Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WyZgsc0Tc0CbMTj7VEelJJT0OzE.roa
File:                     WyZgsc0Tc0CbMTj7VEelJJT0OzE.roa (raw, json)
Hash identifier:          +8CECyDU8Lf2wiEDcrbQGLaT/eNSQMro+xNLHS4ZA6g=
Subject key identifier:   5B:26:60:B1:CD:13:73:40:9B:31:38:FB:54:47:A5:24:94:F4:3B:31
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       018CC34967BDAF6161DC3BDA8A884A4EB660
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WyZgsc0Tc0CbMTj7VEelJJT0OzE.roa
Signing time:             Mon 01 Jan 2024 04:30:16 +0000
ROA not before:           Mon 01 Jan 2024 04:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207168
IP address blocks:        178.236.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:67:bd:af:61:61:dc:3b:da:8a:88:4a:4e:b6:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  1 04:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b2660b1cd1373409b3138fb5447a52494f43b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:42:06:b1:bc:d7:92:6f:fa:b9:9b:21:5b:8c:
                    0e:e3:c4:52:34:32:24:40:46:f1:54:d2:e2:61:46:
                    d4:7c:1f:23:65:33:59:d5:27:1b:d4:74:44:63:5c:
                    4d:00:c1:11:3b:74:62:60:21:bf:e5:6a:eb:28:cf:
                    a0:69:f5:38:df:ae:85:aa:e1:ef:b7:70:b2:52:86:
                    6a:88:bd:6f:01:33:6a:f3:ab:88:83:6d:05:79:31:
                    b5:46:aa:23:fd:89:86:9f:06:8b:43:b1:66:f1:dd:
                    ee:a5:77:95:53:f5:65:66:4a:08:7a:bc:65:dc:9f:
                    04:00:68:20:ae:01:2a:83:77:d5:7d:6f:a5:53:e1:
                    b4:e7:e2:b2:59:0c:b2:91:0f:62:37:8f:8d:d8:9d:
                    8a:37:6a:7e:63:a1:f3:58:2d:16:2e:11:93:10:5f:
                    34:5c:ef:8c:c0:be:d8:ae:6d:32:c7:eb:43:8a:ad:
                    5a:31:51:a0:8d:d9:7f:02:8d:2e:f2:57:59:60:57:
                    fb:a3:82:7c:b3:8b:f1:c4:1f:c5:80:c3:81:cb:47:
                    ee:c4:90:81:94:46:b1:39:2b:87:5d:ba:47:60:73:
                    2b:e7:ba:5a:02:88:2c:a8:e4:e5:2a:ba:0f:39:50:
                    47:74:bd:b9:b0:e2:bd:45:bd:01:90:ac:05:0d:a3:
                    87:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:26:60:B1:CD:13:73:40:9B:31:38:FB:54:47:A5:24:94:F4:3B:31
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/WyZgsc0Tc0CbMTj7VEelJJT0OzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:15:9f:2c:04:1e:29:2f:66:28:93:12:9b:45:45:79:fb:e9:
         6a:ba:45:9a:56:94:1d:f4:e9:b4:b6:96:7c:c6:ba:ff:82:f8:
         18:d3:23:7a:37:40:0f:92:f8:62:ca:b3:dc:20:cc:6b:a9:9b:
         bf:65:14:54:dc:6a:37:01:da:68:dc:da:f4:ec:aa:32:f0:78:
         d8:8a:a2:b9:f6:e7:60:03:b4:e7:b6:7b:5e:cc:2d:d0:57:2c:
         a4:58:86:eb:62:28:d6:61:dc:1d:be:f9:90:94:df:e0:be:97:
         41:fa:bd:31:8a:24:61:28:40:a0:de:0a:ed:fb:dd:22:f3:c8:
         70:5d:ec:64:6b:69:3f:48:c5:2f:90:cb:1b:39:fc:6a:70:bb:
         f0:17:ce:79:9b:9a:e6:47:13:26:f6:6c:95:ec:1b:91:54:32:
         7a:ca:0f:df:43:36:c3:13:65:ba:93:1f:79:97:09:27:90:41:
         8a:52:02:4c:6b:74:2a:a4:3b:58:07:57:64:85:f6:56:5d:5b:
         1f:53:0b:3b:c5:30:12:a5:bf:a3:96:76:43:25:07:8d:f1:f4:
         7a:2d:a4:45:9f:3c:88:cc:f5:69:a3:22:31:6a:de:0b:3d:a4:
         e6:90:3f:4b:8f:dc:b6:a6:a1:cd:e9:b2:74:2d:fe:b8:77:db:
         06:d7:93:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSWe9r2Fh3DvaiohKTrZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjQwMTAxMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjI2NjBiMWNkMTM3MzQwOWIzMTM4ZmI1NDQ3YTUyNDk0ZjQzYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUIGsbzXkm/6uZshW4wO48RSNDIk
QEbxVNLiYUbUfB8jZTNZ1Scb1HREY1xNAMERO3RiYCG/5WrrKM+gafU4366FquHv
t3CyUoZqiL1vATNq86uIg20FeTG1Rqoj/YmGnwaLQ7Fm8d3upXeVU/VlZkoIerxl
3J8EAGggrgEqg3fVfW+lU+G05+KyWQyykQ9iN4+N2J2KN2p+Y6HzWC0WLhGTEF80
XO+MwL7Yrm0yx+tDiq1aMVGgjdl/Ao0u8ldZYFf7o4J8s4vxxB/FgMOBy0fuxJCB
lEaxOSuHXbpHYHMr57paAogsqOTlKroPOVBHdL25sOK9Rb0BkKwFDaOHEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsmYLHNE3NAmzE4+1RHpSSU9DsxMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvV3laZ3NjMFRjMENiTVRqN1ZFZWxKSlQwT3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuyLMA0G
CSqGSIb3DQEBCwUAA4IBAQANFZ8sBB4pL2YokxKbRUV5++lqukWaVpQd9Om0tpZ8
xrr/gvgY0yN6N0APkvhiyrPcIMxrqZu/ZRRU3Go3Adpo3Nr07Koy8HjYiqK59udg
A7TntntezC3QVyykWIbrYijWYdwdvvmQlN/gvpdB+r0xiiRhKECg3grt+90i88hw
Xexka2k/SMUvkMsbOfxqcLvwF855m5rmRxMm9myV7BuRVDJ6yg/fQzbDE2W6kx95
lwknkEGKUgJMa3QqpDtYB1dkhfZWXVsfUws7xTASpb+jlnZDJQeN8fR6LaRFnzyI
zPVpoyIxat4LPaTmkD9Lj9y2pqHN6bJ0Lf64d9sG15Nv
-----END CERTIFICATE-----