Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/dWCd9xZ4pgYHb0QxytLkjaNqXB4.roa
File:                     dWCd9xZ4pgYHb0QxytLkjaNqXB4.roa (raw, json)
Hash identifier:          RjB7M3Ovr5U2anyjdnuMqDmg6+o3qc+5fweD4mo/MiI=
Subject key identifier:   75:60:9D:F7:16:78:A6:06:07:6F:44:31:CA:D2:E4:8D:A3:6A:5C:1E
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       018CC802227992E28A5E1AE21075FFB10D71
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/dWCd9xZ4pgYHb0QxytLkjaNqXB4.roa
Signing time:             Tue 02 Jan 2024 02:30:32 +0000
ROA not before:           Tue 02 Jan 2024 02:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210546
IP address blocks:        178.250.189.0/24 maxlen: 24
                          178.250.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 17:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:22:79:92:e2:8a:5e:1a:e2:10:75:ff:b1:0d:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 02:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75609df71678a606076f4431cad2e48da36a5c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d9:71:1b:49:53:a8:45:01:ac:c6:0d:4a:5c:
                    78:5e:77:50:34:5b:76:cc:e7:cc:99:2e:dd:77:40:
                    ef:31:86:1b:c5:1b:74:c3:41:5a:36:70:56:2e:bf:
                    c9:c1:60:b8:a1:85:8f:8f:08:73:54:f8:56:77:e6:
                    45:6b:ed:f5:1d:e8:20:36:1a:de:14:e9:1c:95:f1:
                    e9:80:f3:92:c9:fc:cd:3a:96:c3:af:6e:78:03:69:
                    84:fb:f2:6c:8e:b0:66:55:04:b2:35:da:f2:3a:e9:
                    05:15:17:d2:f8:aa:e0:8a:64:79:1a:63:3c:c4:1d:
                    97:5a:31:1a:1a:32:8f:9d:85:e6:9e:3c:86:10:29:
                    41:a6:23:f9:f5:d9:8e:32:d2:bf:96:8c:ac:28:af:
                    87:7b:46:27:f5:2d:3a:32:97:49:11:3d:1f:bf:15:
                    88:a6:c9:f3:54:40:96:9d:82:dd:d9:d4:03:34:5c:
                    46:29:92:3f:2f:ee:cf:1c:7c:f5:ab:a3:77:03:4a:
                    77:5e:c1:36:7b:46:ac:9c:4d:15:6e:6a:c6:c2:cd:
                    9d:98:5a:d4:15:ea:d0:1a:7d:d3:a9:fc:a8:a8:34:
                    14:2c:e0:7b:eb:85:98:df:24:b5:71:db:dc:43:6f:
                    c2:49:e7:55:61:11:23:ed:0d:9a:f2:5b:d4:67:9f:
                    8d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:60:9D:F7:16:78:A6:06:07:6F:44:31:CA:D2:E4:8D:A3:6A:5C:1E
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/dWCd9xZ4pgYHb0QxytLkjaNqXB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.186.0/24
                  178.250.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:54:24:04:18:14:ad:6f:27:d2:de:ea:72:ae:02:1a:03:ac:
         45:14:dd:c4:9f:3d:49:cc:56:a0:ea:6b:72:90:c6:a5:48:09:
         f7:5a:b2:2f:8e:29:3e:39:15:19:e3:71:6d:e1:67:66:31:40:
         7d:78:a1:7a:6f:8c:35:3c:f9:8f:79:c9:43:20:86:5d:fd:3f:
         44:03:b6:51:00:be:67:24:b3:94:f6:dc:e1:4e:a9:5f:b6:af:
         e6:41:33:ba:58:aa:9c:50:60:f3:f3:cb:04:96:5f:ed:09:dd:
         16:54:b4:ea:29:23:e8:58:1d:5e:de:52:2f:f5:bf:11:3c:4d:
         9a:2b:db:4b:53:d2:6a:79:18:93:92:1b:49:2c:59:9b:e5:d0:
         7e:19:f1:b9:86:4a:1a:56:bd:37:bd:89:79:0e:29:1f:0c:5c:
         f8:93:f3:4b:97:d1:0f:e9:1e:3e:6e:4a:14:3c:f0:21:25:92:
         77:97:80:39:80:91:22:40:4f:20:d2:7c:62:b6:6e:34:34:b0:
         68:cc:d4:eb:55:5c:12:f3:c5:a5:eb:1c:01:7b:07:1b:5f:46:
         36:fe:5b:9a:0c:74:2a:79:72:e6:52:7f:0a:a5:6f:73:11:5a:
         af:54:f5:7d:e9:2d:74:c2:cf:ed:77:7b:91:58:87:00:0b:41:
         c0:73:6b:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAiJ5kuKKXhriEHX/sQ1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwMTAyMDIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTYwOWRmNzE2NzhhNjA2MDc2ZjQ0MzFjYWQyZTQ4ZGEzNmE1YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9lxG0lTqEUBrMYNSlx4XndQNFt2
zOfMmS7dd0DvMYYbxRt0w0FaNnBWLr/JwWC4oYWPjwhzVPhWd+ZFa+31HeggNhre
FOkclfHpgPOSyfzNOpbDr254A2mE+/JsjrBmVQSyNdryOukFFRfS+KrgimR5GmM8
xB2XWjEaGjKPnYXmnjyGEClBpiP59dmOMtK/loysKK+He0Yn9S06MpdJET0fvxWI
psnzVECWnYLd2dQDNFxGKZI/L+7PHHz1q6N3A0p3XsE2e0asnE0VbmrGws2dmFrU
FerQGn3TqfyoqDQULOB764WY3yS1cdvcQ2/CSedVYREj7Q2a8lvUZ5+N0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHVgnfcWeKYGB29EMcrS5I2jalweMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvZFdDZDl4WjRwZ1lIYjBReHl0TGtqYU5xWEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsvq6AwQA
svq9MA0GCSqGSIb3DQEBCwUAA4IBAQB1VCQEGBStbyfS3upyrgIaA6xFFN3Enz1J
zFag6mtykMalSAn3WrIvjik+ORUZ43Ft4WdmMUB9eKF6b4w1PPmPeclDIIZd/T9E
A7ZRAL5nJLOU9tzhTqlftq/mQTO6WKqcUGDz88sEll/tCd0WVLTqKSPoWB1e3lIv
9b8RPE2aK9tLU9JqeRiTkhtJLFmb5dB+GfG5hkoaVr03vYl5DikfDFz4k/NLl9EP
6R4+bkoUPPAhJZJ3l4A5gJEiQE8g0nxitm40NLBozNTrVVwS88Wl6xwBewcbX0Y2
/luaDHQqeXLmUn8KpW9zEVqvVPV96S10ws/td3uRWIcAC0HAc2sK
-----END CERTIFICATE-----