Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5qavQST-qq7Nrb0KZF_AqdS3KvE.roa
File:                     5qavQST-qq7Nrb0KZF_AqdS3KvE.roa (raw, json)
Hash identifier:          UOS97ABT/r2Nt/HRJwaUVQx65csaD2LA3TSYCWESNXs=
Subject key identifier:   E6:A6:AF:41:24:FE:AA:AE:CD:AD:BD:0A:64:5F:C0:A9:D4:B7:2A:F1
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018EA8113AB2D9A3B0600FE2588C32598D69
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5qavQST-qq7Nrb0KZF_AqdS3KvE.roa
Signing time:             Thu 04 Apr 2024 07:44:45 +0000
ROA not before:           Thu 04 Apr 2024 07:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        178.253.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 10:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a8:11:3a:b2:d9:a3:b0:60:0f:e2:58:8c:32:59:8d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Apr  4 07:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6a6af4124feaaaecdadbd0a645fc0a9d4b72af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:52:67:3e:24:be:1c:4a:81:f3:70:f7:66:90:
                    69:af:5d:d4:e2:ad:9e:72:db:f2:98:12:61:ce:e6:
                    0b:f5:f2:0b:f2:a6:7e:be:dd:c4:fe:a3:a7:fd:c3:
                    85:62:fb:67:e2:ba:74:a5:e8:42:fa:31:c8:d9:93:
                    db:91:bf:dc:a6:aa:95:97:d5:6f:64:fb:86:1d:4f:
                    d5:83:6d:07:c6:11:79:e4:6c:ff:c8:c9:c3:d6:fa:
                    f6:17:c5:2d:64:d6:8b:fc:e2:af:52:5a:ba:19:68:
                    37:24:c7:ea:8b:70:f4:4a:9a:48:9e:4a:7a:a4:31:
                    ff:90:f9:7b:84:d0:be:35:5b:31:4f:f3:07:82:85:
                    0f:f6:f1:98:5c:12:8e:b7:c0:36:ca:29:0d:99:a5:
                    b5:6d:92:e5:8c:4f:aa:df:55:7d:9e:ff:37:6f:ba:
                    d3:c7:4b:15:0f:b3:2c:04:83:fc:de:10:45:5c:4c:
                    54:8f:54:0f:1d:1d:57:d7:73:2c:52:3b:75:23:e3:
                    0a:a8:b5:09:d5:f7:e5:34:51:c2:4d:1d:0a:35:5e:
                    5e:93:f7:35:54:30:ef:41:8e:d9:6a:20:ab:33:c9:
                    7c:79:16:3a:ea:2d:15:e5:9e:23:bf:b1:27:18:63:
                    4f:ed:46:7f:36:f3:8a:fd:a2:2b:df:62:69:c4:4b:
                    4a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:A6:AF:41:24:FE:AA:AE:CD:AD:BD:0A:64:5F:C0:A9:D4:B7:2A:F1
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/5qavQST-qq7Nrb0KZF_AqdS3KvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:1e:88:6c:c2:f5:3a:47:5d:43:19:a6:d7:83:b9:8c:01:6a:
         57:ae:40:83:ba:14:dc:52:98:5e:90:ae:f2:aa:a3:65:ec:a4:
         01:0a:a6:e7:c8:2d:37:28:20:07:b8:9a:f7:a0:dc:96:3b:56:
         80:19:77:46:00:a3:ae:43:01:a2:83:b3:ac:8b:58:28:4d:92:
         0f:af:75:57:dc:c3:ba:5f:64:ef:2e:3c:49:cb:78:33:4c:b2:
         5e:f3:fe:3b:1c:ff:f9:a9:a7:26:c1:6e:d7:22:ad:73:ee:81:
         26:47:b3:ec:59:10:d8:9d:74:24:c7:19:81:a3:89:87:68:f1:
         70:6b:0a:8e:e5:ee:09:a0:d4:03:31:ae:a5:64:1e:d7:70:67:
         72:fa:09:fa:11:77:1e:13:6b:a5:c3:f6:97:a5:71:f8:65:68:
         11:ce:52:6e:ec:3b:da:ce:cb:67:49:46:19:c8:69:32:53:d8:
         eb:70:eb:d4:0d:7c:7c:7f:9f:b7:e0:8c:02:11:fc:50:45:a0:
         8d:80:41:a3:b1:0a:3e:69:20:e7:50:2c:cb:28:b4:03:75:ff:
         b2:ff:43:12:bd:35:60:d1:d6:ec:a3:36:75:0b:26:c3:d1:f0:
         57:ea:b1:a8:c8:c4:25:1b:c0:49:f2:46:c3:70:ac:02:4f:88:
         fb:aa:ed:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6oETqy2aOwYA/iWIwyWY1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwNDA0MDc0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmE2YWY0MTI0ZmVhYWFlY2RhZGJkMGE2NDVmYzBhOWQ0YjcyYWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVJnPiS+HEqB83D3ZpBpr13U4q2e
ctvymBJhzuYL9fIL8qZ+vt3E/qOn/cOFYvtn4rp0pehC+jHI2ZPbkb/cpqqVl9Vv
ZPuGHU/Vg20HxhF55Gz/yMnD1vr2F8UtZNaL/OKvUlq6GWg3JMfqi3D0SppInkp6
pDH/kPl7hNC+NVsxT/MHgoUP9vGYXBKOt8A2yikNmaW1bZLljE+q31V9nv83b7rT
x0sVD7MsBIP83hBFXExUj1QPHR1X13MsUjt1I+MKqLUJ1fflNFHCTR0KNV5ek/c1
VDDvQY7ZaiCrM8l8eRY66i0V5Z4jv7EnGGNP7UZ/NvOK/aIr32JpxEtKVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOamr0Ek/qquza29CmRfwKnUtyrxMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvNXFhdlFTVC1xcTdOcmIwS1pGX0FxZFMzS3ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0QMA0G
CSqGSIb3DQEBCwUAA4IBAQAUHohswvU6R11DGabXg7mMAWpXrkCDuhTcUphekK7y
qqNl7KQBCqbnyC03KCAHuJr3oNyWO1aAGXdGAKOuQwGig7Osi1goTZIPr3VX3MO6
X2TvLjxJy3gzTLJe8/47HP/5qacmwW7XIq1z7oEmR7PsWRDYnXQkxxmBo4mHaPFw
awqO5e4JoNQDMa6lZB7XcGdy+gn6EXceE2ulw/aXpXH4ZWgRzlJu7DvazstnSUYZ
yGkyU9jrcOvUDXx8f5+34IwCEfxQRaCNgEGjsQo+aSDnUCzLKLQDdf+y/0MSvTVg
0dbsozZ1CybD0fBX6rGoyMQlG8BJ8kbDcKwCT4j7qu1M
-----END CERTIFICATE-----