Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/IUaglXMoCfWHYoEHDvfMOLW0gCo.roa
File:                     IUaglXMoCfWHYoEHDvfMOLW0gCo.roa (raw, json)
Hash identifier:          SIDwg/N1xEcZG6CVXI1MxQJ23X7MPqohUnh5tpikeYs=
Subject key identifier:   21:46:A0:95:73:28:09:F5:87:62:81:07:0E:F7:CC:38:B5:B4:80:2A
Certificate issuer:       /CN=35135b81b6c1edd2f6f5bc1c608a5fc9fe926474
Certificate serial:       019423D6FBF0D3E429D3ED53CF8FCF087776
Authority key identifier: 35:13:5B:81:B6:C1:ED:D2:F6:F5:BC:1C:60:8A:5F:C9:FE:92:64:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/IUaglXMoCfWHYoEHDvfMOLW0gCo.roa
Signing time:             Wed 01 Jan 2025 21:47:59 +0000
ROA not before:           Wed 01 Jan 2025 21:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57366
IP address blocks:        178.215.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:fb:f0:d3:e4:29:d3:ed:53:cf:8f:cf:08:77:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35135b81b6c1edd2f6f5bc1c608a5fc9fe926474
        Validity
            Not Before: Jan  1 21:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2146a095732809f5876281070ef7cc38b5b4802a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2f:18:7c:f5:34:e8:8d:8e:ef:24:aa:f5:e0:
                    1f:44:41:75:69:a8:08:8e:be:b1:01:71:27:03:13:
                    35:3f:25:38:dd:74:82:be:05:54:2d:90:42:c8:66:
                    20:6a:7e:43:c6:88:f1:37:12:06:04:71:9a:7d:5e:
                    7d:d1:0e:8a:9f:a0:02:f4:f3:d2:4e:c4:47:19:c3:
                    39:d4:7e:3d:fe:8f:bf:f4:e8:8b:a3:fe:45:6b:db:
                    8b:7f:e5:d8:c3:cb:38:30:3f:16:a4:1c:0c:7d:43:
                    ed:b1:33:a3:a7:90:9a:c7:5f:fe:eb:30:3e:cc:5d:
                    40:3b:d6:1a:7c:eb:3e:57:85:8b:78:6c:63:5a:c6:
                    43:8b:05:34:34:c0:ec:a1:ac:44:06:ba:48:78:99:
                    9f:cf:13:f7:21:c8:12:66:ac:3b:92:99:62:53:21:
                    3e:6b:d8:63:9b:b4:9d:a1:a2:44:66:71:ee:c8:c0:
                    b3:23:1c:73:4c:56:c0:e8:32:5b:2e:56:60:42:02:
                    48:0b:1f:c6:6d:85:ea:8f:a2:29:f4:c4:50:75:45:
                    3e:d4:ac:74:fd:fe:e7:c0:a2:a3:37:ba:3c:37:0e:
                    37:07:7a:f9:62:db:7e:d4:b9:50:87:9d:62:18:36:
                    83:dc:a7:da:18:aa:07:4f:11:8f:b2:c3:bb:8c:c9:
                    f9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:46:A0:95:73:28:09:F5:87:62:81:07:0E:F7:CC:38:B5:B4:80:2A
            X509v3 Authority Key Identifier:
                keyid:35:13:5B:81:B6:C1:ED:D2:F6:F5:BC:1C:60:8A:5F:C9:FE:92:64:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRNbgbbB7dL29bwcYIpfyf6SZHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/IUaglXMoCfWHYoEHDvfMOLW0gCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d0a0a0-d25a-4746-9139-a71456df9997/1/NRNbgbbB7dL29bwcYIpfyf6SZHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.215.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:dc:1e:19:22:70:d4:ef:c0:90:eb:97:8f:80:10:83:ea:6f:
         a5:f8:9f:70:6e:d6:d9:9d:60:99:e8:89:8e:c5:58:57:d5:9a:
         24:8f:a7:85:48:42:2d:53:82:09:e7:97:64:77:7e:5c:3e:64:
         e7:1e:93:72:e1:66:56:58:21:50:ce:63:65:c2:1d:6d:bd:bd:
         f3:6f:ea:cf:51:dc:a5:40:9f:45:c7:a0:ad:63:4d:7a:e7:c3:
         6d:2a:c2:b6:2b:66:aa:01:e0:a3:79:9b:89:70:3b:a6:f7:dd:
         41:7c:07:30:98:d0:7e:c4:64:f5:45:2c:94:b7:e3:8c:bf:49:
         4a:48:e6:f0:17:4f:99:2f:a6:01:d6:e6:5e:36:7a:e8:bf:10:
         ba:a1:3a:05:97:af:d7:ce:c6:30:8d:c7:ee:73:61:41:e6:8a:
         99:14:a9:d0:f6:04:61:77:bc:e6:ab:78:a1:9b:cd:0d:2f:8e:
         62:fa:66:f3:66:48:1e:a4:d1:01:fd:bd:9e:93:2e:4f:8b:9d:
         9f:e6:ab:1d:22:08:17:d7:5e:9c:aa:47:03:cd:7c:fa:e7:fb:
         09:95:70:50:cd:b2:70:6f:c4:ae:cf:8b:1b:65:ea:c9:7f:4d:
         12:31:2e:e7:d2:d1:ac:77:5c:aa:bf:9f:37:d4:ca:00:5c:89:
         96:66:e9:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1vvw0+Qp0+1Tz4/PCHd2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTM1YjgxYjZjMWVkZDJmNmY1YmMxYzYwOGE1ZmM5ZmU5
MjY0NzQwHhcNMjUwMTAxMjE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQ2YTA5NTczMjgwOWY1ODc2MjgxMDcwZWY3Y2MzOGI1YjQ4MDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtC8YfPU06I2O7ySq9eAfREF1aagI
jr6xAXEnAxM1PyU43XSCvgVULZBCyGYgan5DxojxNxIGBHGafV590Q6Kn6AC9PPS
TsRHGcM51H49/o+/9OiLo/5Fa9uLf+XYw8s4MD8WpBwMfUPtsTOjp5Cax1/+6zA+
zF1AO9YafOs+V4WLeGxjWsZDiwU0NMDsoaxEBrpIeJmfzxP3IcgSZqw7kpliUyE+
a9hjm7SdoaJEZnHuyMCzIxxzTFbA6DJbLlZgQgJICx/GbYXqj6Ip9MRQdUU+1Kx0
/f7nwKKjN7o8Nw43B3r5Ytt+1LlQh51iGDaD3KfaGKoHTxGPssO7jMn5DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFGoJVzKAn1h2KBBw73zDi1tIAqMB8GA1UdIwQY
MBaAFDUTW4G2we3S9vW8HGCKX8n+kmR0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJOYmdiYkI3ZEwyOWJ3Y1lJcGZ5ZjZTWkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kMGEwYTAtZDI1YS00NzQ2LTkxMzkt
YTcxNDU2ZGY5OTk3LzEvSVVhZ2xYTW9DZldIWW9FSER2Zk1PTFcwZ0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kMGEwYTAtZDI1YS00NzQ2LTkxMzktYTcxNDU2ZGY5OTk3
LzEvTlJOYmdiYkI3ZEwyOWJ3Y1lJcGZ5ZjZTWkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstcDMA0G
CSqGSIb3DQEBCwUAA4IBAQAG3B4ZInDU78CQ65ePgBCD6m+l+J9wbtbZnWCZ6ImO
xVhX1Zokj6eFSEItU4IJ55dkd35cPmTnHpNy4WZWWCFQzmNlwh1tvb3zb+rPUdyl
QJ9Fx6CtY01658NtKsK2K2aqAeCjeZuJcDum991BfAcwmNB+xGT1RSyUt+OMv0lK
SObwF0+ZL6YB1uZeNnrovxC6oToFl6/XzsYwjcfuc2FB5oqZFKnQ9gRhd7zmq3ih
m80NL45i+mbzZkgepNEB/b2eky5Pi52f5qsdIggX116cqkcDzXz65/sJlXBQzbJw
b8Suz4sbZerJf00SMS7n0tGsd1yqv5831MoAXImWZul1
-----END CERTIFICATE-----