Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/pHk3bXeFJ6vf0i8riIe1WcLoY4E.roa
File:                     pHk3bXeFJ6vf0i8riIe1WcLoY4E.roa (raw, json)
Hash identifier:          PF8bcaYaROdjW3oGzFqTckOkmccdrfUyv6oLH/vPDdw=
Subject key identifier:   A4:79:37:6D:77:85:27:AB:DF:D2:2F:2B:88:87:B5:59:C2:E8:63:81
Certificate issuer:       /CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
Certificate serial:       018FDD78B9E1C9E284E651841D5CAE9C40E3
Authority key identifier: 75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/pHk3bXeFJ6vf0i8riIe1WcLoY4E.roa
Signing time:             Mon 03 Jun 2024 09:40:27 +0000
ROA not before:           Mon 03 Jun 2024 09:40:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        213.178.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:78:b9:e1:c9:e2:84:e6:51:84:1d:5c:ae:9c:40:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7554ac4c7f451c5bb9382fbcd46d70c4c0f9de56
        Validity
            Not Before: Jun  3 09:40:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a479376d778527abdfd22f2b8887b559c2e86381
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0b:71:82:6e:e0:22:2a:78:ea:28:ff:f2:86:
                    63:71:e9:bb:24:4e:87:87:59:d3:d9:55:53:f1:56:
                    55:93:fa:1f:ee:9c:60:41:ef:64:6e:a7:54:46:67:
                    ec:2c:57:db:97:be:39:8a:d6:3a:6b:b6:17:fd:85:
                    19:ef:c3:c4:2b:83:9b:22:58:4f:97:9d:11:e7:59:
                    d4:79:75:d4:3b:70:ff:ca:fc:79:b5:35:18:96:68:
                    14:2b:3f:73:c5:81:48:75:63:6c:e6:5c:59:94:38:
                    03:e8:61:e8:8f:76:16:e3:92:df:99:05:63:94:89:
                    b7:90:5d:6c:75:c8:e6:53:f5:36:ba:86:60:3d:d4:
                    3b:a6:bc:ad:05:bc:3d:b6:ed:35:64:72:10:db:98:
                    55:69:60:c8:86:07:39:86:cf:25:b9:15:23:20:5e:
                    0b:c7:20:d6:93:8f:0b:7e:38:14:d7:d6:4f:7e:08:
                    cc:0b:33:6d:fd:45:27:23:98:5e:df:67:02:23:4b:
                    39:bb:5d:a2:5c:9c:74:65:4b:12:6b:42:cb:fc:47:
                    a6:b5:cc:96:87:fa:45:99:72:e4:04:75:be:9a:8a:
                    41:a1:39:55:66:1e:e7:3f:25:61:c7:75:c9:fa:6b:
                    26:05:42:db:77:52:08:cb:6a:c1:3b:2f:ae:2d:2f:
                    46:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:79:37:6D:77:85:27:AB:DF:D2:2F:2B:88:87:B5:59:C2:E8:63:81
            X509v3 Authority Key Identifier:
                keyid:75:54:AC:4C:7F:45:1C:5B:B9:38:2F:BC:D4:6D:70:C4:C0:F9:DE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dVSsTH9FHFu5OC-81G1wxMD53lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/pHk3bXeFJ6vf0i8riIe1WcLoY4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/87a00a-b6f6-4721-a828-d9337db39d1f/1/dVSsTH9FHFu5OC-81G1wxMD53lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:96:8c:8c:16:dc:15:93:f8:df:cc:dc:3c:99:f4:35:5f:de:
         e7:e3:fb:7e:1d:7a:36:d0:aa:53:b7:5f:ee:f1:7e:dc:6c:e3:
         1b:a9:e4:a7:b0:4a:9b:51:91:0d:4b:ae:6c:bc:ea:a9:a9:63:
         c8:97:5d:e5:88:0b:3d:86:ed:a5:33:4e:bb:7f:66:fc:c8:c7:
         37:f5:36:c2:8d:0c:d3:7a:99:71:0b:1a:df:cc:63:0f:c3:84:
         aa:79:31:4f:83:44:99:12:79:da:e6:f3:2b:42:51:dd:8d:69:
         3c:1c:9c:99:f5:bb:d5:cb:f4:86:01:bb:d0:3d:58:bb:a1:0d:
         0b:ef:44:b5:40:29:c5:67:54:9e:b1:8d:c7:e1:6a:ba:14:a4:
         4b:47:86:06:ec:a0:e4:e2:19:79:08:83:69:ea:eb:71:85:93:
         41:45:41:b3:c1:2f:30:b9:bc:31:b2:dd:3f:16:c8:21:12:45:
         5e:91:30:03:10:57:ed:b4:bd:05:9d:19:fa:8c:29:0f:1f:3a:
         50:88:31:ac:bf:ff:d9:c2:c7:af:a0:55:15:1d:c3:7e:bf:71:
         cf:3f:59:c7:77:d4:05:b7:08:c3:94:b4:1f:42:bb:0f:f6:06:
         02:03:27:20:fa:ee:13:60:aa:f5:82:f6:28:8d:e5:4a:ce:76:
         16:fb:ad:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/deLnhyeKE5lGEHVyunEDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NTRhYzRjN2Y0NTFjNWJiOTM4MmZiY2Q0NmQ3MGM0YzBm
OWRlNTYwHhcNMjQwNjAzMDk0MDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDc5Mzc2ZDc3ODUyN2FiZGZkMjJmMmI4ODg3YjU1OWMyZTg2MzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgtxgm7gIip46ij/8oZjcem7JE6H
h1nT2VVT8VZVk/of7pxgQe9kbqdURmfsLFfbl745itY6a7YX/YUZ78PEK4ObIlhP
l50R51nUeXXUO3D/yvx5tTUYlmgUKz9zxYFIdWNs5lxZlDgD6GHoj3YW45LfmQVj
lIm3kF1sdcjmU/U2uoZgPdQ7prytBbw9tu01ZHIQ25hVaWDIhgc5hs8luRUjIF4L
xyDWk48LfjgU19ZPfgjMCzNt/UUnI5he32cCI0s5u12iXJx0ZUsSa0LL/EemtcyW
h/pFmXLkBHW+mopBoTlVZh7nPyVhx3XJ+msmBULbd1IIy2rBOy+uLS9GzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKR5N213hSer39IvK4iHtVnC6GOBMB8GA1UdIwQY
MBaAFHVUrEx/RRxbuTgvvNRtcMTA+d5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4Mjgt
ZDkzMzdkYjM5ZDFmLzEvcEhrM2JYZUZKNnZmMGk4cmlJZTFXY0xvWTRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy84N2EwMGEtYjZmNi00NzIxLWE4MjgtZDkzMzdkYjM5ZDFm
LzEvZFZTc1RIOUZIRnU1T0MtODFHMXd4TUQ1M2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKPMA0G
CSqGSIb3DQEBCwUAA4IBAQAfloyMFtwVk/jfzNw8mfQ1X97n4/t+HXo20KpTt1/u
8X7cbOMbqeSnsEqbUZENS65svOqpqWPIl13liAs9hu2lM067f2b8yMc39TbCjQzT
eplxCxrfzGMPw4SqeTFPg0SZEnna5vMrQlHdjWk8HJyZ9bvVy/SGAbvQPVi7oQ0L
70S1QCnFZ1SesY3H4Wq6FKRLR4YG7KDk4hl5CINp6utxhZNBRUGzwS8wubwxst0/
FsghEkVekTADEFfttL0FnRn6jCkPHzpQiDGsv//ZwsevoFUVHcN+v3HPP1nHd9QF
twjDlLQfQrsP9gYCAycg+u4TYKr1gvYojeVKznYW+61/
-----END CERTIFICATE-----