Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/o1HSvKzo8gNbSZapmNklc2HheEw.roa
File:                     o1HSvKzo8gNbSZapmNklc2HheEw.roa (raw, json)
Hash identifier:          Fo+r6uFEPIPavGLVmTWEF1G9DLb9cWonXhLkIqG08Ls=
Subject key identifier:   A3:51:D2:BC:AC:E8:F2:03:5B:49:96:A9:98:D9:25:73:61:E1:78:4C
Certificate issuer:       /CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
Certificate serial:       0193216866694EF2C38497EB71119BC46472
Authority key identifier: D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/o1HSvKzo8gNbSZapmNklc2HheEw.roa
Signing time:             Tue 12 Nov 2024 17:25:10 +0000
ROA not before:           Tue 12 Nov 2024 17:25:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        178.20.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:21:68:66:69:4e:f2:c3:84:97:eb:71:11:9b:c4:64:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93a54f02f49f45ad5d73e5551d096181bce3f6e
        Validity
            Not Before: Nov 12 17:25:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a351d2bcace8f2035b4996a998d9257361e1784c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:14:14:f3:54:d1:5c:ba:1e:ab:83:ec:70:1b:
                    0a:44:ed:7a:ea:3c:78:ce:d2:be:c2:f3:41:43:e9:
                    6b:23:bd:e1:72:24:86:fd:06:51:85:4a:05:73:79:
                    67:ba:c0:46:e1:2f:33:cf:34:72:f2:ae:6c:c0:fa:
                    7e:dd:20:86:44:60:10:3a:7d:3d:dd:62:a4:24:02:
                    17:21:96:f2:f2:a9:89:f8:a2:3d:e8:c9:6e:dd:49:
                    06:a0:b7:8e:37:92:0e:f1:db:ae:a3:0b:11:bc:33:
                    c7:d6:b1:cd:d9:ee:7b:41:65:3f:94:2d:59:e6:73:
                    e9:22:a2:20:6e:0d:b5:ef:5e:54:7f:b1:a6:7e:73:
                    34:d7:b1:1c:fb:cc:d0:61:a5:de:b0:aa:7c:ab:8e:
                    6b:96:5f:38:95:39:2e:cc:5b:d8:64:83:92:ea:2a:
                    1c:6e:06:12:58:ef:5b:ec:3b:25:bb:a8:b2:69:9b:
                    5e:8b:cb:e3:ff:cb:76:0e:67:7a:62:58:14:94:ed:
                    ab:11:3c:78:9c:2b:13:36:cc:8f:93:ed:94:bc:f2:
                    1e:50:02:a9:6d:a6:dd:22:fb:86:86:ec:2a:a6:fb:
                    4b:69:33:5e:02:8e:9e:5e:17:d6:41:0c:d6:b0:c5:
                    4b:2a:b5:0b:a6:e7:de:65:cb:45:e9:d4:9c:ed:a3:
                    d2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:51:D2:BC:AC:E8:F2:03:5B:49:96:A9:98:D9:25:73:61:E1:78:4C
            X509v3 Authority Key Identifier:
                keyid:D9:3A:54:F0:2F:49:F4:5A:D5:D7:3E:55:51:D0:96:18:1B:CE:3F:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2TpU8C9J9FrV1z5VUdCWGBvOP24.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/o1HSvKzo8gNbSZapmNklc2HheEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/15fff4-966b-4e0a-abac-05d58f0cb88c/1/2TpU8C9J9FrV1z5VUdCWGBvOP24.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:c0:81:c6:bd:ff:6c:a1:29:70:13:5b:4c:56:5b:44:75:b2:
         f6:11:fe:f9:5f:34:31:3c:9a:2b:32:87:e8:3b:f9:99:09:37:
         a6:33:b9:8f:e1:2e:22:7c:01:e7:b0:7a:fe:9c:c4:4a:1a:6d:
         14:f8:5f:01:24:32:54:29:ec:41:90:4c:82:49:e5:5b:a9:56:
         be:2c:36:43:82:88:3a:1a:82:2d:9b:fa:ee:52:42:9d:1d:4c:
         a6:76:86:6d:0a:ad:68:98:23:50:b1:c5:41:73:23:c8:0b:39:
         82:78:0e:37:99:56:f4:43:46:a1:f8:ed:1c:1d:d1:c1:db:d4:
         53:6b:b7:28:ad:21:55:4b:01:ff:49:1e:48:6b:ee:a2:c0:f2:
         61:14:55:59:7a:71:45:2d:c1:76:f5:3a:fd:67:74:88:ec:66:
         dd:8a:e6:9f:4f:51:32:2e:c9:00:d5:ad:7e:6a:fc:9d:49:b2:
         6f:af:ce:e1:25:2b:3a:c0:aa:71:5c:98:a7:84:d6:23:a2:d4:
         39:f1:f0:2e:6c:54:46:c9:e7:e2:87:61:b7:6b:23:22:0d:ae:
         11:4a:08:16:24:92:48:9d:8b:78:fa:3a:20:92:3a:24:2a:95:
         f2:65:ee:08:0e:0c:6a:2b:4a:78:d5:d2:89:95:03:8a:bd:a3:
         55:19:4e:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMhaGZpTvLDhJfrcRGbxGRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2E1NGYwMmY0OWY0NWFkNWQ3M2U1NTUxZDA5NjE4MWJj
ZTNmNmUwHhcNMjQxMTEyMTcyNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUxZDJiY2FjZThmMjAzNWI0OTk2YTk5OGQ5MjU3MzYxZTE3ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRQU81TRXLoeq4PscBsKRO166jx4
ztK+wvNBQ+lrI73hciSG/QZRhUoFc3lnusBG4S8zzzRy8q5swPp+3SCGRGAQOn09
3WKkJAIXIZby8qmJ+KI96Mlu3UkGoLeON5IO8duuowsRvDPH1rHN2e57QWU/lC1Z
5nPpIqIgbg21715Uf7GmfnM017Ec+8zQYaXesKp8q45rll84lTkuzFvYZIOS6ioc
bgYSWO9b7Dslu6iyaZtei8vj/8t2Dmd6YlgUlO2rETx4nCsTNsyPk+2UvPIeUAKp
babdIvuGhuwqpvtLaTNeAo6eXhfWQQzWsMVLKrULpufeZctF6dSc7aPSYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNR0rys6PIDW0mWqZjZJXNh4XhMMB8GA1UdIwQY
MBaAFNk6VPAvSfRa1dc+VVHQlhgbzj9uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMt
MDVkNThmMGNiODhjLzEvbzFIU3ZLem84Z05iU1phcG1Oa2xjMkhoZUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8xNWZmZjQtOTY2Yi00ZTBhLWFiYWMtMDVkNThmMGNiODhj
LzEvMlRwVThDOUo5RnJWMXo1VlVkQ1dHQnZPUDI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTRMA0G
CSqGSIb3DQEBCwUAA4IBAQCnwIHGvf9soSlwE1tMVltEdbL2Ef75XzQxPJorMofo
O/mZCTemM7mP4S4ifAHnsHr+nMRKGm0U+F8BJDJUKexBkEyCSeVbqVa+LDZDgog6
GoItm/ruUkKdHUymdoZtCq1omCNQscVBcyPICzmCeA43mVb0Q0ah+O0cHdHB29RT
a7corSFVSwH/SR5Ia+6iwPJhFFVZenFFLcF29Tr9Z3SI7GbdiuafT1EyLskA1a1+
avydSbJvr87hJSs6wKpxXJinhNYjotQ58fAubFRGyefih2G3ayMiDa4RSggWJJJI
nYt4+jogkjokKpXyZe4IDgxqK0p41dKJlQOKvaNVGU72
-----END CERTIFICATE-----