Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/SC8ONahEVWsrLYadIDg8o15d4Lo.roa
File:                     SC8ONahEVWsrLYadIDg8o15d4Lo.roa (raw, json)
Hash identifier:          zc1eUdP/L8580teQVsxhAEMpcNoNkp9AfNDsdfv+oD4=
Subject key identifier:   48:2F:0E:35:A8:44:55:6B:2B:2D:86:9D:20:38:3C:A3:5E:5D:E0:BA
Certificate issuer:       /CN=54cbda78b1d1b613df565ff99700b6aee940de3f
Certificate serial:       018CC72757D8327B688BB81855E60FD727CC
Authority key identifier: 54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/SC8ONahEVWsrLYadIDg8o15d4Lo.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212953
IP address blocks:        213.238.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:d8:32:7b:68:8b:b8:18:55:e6:0f:d7:27:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54cbda78b1d1b613df565ff99700b6aee940de3f
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=482f0e35a844556b2b2d869d20383ca35e5de0ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:cf:02:27:c9:7c:42:e7:ee:35:b4:50:cf:3d:
                    d2:92:50:77:ea:fa:89:48:b4:94:e2:ef:01:1b:24:
                    a0:b8:bd:b8:5f:4d:07:63:63:d0:8d:ca:da:0d:ca:
                    83:6f:6b:e7:e3:87:b4:5e:a2:7b:07:c0:71:6e:7a:
                    e9:6b:fc:b5:76:7d:da:c2:4e:7d:f8:dc:02:72:30:
                    7f:12:0f:8f:52:3c:4b:6e:33:8d:e9:54:40:3f:0a:
                    14:d9:c0:e5:e4:ea:72:79:11:40:62:bb:83:a0:29:
                    2d:7c:c8:bd:04:c3:a3:19:2f:a5:43:41:71:6d:76:
                    55:06:bb:fb:f2:5a:ee:e6:da:bd:db:09:84:4a:21:
                    28:31:eb:e7:cc:39:02:8c:4a:66:f2:3f:6a:8f:29:
                    9d:25:91:be:ad:2d:5f:ad:4f:02:8e:a8:25:90:7e:
                    da:21:c7:45:c6:a2:59:5e:cd:97:78:3a:25:1b:0c:
                    72:3d:ed:8f:8f:dd:17:b2:00:22:e3:20:85:2f:40:
                    c9:6a:cb:99:62:aa:44:e1:5d:4c:ba:df:9d:90:7d:
                    a6:3a:ee:a9:f6:29:41:0f:79:b5:c1:96:95:32:de:
                    9b:3f:d9:1e:20:44:71:d7:79:4d:7b:09:c3:20:71:
                    c6:6a:25:eb:a5:3c:f7:21:d5:4c:34:42:7b:d8:f7:
                    fc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2F:0E:35:A8:44:55:6B:2B:2D:86:9D:20:38:3C:A3:5E:5D:E0:BA
            X509v3 Authority Key Identifier:
                keyid:54:CB:DA:78:B1:D1:B6:13:DF:56:5F:F9:97:00:B6:AE:E9:40:DE:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VMvaeLHRthPfVl_5lwC2rulA3j8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/SC8ONahEVWsrLYadIDg8o15d4Lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/6d61d9-0bf7-44bb-b80f-cd31615d01a9/1/VMvaeLHRthPfVl_5lwC2rulA3j8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.238.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:d0:8f:8a:56:2f:a1:1a:2b:fe:ea:d6:6a:0f:ed:c7:81:c5:
         cf:67:3e:7a:fe:4d:17:69:54:da:58:c7:55:2a:bd:81:56:58:
         4a:bd:df:d2:ec:87:06:64:7a:d2:ac:a8:ad:41:69:c0:30:f3:
         cb:59:00:98:06:c4:cd:1b:e4:62:2b:d7:42:c8:45:f3:ee:14:
         fb:a8:f0:de:bb:b5:e9:0e:19:e0:15:45:9a:c0:b8:d2:1a:a3:
         80:80:1e:1e:c9:b9:59:2c:b4:ca:34:08:94:4b:81:42:5d:58:
         8e:07:97:ad:94:b0:58:2e:c9:c5:ab:e2:7b:91:7a:bc:7e:2e:
         ee:c1:b9:fc:9b:10:c9:74:0c:6e:7d:1e:32:75:b1:35:ea:a3:
         48:9b:20:f1:27:77:5c:7d:5e:28:24:07:5b:a0:33:7c:14:42:
         0e:e2:49:21:75:a2:8b:09:5a:67:e7:09:2a:4d:d6:d4:92:67:
         8a:79:79:80:cd:22:d2:6a:c9:24:64:1b:8f:96:19:10:1a:76:
         51:ea:b7:c0:51:66:1f:a8:81:99:78:72:bf:20:ac:0f:1b:98:
         50:5a:84:fd:13:4f:0a:8f:ce:42:87:ca:e2:48:68:6f:94:7d:
         5a:25:32:b1:19:db:e2:d3:dd:17:fd:bc:09:62:87:d8:f1:77:
         d5:81:98:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1fYMntoi7gYVeYP1yfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Y2JkYTc4YjFkMWI2MTNkZjU2NWZmOTk3MDBiNmFlZTk0
MGRlM2YwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODJmMGUzNWE4NDQ1NTZiMmIyZDg2OWQyMDM4M2NhMzVlNWRlMGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhM8CJ8l8QufuNbRQzz3SklB36vqJ
SLSU4u8BGySguL24X00HY2PQjcraDcqDb2vn44e0XqJ7B8Bxbnrpa/y1dn3awk59
+NwCcjB/Eg+PUjxLbjON6VRAPwoU2cDl5OpyeRFAYruDoCktfMi9BMOjGS+lQ0Fx
bXZVBrv78lru5tq92wmESiEoMevnzDkCjEpm8j9qjymdJZG+rS1frU8CjqglkH7a
IcdFxqJZXs2XeDolGwxyPe2Pj90XsgAi4yCFL0DJasuZYqpE4V1Mut+dkH2mOu6p
9ilBD3m1wZaVMt6bP9keIERx13lNewnDIHHGaiXrpTz3IdVMNEJ72Pf8YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgvDjWoRFVrKy2GnSA4PKNeXeC6MB8GA1UdIwQY
MBaAFFTL2nix0bYT31Zf+ZcAtq7pQN4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYt
Y2QzMTYxNWQwMWE5LzEvU0M4T05haEVWV3NyTFlhZElEZzhvMTVkNExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82ZDYxZDktMGJmNy00NGJiLWI4MGYtY2QzMTYxNWQwMWE5
LzEvVk12YWVMSFJ0aFBmVmxfNWx3QzJydWxBM2o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1e6yMA0G
CSqGSIb3DQEBCwUAA4IBAQC10I+KVi+hGiv+6tZqD+3HgcXPZz56/k0XaVTaWMdV
Kr2BVlhKvd/S7IcGZHrSrKitQWnAMPPLWQCYBsTNG+RiK9dCyEXz7hT7qPDeu7Xp
DhngFUWawLjSGqOAgB4eyblZLLTKNAiUS4FCXViOB5etlLBYLsnFq+J7kXq8fi7u
wbn8mxDJdAxufR4ydbE16qNImyDxJ3dcfV4oJAdboDN8FEIO4kkhdaKLCVpn5wkq
TdbUkmeKeXmAzSLSaskkZBuPlhkQGnZR6rfAUWYfqIGZeHK/IKwPG5hQWoT9E08K
j85Ch8riSGhvlH1aJTKxGdvi090X/bwJYofY8XfVgZgu
-----END CERTIFICATE-----