Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/4fb274-d84f-4fba-938e-1e9ff91808c2/1/_p1REnvTwxPVgwkfSseWI_paejg.roa
File:                     _p1REnvTwxPVgwkfSseWI_paejg.roa (raw, json)
Hash identifier:          LcCpfdwyxrmyDtkePKtd55r7JQkFyxhTXkoetAE6qos=
Subject key identifier:   FE:9D:51:12:7B:D3:C3:13:D5:83:09:1F:4A:C7:96:23:FA:5A:7A:38
Certificate issuer:       /CN=1ed55d23579c64127155aef650696e79531d508d
Certificate serial:       018CC726C847774655B47303C0D53539048E
Authority key identifier: 1E:D5:5D:23:57:9C:64:12:71:55:AE:F6:50:69:6E:79:53:1D:50:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HtVdI1ecZBJxVa72UGlueVMdUI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/4fb274-d84f-4fba-938e-1e9ff91808c2/1/_p1REnvTwxPVgwkfSseWI_paejg.roa
Signing time:             Mon 01 Jan 2024 22:30:56 +0000
ROA not before:           Mon 01 Jan 2024 22:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205325
IP address blocks:        178.216.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/4fb274-d84f-4fba-938e-1e9ff91808c2/1/HtVdI1ecZBJxVa72UGlueVMdUI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/4fb274-d84f-4fba-938e-1e9ff91808c2/1/HtVdI1ecZBJxVa72UGlueVMdUI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HtVdI1ecZBJxVa72UGlueVMdUI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c8:47:77:46:55:b4:73:03:c0:d5:35:39:04:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ed55d23579c64127155aef650696e79531d508d
        Validity
            Not Before: Jan  1 22:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe9d51127bd3c313d583091f4ac79623fa5a7a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:aa:85:34:58:61:b3:b2:59:74:d3:c6:85:e2:
                    bd:2a:62:73:8d:b8:23:54:85:e6:95:5f:e8:10:f5:
                    08:9c:a0:b1:3e:b7:ca:1d:23:c4:a6:47:55:1f:63:
                    c7:68:2d:71:7f:3a:f5:df:31:6f:7c:4b:43:cb:07:
                    d9:40:84:94:36:c4:92:ff:01:4e:5c:59:da:b0:cd:
                    76:a2:a8:97:95:b2:0e:f7:85:b3:51:54:90:a4:79:
                    46:ae:81:ed:a8:f1:17:d4:97:a0:fa:10:ba:8f:e3:
                    6c:da:ce:bd:9e:dc:ab:65:f7:d1:15:fe:17:99:bd:
                    87:12:a3:21:d6:5d:67:b4:66:8c:e1:68:2d:4c:e5:
                    5e:22:87:23:7d:13:63:64:f6:45:52:f6:2c:50:b2:
                    78:7d:db:c8:fa:eb:fd:cd:64:1b:45:21:e0:a2:31:
                    8d:b7:15:d4:6f:5e:ec:b1:3b:35:92:75:c3:8e:4f:
                    63:cc:b0:43:ab:45:d7:cb:05:5b:61:9d:47:7a:da:
                    8d:9e:cd:48:c0:80:aa:99:c0:d9:98:25:d1:7c:20:
                    5b:b6:be:b5:88:6d:37:89:4a:8d:17:31:f3:22:71:
                    72:e6:b9:be:04:9c:97:2e:27:d9:8a:fb:a9:0e:c2:
                    a5:da:d3:23:fc:4b:02:ab:44:b5:9e:fe:cf:af:63:
                    9f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9D:51:12:7B:D3:C3:13:D5:83:09:1F:4A:C7:96:23:FA:5A:7A:38
            X509v3 Authority Key Identifier:
                keyid:1E:D5:5D:23:57:9C:64:12:71:55:AE:F6:50:69:6E:79:53:1D:50:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HtVdI1ecZBJxVa72UGlueVMdUI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/4fb274-d84f-4fba-938e-1e9ff91808c2/1/_p1REnvTwxPVgwkfSseWI_paejg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/4fb274-d84f-4fba-938e-1e9ff91808c2/1/HtVdI1ecZBJxVa72UGlueVMdUI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.216.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:3c:70:53:27:25:c5:78:0a:dc:3b:15:f9:23:95:1d:80:e8:
         38:fd:0e:66:2d:fd:cf:99:3d:af:e0:fb:3e:cb:8f:3d:94:ae:
         0f:04:00:37:91:7a:b5:a9:b7:af:47:46:a1:5e:d7:df:cf:bf:
         34:7e:e1:21:c8:4a:d8:8f:d5:cb:eb:af:97:84:12:a3:11:22:
         f4:af:3d:47:a4:d4:56:07:20:21:42:4c:fe:6a:5e:23:2f:f8:
         e5:4a:e9:b9:43:03:00:3e:8e:56:61:34:d0:1c:e4:11:bb:dc:
         8e:ac:d4:ad:df:7f:d4:aa:bc:9e:f4:43:1a:ee:e5:7b:06:3a:
         a0:0d:c1:c4:23:73:59:46:64:3f:36:cf:2c:8c:dc:20:a3:b5:
         f8:7f:43:14:00:a2:8e:f0:3c:b6:9e:ea:ba:e2:33:76:48:d3:
         82:50:cb:03:83:83:63:ea:26:10:f7:cf:8f:7c:0b:fc:43:9b:
         c3:08:5a:74:b8:cd:e2:d6:01:4d:12:0d:98:8e:c5:70:ec:17:
         95:7d:9e:bc:ae:86:1c:bb:25:81:52:73:0b:a1:cc:38:57:35:
         d7:f6:67:24:19:a3:5c:dd:d4:ba:89:ac:fb:89:b6:d0:d0:49:
         e3:2f:3c:ae:2b:d5:19:c3:af:31:df:97:4d:82:c9:13:f7:14:
         d9:05:51:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJshHd0ZVtHMDwNU1OQSOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZDU1ZDIzNTc5YzY0MTI3MTU1YWVmNjUwNjk2ZTc5NTMx
ZDUwOGQwHhcNMjQwMTAxMjIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTlkNTExMjdiZDNjMzEzZDU4MzA5MWY0YWM3OTYyM2ZhNWE3YTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqqFNFhhs7JZdNPGheK9KmJzjbgj
VIXmlV/oEPUInKCxPrfKHSPEpkdVH2PHaC1xfzr13zFvfEtDywfZQISUNsSS/wFO
XFnasM12oqiXlbIO94WzUVSQpHlGroHtqPEX1Jeg+hC6j+Ns2s69ntyrZffRFf4X
mb2HEqMh1l1ntGaM4WgtTOVeIocjfRNjZPZFUvYsULJ4fdvI+uv9zWQbRSHgojGN
txXUb17ssTs1knXDjk9jzLBDq0XXywVbYZ1HetqNns1IwICqmcDZmCXRfCBbtr61
iG03iUqNFzHzInFy5rm+BJyXLifZivupDsKl2tMj/EsCq0S1nv7Pr2OfGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6dURJ708MT1YMJH0rHliP6Wno4MB8GA1UdIwQY
MBaAFB7VXSNXnGQScVWu9lBpbnlTHVCNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHRWZEkxZWNaQkp4VmE3MlVHbHVlVk1kVUkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80ZmIyNzQtZDg0Zi00ZmJhLTkzOGUt
MWU5ZmY5MTgwOGMyLzEvX3AxUkVudlR3eFBWZ3drZlNzZVdJX3BhZWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80ZmIyNzQtZDg0Zi00ZmJhLTkzOGUtMWU5ZmY5MTgwOGMy
LzEvSHRWZEkxZWNaQkp4VmE3MlVHbHVlVk1kVUkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstj1MA0G
CSqGSIb3DQEBCwUAA4IBAQBKPHBTJyXFeArcOxX5I5UdgOg4/Q5mLf3PmT2v4Ps+
y489lK4PBAA3kXq1qbevR0ahXtffz780fuEhyErYj9XL66+XhBKjESL0rz1HpNRW
ByAhQkz+al4jL/jlSum5QwMAPo5WYTTQHOQRu9yOrNSt33/Uqrye9EMa7uV7Bjqg
DcHEI3NZRmQ/Ns8sjNwgo7X4f0MUAKKO8Dy2nuq64jN2SNOCUMsDg4Nj6iYQ98+P
fAv8Q5vDCFp0uM3i1gFNEg2YjsVw7BeVfZ68roYcuyWBUnMLocw4VzXX9mckGaNc
3dS6iaz7ibbQ0EnjLzyuK9UZw68x35dNgskT9xTZBVFB
-----END CERTIFICATE-----