Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/eNRtwGVQ1VdkNKBRZ8o9uf4Ec24.roa
File:                     eNRtwGVQ1VdkNKBRZ8o9uf4Ec24.roa (raw, json)
Hash identifier:          syspd0kan424RvhNNvOMRktLryIova5s5SuLnxOMs4I=
Subject key identifier:   78:D4:6D:C0:65:50:D5:57:64:34:A0:51:67:CA:3D:B9:FE:04:73:6E
Certificate issuer:       /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial:       019428279DE5155CBFE3C3007B0975BD1CAA
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/eNRtwGVQ1VdkNKBRZ8o9uf4Ec24.roa
Signing time:             Thu 02 Jan 2025 17:54:32 +0000
ROA not before:           Thu 02 Jan 2025 17:54:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56724
IP address blocks:        178.236.140.0/22 maxlen: 22
                          178.236.140.0/23 maxlen: 23
                          178.236.142.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:9d:e5:15:5c:bf:e3:c3:00:7b:09:75:bd:1c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
        Validity
            Not Before: Jan  2 17:54:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78d46dc06550d5576434a05167ca3db9fe04736e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c7:75:eb:ed:e1:bd:f7:18:90:85:05:c7:36:
                    6b:94:e2:a1:20:b0:46:1f:b5:90:18:c3:94:f3:d6:
                    fc:a7:9e:0f:29:b9:a3:f8:3b:1d:6c:4b:64:4f:ea:
                    f3:bf:d6:03:b7:5b:23:d8:46:37:79:80:27:5d:85:
                    80:eb:87:41:58:eb:fd:83:5f:16:7d:b7:5c:24:e8:
                    2c:34:e8:1b:dd:af:b2:94:11:15:d3:ad:d6:52:7a:
                    f7:59:40:72:4c:c9:05:46:47:a4:5b:0d:b9:95:3e:
                    07:f6:cf:63:23:4f:82:1c:ec:e2:64:c8:ad:c7:eb:
                    93:4c:b1:f4:4c:12:a5:76:c5:75:d3:bb:71:88:d6:
                    7b:b3:dc:5d:af:d2:b8:2c:f0:8c:70:0f:81:b5:34:
                    ad:d3:3d:eb:8f:8a:32:b1:f9:ee:e2:cb:e6:84:62:
                    3f:ee:79:b2:36:e4:23:06:2c:26:ef:1d:04:2f:ba:
                    65:a3:69:ea:43:7b:e6:c3:5f:8c:b8:ff:33:e3:8d:
                    79:35:4b:3e:66:87:26:6c:3c:9a:2a:fc:a5:6e:e0:
                    c3:eb:b1:de:36:42:39:25:b4:bf:35:c7:a4:82:f9:
                    d7:e0:31:c7:06:05:6d:84:f3:a4:f2:12:92:23:f2:
                    54:36:c2:aa:3d:86:5a:18:18:5c:1f:8b:7a:51:9b:
                    b7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D4:6D:C0:65:50:D5:57:64:34:A0:51:67:CA:3D:B9:FE:04:73:6E
            X509v3 Authority Key Identifier:
                keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/eNRtwGVQ1VdkNKBRZ8o9uf4Ec24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:a1:b4:77:3c:91:4a:03:f6:f1:6e:10:23:2e:b9:29:37:57:
         18:0d:e7:9c:0f:a6:14:fb:68:3f:36:30:9e:22:31:40:8b:28:
         34:9c:27:4a:a1:f9:b6:e9:cd:ff:93:05:44:2e:26:2a:5b:e5:
         17:45:e2:40:b2:3e:42:64:9f:af:72:79:14:2e:be:98:d7:e1:
         ed:95:1c:19:61:40:57:8c:2b:eb:0a:ba:49:b0:a4:cc:26:a0:
         16:5c:d1:b7:eb:4d:f0:ae:90:8a:b1:43:83:6f:3e:a5:d2:d3:
         27:16:85:61:32:73:9d:77:42:dd:f7:bb:d3:ce:cb:36:53:ee:
         11:28:f7:d6:fb:f3:bd:85:da:d9:8a:8e:03:a7:4c:bd:12:20:
         54:5b:5a:dc:dc:5c:89:33:4c:06:00:84:77:1d:74:ad:ab:44:
         57:64:aa:7f:a3:14:40:ef:9f:19:b7:e7:c4:90:3b:f3:3e:71:
         6f:50:24:57:82:71:0d:73:d9:03:86:c5:22:43:16:7c:e7:86:
         83:4c:65:31:df:fa:f7:5e:f8:28:19:3b:70:84:30:74:83:ff:
         8a:95:0a:b9:c7:f8:4c:cb:44:dc:6b:40:5b:c0:92:7b:98:37:
         28:6c:e0:9f:fd:be:9b:5a:70:50:4a:70:2f:92:f5:d1:f6:e6:
         43:93:2e:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ53lFVy/48MAewl1vRyqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjUwMTAyMTc1NDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGQ0NmRjMDY1NTBkNTU3NjQzNGEwNTE2N2NhM2RiOWZlMDQ3MzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusd16+3hvfcYkIUFxzZrlOKhILBG
H7WQGMOU89b8p54PKbmj+DsdbEtkT+rzv9YDt1sj2EY3eYAnXYWA64dBWOv9g18W
fbdcJOgsNOgb3a+ylBEV063WUnr3WUByTMkFRkekWw25lT4H9s9jI0+CHOziZMit
x+uTTLH0TBKldsV107txiNZ7s9xdr9K4LPCMcA+BtTSt0z3rj4oysfnu4svmhGI/
7nmyNuQjBiwm7x0EL7plo2nqQ3vmw1+MuP8z4415NUs+ZocmbDyaKvylbuDD67He
NkI5JbS/NcekgvnX4DHHBgVthPOk8hKSI/JUNsKqPYZaGBhcH4t6UZu3xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjUbcBlUNVXZDSgUWfKPbn+BHNuMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvZU5SdHdHVlExVmRrTktCUlo4bzl1ZjRFYzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsuyMMA0G
CSqGSIb3DQEBCwUAA4IBAQCBobR3PJFKA/bxbhAjLrkpN1cYDeecD6YU+2g/NjCe
IjFAiyg0nCdKofm26c3/kwVELiYqW+UXReJAsj5CZJ+vcnkULr6Y1+HtlRwZYUBX
jCvrCrpJsKTMJqAWXNG3603wrpCKsUODbz6l0tMnFoVhMnOdd0Ld97vTzss2U+4R
KPfW+/O9hdrZio4Dp0y9EiBUW1rc3FyJM0wGAIR3HXStq0RXZKp/oxRA758Zt+fE
kDvzPnFvUCRXgnENc9kDhsUiQxZ854aDTGUx3/r3XvgoGTtwhDB0g/+KlQq5x/hM
y0Tca0BbwJJ7mDcobOCf/b6bWnBQSnAvkvXR9uZDky6C
-----END CERTIFICATE-----