Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/zn7RiYTFSuY_H6EW4hkd0ugXhg4.roa
File:                     zn7RiYTFSuY_H6EW4hkd0ugXhg4.roa (raw, json)
Hash identifier:          TjPxbEKTKC4G0EExaKEE++vAM3LyoGQfvbpHNfpM9R0=
Subject key identifier:   CE:7E:D1:89:84:C5:4A:E6:3F:1F:A1:16:E2:19:1D:D2:E8:17:86:0E
Certificate issuer:       /CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
Certificate serial:       019424B28EA5B8B3F0DE7590C2DB65423908
Authority key identifier: 9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/zn7RiYTFSuY_H6EW4hkd0ugXhg4.roa
Signing time:             Thu 02 Jan 2025 01:47:49 +0000
ROA not before:           Thu 02 Jan 2025 01:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        178.236.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:8e:a5:b8:b3:f0:de:75:90:c2:db:65:42:39:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
        Validity
            Not Before: Jan  2 01:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce7ed18984c54ae63f1fa116e2191dd2e817860e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:cf:c3:57:c2:5d:8c:19:52:68:fa:7b:fc:89:
                    67:aa:31:9a:87:bf:1e:b2:83:f3:ed:ec:38:4d:c5:
                    e1:2d:aa:bf:bf:10:f3:ff:4a:ab:25:88:46:8f:b3:
                    5f:f3:64:47:43:ad:23:ef:fa:bd:55:9d:b8:5e:9b:
                    22:0b:a5:0b:f8:44:2e:bf:2d:d3:85:db:99:0b:ca:
                    b7:98:3a:80:8f:98:c0:4d:21:12:83:1d:f3:bd:13:
                    a0:2a:e4:2b:5a:83:38:92:b5:48:c1:b7:c2:a0:a7:
                    80:0a:71:c9:a1:26:af:38:72:74:cf:f0:83:e1:6b:
                    a5:49:40:ea:0d:9b:6d:f1:95:f2:50:9b:8f:f7:28:
                    fa:42:4e:82:8e:0b:25:3e:ce:aa:66:78:3d:a8:72:
                    8d:6a:8c:38:1d:e5:ce:f7:b1:00:4a:71:8d:ab:db:
                    7e:87:3c:1b:71:5b:36:b0:80:2b:8d:3d:60:d8:45:
                    32:a3:90:57:4a:ec:b0:67:8e:bc:e3:60:9e:61:0d:
                    bf:6d:f7:ce:f3:07:94:41:70:88:09:8f:3f:83:53:
                    64:56:30:a4:4a:22:5f:de:49:d5:1f:ca:b1:65:a7:
                    37:56:bd:32:af:8a:a9:30:cf:72:27:b6:c9:7d:89:
                    6e:c8:ec:34:3f:d1:93:b5:e1:21:5f:54:72:9f:41:
                    a3:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:7E:D1:89:84:C5:4A:E6:3F:1F:A1:16:E2:19:1D:D2:E8:17:86:0E
            X509v3 Authority Key Identifier:
                keyid:9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/zn7RiYTFSuY_H6EW4hkd0ugXhg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:3d:e6:a1:ff:69:cd:47:52:1f:bd:8e:e0:ff:e8:22:e6:cb:
         db:d4:46:ce:ec:29:f7:e1:ed:08:be:ec:f0:8d:45:e7:e6:17:
         65:80:4a:51:84:a8:fb:e2:56:cd:e2:5e:ec:e8:f3:0d:5b:da:
         b7:37:f4:94:c3:d5:25:11:65:7e:54:43:5f:a4:ed:8c:67:f5:
         6e:09:73:98:e7:46:13:3b:d3:62:26:50:7c:f5:83:87:8e:4f:
         73:66:b8:a3:7b:42:57:03:c9:04:f6:a3:ce:0b:97:68:a5:bb:
         96:e1:b1:b0:1d:3a:4d:d5:70:32:0f:6a:02:36:95:4b:03:47:
         8e:67:b1:40:0b:b2:ee:cf:97:ac:2a:2b:8c:44:44:eb:92:b3:
         8a:79:d9:1d:b0:34:fc:37:70:36:09:07:51:8a:0d:cb:eb:18:
         39:d6:0d:35:a7:78:28:3e:1d:d4:59:fc:51:69:ee:bd:71:64:
         8a:5c:f4:ff:21:e4:16:ff:fd:4e:22:5c:1b:bc:3e:d2:c5:66:
         fd:71:98:9b:31:b8:9f:4c:bc:76:c6:3e:71:bd:9e:22:41:f3:
         85:a9:ad:3b:be:0f:5f:88:34:fd:cf:57:ff:ca:6a:bb:57:f9:
         a7:8f:a7:1c:62:21:07:af:de:79:82:43:6c:96:c8:c0:fb:dd:
         cf:5e:5c:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkso6luLPw3nWQwttlQjkIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjNmNGNiNGJhYjVjMTA4MDFhNzcwNjU4ZGY4OTFjZmI4
YzY4YzYwHhcNMjUwMTAyMDE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTdlZDE4OTg0YzU0YWU2M2YxZmExMTZlMjE5MWRkMmU4MTc4NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoc/DV8JdjBlSaPp7/IlnqjGah78e
soPz7ew4TcXhLaq/vxDz/0qrJYhGj7Nf82RHQ60j7/q9VZ24XpsiC6UL+EQuvy3T
hduZC8q3mDqAj5jATSESgx3zvROgKuQrWoM4krVIwbfCoKeACnHJoSavOHJ0z/CD
4WulSUDqDZtt8ZXyUJuP9yj6Qk6CjgslPs6qZng9qHKNaow4HeXO97EASnGNq9t+
hzwbcVs2sIArjT1g2EUyo5BXSuywZ46842CeYQ2/bffO8weUQXCICY8/g1NkVjCk
SiJf3knVH8qxZac3Vr0yr4qpMM9yJ7bJfYluyOw0P9GTteEhX1Ryn0GjZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM5+0YmExUrmPx+hFuIZHdLoF4YOMB8GA1UdIwQY
MBaAFJ0j9MtLq1wQgBp3BljfiRz7jGjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODkt
MDE1NzdhOTI3ZmE5LzEvem43UmlZVEZTdVlfSDZFVzRoa2QwdWdYaGc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODktMDE1NzdhOTI3ZmE5
LzEvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuy4MA0G
CSqGSIb3DQEBCwUAA4IBAQAZPeah/2nNR1IfvY7g/+gi5svb1EbO7Cn34e0Ivuzw
jUXn5hdlgEpRhKj74lbN4l7s6PMNW9q3N/SUw9UlEWV+VENfpO2MZ/VuCXOY50YT
O9NiJlB89YOHjk9zZrije0JXA8kE9qPOC5dopbuW4bGwHTpN1XAyD2oCNpVLA0eO
Z7FAC7Luz5esKiuMRETrkrOKedkdsDT8N3A2CQdRig3L6xg51g01p3goPh3UWfxR
ae69cWSKXPT/IeQW//1OIlwbvD7SxWb9cZibMbifTLx2xj5xvZ4iQfOFqa07vg9f
iDT9z1f/ymq7V/mnj6ccYiEHr955gkNslsjA+93PXlzX
-----END CERTIFICATE-----