Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/F6gkNyb963nCF1y4sjWFrBtmPvI.roa
File:                     F6gkNyb963nCF1y4sjWFrBtmPvI.roa (raw, json)
Hash identifier:          2zjfyZq0+rWkKMPgjkVaYIYCkzcwif8GUGZ2qcSSjLI=
Subject key identifier:   17:A8:24:37:26:FD:EB:79:C2:17:5C:B8:B2:35:85:AC:1B:66:3E:F2
Certificate issuer:       /CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
Certificate serial:       0190F0047E6DC1A1CD62C74B5E02AAC9B179
Authority key identifier: B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/F6gkNyb963nCF1y4sjWFrBtmPvI.roa
Signing time:             Fri 26 Jul 2024 17:09:04 +0000
ROA not before:           Fri 26 Jul 2024 17:09:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151872
IP address blocks:        178.248.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f0:04:7e:6d:c1:a1:cd:62:c7:4b:5e:02:aa:c9:b1:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
        Validity
            Not Before: Jul 26 17:09:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17a8243726fdeb79c2175cb8b23585ac1b663ef2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:04:31:a2:d1:e6:b2:01:7b:15:4e:01:a6:96:
                    85:ba:cb:4e:62:41:49:57:93:3e:d8:e6:7b:65:b1:
                    d4:bc:55:1e:3f:2e:c1:93:59:5f:04:d5:90:d4:98:
                    da:5b:06:a5:28:6e:d9:78:14:16:82:c3:9e:f6:62:
                    ae:92:ac:28:05:ce:87:31:aa:ea:43:1f:ad:81:64:
                    98:1a:7c:63:ce:5c:e8:42:24:bb:4b:0f:b0:25:2e:
                    0c:63:9b:6e:48:a3:11:30:2a:54:50:83:0c:bf:4e:
                    a0:11:bb:f3:23:0c:2e:b3:b7:0e:a9:ac:39:24:fc:
                    8e:62:25:8d:78:31:21:47:2a:6e:e3:8b:fc:06:ab:
                    e8:84:3e:0e:e5:15:18:fa:54:f8:c9:81:5d:34:23:
                    dc:ce:38:54:d8:ef:cb:a5:ee:32:e8:82:63:05:30:
                    7c:f8:7b:eb:68:5b:10:9f:ec:55:81:e1:3f:31:89:
                    e2:25:ea:c4:38:5b:ad:56:99:aa:32:31:d3:b6:14:
                    68:3f:ba:5b:e1:98:ff:4c:bd:98:2e:86:1e:9c:6c:
                    69:92:29:7e:05:92:db:1e:cc:7a:e6:f0:47:73:4f:
                    fe:77:8f:a6:7b:21:b7:50:36:a7:bb:3f:c8:2c:73:
                    a0:9a:8b:e3:5a:ac:a6:8f:62:2f:95:32:64:32:e3:
                    c6:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:A8:24:37:26:FD:EB:79:C2:17:5C:B8:B2:35:85:AC:1B:66:3E:F2
            X509v3 Authority Key Identifier:
                keyid:B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/F6gkNyb963nCF1y4sjWFrBtmPvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:5b:f1:46:a2:8d:b9:ca:6c:a6:bf:c1:42:9c:4a:37:73:b5:
         ae:b5:ef:7b:12:51:5f:b4:75:fa:39:7c:49:38:e4:d7:3b:23:
         97:0a:3f:b1:36:95:be:d6:0c:4d:6d:b2:f5:b0:07:9b:bf:07:
         87:69:38:11:f1:20:da:81:6d:f6:45:e3:52:6a:b9:da:62:b7:
         79:a0:a8:65:e2:09:e8:90:f0:f7:ff:74:39:1d:b5:f3:a3:f2:
         15:f4:61:63:3b:82:99:34:5c:aa:ac:4a:21:e3:ba:56:16:a9:
         28:9f:cd:81:e8:e6:1a:d1:09:88:a0:75:fa:21:08:04:d4:01:
         69:ea:14:cc:b7:2c:87:79:84:df:27:18:76:2a:79:32:12:89:
         87:76:e0:0c:da:00:10:55:f7:22:cb:0d:2d:3f:4f:65:3d:46:
         44:f0:98:da:36:06:b8:0e:3f:75:b8:b9:72:d7:c8:d9:0f:d8:
         fd:32:bc:6f:c0:ab:a9:9e:0c:3d:e0:92:b0:2f:c3:f7:83:11:
         6e:a7:56:d4:7b:62:22:62:e5:27:3c:6e:b7:16:c3:01:0c:d0:
         33:cc:7a:c7:fd:28:f4:c5:e5:32:d0:2c:7e:6d:6b:61:98:b3:
         71:1f:25:b6:d3:5e:bf:1b:25:e8:03:fe:78:a8:d6:a0:1d:d1:
         27:79:f0:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDwBH5twaHNYsdLXgKqybF5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOWVjZDI0ZjMyMTk4OGRlYjdjMTlkY2EwNTJhNGUzYzQ5
YjYwZWEwHhcNMjQwNzI2MTcwOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2E4MjQzNzI2ZmRlYjc5YzIxNzVjYjhiMjM1ODVhYzFiNjYzZWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgQxotHmsgF7FU4BppaFustOYkFJ
V5M+2OZ7ZbHUvFUePy7Bk1lfBNWQ1JjaWwalKG7ZeBQWgsOe9mKukqwoBc6HMarq
Qx+tgWSYGnxjzlzoQiS7Sw+wJS4MY5tuSKMRMCpUUIMMv06gEbvzIwwus7cOqaw5
JPyOYiWNeDEhRypu44v8BqvohD4O5RUY+lT4yYFdNCPczjhU2O/Lpe4y6IJjBTB8
+HvraFsQn+xVgeE/MYniJerEOFutVpmqMjHTthRoP7pb4Zj/TL2YLoYenGxpkil+
BZLbHsx65vBHc0/+d4+meyG3UDanuz/ILHOgmovjWqymj2IvlTJkMuPG+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeoJDcm/et5whdcuLI1hawbZj7yMB8GA1UdIwQY
MBaAFLOezSTzIZiN63wZ3KBSpOPEm2DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQt
MWJhNjk1ZmFlZjI1LzEvRjZna055Yjk2M25DRjF5NHNqV0ZyQnRtUHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQtMWJhNjk1ZmFlZjI1
LzEvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvhIMA0G
CSqGSIb3DQEBCwUAA4IBAQAcW/FGoo25ymymv8FCnEo3c7Wute97ElFftHX6OXxJ
OOTXOyOXCj+xNpW+1gxNbbL1sAebvweHaTgR8SDagW32ReNSarnaYrd5oKhl4gno
kPD3/3Q5HbXzo/IV9GFjO4KZNFyqrEoh47pWFqkon82B6OYa0QmIoHX6IQgE1AFp
6hTMtyyHeYTfJxh2KnkyEomHduAM2gAQVfciyw0tP09lPUZE8JjaNga4Dj91uLly
18jZD9j9MrxvwKupngw94JKwL8P3gxFup1bUe2IiYuUnPG63FsMBDNAzzHrH/Sj0
xeUy0Cx+bWthmLNxHyW2016/GyXoA/54qNagHdEnefDu
-----END CERTIFICATE-----