Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/E4E8FaS6fp3VOQreF5OqkNravjA.roa
File:                     E4E8FaS6fp3VOQreF5OqkNravjA.roa (raw, json)
Hash identifier:          /UP7hJtKBKY6+tLd9FDz7UgYbHwUYFPDjz8khlXoV9I=
Subject key identifier:   13:81:3C:15:A4:BA:7E:9D:D5:39:0A:DE:17:93:AA:90:DA:DA:BE:30
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0190E99E9DED09CF065B5A30EDA855DEA9FA
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/E4E8FaS6fp3VOQreF5OqkNravjA.roa
Signing time:             Thu 25 Jul 2024 11:20:04 +0000
ROA not before:           Thu 25 Jul 2024 11:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49304
IP address blocks:        178.173.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e9:9e:9d:ed:09:cf:06:5b:5a:30:ed:a8:55:de:a9:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jul 25 11:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13813c15a4ba7e9dd5390ade1793aa90dadabe30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ff:45:01:1c:57:55:f1:d8:e3:9e:8b:e7:65:
                    ee:dd:01:15:d6:8c:29:d9:05:96:26:63:db:e8:81:
                    8d:59:44:65:0f:aa:b5:ac:08:b5:0f:7b:95:97:43:
                    a0:eb:27:02:79:da:22:57:74:42:77:25:36:9e:47:
                    d0:b1:40:99:ab:d8:e3:ac:7e:7c:9c:0c:f7:d9:06:
                    67:09:a5:71:47:2e:1c:ab:c3:60:2e:4b:8c:c2:e1:
                    04:fb:ae:58:7b:26:e9:0c:93:d6:b7:ad:f3:5d:d7:
                    62:c1:7a:e5:8e:ff:1d:0c:be:f7:25:4c:4b:69:ab:
                    6a:4a:0c:09:89:b7:ba:15:3d:a1:cb:48:2d:0a:29:
                    17:ec:b2:a8:bb:75:9b:30:cf:d0:38:f9:67:73:8f:
                    03:db:9e:89:4f:cb:8c:9c:26:d3:51:f0:b1:44:25:
                    a1:45:69:0c:4c:3b:fc:b3:a4:d3:6e:19:1a:83:c3:
                    73:cb:9a:2d:37:69:a1:d2:12:ec:1d:01:f6:5d:18:
                    45:39:39:18:c8:76:13:2a:79:35:eb:5b:d5:a9:84:
                    5e:4f:e7:76:2a:07:e6:f3:66:78:0b:52:8a:de:da:
                    f7:fa:ab:5b:52:8f:56:86:10:2c:c8:d0:7f:e6:3d:
                    1f:ac:5d:bc:5c:b3:ff:83:1b:45:38:b8:8a:d2:f4:
                    3b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:81:3C:15:A4:BA:7E:9D:D5:39:0A:DE:17:93:AA:90:DA:DA:BE:30
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/E4E8FaS6fp3VOQreF5OqkNravjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.173.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0f:32:4c:02:64:7a:b1:43:f5:65:1e:cc:de:ab:26:dd:ec:ae:
         33:81:88:a4:4c:81:7f:a0:69:3c:f9:e6:7f:bc:3a:b2:5a:54:
         68:7a:1d:48:c0:06:93:57:2d:32:96:4b:6b:69:01:53:f8:ed:
         9c:f6:f4:ba:6d:cb:90:4d:06:55:c2:98:e6:f7:f0:31:fd:2c:
         43:90:ff:15:75:e5:1b:0c:25:49:4e:ef:09:dc:a7:92:43:dd:
         e3:2e:ca:3b:bb:78:57:72:54:3a:e5:eb:23:1b:4a:7e:2e:86:
         1c:a1:bf:ac:88:37:d2:38:f5:20:30:bb:80:7d:a9:e7:b3:6e:
         e6:3c:d4:48:66:40:cd:1e:3f:46:0c:c6:64:52:18:a9:cb:06:
         f9:b7:f0:74:7b:0a:b6:f2:ec:a7:88:6f:79:5d:88:c5:42:96:
         61:64:a5:f9:80:87:42:48:38:ce:27:78:10:64:bb:7d:d9:ea:
         5e:25:23:ce:f9:4a:79:8b:ff:b8:f9:6e:44:4c:c6:c9:5f:60:
         a0:63:57:64:a9:61:46:a2:95:ce:d9:e6:a2:8e:ed:15:2c:47:
         0b:1d:09:4b:b2:b4:e4:42:e2:b6:d7:45:1d:98:96:de:5b:43:
         3a:2f:68:e7:ae:d2:b1:f9:55:45:16:a3:18:44:06:c6:41:2a:
         00:69:0c:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDpnp3tCc8GW1ow7ahV3qn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNzI1MTEyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzgxM2MxNWE0YmE3ZTlkZDUzOTBhZGUxNzkzYWE5MGRhZGFiZTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3f9FARxXVfHY456L52Xu3QEV1owp
2QWWJmPb6IGNWURlD6q1rAi1D3uVl0Og6ycCedoiV3RCdyU2nkfQsUCZq9jjrH58
nAz32QZnCaVxRy4cq8NgLkuMwuEE+65YeybpDJPWt63zXddiwXrljv8dDL73JUxL
aatqSgwJibe6FT2hy0gtCikX7LKou3WbMM/QOPlnc48D256JT8uMnCbTUfCxRCWh
RWkMTDv8s6TTbhkag8Nzy5otN2mh0hLsHQH2XRhFOTkYyHYTKnk161vVqYReT+d2
Kgfm82Z4C1KK3tr3+qtbUo9WhhAsyNB/5j0frF28XLP/gxtFOLiK0vQ7GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBOBPBWkun6d1TkK3heTqpDa2r4wMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRTRFOEZhUzZmcDNWT1FyZUY1T3FrTnJhdmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsq3gMA0G
CSqGSIb3DQEBCwUAA4IBAQAPMkwCZHqxQ/VlHszeqybd7K4zgYikTIF/oGk8+eZ/
vDqyWlRoeh1IwAaTVy0ylktraQFT+O2c9vS6bcuQTQZVwpjm9/Ax/SxDkP8VdeUb
DCVJTu8J3KeSQ93jLso7u3hXclQ65esjG0p+LoYcob+siDfSOPUgMLuAfanns27m
PNRIZkDNHj9GDMZkUhipywb5t/B0ewq28uyniG95XYjFQpZhZKX5gIdCSDjOJ3gQ
ZLt92epeJSPO+Up5i/+4+W5ETMbJX2CgY1dkqWFGopXO2eaiju0VLEcLHQlLsrTk
QuK210UdmJbeW0M6L2jnrtKx+VVFFqMYRAbGQSoAaQzs
-----END CERTIFICATE-----