Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Dbj9xuGjig4FQD4z5CtOr-cvTeI.roa
File:                     Dbj9xuGjig4FQD4z5CtOr-cvTeI.roa (raw, json)
Hash identifier:          Kh8CzaShn4hw0xJ/eT2H0TnUMB7Vdu0F94Rtfvnict8=
Subject key identifier:   0D:B8:FD:C6:E1:A3:8A:0E:05:40:3E:33:E4:2B:4E:AF:E7:2F:4D:E2
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       01942827A0DEC0842D147325327BA0BAF583
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Dbj9xuGjig4FQD4z5CtOr-cvTeI.roa
Signing time:             Thu 02 Jan 2025 17:54:33 +0000
ROA not before:           Thu 02 Jan 2025 17:54:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207168
IP address blocks:        178.236.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:a0:de:c0:84:2d:14:73:25:32:7b:a0:ba:f5:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  2 17:54:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0db8fdc6e1a38a0e05403e33e42b4eafe72f4de2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c9:98:27:1f:11:5b:1d:4e:6b:43:e1:b5:5c:
                    7c:4f:2d:11:47:e0:8d:fb:ef:f9:ed:46:f7:d6:b7:
                    8f:73:e4:44:05:54:ec:e5:e3:33:96:89:69:b7:72:
                    82:31:21:cf:ef:63:c6:cb:56:c1:aa:aa:0c:fc:71:
                    04:96:2c:f3:30:af:5f:bf:be:8a:f9:b9:09:96:13:
                    9c:05:e3:b1:72:e5:f9:a2:66:10:89:06:f4:d9:df:
                    97:e4:9b:d1:80:89:88:4e:7e:b2:70:e7:8a:f4:74:
                    ba:3a:dd:22:06:9d:42:1a:f7:03:14:b0:24:46:de:
                    b7:da:1b:aa:20:81:46:e7:8d:ec:49:3f:7d:df:c6:
                    af:a3:6b:06:48:a8:5f:3a:0b:46:01:6f:fb:5d:e1:
                    78:76:01:50:8a:9a:7a:b5:83:94:9e:15:8f:9d:04:
                    2c:0d:cb:a3:8e:0a:72:96:71:3c:43:00:8f:db:97:
                    95:e8:70:16:e6:c1:db:f4:9c:20:c1:1b:76:55:6c:
                    a6:a4:67:08:57:05:35:9a:b7:69:86:44:f6:46:66:
                    62:b2:98:2f:f5:f1:ad:6e:7d:3e:f9:6d:25:bc:9b:
                    82:87:13:f4:ee:16:63:8c:00:69:0d:f5:8d:03:dd:
                    20:6d:06:8e:d8:0e:b0:5d:26:24:d8:b9:08:6d:ad:
                    13:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:B8:FD:C6:E1:A3:8A:0E:05:40:3E:33:E4:2B:4E:AF:E7:2F:4D:E2
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/Dbj9xuGjig4FQD4z5CtOr-cvTeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:96:e5:10:00:19:fd:31:ee:c7:93:21:18:0c:13:1e:1e:e3:
         83:df:51:d1:d3:91:7f:57:0b:24:b1:70:7a:3b:63:f6:1b:25:
         fb:3d:47:52:8b:00:e2:d3:ae:2c:b3:5d:ed:45:fd:e8:f3:f8:
         a6:c0:ff:1f:2f:22:5f:26:71:42:4f:16:0e:b8:5e:3a:86:06:
         25:83:b3:5a:32:0b:be:e9:40:91:cd:2d:e8:a1:8d:17:c6:af:
         1a:db:d4:14:9c:5f:e7:21:9d:88:10:31:c1:b3:08:e4:10:99:
         06:21:68:91:61:32:88:14:a0:61:9e:dc:78:b4:0e:3e:fc:f8:
         89:48:e9:05:d8:1f:03:8d:68:b2:c8:b8:54:1c:3f:8e:5d:3e:
         c2:ea:fe:90:42:2a:b4:6a:84:91:5f:96:f7:cb:42:b0:77:01:
         cc:be:91:0c:8f:4c:ab:45:77:5c:23:a9:f1:6b:95:e7:c8:74:
         20:11:43:35:14:af:51:c0:1a:b1:af:ed:03:de:b7:e6:72:00:
         97:6c:39:eb:78:bf:e8:cc:a0:55:3d:09:3e:10:f2:85:9c:20:
         b1:ac:e0:a0:24:00:8d:48:f8:da:8a:12:15:10:da:fe:73:96:
         52:eb:93:3d:08:77:9c:01:9a:91:b4:95:18:09:c5:72:e9:f6:
         7d:0b:79:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ6DewIQtFHMlMnuguvWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjUwMTAyMTc1NDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGI4ZmRjNmUxYTM4YTBlMDU0MDNlMzNlNDJiNGVhZmU3MmY0ZGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMmYJx8RWx1Oa0PhtVx8Ty0RR+CN
++/57Ub31rePc+REBVTs5eMzlolpt3KCMSHP72PGy1bBqqoM/HEElizzMK9fv76K
+bkJlhOcBeOxcuX5omYQiQb02d+X5JvRgImITn6ycOeK9HS6Ot0iBp1CGvcDFLAk
Rt632huqIIFG543sST9938avo2sGSKhfOgtGAW/7XeF4dgFQipp6tYOUnhWPnQQs
DcujjgpylnE8QwCP25eV6HAW5sHb9JwgwRt2VWympGcIVwU1mrdphkT2RmZispgv
9fGtbn0++W0lvJuChxP07hZjjABpDfWNA90gbQaO2A6wXSYk2LkIba0TwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA24/cbho4oOBUA+M+QrTq/nL03iMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvRGJqOXh1R2ppZzRGUUQ0ejVDdE9yLWN2VGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuyLMA0G
CSqGSIb3DQEBCwUAA4IBAQB/luUQABn9Me7HkyEYDBMeHuOD31HR05F/VwsksXB6
O2P2GyX7PUdSiwDi064ss13tRf3o8/imwP8fLyJfJnFCTxYOuF46hgYlg7NaMgu+
6UCRzS3ooY0Xxq8a29QUnF/nIZ2IEDHBswjkEJkGIWiRYTKIFKBhntx4tA4+/PiJ
SOkF2B8DjWiyyLhUHD+OXT7C6v6QQiq0aoSRX5b3y0KwdwHMvpEMj0yrRXdcI6nx
a5XnyHQgEUM1FK9RwBqxr+0D3rfmcgCXbDnreL/ozKBVPQk+EPKFnCCxrOCgJACN
SPjaihIVENr+c5ZS65M9CHecAZqRtJUYCcVy6fZ9C3nv
-----END CERTIFICATE-----