Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/fKOyqbm-T9wYBANDUaPmB2msTZc.roa
File:                     fKOyqbm-T9wYBANDUaPmB2msTZc.roa (raw, json)
Hash identifier:          Yz6pfCZCRpDcm32qIgzR/D1F8qAHAu98gQqoa8Cm7DQ=
Subject key identifier:   7C:A3:B2:A9:B9:BE:4F:DC:18:04:03:43:51:A3:E6:07:69:AC:4D:97
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       0191FA218ED4549777206FF259D73404550A
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/fKOyqbm-T9wYBANDUaPmB2msTZc.roa
Signing time:             Mon 16 Sep 2024 09:19:48 +0000
ROA not before:           Mon 16 Sep 2024 09:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214379
IP address blocks:        178.250.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fa:21:8e:d4:54:97:77:20:6f:f2:59:d7:34:04:55:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Sep 16 09:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ca3b2a9b9be4fdc1804034351a3e60769ac4d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:9b:85:40:98:81:14:58:38:9a:ab:90:a6:3e:
                    a5:ca:bd:9a:98:d6:7a:68:db:f2:83:07:c8:21:db:
                    98:73:5a:3e:cb:cb:48:04:2a:1c:49:e9:30:16:ac:
                    b2:30:2d:22:ab:d4:1b:89:78:c6:b4:41:62:27:42:
                    39:7a:b1:51:01:78:ee:01:a3:3f:5f:34:93:e8:b4:
                    bb:9c:66:8d:fd:a6:98:81:ad:62:08:15:4e:51:19:
                    45:70:d7:4e:84:37:4f:91:0f:ff:cf:12:e2:18:91:
                    1f:ae:c6:0c:9f:e4:1b:a3:5f:0a:4a:f9:5a:4a:8f:
                    aa:35:65:ce:ac:9b:9c:99:1d:2c:5b:29:ea:12:a6:
                    d2:9c:88:bd:b3:e3:41:3f:73:0e:6c:e2:0a:72:1c:
                    b5:42:d4:c3:97:33:c7:9a:ef:17:2f:0b:92:50:65:
                    d8:1f:2d:de:3d:19:00:0b:cd:2b:8f:d0:bb:47:3d:
                    ba:c4:96:ce:78:df:53:18:95:b3:10:81:59:45:71:
                    d5:c8:e2:d6:51:a4:eb:a0:83:91:c3:ee:d1:92:22:
                    1d:1f:0f:70:fb:dd:66:94:4a:2c:85:02:68:d9:d2:
                    54:7a:ae:00:8a:41:c7:9e:a4:db:5b:1a:92:80:6b:
                    3b:71:98:d7:81:88:52:a6:b6:e5:8b:b7:b1:5f:a0:
                    6b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A3:B2:A9:B9:BE:4F:DC:18:04:03:43:51:A3:E6:07:69:AC:4D:97
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/fKOyqbm-T9wYBANDUaPmB2msTZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:9d:86:b2:a7:42:09:d1:a8:31:36:46:0d:8f:90:b4:49:d8:
         28:e9:90:13:51:da:a4:97:79:b0:7d:40:e1:45:4c:9d:a7:69:
         57:5e:30:62:5b:b0:7b:78:06:68:db:94:a7:0d:30:8e:8c:29:
         ef:fe:34:ee:2c:ea:a2:94:35:d1:fc:c5:34:10:27:5d:66:0b:
         5d:49:35:7c:4f:a6:0f:63:f5:4c:0d:91:24:98:78:2e:1c:97:
         40:48:7d:61:b7:38:07:6c:9e:a7:a6:75:62:8e:25:61:75:be:
         19:2a:d5:9b:38:65:f8:3d:f5:58:9a:a4:6b:f5:eb:7f:54:38:
         e2:40:f8:2f:1b:9f:5f:e6:7f:7c:e1:9b:02:7c:f9:e4:e9:a0:
         37:8b:37:31:c6:3a:6e:1d:be:fb:83:6d:45:4e:ac:69:94:4e:
         28:f3:fe:41:d1:ae:b4:cf:ad:13:18:33:a7:8f:9c:a5:15:77:
         c4:92:aa:18:46:5c:ce:0d:1f:50:ae:a8:cd:d6:5d:04:b4:57:
         5e:b7:1e:77:93:c4:98:63:ad:87:e7:16:d6:04:df:03:be:e0:
         b5:ae:d1:17:0e:30:61:ce:66:84:cb:8b:eb:c0:d6:14:79:e1:
         f3:b3:04:75:f8:00:8b:f3:67:dd:2c:13:e0:b9:81:f3:45:da:
         b0:18:8c:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH6IY7UVJd3IG/yWdc0BFUKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwOTE2MDkxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2EzYjJhOWI5YmU0ZmRjMTgwNDAzNDM1MWEzZTYwNzY5YWM0ZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1puFQJiBFFg4mquQpj6lyr2amNZ6
aNvygwfIIduYc1o+y8tIBCocSekwFqyyMC0iq9QbiXjGtEFiJ0I5erFRAXjuAaM/
XzST6LS7nGaN/aaYga1iCBVOURlFcNdOhDdPkQ//zxLiGJEfrsYMn+Qbo18KSvla
So+qNWXOrJucmR0sWynqEqbSnIi9s+NBP3MObOIKchy1QtTDlzPHmu8XLwuSUGXY
Hy3ePRkAC80rj9C7Rz26xJbOeN9TGJWzEIFZRXHVyOLWUaTroIORw+7RkiIdHw9w
+91mlEoshQJo2dJUeq4AikHHnqTbWxqSgGs7cZjXgYhSprbli7exX6BrwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyjsqm5vk/cGAQDQ1Gj5gdprE2XMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvZktPeXFibS1UOXdZQkFORFVhUG1CMm1zVFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvq9MA0G
CSqGSIb3DQEBCwUAA4IBAQAYnYayp0IJ0agxNkYNj5C0Sdgo6ZATUdqkl3mwfUDh
RUydp2lXXjBiW7B7eAZo25SnDTCOjCnv/jTuLOqilDXR/MU0ECddZgtdSTV8T6YP
Y/VMDZEkmHguHJdASH1htzgHbJ6npnVijiVhdb4ZKtWbOGX4PfVYmqRr9et/VDji
QPgvG59f5n984ZsCfPnk6aA3izcxxjpuHb77g21FTqxplE4o8/5B0a60z60TGDOn
j5ylFXfEkqoYRlzODR9QrqjN1l0EtFdetx53k8SYY62H5xbWBN8DvuC1rtEXDjBh
zmaEy4vrwNYUeeHzswR1+ACL82fdLBPguYHzRdqwGIxd
-----END CERTIFICATE-----