Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/DmK_EMA2E48Iv5iHNGgRlWxTEBM.roa
File:                     DmK_EMA2E48Iv5iHNGgRlWxTEBM.roa (raw, json)
Hash identifier:          aRzoG9oNEnHJoiFWb8qbL74EglgYgqiSBVgw4aM/eB4=
Subject key identifier:   0E:62:BF:10:C0:36:13:8F:08:BF:98:87:34:68:11:95:6C:53:10:13
Certificate issuer:       /CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
Certificate serial:       018DEA0ABB883CF54C0CA48EF5FFFB81A23B
Authority key identifier: B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/DmK_EMA2E48Iv5iHNGgRlWxTEBM.roa
Signing time:             Tue 27 Feb 2024 10:09:48 +0000
ROA not before:           Tue 27 Feb 2024 10:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     138195
IP address blocks:        178.248.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ea:0a:bb:88:3c:f5:4c:0c:a4:8e:f5:ff:fb:81:a2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
        Validity
            Not Before: Feb 27 10:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e62bf10c036138f08bf9887346811956c531013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:30:72:12:03:d4:b0:ad:99:1f:71:b4:36:3d:
                    3c:c7:fb:08:07:b5:58:f9:93:7a:de:c0:49:24:03:
                    4a:39:b6:25:7a:01:ee:02:be:34:ec:01:9a:62:f1:
                    54:05:f4:95:b2:28:80:37:60:b2:5d:34:47:4e:c6:
                    7f:0e:82:4e:be:17:78:5a:3e:89:b5:af:d7:f5:2c:
                    b8:6a:50:a5:de:6d:56:37:e7:bc:af:3f:cd:fb:df:
                    7c:e3:77:b9:69:f9:a3:4f:81:ed:ba:5a:57:29:ff:
                    38:6b:19:55:12:20:7e:53:e2:88:e8:8f:8a:b7:c6:
                    48:bf:fd:2b:e1:df:d3:6e:1e:00:6b:ec:14:01:d1:
                    e6:bb:31:0a:03:55:ac:f6:f1:bf:02:fb:6b:10:f0:
                    5f:8e:22:51:05:45:a7:51:a8:9e:3b:91:71:17:e2:
                    7a:c1:5b:92:25:fe:a3:c0:d0:03:09:8b:d3:a8:20:
                    ee:d9:28:c2:4a:fd:d7:0c:db:fa:a3:1c:40:ac:81:
                    b8:81:3a:7b:d9:a9:1b:12:1e:a5:a2:9e:a1:1b:c7:
                    dd:d1:8c:0b:df:a0:96:12:2e:f2:19:19:ee:93:62:
                    f1:4f:af:08:10:71:3b:89:95:ad:43:b8:9f:4b:53:
                    d6:7f:be:ab:0e:b2:5d:0e:4a:f9:13:b6:89:12:c3:
                    dc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:62:BF:10:C0:36:13:8F:08:BF:98:87:34:68:11:95:6C:53:10:13
            X509v3 Authority Key Identifier:
                keyid:B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/DmK_EMA2E48Iv5iHNGgRlWxTEBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:04:f3:5f:0c:8c:11:f8:3a:4f:be:7d:ad:27:e4:d9:79:dc:
         59:16:f5:2f:d1:cb:14:a6:39:80:ad:2f:17:2a:ef:a4:6f:bc:
         5f:2a:d1:6d:88:e1:f3:97:2d:f2:6f:08:76:c7:03:2c:42:ce:
         91:39:19:cc:b0:a2:7e:5c:f0:9d:2d:2d:07:ab:33:d1:0e:3d:
         26:f6:86:16:8d:63:64:d8:7c:68:42:91:20:d4:e9:e5:c7:bb:
         9e:ad:a2:70:8c:bb:bd:81:92:6b:c0:88:02:e9:7b:2a:79:98:
         f3:d5:3f:21:d1:67:f1:bc:f3:ea:b3:7d:36:9c:74:24:8e:bc:
         f9:35:82:e7:64:71:3e:0f:69:dc:11:cc:4d:d8:17:97:00:d3:
         b7:8a:33:db:e0:51:7d:0f:11:67:d1:c1:05:d5:09:29:9f:84:
         d3:28:ad:8a:29:51:96:15:8e:ba:64:90:11:e5:5a:08:de:fe:
         11:e8:04:e5:61:46:09:9c:8c:92:02:ee:03:7b:ac:ca:d6:76:
         bb:6b:79:b8:57:ff:9b:ba:10:ea:30:71:fc:3a:14:d3:a7:a0:
         6b:df:42:1d:7f:cf:02:dc:b8:2c:46:67:1f:8c:d1:65:f7:fc:
         b5:51:37:62:d8:98:dc:23:b7:75:af:fd:89:21:d1:84:9f:77:
         61:aa:03:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3qCruIPPVMDKSO9f/7gaI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOWVjZDI0ZjMyMTk4OGRlYjdjMTlkY2EwNTJhNGUzYzQ5
YjYwZWEwHhcNMjQwMjI3MTAwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTYyYmYxMGMwMzYxMzhmMDhiZjk4ODczNDY4MTE5NTZjNTMxMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTByEgPUsK2ZH3G0Nj08x/sIB7VY
+ZN63sBJJANKObYlegHuAr407AGaYvFUBfSVsiiAN2CyXTRHTsZ/DoJOvhd4Wj6J
ta/X9Sy4alCl3m1WN+e8rz/N+99843e5afmjT4HtulpXKf84axlVEiB+U+KI6I+K
t8ZIv/0r4d/Tbh4Aa+wUAdHmuzEKA1Ws9vG/AvtrEPBfjiJRBUWnUaieO5FxF+J6
wVuSJf6jwNADCYvTqCDu2SjCSv3XDNv6oxxArIG4gTp72akbEh6lop6hG8fd0YwL
36CWEi7yGRnuk2LxT68IEHE7iZWtQ7ifS1PWf76rDrJdDkr5E7aJEsPcYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA5ivxDANhOPCL+YhzRoEZVsUxATMB8GA1UdIwQY
MBaAFLOezSTzIZiN63wZ3KBSpOPEm2DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQt
MWJhNjk1ZmFlZjI1LzEvRG1LX0VNQTJFNDhJdjVpSE5HZ1JsV3hURUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQtMWJhNjk1ZmFlZjI1
LzEvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvhNMA0G
CSqGSIb3DQEBCwUAA4IBAQBsBPNfDIwR+DpPvn2tJ+TZedxZFvUv0csUpjmArS8X
Ku+kb7xfKtFtiOHzly3ybwh2xwMsQs6RORnMsKJ+XPCdLS0HqzPRDj0m9oYWjWNk
2HxoQpEg1Onlx7ueraJwjLu9gZJrwIgC6XsqeZjz1T8h0WfxvPPqs302nHQkjrz5
NYLnZHE+D2ncEcxN2BeXANO3ijPb4FF9DxFn0cEF1Qkpn4TTKK2KKVGWFY66ZJAR
5VoI3v4R6ATlYUYJnIySAu4De6zK1na7a3m4V/+buhDqMHH8OhTTp6Br30Idf88C
3LgsRmcfjNFl9/y1UTdi2JjcI7d1r/2JIdGEn3dhqgPp
-----END CERTIFICATE-----