Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/jhYSCbIixC2Ox2eXGSeWaXAFioI.roa
File:                     jhYSCbIixC2Ox2eXGSeWaXAFioI.roa (raw, json)
Hash identifier:          nyqm0E0sqcgVM0WsbRxGRsfd4+cDBkwTmB0XZ46Pzu0=
Subject key identifier:   8E:16:12:09:B2:22:C4:2D:8E:C7:67:97:19:27:96:69:70:05:8A:82
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB0A74600F91BEB44C41C1C3251B4
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/jhYSCbIixC2Ox2eXGSeWaXAFioI.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62236
IP address blocks:        178.219.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b0:a7:46:00:f9:1b:eb:44:c4:1c:1c:32:51:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e161209b222c42d8ec767971927966970058a82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b9:91:4b:37:60:be:c0:44:f0:b8:74:14:49:
                    d5:92:c9:fb:41:cd:7e:f5:9b:b7:22:3f:4d:b7:d4:
                    82:cf:21:33:76:ac:11:47:78:46:90:51:76:41:fa:
                    e3:52:3d:f6:2f:65:27:57:40:2b:ec:64:27:8c:6b:
                    6c:c8:13:4b:bf:b7:59:3e:8c:8e:f3:6d:1d:f0:cb:
                    f9:58:05:3d:04:5a:bd:c2:73:04:60:01:47:27:da:
                    50:84:4d:3d:a6:19:15:e2:d1:ba:b6:7e:0b:46:16:
                    5e:e6:b7:c4:64:fb:4c:4a:e5:e1:1e:b7:13:43:4c:
                    0d:75:a9:7d:77:3c:31:78:c1:a7:0d:0b:c2:bb:f0:
                    e6:40:da:87:40:dd:e8:88:30:4d:58:c4:0e:f5:35:
                    b1:25:df:13:de:4d:f7:fd:f2:2f:7d:44:81:f8:b1:
                    ef:16:4b:68:bd:c4:57:54:a9:1a:c2:fa:93:ad:22:
                    60:ad:8a:65:e4:8e:f9:b1:5f:62:7b:a6:a7:d9:93:
                    e3:98:05:25:c3:7e:12:96:07:09:55:7b:fe:33:25:
                    3b:40:b6:4e:de:21:8e:3e:6f:46:18:58:40:a6:f1:
                    4a:de:73:a3:65:5b:03:4b:be:ae:7d:01:22:65:91:
                    b0:08:24:3c:50:85:87:17:1e:52:e8:6b:cb:40:74:
                    bc:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:16:12:09:B2:22:C4:2D:8E:C7:67:97:19:27:96:69:70:05:8A:82
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/jhYSCbIixC2Ox2eXGSeWaXAFioI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:b1:c1:6c:26:df:e5:99:1c:67:62:6d:cd:79:1e:a2:60:88:
         e5:f0:69:08:52:d6:3e:e4:1d:50:24:95:ae:c9:fc:7a:27:9a:
         6b:d2:7c:48:ff:e9:c2:80:9c:96:4e:03:a5:c5:c1:9b:a4:45:
         a3:92:8d:39:cd:d1:86:c2:ba:b5:2f:cd:65:f4:24:05:73:20:
         a1:a9:d5:94:10:2c:87:56:3a:ff:fb:aa:b4:62:7e:c7:bd:2a:
         84:83:f3:96:c7:95:6a:72:43:0b:a3:e1:b1:4f:ce:6d:84:7f:
         d5:1c:b0:47:06:8c:58:f7:ba:29:a0:31:b8:63:c9:ff:7b:ed:
         77:b7:8f:08:70:3d:87:15:99:8f:e6:f2:b1:df:7f:41:6e:47:
         5c:68:b0:56:fd:1a:ec:53:21:54:a6:31:86:75:7f:ec:11:1c:
         8e:6d:fe:e1:b7:67:b4:3d:ab:7d:62:5c:55:4b:e2:4b:00:28:
         6f:ad:aa:3d:9d:90:29:e1:e5:e3:c8:96:e4:69:f0:48:f4:6e:
         00:d2:2d:49:1f:7c:d3:b0:b6:16:86:ec:89:d8:bb:32:8d:77:
         fe:d8:9a:c0:e5:fb:3c:60:78:4d:83:bb:1f:44:1d:a4:f3:74:
         a1:f2:b4:e3:15:22:5c:08:71:4e:0c:a3:ef:9e:0c:19:14:c0:
         ca:7e:70:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7CnRgD5G+tExBwcMlG0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTE2MTIwOWIyMjJjNDJkOGVjNzY3OTcxOTI3OTY2OTcwMDU4YTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrmRSzdgvsBE8Lh0FEnVksn7Qc1+
9Zu3Ij9Nt9SCzyEzdqwRR3hGkFF2QfrjUj32L2UnV0Ar7GQnjGtsyBNLv7dZPoyO
820d8Mv5WAU9BFq9wnMEYAFHJ9pQhE09phkV4tG6tn4LRhZe5rfEZPtMSuXhHrcT
Q0wNdal9dzwxeMGnDQvCu/DmQNqHQN3oiDBNWMQO9TWxJd8T3k33/fIvfUSB+LHv
FktovcRXVKkawvqTrSJgrYpl5I75sV9ie6an2ZPjmAUlw34SlgcJVXv+MyU7QLZO
3iGOPm9GGFhApvFK3nOjZVsDS76ufQEiZZGwCCQ8UIWHFx5S6GvLQHS81QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4WEgmyIsQtjsdnlxknlmlwBYqCMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvamhZU0NiSWl4QzJPeDJlWEdTZVdhWEFGaW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstubMA0G
CSqGSIb3DQEBCwUAA4IBAQCAscFsJt/lmRxnYm3NeR6iYIjl8GkIUtY+5B1QJJWu
yfx6J5pr0nxI/+nCgJyWTgOlxcGbpEWjko05zdGGwrq1L81l9CQFcyChqdWUECyH
Vjr/+6q0Yn7HvSqEg/OWx5VqckMLo+GxT85thH/VHLBHBoxY97opoDG4Y8n/e+13
t48IcD2HFZmP5vKx339BbkdcaLBW/RrsUyFUpjGGdX/sERyObf7ht2e0Pat9YlxV
S+JLAChvrao9nZAp4eXjyJbkafBI9G4A0i1JH3zTsLYWhuyJ2LsyjXf+2JrA5fs8
YHhNg7sfRB2k83Sh8rTjFSJcCHFODKPvngwZFMDKfnA+
-----END CERTIFICATE-----