Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/b-CdsgSUE6_RmakqniiZXIk7wtg.roa
File:                     b-CdsgSUE6_RmakqniiZXIk7wtg.roa (raw, json)
Hash identifier:          33MXOeT6+9jPRytndqC43G7+n3v+xwn/VqoiObV4hwc=
Subject key identifier:   6F:E0:9D:B2:04:94:13:AF:D1:99:A9:2A:9E:28:99:5C:89:3B:C2:D8
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       018CC500CD3E58129A20C00598BBA9CD3843
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/b-CdsgSUE6_RmakqniiZXIk7wtg.roa
Signing time:             Mon 01 Jan 2024 12:30:13 +0000
ROA not before:           Mon 01 Jan 2024 12:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5483
IP address blocks:        178.238.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 23:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:cd:3e:58:12:9a:20:c0:05:98:bb:a9:cd:38:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  1 12:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fe09db2049413afd199a92a9e28995c893bc2d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:05:4a:7c:35:22:dc:f9:48:dc:4e:5c:12:48:
                    d0:d6:f9:5a:d0:7b:dc:3c:b8:c7:6e:89:fb:97:dd:
                    84:6c:a5:cb:ab:fe:7d:4d:cb:be:2f:05:bd:1b:c5:
                    b4:10:d3:5e:f3:7f:df:f2:65:0d:f7:2b:80:4c:0e:
                    be:07:41:6b:10:4b:7b:38:34:74:c9:8d:1e:45:21:
                    97:48:f3:a6:de:9b:e1:1f:6d:b5:a4:b4:14:5d:59:
                    ea:53:21:a5:ea:8a:33:4c:94:32:df:6d:c7:f6:6a:
                    31:2a:98:0b:38:ef:e1:62:89:23:2d:7f:1d:72:0b:
                    6c:df:3a:11:37:8f:87:3b:32:b7:64:59:c6:e2:fe:
                    cf:a7:19:04:c2:50:b0:53:6d:c6:ed:0d:0c:4f:47:
                    b7:b5:09:76:fd:3d:8a:43:67:9d:e6:e2:95:93:05:
                    65:8e:6b:89:31:b0:83:b0:d5:5a:e2:cc:72:14:3d:
                    8d:4e:69:20:5f:c0:3f:86:41:da:38:94:e1:7d:88:
                    c0:f1:ef:fc:cc:16:92:c4:3c:1a:ea:57:9e:98:fa:
                    6d:db:79:d4:69:b7:3a:58:a5:8c:8c:f1:ec:82:71:
                    84:98:19:c3:d7:e6:68:c8:a0:ec:a1:84:ed:84:ac:
                    9b:81:73:ed:7c:55:05:60:cc:da:51:d1:b6:6b:e5:
                    95:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E0:9D:B2:04:94:13:AF:D1:99:A9:2A:9E:28:99:5C:89:3B:C2:D8
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/b-CdsgSUE6_RmakqniiZXIk7wtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.238.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:f0:5f:f2:05:63:54:8a:6f:e1:b7:36:e1:ec:05:99:6f:d4:
         b5:2f:33:46:92:80:8b:56:41:34:81:7a:ec:7d:a5:09:c1:55:
         1d:a4:a8:7d:d5:35:71:1c:8a:78:db:fd:d5:0f:a7:a4:2a:d3:
         ee:9b:c1:f0:d9:15:fa:5f:17:0d:2f:ed:fd:70:58:80:ff:8e:
         77:4d:a8:f9:4e:2e:97:9b:fd:6b:ca:84:cb:02:1d:fd:dc:59:
         cb:db:95:df:bb:a8:03:19:46:02:90:31:a5:8f:c2:e7:14:59:
         f4:c1:7a:30:83:77:4e:47:11:46:c3:54:8b:21:44:c0:53:62:
         9d:5b:c3:bc:fb:bc:5a:df:a5:5a:44:7f:39:e3:87:57:73:00:
         06:59:d9:6f:de:dd:26:b5:49:85:50:bb:3a:df:3f:a7:a1:7e:
         8f:8d:0e:80:32:06:36:5a:9c:60:5e:53:22:3c:d1:b9:3b:df:
         f6:d1:82:88:45:42:de:76:a5:15:22:33:c0:2d:f8:5f:d1:57:
         a6:22:0b:9b:a1:38:4d:6f:fb:e6:05:2f:7e:b7:7a:50:2a:8c:
         16:44:da:68:6a:b2:66:cc:68:66:9f:15:73:c3:53:08:65:97:
         ab:9b:7d:75:a5:f6:28:e9:84:0e:43:b5:28:36:71:2e:8b:c3:
         28:42:41:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAM0+WBKaIMAFmLupzThDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjQwMTAxMTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmUwOWRiMjA0OTQxM2FmZDE5OWE5MmE5ZTI4OTk1Yzg5M2JjMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwVKfDUi3PlI3E5cEkjQ1vla0Hvc
PLjHbon7l92EbKXLq/59Tcu+LwW9G8W0ENNe83/f8mUN9yuATA6+B0FrEEt7ODR0
yY0eRSGXSPOm3pvhH221pLQUXVnqUyGl6oozTJQy323H9moxKpgLOO/hYokjLX8d
cgts3zoRN4+HOzK3ZFnG4v7PpxkEwlCwU23G7Q0MT0e3tQl2/T2KQ2ed5uKVkwVl
jmuJMbCDsNVa4sxyFD2NTmkgX8A/hkHaOJThfYjA8e/8zBaSxDwa6leemPpt23nU
abc6WKWMjPHsgnGEmBnD1+ZoyKDsoYTthKybgXPtfFUFYMzaUdG2a+WVXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/gnbIElBOv0ZmpKp4omVyJO8LYMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvYi1DZHNnU1VFNl9SbWFrcW5paVpYSWs3d3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu7dMA0G
CSqGSIb3DQEBCwUAA4IBAQBJ8F/yBWNUim/htzbh7AWZb9S1LzNGkoCLVkE0gXrs
faUJwVUdpKh91TVxHIp42/3VD6ekKtPum8Hw2RX6XxcNL+39cFiA/453Taj5Ti6X
m/1ryoTLAh393FnL25Xfu6gDGUYCkDGlj8LnFFn0wXowg3dORxFGw1SLIUTAU2Kd
W8O8+7xa36VaRH8544dXcwAGWdlv3t0mtUmFULs63z+noX6PjQ6AMgY2WpxgXlMi
PNG5O9/20YKIRULedqUVIjPALfhf0VemIguboThNb/vmBS9+t3pQKowWRNpoarJm
zGhmnxVzw1MIZZerm311pfYo6YQOQ7UoNnEui8MoQkHw
-----END CERTIFICATE-----