Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Bl3mMmGVP2nlxDS546H9xyLtYVU.roa
File:                     Bl3mMmGVP2nlxDS546H9xyLtYVU.roa (raw, json)
Hash identifier:          3w+sNeSIqNomm1H1oSRCpxmVpbsna4pQyknBIzZDSak=
Subject key identifier:   06:5D:E6:32:61:95:3F:69:E5:C4:34:B9:E3:A1:FD:C7:22:ED:61:55
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747CE1BD1AA62480352D50548C8888B
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Bl3mMmGVP2nlxDS546H9xyLtYVU.roa
Signing time:             Thu 02 Jan 2025 13:50:04 +0000
ROA not before:           Thu 02 Jan 2025 13:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30475
IP address blocks:        178.218.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ce:1b:d1:aa:62:48:03:52:d5:05:48:c8:88:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=065de63261953f69e5c434b9e3a1fdc722ed6155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:db:eb:f5:7b:76:df:da:5b:42:96:2d:bb:59:
                    72:45:e5:d1:0f:45:9d:6c:fd:10:f9:43:95:62:3e:
                    75:5c:11:14:f4:a9:9a:13:cd:79:b4:12:2e:53:5f:
                    8d:5c:f2:ef:dd:4b:04:20:c3:67:a9:bb:91:b4:15:
                    50:02:a9:05:28:0c:29:35:e8:02:37:25:ef:17:75:
                    c8:d4:f6:c3:62:bf:b4:f9:01:be:45:ae:70:d6:c8:
                    c0:b3:8c:4d:3f:39:53:eb:91:cd:16:a9:1a:db:49:
                    31:d4:1e:04:8e:17:b2:3c:3b:78:01:08:21:f8:ff:
                    13:6c:9a:04:56:b6:bd:35:2a:74:93:ec:46:01:44:
                    dc:b2:fd:78:c3:65:49:39:cb:e8:d6:92:4e:2f:8c:
                    af:94:2e:87:ac:85:31:c6:7a:a2:ed:e3:43:f4:e0:
                    2f:cb:e6:f8:49:7f:04:da:7d:ba:ce:cc:23:96:53:
                    4a:18:f3:c6:de:ed:c5:ed:a3:c3:02:7c:92:1f:ff:
                    c5:9a:07:da:1b:f9:9c:d2:a1:8a:55:a4:07:3c:6b:
                    56:ae:c0:3c:95:41:fe:36:cd:5e:80:eb:9a:9f:10:
                    33:51:32:44:d1:86:fd:a3:81:54:b0:b1:9f:33:07:
                    b8:f6:1c:e5:6b:8a:6b:62:a6:e6:9f:7b:44:4c:0a:
                    96:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:5D:E6:32:61:95:3F:69:E5:C4:34:B9:E3:A1:FD:C7:22:ED:61:55
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/Bl3mMmGVP2nlxDS546H9xyLtYVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.218.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:49:41:78:2e:1f:f7:86:05:e5:f0:b8:11:4b:7f:db:5c:22:
         5f:0f:7c:4f:dd:df:34:3b:ac:34:ef:47:e1:83:c7:fe:ea:16:
         f3:1c:c6:65:d3:55:3b:b8:b2:c5:48:f6:28:0a:08:2e:e1:63:
         a6:3b:9c:b4:03:80:e2:84:ca:98:79:01:5c:f9:fb:ee:4f:41:
         c4:b8:29:86:20:ad:7d:1e:a9:6f:ca:94:94:0e:2f:25:15:84:
         3b:a3:27:01:3a:c3:81:bf:4a:4e:e3:29:b5:7c:0f:a7:15:ce:
         54:fe:1f:4d:70:6f:10:fa:bd:cb:50:de:0d:7f:8e:d0:87:d0:
         3a:37:81:15:10:b9:13:63:56:2a:3e:88:64:d1:96:f9:a8:3a:
         7a:50:b2:b2:a7:b2:e5:b5:00:a5:6b:4a:78:26:b6:70:7a:11:
         b8:c1:e2:ea:57:06:f2:19:1b:a4:a3:12:03:a0:d4:7a:29:4f:
         d3:ef:25:c4:6d:31:70:cd:d5:5e:cf:22:3f:70:f6:ca:67:1f:
         ff:39:4a:9b:87:98:9c:65:5a:2f:20:21:78:9a:30:63:c4:11:
         b9:12:f6:2d:88:94:db:60:d0:f3:0c:1c:a1:3d:76:bf:c4:96:
         cf:25:af:95:c3:22:ee:f9:ce:85:f1:23:69:f8:4c:64:fa:ad:
         f2:2d:b9:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR84b0apiSANS1QVIyIiLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjVkZTYzMjYxOTUzZjY5ZTVjNDM0YjllM2ExZmRjNzIyZWQ2MTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdvr9Xt239pbQpYtu1lyReXRD0Wd
bP0Q+UOVYj51XBEU9KmaE815tBIuU1+NXPLv3UsEIMNnqbuRtBVQAqkFKAwpNegC
NyXvF3XI1PbDYr+0+QG+Ra5w1sjAs4xNPzlT65HNFqka20kx1B4EjheyPDt4AQgh
+P8TbJoEVra9NSp0k+xGAUTcsv14w2VJOcvo1pJOL4yvlC6HrIUxxnqi7eND9OAv
y+b4SX8E2n26zswjllNKGPPG3u3F7aPDAnySH//FmgfaG/mc0qGKVaQHPGtWrsA8
lUH+Ns1egOuanxAzUTJE0Yb9o4FUsLGfMwe49hzla4prYqbmn3tETAqWTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZd5jJhlT9p5cQ0ueOh/cci7WFVMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvQmwzbU1tR1ZQMm5seERTNTQ2SDl4eUx0WVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstqSMA0G
CSqGSIb3DQEBCwUAA4IBAQAySUF4Lh/3hgXl8LgRS3/bXCJfD3xP3d80O6w070fh
g8f+6hbzHMZl01U7uLLFSPYoCggu4WOmO5y0A4DihMqYeQFc+fvuT0HEuCmGIK19
HqlvypSUDi8lFYQ7oycBOsOBv0pO4ym1fA+nFc5U/h9NcG8Q+r3LUN4Nf47Qh9A6
N4EVELkTY1YqPohk0Zb5qDp6ULKyp7LltQCla0p4JrZwehG4weLqVwbyGRukoxID
oNR6KU/T7yXEbTFwzdVezyI/cPbKZx//OUqbh5icZVovICF4mjBjxBG5EvYtiJTb
YNDzDByhPXa/xJbPJa+VwyLu+c6F8SNp+Exk+q3yLbnn
-----END CERTIFICATE-----