Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/gu5dao22fJp9scPActSQNTp8QK4.roa
File:                     gu5dao22fJp9scPActSQNTp8QK4.roa (raw, json)
Hash identifier:          SFp8Pdfj96YgeaI0ilX+9ls8kY++x5GaLl2llXmCJNc=
Subject key identifier:   82:EE:5D:6A:8D:B6:7C:9A:7D:B1:C3:C0:72:D4:90:35:3A:7C:40:AE
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       019424B3FE4A1130952EB36D1465A40A5385
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/gu5dao22fJp9scPActSQNTp8QK4.roa
Signing time:             Thu 02 Jan 2025 01:49:23 +0000
ROA not before:           Thu 02 Jan 2025 01:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        213.178.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fe:4a:11:30:95:2e:b3:6d:14:65:a4:0a:53:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Jan  2 01:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82ee5d6a8db67c9a7db1c3c072d490353a7c40ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4e:d6:06:5c:42:f1:c7:9d:cf:9f:f4:2f:48:
                    ae:c1:45:59:bb:33:f6:0d:e7:75:01:1d:52:4c:8c:
                    ec:eb:c6:b5:8d:ea:32:f2:0a:9b:cd:b9:51:bf:70:
                    b3:1e:65:ed:1c:2f:69:84:82:51:14:f2:8a:f7:7f:
                    f8:c7:3b:78:1e:fb:b9:19:23:09:46:82:8d:a9:b4:
                    04:b8:60:f8:cf:96:9c:3e:74:a2:bd:b8:da:4c:a6:
                    f2:67:b2:5f:97:ca:88:af:23:17:da:9e:5c:a7:c4:
                    14:e9:b1:84:db:cc:25:c3:73:40:77:d0:2b:2f:14:
                    b6:23:f3:cb:e2:14:14:6c:b3:fe:11:8b:1a:a8:2e:
                    2f:36:5c:81:93:8d:c7:28:d5:b0:51:ee:3a:f7:02:
                    a6:23:a1:17:53:63:9c:f5:7e:34:9d:9a:0f:2c:a8:
                    b9:35:a4:04:73:5c:2b:04:e6:a4:e9:6d:d9:f1:7d:
                    56:c3:5b:65:2d:2d:e9:e1:d8:57:31:4b:cc:2a:84:
                    91:08:06:3b:f8:60:1a:38:ed:b8:d0:e9:4e:45:03:
                    7b:ce:8a:40:fb:84:1a:84:cc:c6:35:02:d0:50:1d:
                    86:32:9e:f0:39:57:bc:b1:60:2c:2b:d9:b0:54:31:
                    62:42:6b:59:5c:37:f9:69:d6:fa:07:e1:9d:45:38:
                    e9:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:EE:5D:6A:8D:B6:7C:9A:7D:B1:C3:C0:72:D4:90:35:3A:7C:40:AE
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/gu5dao22fJp9scPActSQNTp8QK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:62:73:eb:5a:02:62:87:4d:48:23:93:e3:c3:52:dc:78:22:
         43:2a:b5:32:8c:25:a9:7d:5b:81:5d:64:52:db:1f:13:36:05:
         fe:41:b1:d0:bd:66:2f:d6:bc:5f:c2:67:1d:c3:26:8b:9e:39:
         af:48:bd:1c:e8:e3:08:7a:6b:2d:19:46:72:4b:ea:d6:8f:38:
         46:aa:9b:db:dc:25:f2:ad:20:6b:2a:0d:a6:25:2b:75:46:d6:
         9f:ef:13:67:9c:69:d6:13:f5:b0:04:3c:42:9a:c4:64:3f:a7:
         3f:ee:5b:db:27:03:19:d3:a8:61:87:26:80:89:57:7e:19:dd:
         5b:9c:0b:0b:a2:0d:5b:ee:01:9c:70:60:ec:14:7b:8c:87:06:
         90:99:36:c0:04:e3:cd:a8:57:cf:52:1c:27:55:de:18:61:06:
         b5:30:7b:df:75:54:89:ae:64:2d:88:96:da:ef:e4:88:3d:63:
         93:56:e5:db:e2:ca:e1:89:c5:88:61:ad:23:1b:9c:3b:14:ec:
         67:80:b8:fd:f5:9e:87:e4:c2:9f:4c:41:ee:f2:dc:e0:b6:d8:
         8f:db:56:71:f8:d4:73:11:71:f1:51:ee:14:06:e1:53:df:7b:
         f0:6f:d3:ff:bb:39:31:e9:44:49:20:49:78:52:bb:a7:da:7d:
         5a:12:22:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/5KETCVLrNtFGWkClOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjUwMTAyMDE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmVlNWQ2YThkYjY3YzlhN2RiMWMzYzA3MmQ0OTAzNTNhN2M0MGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E7WBlxC8cedz5/0L0iuwUVZuzP2
Ded1AR1STIzs68a1jeoy8gqbzblRv3CzHmXtHC9phIJRFPKK93/4xzt4Hvu5GSMJ
RoKNqbQEuGD4z5acPnSivbjaTKbyZ7Jfl8qIryMX2p5cp8QU6bGE28wlw3NAd9Ar
LxS2I/PL4hQUbLP+EYsaqC4vNlyBk43HKNWwUe469wKmI6EXU2Oc9X40nZoPLKi5
NaQEc1wrBOak6W3Z8X1Ww1tlLS3p4dhXMUvMKoSRCAY7+GAaOO240OlORQN7zopA
+4QahMzGNQLQUB2GMp7wOVe8sWAsK9mwVDFiQmtZXDf5adb6B+GdRTjpPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILuXWqNtnyafbHDwHLUkDU6fECuMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvZ3U1ZGFvMjJmSnA5c2NQQWN0U1FOVHA4UUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKPMA0G
CSqGSIb3DQEBCwUAA4IBAQA2YnPrWgJih01II5Pjw1LceCJDKrUyjCWpfVuBXWRS
2x8TNgX+QbHQvWYv1rxfwmcdwyaLnjmvSL0c6OMIemstGUZyS+rWjzhGqpvb3CXy
rSBrKg2mJSt1Rtaf7xNnnGnWE/WwBDxCmsRkP6c/7lvbJwMZ06hhhyaAiVd+Gd1b
nAsLog1b7gGccGDsFHuMhwaQmTbABOPNqFfPUhwnVd4YYQa1MHvfdVSJrmQtiJba
7+SIPWOTVuXb4srhicWIYa0jG5w7FOxngLj99Z6H5MKfTEHu8tzgttiP21Zx+NRz
EXHxUe4UBuFT33vwb9P/uzkx6URJIEl4Urun2n1aEiKg
-----END CERTIFICATE-----