Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/l0dBWs1YlE17AhstVW2VWnIvp0s.roa
File:                     l0dBWs1YlE17AhstVW2VWnIvp0s.roa (raw, json)
Hash identifier:          iWBATYIpP0dSJktBmp9NkaeXH+SClXQSdpBWrPAbzlM=
Subject key identifier:   97:47:41:5A:CD:58:94:4D:7B:02:1B:2D:55:6D:95:5A:72:2F:A7:4B
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       0194206874BAC8BA03B38CF00525C8454785
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/l0dBWs1YlE17AhstVW2VWnIvp0s.roa
Signing time:             Wed 01 Jan 2025 05:48:24 +0000
ROA not before:           Wed 01 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198961
IP address blocks:        178.254.171.0/24 maxlen: 24
                          178.254.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:74:ba:c8:ba:03:b3:8c:f0:05:25:c8:45:47:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9747415acd58944d7b021b2d556d955a722fa74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c9:9b:76:3c:0a:61:d0:d1:bc:07:20:27:06:
                    d9:cf:8d:15:35:34:a9:69:a5:e6:8a:d9:78:5f:7f:
                    a8:cf:f4:e0:39:7d:25:5f:97:7f:77:31:35:2d:08:
                    ce:24:40:61:1c:7e:d1:00:ca:bd:c1:41:15:c9:30:
                    bf:2b:69:35:37:ef:f8:6f:3b:cb:de:8c:a1:de:74:
                    93:2f:f6:f2:bd:01:9b:dc:fb:64:d4:ab:96:d9:2d:
                    1f:12:da:2e:11:3b:9c:bf:f2:54:19:c6:fa:3b:79:
                    ef:69:f2:1f:ab:f3:bc:7a:61:29:e7:33:c7:83:c9:
                    c7:91:6c:12:1e:05:ed:89:71:87:38:03:f4:c0:5e:
                    b9:be:7d:f1:bc:dd:16:47:a5:dc:ac:c6:24:b0:c0:
                    a9:55:66:c7:86:52:3c:ba:3d:32:68:be:34:51:18:
                    c8:a8:5e:70:23:73:a2:12:d9:d7:b7:50:c2:c0:8f:
                    ef:07:b0:4f:fa:14:3a:be:79:c8:99:3a:15:83:dc:
                    db:b6:75:d3:fb:82:97:43:37:78:a1:9f:9e:0d:dc:
                    de:59:57:96:90:96:83:5b:10:b4:ee:49:2e:87:ca:
                    05:69:74:be:a4:77:df:22:9a:7e:30:45:58:45:a8:
                    33:46:da:b9:c5:aa:7e:bd:34:1d:ed:a8:1c:d1:df:
                    4a:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:47:41:5A:CD:58:94:4D:7B:02:1B:2D:55:6D:95:5A:72:2F:A7:4B
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/l0dBWs1YlE17AhstVW2VWnIvp0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.171.0/24
                  178.254.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:44:90:53:d8:71:6f:8c:2a:15:3b:09:06:4b:cc:37:c0:0a:
         a1:7c:1e:0b:b3:30:b8:55:c8:1e:67:3f:fa:24:62:cd:08:d3:
         10:c3:6e:c1:1d:57:c0:0a:c8:e3:70:2d:ac:83:d5:c4:9f:06:
         b5:ab:8a:b2:84:39:87:32:42:13:dd:6c:89:4a:a6:89:99:03:
         e8:3d:d1:6a:b1:7c:d7:e1:52:3d:c3:44:98:79:c2:fe:d2:05:
         67:95:bb:4c:fd:35:1e:91:37:ca:8a:f1:ad:7a:aa:a8:90:a3:
         6c:98:25:8b:da:19:02:aa:ef:19:38:6f:26:a4:14:f0:3c:43:
         e6:8b:c9:eb:f8:5a:66:21:f7:e2:3e:68:9b:91:4e:60:ff:56:
         e0:80:2a:c8:20:05:0b:3d:14:dd:07:c1:5b:1f:d9:ca:da:c1:
         ec:5e:cc:da:6a:74:5b:15:95:3f:12:52:1e:5e:8b:7e:19:df:
         50:0a:71:a5:79:a3:ea:2d:db:7d:0f:6a:7f:cd:4e:11:46:f9:
         34:6d:62:c9:67:fe:f2:65:4c:8e:a2:9a:b2:ea:1c:ab:3c:dc:
         e7:41:24:29:54:b9:b2:cd:aa:72:1f:be:28:e4:5f:78:a5:d7:
         5e:43:49:c4:01:4b:5b:c8:1b:a0:e6:8f:a4:4a:da:e4:86:a7:
         f2:52:41:46
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaHS6yLoDs4zwBSXIRUeFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQ3NDE1YWNkNTg5NDRkN2IwMjFiMmQ1NTZkOTU1YTcyMmZhNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAismbdjwKYdDRvAcgJwbZz40VNTSp
aaXmitl4X3+oz/TgOX0lX5d/dzE1LQjOJEBhHH7RAMq9wUEVyTC/K2k1N+/4bzvL
3oyh3nSTL/byvQGb3Ptk1KuW2S0fEtouETucv/JUGcb6O3nvafIfq/O8emEp5zPH
g8nHkWwSHgXtiXGHOAP0wF65vn3xvN0WR6XcrMYksMCpVWbHhlI8uj0yaL40URjI
qF5wI3OiEtnXt1DCwI/vB7BP+hQ6vnnImToVg9zbtnXT+4KXQzd4oZ+eDdzeWVeW
kJaDWxC07kkuh8oFaXS+pHffIpp+MEVYRagzRtq5xap+vTQd7agc0d9KbQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJdHQVrNWJRNewIbLVVtlVpyL6dLMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvbDBkQldzMVlsRTE3QWhzdFZXMlZXbkl2cDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv6rAwQA
sv6zMA0GCSqGSIb3DQEBCwUAA4IBAQAORJBT2HFvjCoVOwkGS8w3wAqhfB4LszC4
VcgeZz/6JGLNCNMQw27BHVfACsjjcC2sg9XEnwa1q4qyhDmHMkIT3WyJSqaJmQPo
PdFqsXzX4VI9w0SYecL+0gVnlbtM/TUekTfKivGteqqokKNsmCWL2hkCqu8ZOG8m
pBTwPEPmi8nr+FpmIffiPmibkU5g/1bggCrIIAULPRTdB8FbH9nK2sHsXszaanRb
FZU/ElIeXot+Gd9QCnGleaPqLdt9D2p/zU4RRvk0bWLJZ/7yZUyOopqy6hyrPNzn
QSQpVLmyzapyH74o5F94pddeQ0nEAUtbyBug5o+kStrkhqfyUkFG
-----END CERTIFICATE-----