Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/gOhU81vXwMtIy2Cn944qwBLQDsI.roa
File:                     gOhU81vXwMtIy2Cn944qwBLQDsI.roa (raw, json)
Hash identifier:          3XsQOGjwY63cp9h38kqCpBmkzHTGbu9emOkVBJS3B4k=
Subject key identifier:   80:E8:54:F3:5B:D7:C0:CB:48:CB:60:A7:F7:8E:2A:C0:12:D0:0E:C2
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       018FDD78BA42A80A4302DFA0237B9A4F7AC2
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/gOhU81vXwMtIy2Cn944qwBLQDsI.roa
Signing time:             Mon 03 Jun 2024 09:40:27 +0000
ROA not before:           Mon 03 Jun 2024 09:40:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        213.178.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:78:ba:42:a8:0a:43:02:df:a0:23:7b:9a:4f:7a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Jun  3 09:40:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80e854f35bd7c0cb48cb60a7f78e2ac012d00ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:42:13:5a:9b:52:8f:5b:1e:99:3f:a0:88:88:
                    84:fb:84:9d:7d:df:89:0e:e1:7e:f8:9f:9d:35:61:
                    b9:0b:a5:4c:6c:14:c3:4a:be:28:87:00:b1:d6:8a:
                    8a:95:51:69:a4:d7:f3:8c:8b:2c:7a:b0:c7:f3:2e:
                    71:f3:9c:0f:80:ce:02:b8:82:5a:9c:d2:ff:02:8a:
                    55:5d:00:1f:6e:99:68:db:99:ba:c4:1a:c1:30:fc:
                    be:7f:fc:f0:b0:e0:91:d3:88:d9:ec:a3:ec:09:69:
                    a4:25:a6:fa:e9:af:6c:de:6d:14:a5:cb:54:f3:86:
                    6b:e5:2d:4b:4e:09:8d:e6:77:04:1d:f4:71:c4:31:
                    91:90:b5:75:52:26:ae:db:00:40:24:3e:52:94:90:
                    b4:82:8e:10:3a:a4:e6:f5:0f:0c:35:d2:de:f3:9c:
                    4e:ea:74:fe:99:41:87:48:96:51:64:fd:bc:1a:1f:
                    b9:e5:e1:b0:ea:d9:69:c2:25:86:f9:ff:70:58:0e:
                    9a:29:83:99:7b:b1:ef:c3:57:e8:09:12:cf:db:87:
                    62:81:d2:8c:0f:2b:dc:33:81:2d:b4:f6:c6:58:3e:
                    e6:32:d1:1f:52:fc:4a:b1:b8:6b:93:8f:38:f4:bc:
                    b1:a2:01:04:4e:5e:ae:7a:c7:53:26:6b:6f:60:46:
                    bf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:E8:54:F3:5B:D7:C0:CB:48:CB:60:A7:F7:8E:2A:C0:12:D0:0E:C2
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/gOhU81vXwMtIy2Cn944qwBLQDsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:0b:af:9c:93:96:4d:dc:dc:01:07:27:50:74:74:29:58:9a:
         4f:b5:c3:d3:f8:e7:75:c3:60:a7:cd:50:5f:b4:22:14:2d:b7:
         26:ac:71:d7:07:74:21:06:dd:f8:1b:92:e5:27:82:46:e6:19:
         a2:57:db:62:2c:86:02:d2:e0:30:d7:f8:e0:01:de:b0:81:e6:
         2c:39:b5:9e:1b:14:2b:01:6d:81:b4:4b:84:8a:12:33:75:63:
         48:a5:05:27:af:9e:32:be:54:19:a8:9b:76:16:d1:ed:b8:2a:
         0d:1b:45:b5:ab:5e:f7:fa:61:28:8f:eb:69:2a:15:95:3f:5c:
         57:5a:ca:35:e7:15:f7:7f:a7:05:7a:75:6e:1f:48:47:de:c5:
         15:26:d0:bb:92:4b:92:1f:c1:96:03:90:35:90:f3:cf:c5:f1:
         b7:0d:3e:fb:7b:bf:0a:3d:fa:99:33:dc:81:06:7c:db:96:0d:
         41:c4:c6:68:5b:ac:0d:6e:de:47:39:12:34:c7:55:66:36:1d:
         77:23:c7:f6:04:e9:64:6c:2d:81:b2:3c:f8:54:bb:44:bc:77:
         42:8f:c0:04:71:80:fa:a6:bf:ea:40:c0:ea:8e:24:51:28:6e:
         c9:13:73:ed:89:57:b1:b2:a8:d4:74:45:c7:36:c0:54:6b:01:
         fc:59:73:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/deLpCqApDAt+gI3uaT3rCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjQwNjAzMDk0MDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGU4NTRmMzViZDdjMGNiNDhjYjYwYTdmNzhlMmFjMDEyZDAwZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kITWptSj1semT+giIiE+4Sdfd+J
DuF++J+dNWG5C6VMbBTDSr4ohwCx1oqKlVFppNfzjIsserDH8y5x85wPgM4CuIJa
nNL/AopVXQAfbplo25m6xBrBMPy+f/zwsOCR04jZ7KPsCWmkJab66a9s3m0UpctU
84Zr5S1LTgmN5ncEHfRxxDGRkLV1Uiau2wBAJD5SlJC0go4QOqTm9Q8MNdLe85xO
6nT+mUGHSJZRZP28Gh+55eGw6tlpwiWG+f9wWA6aKYOZe7Hvw1foCRLP24digdKM
DyvcM4EttPbGWD7mMtEfUvxKsbhrk4849LyxogEETl6uesdTJmtvYEa/6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDoVPNb18DLSMtgp/eOKsAS0A7CMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvZ09oVTgxdlh3TXRJeTJDbjk0NHF3QkxRRHNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKPMA0G
CSqGSIb3DQEBCwUAA4IBAQB8C6+ck5ZN3NwBBydQdHQpWJpPtcPT+Od1w2CnzVBf
tCIULbcmrHHXB3QhBt34G5LlJ4JG5hmiV9tiLIYC0uAw1/jgAd6wgeYsObWeGxQr
AW2BtEuEihIzdWNIpQUnr54yvlQZqJt2FtHtuCoNG0W1q173+mEoj+tpKhWVP1xX
Wso15xX3f6cFenVuH0hH3sUVJtC7kkuSH8GWA5A1kPPPxfG3DT77e78KPfqZM9yB
Bnzblg1BxMZoW6wNbt5HORI0x1VmNh13I8f2BOlkbC2Bsjz4VLtEvHdCj8AEcYD6
pr/qQMDqjiRRKG7JE3PtiVexsqjUdEXHNsBUawH8WXMP
-----END CERTIFICATE-----