Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/qGhr6imBDGgujLXBWS0DEYFPzJc.roa
File:                     qGhr6imBDGgujLXBWS0DEYFPzJc.roa (raw, json)
Hash identifier:          5YtHZEQ4HdQrSJb2I3o65jo+fHhfbV2A2EukdInfLlo=
Subject key identifier:   A8:68:6B:EA:29:81:0C:68:2E:8C:B5:C1:59:2D:03:11:81:4F:CC:97
Certificate issuer:       /CN=6278a768c910badcd5c4aef7c172a9f061547e8c
Certificate serial:       0194236A413B815F259F205C4E49E1F87B9E
Authority key identifier: 62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/qGhr6imBDGgujLXBWS0DEYFPzJc.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50693
IP address blocks:        178.20.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:41:3b:81:5f:25:9f:20:5c:4e:49:e1:f8:7b:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6278a768c910badcd5c4aef7c172a9f061547e8c
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8686bea29810c682e8cb5c1592d0311814fcc97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:48:4f:04:59:bd:51:ca:16:c0:3c:e2:7a:64:
                    f4:0e:2d:c2:b4:bf:fa:bc:c5:ef:ee:2c:4f:40:89:
                    25:71:9f:73:df:e1:e8:5d:51:4e:be:98:24:50:d7:
                    41:67:54:77:2d:e5:78:4e:df:d9:bb:15:de:9c:27:
                    37:69:5a:b4:51:a1:e3:f7:25:0b:d8:1d:bd:1e:0d:
                    fe:bd:d3:7d:18:15:e1:3c:d4:70:4e:33:85:9f:cd:
                    fc:20:4b:c9:b8:9a:cc:6a:f2:73:79:52:79:94:60:
                    e1:e3:fb:99:3c:9f:8b:1e:c8:04:c7:e3:3e:36:e0:
                    e6:0f:d1:4d:07:ee:76:48:d6:df:1c:7b:99:a5:57:
                    11:49:5e:38:67:f6:88:31:cc:1d:67:24:9f:e7:63:
                    55:7d:81:c5:8d:41:e2:e7:63:60:71:90:45:f0:c2:
                    ae:26:43:c0:72:37:f0:b0:a1:da:ef:9e:df:60:24:
                    7c:d9:12:c5:4d:29:63:4d:9d:42:7d:04:fd:b1:3f:
                    f6:6e:19:1d:5c:30:8d:f4:aa:be:6b:b3:d9:f7:5c:
                    96:aa:70:01:57:68:d1:d7:a0:fd:e9:99:25:8a:5b:
                    13:87:fc:69:2c:86:cf:f1:27:2a:72:48:9b:7d:59:
                    7e:53:bc:37:db:63:c0:95:ab:ae:5b:99:9c:f0:92:
                    b5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:68:6B:EA:29:81:0C:68:2E:8C:B5:C1:59:2D:03:11:81:4F:CC:97
            X509v3 Authority Key Identifier:
                keyid:62:78:A7:68:C9:10:BA:DC:D5:C4:AE:F7:C1:72:A9:F0:61:54:7E:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YninaMkQutzVxK73wXKp8GFUfow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/qGhr6imBDGgujLXBWS0DEYFPzJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/42dfc0-a764-4d5d-a634-3454f490fd96/1/YninaMkQutzVxK73wXKp8GFUfow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:24:6d:cb:c6:ca:59:66:c3:c9:d7:62:06:89:9a:59:29:c8:
         16:49:50:2a:b3:1e:3f:02:6a:8f:97:da:40:ab:c1:41:45:f2:
         cd:cd:39:0b:7f:3b:7b:26:6a:b3:0c:83:80:bc:95:6e:9d:d4:
         35:c6:29:d2:c4:72:1e:d0:a0:02:5f:80:14:1f:98:87:a3:89:
         69:f5:69:0d:91:fb:7e:98:33:10:32:e3:f7:ff:2b:57:99:15:
         fd:1d:99:2a:0c:a7:f7:6b:0e:c6:c6:14:40:4e:0b:c2:4d:f4:
         83:06:96:0d:c2:a6:28:2c:74:f1:5a:55:66:eb:9c:9c:df:cc:
         8b:64:05:06:32:18:54:09:f0:b7:60:c5:51:31:d5:94:3b:ee:
         c6:63:73:2a:56:9f:bc:ba:a2:51:9b:d6:bf:65:ce:2b:92:a6:
         49:c6:e7:eb:81:f7:38:88:72:d5:cd:a7:96:a5:99:00:fb:44:
         0b:b4:72:f2:2f:2a:ae:ee:4c:cc:56:3c:55:b5:e2:14:19:b6:
         b1:aa:d9:58:8c:f6:7f:a6:3a:ff:3b:33:2c:a4:c2:65:f0:a3:
         87:1e:a4:b3:a7:49:f7:fc:0a:e7:12:25:51:bb:26:6c:eb:6d:
         d4:98:b8:5e:d3:7e:e7:80:91:b3:73:13:4f:2b:59:7e:84:88:
         62:87:f4:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakE7gV8lnyBcTknh+HueMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNzhhNzY4YzkxMGJhZGNkNWM0YWVmN2MxNzJhOWYwNjE1
NDdlOGMwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODY4NmJlYTI5ODEwYzY4MmU4Y2I1YzE1OTJkMDMxMTgxNGZjYzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0hPBFm9UcoWwDziemT0Di3CtL/6
vMXv7ixPQIklcZ9z3+HoXVFOvpgkUNdBZ1R3LeV4Tt/ZuxXenCc3aVq0UaHj9yUL
2B29Hg3+vdN9GBXhPNRwTjOFn838IEvJuJrMavJzeVJ5lGDh4/uZPJ+LHsgEx+M+
NuDmD9FNB+52SNbfHHuZpVcRSV44Z/aIMcwdZySf52NVfYHFjUHi52NgcZBF8MKu
JkPAcjfwsKHa757fYCR82RLFTSljTZ1CfQT9sT/2bhkdXDCN9Kq+a7PZ91yWqnAB
V2jR16D96ZklilsTh/xpLIbP8ScqckibfVl+U7w322PAlauuW5mc8JK1fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhoa+opgQxoLoy1wVktAxGBT8yXMB8GA1UdIwQY
MBaAFGJ4p2jJELrc1cSu98FyqfBhVH6MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQt
MzQ1NGY0OTBmZDk2LzEvcUdocjZpbUJER2d1akxYQldTMERFWUZQekpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi80MmRmYzAtYTc2NC00ZDVkLWE2MzQtMzQ1NGY0OTBmZDk2
LzEvWW5pbmFNa1F1dHpWeEs3M3dYS3A4R0ZVZm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTPMA0G
CSqGSIb3DQEBCwUAA4IBAQBzJG3LxspZZsPJ12IGiZpZKcgWSVAqsx4/AmqPl9pA
q8FBRfLNzTkLfzt7JmqzDIOAvJVundQ1xinSxHIe0KACX4AUH5iHo4lp9WkNkft+
mDMQMuP3/ytXmRX9HZkqDKf3aw7GxhRATgvCTfSDBpYNwqYoLHTxWlVm65yc38yL
ZAUGMhhUCfC3YMVRMdWUO+7GY3MqVp+8uqJRm9a/Zc4rkqZJxufrgfc4iHLVzaeW
pZkA+0QLtHLyLyqu7kzMVjxVteIUGbaxqtlYjPZ/pjr/OzMspMJl8KOHHqSzp0n3
/ArnEiVRuyZs623UmLhe037ngJGzcxNPK1l+hIhih/Rg
-----END CERTIFICATE-----