Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/5CMiZU4pAmiJpfvxBLsG5vubIRA.roa
File:                     5CMiZU4pAmiJpfvxBLsG5vubIRA.roa (raw, json)
Hash identifier:          +oEkF/3njM8s7nBWqWOxZXJl1ZryJZVB3JA4uLNAhxw=
Subject key identifier:   E4:23:22:65:4E:29:02:68:89:A5:FB:F1:04:BB:06:E6:FB:9B:21:10
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       01942068770A0CE67EECF334BD6F5163B934
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/5CMiZU4pAmiJpfvxBLsG5vubIRA.roa
Signing time:             Wed 01 Jan 2025 05:48:24 +0000
ROA not before:           Wed 01 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207069
IP address blocks:        178.254.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:77:0a:0c:e6:7e:ec:f3:34:bd:6f:51:63:b9:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e42322654e29026889a5fbf104bb06e6fb9b2110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1a:49:01:b3:93:d8:01:25:7c:40:e4:3f:70:
                    3d:d0:97:7e:02:07:db:8c:f7:b4:d2:f2:2a:b7:43:
                    e2:6f:0e:3e:95:56:f8:9c:a3:1e:23:82:26:1d:49:
                    9b:24:3b:5c:18:74:c8:8c:73:3e:a2:f2:42:33:20:
                    b6:47:43:23:f9:f3:0c:17:dc:d1:62:0e:d2:91:24:
                    6f:80:7a:2d:d3:8e:e3:2b:16:a1:53:2c:3f:09:e8:
                    e6:7d:7e:0b:f4:5d:ba:18:9a:c1:29:d3:6c:38:71:
                    c4:9f:18:a5:61:49:95:7a:90:48:51:81:65:11:f2:
                    3e:cf:99:7f:e3:8b:f8:9e:50:5a:11:51:1b:82:81:
                    86:94:37:0b:bd:eb:b4:b5:82:0d:78:5a:4e:e3:a6:
                    cf:88:2e:5e:92:0b:f8:75:6b:fe:61:51:7a:f7:5c:
                    53:ab:ec:31:2b:52:25:b1:c7:f2:e8:d8:19:32:e5:
                    5e:c2:2c:7f:9c:69:24:44:64:4f:16:f6:c1:74:ec:
                    fd:ec:48:7e:9b:2d:e9:c2:85:61:11:72:ed:4e:06:
                    67:d0:f6:7d:89:8a:fe:da:0c:de:7f:33:6b:c1:4a:
                    49:b2:bb:cf:c7:29:3d:3e:4f:bf:d3:02:c3:e7:12:
                    5a:25:42:27:15:fe:96:6d:67:67:77:2d:98:e4:dd:
                    4f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:23:22:65:4E:29:02:68:89:A5:FB:F1:04:BB:06:E6:FB:9B:21:10
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/5CMiZU4pAmiJpfvxBLsG5vubIRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:fc:a4:b4:d1:4b:b1:ff:a5:42:a7:a4:da:02:c7:19:47:e3:
         09:6e:7e:b6:e5:7a:4b:aa:1a:87:da:60:48:81:7f:cc:fa:a2:
         9f:3f:63:10:45:0a:07:70:65:bc:ca:b6:c9:42:01:95:9f:e4:
         2e:19:ac:96:36:ed:c1:5f:bb:3f:ed:2c:20:77:54:25:5f:7a:
         ed:e9:b6:37:a5:23:a8:bc:f3:f0:13:30:51:89:b3:ea:a8:53:
         fb:75:85:5f:bb:d0:11:81:16:6d:67:0a:e3:43:59:a8:7d:a4:
         13:e8:d2:73:31:1d:0e:a2:54:0c:db:40:ca:18:30:91:34:8b:
         0e:da:c0:f9:56:87:5c:4b:45:db:3b:2f:99:b7:f6:d8:1e:fb:
         3f:df:49:e5:c3:e5:dd:98:f0:c4:4b:32:41:b3:ee:90:fa:a3:
         1b:4e:ff:d5:a1:47:9a:1d:13:c8:84:a2:6c:59:75:6f:f9:5f:
         d5:63:91:18:5e:0b:a2:9a:93:b4:c4:24:d5:50:c7:40:06:7c:
         16:74:fc:22:7f:64:50:13:19:c9:c9:4d:be:90:f4:a1:67:8c:
         48:35:e1:a8:8e:b3:52:ee:19:f8:6c:b7:fc:17:c7:94:c9:74:
         3e:a5:10:ca:f2:b3:73:be:44:b8:df:fa:fa:79:8a:68:bc:d8:
         cd:54:7b:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHcKDOZ+7PM0vW9RY7k0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDIzMjI2NTRlMjkwMjY4ODlhNWZiZjEwNGJiMDZlNmZiOWIyMTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBpJAbOT2AElfEDkP3A90Jd+Agfb
jPe00vIqt0Pibw4+lVb4nKMeI4ImHUmbJDtcGHTIjHM+ovJCMyC2R0Mj+fMMF9zR
Yg7SkSRvgHot047jKxahUyw/CejmfX4L9F26GJrBKdNsOHHEnxilYUmVepBIUYFl
EfI+z5l/44v4nlBaEVEbgoGGlDcLveu0tYINeFpO46bPiC5ekgv4dWv+YVF691xT
q+wxK1Ilscfy6NgZMuVewix/nGkkRGRPFvbBdOz97Eh+my3pwoVhEXLtTgZn0PZ9
iYr+2gzefzNrwUpJsrvPxyk9Pk+/0wLD5xJaJUInFf6WbWdndy2Y5N1PfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQjImVOKQJoiaX78QS7Bub7myEQMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvNUNNaVpVNHBBbWlKcGZ2eEJMc0c1dnViSVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv6wMA0G
CSqGSIb3DQEBCwUAA4IBAQA9/KS00Uux/6VCp6TaAscZR+MJbn625XpLqhqH2mBI
gX/M+qKfP2MQRQoHcGW8yrbJQgGVn+QuGayWNu3BX7s/7Swgd1QlX3rt6bY3pSOo
vPPwEzBRibPqqFP7dYVfu9ARgRZtZwrjQ1mofaQT6NJzMR0OolQM20DKGDCRNIsO
2sD5VodcS0XbOy+Zt/bYHvs/30nlw+XdmPDESzJBs+6Q+qMbTv/VoUeaHRPIhKJs
WXVv+V/VY5EYXguimpO0xCTVUMdABnwWdPwif2RQExnJyU2+kPShZ4xINeGojrNS
7hn4bLf8F8eUyXQ+pRDK8rNzvkS43/r6eYpovNjNVHt7
-----END CERTIFICATE-----