1:ae:ba:30:27:31:61:28:29:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
        Validity
            Not Before: Jan 10 13:59:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec692361975a4a28ba1eba235d9bf16105e2a563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:17:74:13:66:e6:d5:f0:a2:f2:72:34:89:ce:
                    ba:e7:85:41:8b:4e:c7:a5:d9:65:e0:2c:75:99:5f:
                    9f:d8:a6:0a:00:4d:01:a2:b8:c6:c4:a6:b2:5d:32:
                    77:7d:e4:36:8f:cf:b3:96:bf:c1:0d:91:14:3f:5f:
                    30:21:ee:14:e9:2c:64:2e:01:d4:e9:93:d5:53:8c:
                    42:7a:7e:e8:51:43:6b:05:45:ce:36:60:78:41:04:
                    e6:cf:59:80:73:fa:02:cc:d3:6a:21:39:72:40:02:
                    60:a2:20:24:a4:20:ca:5a:5d:f5:9b:5b:6c:8d:79:
                    dd:f4:b7:46:f5:b6:4d:0c:2e:fa:d0:08:61:1e:32:
                    f7:55:55:d1:3f:5d:5b:08:05:7a:a9:80:b8:b5:c3:
                    a0:77:57:12:f8:98:8d:d9:6b:51:67:3b:49:52:52:
                    df:48:ab:13:fb:08:c3:f8:09:0e:f3:fa:5b:c3:bd:
                    e9:aa:92:ac:a8:13:3e:a9:b9:73:a6:62:59:5b:89:
                    3c:9e:f3:50:b7:28:1b:82:f4:9f:d8:dc:18:f6:82:
                    44:d6:f5:2b:3b:c2:42:e7:b0:aa:8c:9c:35:32:de:
                    d3:0c:f9:23:a0:38:ef:3c:31:bc:2a:37:df:23:30:
                    ae:6d:fe:a8:09:a1:54:53:bf:3a:04:15:17:7b:28:
                    89:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:69:23:61:97:5A:4A:28:BA:1E:BA:23:5D:9B:F1:61:05:E2:A5:63
            X509v3 Authority Key Identifier:
                keyid:D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/7GkjYZdaSii6HrojXZvxYQXipWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:17:5b:44:54:d4:e1:28:30:60:f3:b7:d9:38:61:34:6d:02:
         af:98:a2:24:6c:78:f4:8c:48:86:a4:5d:28:86:6e:d3:24:ee:
         73:85:d5:7e:88:49:46:59:95:38:1a:fe:ba:ba:e8:a6:6d:8c:
         1e:64:ec:f8:27:e3:c7:e3:32:15:d4:4a:9f:66:d2:4c:11:dd:
         7f:3e:d6:3b:3f:2a:0f:96:ce:cd:44:85:bd:f9:e8:aa:0b:f8:
         38:b2:fc:83:87:9c:45:45:4b:d3:ef:cb:2a:df:76:e5:40:aa:
         9d:f4:90:20:1d:e0:65:59:db:d5:8f:9f:de:38:11:4e:b4:d6:
         42:47:d0:b8:13:08:33:a3:a7:bd:d9:6b:cc:ea:6a:17:66:0d:
         de:d7:53:6d:ec:14:ff:b7:94:f9:b1:89:f9:ce:2b:5e:dd:df:
         80:1f:44:b6:7b:3b:e5:96:0e:b1:f6:89:fd:11:95:f5:e9:9a:
         90:da:48:ba:53:fc:24:c9:d2:ee:52:56:2e:97:85:78:f4:61:
         3c:d9:3a:3b:0d:f9:59:30:f7:4b:c3:79:0e:34:d7:28:7c:9e:
         c3:3a:c5:b6:1c:20:74:1f:f9:df:a3:47:61:64:17:57:c5:36:
         41:1e:6b:87:af:ad:9a:84:bf:35:17:41:31:3d:f9:55:65:fc:
         c6:d7:39:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzzq/AAEFWxrrowJzFhKCmBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2E1NGYwMmY0OWY0NWFkNWQ3M2U1NTUxZDA5NjE4MWJj
ZTNmNmUwHhcNMjQwMTEwMTM1OTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzY5MjM2MTk3NWE0YTI4YmExZWJhMjM1ZDliZjE2MTA1ZTJhNTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhd0E2bm1fCi8nI0ic6654VBi07H
pdll4Cx1mV+f2KYKAE0BorjGxKayXTJ3feQ2j8+zlr/BDZEUP18wIe4U6SxkLgHU
6ZPVU4xCen7oUUNrBUXONmB4QQTmz1mAc/oCzNNqITlyQAJgoiAkpCDKWl31m1ts
jXnd9LdG9bZNDC760AhhHjL3VVXRP11bCAV6qYC4tcOgd1cS+JiN2WtRZztJUlLf
SKsT+wjD+AkO8/pbw73pqpKsqBM+qblzpmJZW4k8nvNQtygbgvSf2NwY9oJE1vUr
O8JC57CqjJw1Mt7TDPkjoDjvPDG8KjffIzCubf6oCaFUU786BBUXeyiJZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxpI2GXWkoouh66I12b8WEF4qVjMB8GA1UdIwQY
MBaAFNk6VPAvSfRa1dc+VVHQlhgbzj9uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMt
MDVkNThmMGNiODhjLzEvN0drallaZGFTaWk2SHJvalhadnhZUVhpcFdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMtMDVkNThmMGNiODhj
LzEvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTQMA0G
CSqGSIb3DQEBCwUAA4IBAQBbF1tEVNThKDBg87fZOGE0bQKvmKIkbHj0jEiGpF0o
hm7TJO5zhdV+iElGWZU4Gv66uuimbYweZOz4J+PH4zIV1EqfZtJMEd1/PtY7PyoP
ls7NRIW9+eiqC/g4svyDh5xFRUvT78sq33blQKqd9JAgHeBlWdvVj5/eOBFOtNZC
R9C4Ewgzo6e92WvM6moXZg3e11Nt7BT/t5T5sYn5zite3d+AH0S2ezvllg6x9on9
EZX16ZqQ2ki6U/wkydLuUlYul4V49GE82To7DflZMPdLw3kONNcofJ7DOsW2HCB0
H/nfo0dhZBdXxTZBHmuHr62ahL81F0ExPflVZfzG1zkg
-----END CERTIFICATE-----