Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/68TqYumBsQA8Uy6X5kRbS4habow.roa
File:                     68TqYumBsQA8Uy6X5kRbS4habow.roa (raw, json)
Hash identifier:          /ZpMbVcL+jLEn4INfgnRaWcIrxwjscppon23ropEPSc=
Subject key identifier:   EB:C4:EA:62:E9:81:B1:00:3C:53:2E:97:E6:44:5B:4B:88:5A:6E:8C
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       0191FA218E6E7B90DBAEB33F0C111C5BF52F
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/68TqYumBsQA8Uy6X5kRbS4habow.roa
Signing time:             Mon 16 Sep 2024 09:19:48 +0000
ROA not before:           Mon 16 Sep 2024 09:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210546
IP address blocks:        178.250.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fa:21:8e:6e:7b:90:db:ae:b3:3f:0c:11:1c:5b:f5:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Sep 16 09:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebc4ea62e981b1003c532e97e6445b4b885a6e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:2f:18:e2:ae:27:54:4b:51:8e:64:51:23:25:
                    d8:3a:d5:da:ee:fb:c8:61:5c:6c:2f:6c:cc:91:aa:
                    a3:e4:a9:be:89:a5:9c:7b:0f:4a:63:03:bf:b2:d7:
                    a3:e8:44:c5:67:c1:40:06:4a:31:34:c2:fe:41:f8:
                    60:0a:72:ad:eb:25:13:97:fa:f7:0b:34:e6:43:71:
                    54:67:d1:5e:36:bc:1b:b7:f0:ec:88:ed:03:81:48:
                    02:73:c1:36:8d:dd:c5:a2:36:3b:e4:a1:a5:e7:65:
                    ab:8a:69:7f:8a:30:e5:8e:97:63:25:68:9f:b2:e0:
                    8f:44:cb:84:78:50:0b:5c:2f:8a:6c:72:f8:55:5b:
                    c8:d7:9e:31:b0:51:57:d9:ee:f5:f2:00:87:8d:97:
                    41:57:5b:cd:36:76:a9:88:c8:d9:84:65:fd:e0:e5:
                    ab:c6:c8:4a:69:3a:a3:cf:63:72:a7:18:23:6f:1a:
                    bf:45:36:c8:c4:85:c0:a8:6f:25:1b:7a:97:31:ec:
                    79:f0:66:6c:28:65:f8:04:60:7a:ef:5e:4c:b8:20:
                    f5:c7:fc:fb:63:e9:0f:58:5b:80:a4:1b:18:f5:3a:
                    4b:f6:d8:f2:f8:52:e6:45:70:d2:86:fb:b8:be:bc:
                    54:66:08:bf:f5:99:27:79:62:de:b0:39:f4:2e:8f:
                    2c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C4:EA:62:E9:81:B1:00:3C:53:2E:97:E6:44:5B:4B:88:5A:6E:8C
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/68TqYumBsQA8Uy6X5kRbS4habow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:16:96:65:08:72:8e:6a:1b:ea:0c:57:df:34:95:c2:a2:27:
         2a:16:13:b9:cf:a8:b7:05:84:9d:1e:1a:eb:f5:4f:b3:d5:b2:
         05:64:7f:c8:27:a3:d5:46:d3:3a:b3:a6:03:c5:6f:98:6f:ab:
         5f:6d:dc:b3:1b:a6:e7:9b:f7:33:c2:c7:a6:83:34:25:5a:31:
         96:63:7d:02:c6:81:f5:d3:60:8a:12:f3:9a:33:ee:ba:b1:9a:
         2c:f8:af:a6:dd:88:8e:59:c1:54:25:56:04:43:5a:aa:37:fb:
         45:a6:52:73:7a:c1:ee:35:62:34:ad:cb:6c:28:cf:2b:cb:ac:
         c3:c3:d2:3f:6c:f9:be:75:84:94:bb:8a:2c:2f:0f:be:53:12:
         3f:0a:8f:95:82:f3:cd:a0:23:1c:bf:8e:5e:7e:80:42:a7:0d:
         02:15:ee:60:1c:04:8d:e1:4f:55:72:69:4d:a3:a8:5a:14:39:
         b0:69:ce:a7:3d:c1:64:58:03:51:38:59:66:d9:41:05:06:9b:
         e6:5b:e3:69:7f:56:44:75:d8:2a:7e:fd:75:42:04:60:77:36:
         9d:ff:65:54:66:54:71:4a:ca:63:cf:d0:40:70:74:fa:fd:cf:
         e5:2b:e3:d0:cc:17:cb:c8:3e:b6:23:73:59:c8:1d:cd:df:b2:
         5e:ec:c5:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH6IY5ue5DbrrM/DBEcW/UvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwOTE2MDkxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM0ZWE2MmU5ODFiMTAwM2M1MzJlOTdlNjQ0NWI0Yjg4NWE2ZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwy8Y4q4nVEtRjmRRIyXYOtXa7vvI
YVxsL2zMkaqj5Km+iaWcew9KYwO/stej6ETFZ8FABkoxNML+QfhgCnKt6yUTl/r3
CzTmQ3FUZ9FeNrwbt/DsiO0DgUgCc8E2jd3FojY75KGl52Wriml/ijDljpdjJWif
suCPRMuEeFALXC+KbHL4VVvI154xsFFX2e718gCHjZdBV1vNNnapiMjZhGX94OWr
xshKaTqjz2Nypxgjbxq/RTbIxIXAqG8lG3qXMex58GZsKGX4BGB6715MuCD1x/z7
Y+kPWFuApBsY9TpL9tjy+FLmRXDShvu4vrxUZgi/9ZkneWLesDn0Lo8s+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvE6mLpgbEAPFMul+ZEW0uIWm6MMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvNjhUcVl1bUJzUUE4VXk2WDVrUmJTNGhhYm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvq6MA0G
CSqGSIb3DQEBCwUAA4IBAQANFpZlCHKOahvqDFffNJXCoicqFhO5z6i3BYSdHhrr
9U+z1bIFZH/IJ6PVRtM6s6YDxW+Yb6tfbdyzG6bnm/czwsemgzQlWjGWY30CxoH1
02CKEvOaM+66sZos+K+m3YiOWcFUJVYEQ1qqN/tFplJzesHuNWI0rctsKM8ry6zD
w9I/bPm+dYSUu4osLw++UxI/Co+VgvPNoCMcv45efoBCpw0CFe5gHASN4U9VcmlN
o6haFDmwac6nPcFkWANROFlm2UEFBpvmW+Npf1ZEddgqfv11QgRgdzad/2VUZlRx
Sspjz9BAcHT6/c/lK+PQzBfLyD62I3NZyB3N37Je7MXF
-----END CERTIFICATE-----