Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/i8JcBpZfWepYkpF9UtgUc8u8oaE.roa
File:                     i8JcBpZfWepYkpF9UtgUc8u8oaE.roa (raw, json)
Hash identifier:          hAhGsCAZqxE2Xuoo8wKC0KNjWz+UEQ+A4lqd+kgBL1s=
Subject key identifier:   8B:C2:5C:06:96:5F:59:EA:58:92:91:7D:52:D8:14:73:CB:BC:A1:A1
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       01961B121561FEE47D22A3C0743473DCE2EE
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/i8JcBpZfWepYkpF9UtgUc8u8oaE.roa
Signing time:             Wed 09 Apr 2025 15:01:31 +0000
ROA not before:           Wed 09 Apr 2025 15:01:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212914
IP address blocks:        178.18.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1b:12:15:61:fe:e4:7d:22:a3:c0:74:34:73:dc:e2:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Apr  9 15:01:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bc25c06965f59ea5892917d52d81473cbbca1a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fa:0d:4d:e1:85:8b:cc:2e:09:96:72:82:f9:
                    7d:98:42:62:29:96:87:4a:e7:31:42:07:bf:7b:49:
                    26:2f:82:fb:93:cc:2f:51:7e:d0:d9:4c:b2:81:f6:
                    8a:fe:67:80:3d:79:7c:fd:be:90:d6:2b:c8:7c:fc:
                    d7:16:b7:12:9c:f4:21:fd:92:1f:78:a0:5a:78:e1:
                    33:4c:ee:2b:b6:97:eb:5a:4b:af:c5:90:de:34:6b:
                    d2:ba:00:1d:72:74:25:ae:db:c8:fb:86:b3:9b:85:
                    65:b5:fa:28:14:22:63:7b:fd:46:e7:1c:51:67:42:
                    85:32:4a:c6:de:9c:45:83:ad:c7:f5:9f:93:b5:4f:
                    4a:9d:e3:46:52:fa:cc:76:90:6d:ce:0e:1c:ee:c2:
                    08:1e:54:a4:ff:86:44:6b:07:ae:5b:2b:de:fa:da:
                    cd:ac:82:4d:4f:18:20:bb:e5:34:6f:6d:37:f7:cf:
                    1d:5b:5a:69:a4:f2:01:85:0e:c6:df:55:8a:78:7d:
                    1d:f3:87:aa:38:03:af:cb:8b:a6:98:5d:72:86:c0:
                    2f:41:34:97:fa:46:5a:be:57:67:4e:67:81:86:d7:
                    d6:6b:67:b3:1f:1f:82:48:35:78:aa:4f:6d:d6:db:
                    31:f1:2b:8c:ff:e7:9a:7c:7b:87:85:7c:d6:6b:da:
                    d4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C2:5C:06:96:5F:59:EA:58:92:91:7D:52:D8:14:73:CB:BC:A1:A1
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/i8JcBpZfWepYkpF9UtgUc8u8oaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.18.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:df:21:62:c9:04:bd:ac:60:8d:a6:0a:d5:75:f8:12:9f:74:
         d3:18:37:32:cb:24:df:38:c8:83:26:c3:e9:87:44:e4:17:24:
         31:57:d2:d9:4b:c3:62:c8:52:ff:48:f3:ee:c4:20:30:4c:ea:
         73:4f:70:21:29:95:58:56:9f:f5:3a:87:4e:30:55:dd:bd:73:
         ab:64:f7:a5:e1:80:7b:76:37:33:73:68:d4:0e:2d:c2:50:50:
         18:67:2c:7f:48:e3:53:2e:8e:ab:4d:80:a2:5a:9e:a3:d8:d1:
         a7:3a:a4:3f:6b:c0:87:3e:17:4b:75:81:e7:14:35:f5:9f:64:
         50:ed:c1:dc:c4:75:b0:4a:36:62:ac:92:8c:f9:06:c9:bc:66:
         02:6f:ff:d3:74:2e:84:a9:13:54:58:eb:6f:f0:20:51:87:83:
         d1:94:2b:28:29:35:c1:97:24:d0:3c:d8:4c:00:14:e5:e8:10:
         e1:fc:17:83:81:ce:d2:c6:7e:12:f3:99:d2:3b:bd:44:a2:2b:
         c7:23:bc:fd:63:05:19:b0:62:0e:9e:08:16:78:84:5a:a9:70:
         1c:64:2d:45:ad:f4:ac:f7:a6:6b:e8:24:9b:ed:ee:69:4b:49:
         9c:6a:8c:3a:50:e8:64:66:92:44:7e:20:90:dc:01:40:ac:62:
         f9:f5:d2:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYbEhVh/uR9IqPAdDRz3OLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjUwNDA5MTUwMTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmMyNWMwNjk2NWY1OWVhNTg5MjkxN2Q1MmQ4MTQ3M2NiYmNhMWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvoNTeGFi8wuCZZygvl9mEJiKZaH
SucxQge/e0kmL4L7k8wvUX7Q2UyygfaK/meAPXl8/b6Q1ivIfPzXFrcSnPQh/ZIf
eKBaeOEzTO4rtpfrWkuvxZDeNGvSugAdcnQlrtvI+4azm4VltfooFCJje/1G5xxR
Z0KFMkrG3pxFg63H9Z+TtU9KneNGUvrMdpBtzg4c7sIIHlSk/4ZEaweuWyve+trN
rIJNTxggu+U0b203988dW1pppPIBhQ7G31WKeH0d84eqOAOvy4ummF1yhsAvQTSX
+kZavldnTmeBhtfWa2ezHx+CSDV4qk9t1tsx8SuM/+eafHuHhXzWa9rUHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIvCXAaWX1nqWJKRfVLYFHPLvKGhMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvaThKY0JwWmZXZXBZa3BGOVV0Z1VjOHU4b2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshLmMA0G
CSqGSIb3DQEBCwUAA4IBAQCM3yFiyQS9rGCNpgrVdfgSn3TTGDcyyyTfOMiDJsPp
h0TkFyQxV9LZS8NiyFL/SPPuxCAwTOpzT3AhKZVYVp/1OodOMFXdvXOrZPel4YB7
djczc2jUDi3CUFAYZyx/SONTLo6rTYCiWp6j2NGnOqQ/a8CHPhdLdYHnFDX1n2RQ
7cHcxHWwSjZirJKM+QbJvGYCb//TdC6EqRNUWOtv8CBRh4PRlCsoKTXBlyTQPNhM
ABTl6BDh/BeDgc7Sxn4S85nSO71EoivHI7z9YwUZsGIOnggWeIRaqXAcZC1FrfSs
96Zr6CSb7e5pS0mcaow6UOhkZpJEfiCQ3AFArGL59dJq
-----END CERTIFICATE-----