Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/JeoG6JsN-rWQWTNCB0T2Cukrq2s.roa
File:                     JeoG6JsN-rWQWTNCB0T2Cukrq2s.roa (raw, json)
Hash identifier:          xY82pIvaVDgplicA2XbJYFB3KY4ptVUPOkiQbW1F4ks=
Subject key identifier:   25:EA:06:E8:9B:0D:FA:B5:90:59:33:42:07:44:F6:0A:E9:2B:AB:6B
Certificate issuer:       /CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
Certificate serial:       018E9D628C1583DA8A3343D3BBCB114CF01F
Authority key identifier: D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/JeoG6JsN-rWQWTNCB0T2Cukrq2s.roa
Signing time:             Tue 02 Apr 2024 05:57:45 +0000
ROA not before:           Tue 02 Apr 2024 05:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215438
IP address blocks:        178.237.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9d:62:8c:15:83:da:8a:33:43:d3:bb:cb:11:4c:f0:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
        Validity
            Not Before: Apr  2 05:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25ea06e89b0dfab5905933420744f60ae92bab6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:6d:65:c8:26:a6:d4:79:3f:72:de:ea:6e:a0:
                    f7:16:4c:2e:65:ce:90:c3:94:5f:22:46:d1:48:d1:
                    de:ce:8c:25:72:c4:41:be:09:28:50:a4:32:7d:86:
                    a2:0b:20:28:5d:10:a4:8a:84:ad:ef:cc:c8:d9:d7:
                    0c:d1:5a:d6:99:5e:fc:2e:b5:b7:4f:87:4a:34:04:
                    a7:64:39:95:33:1d:21:06:89:87:31:6d:6b:47:fc:
                    98:1e:de:16:3f:79:32:2b:d5:0a:24:95:06:ff:3b:
                    66:2b:d2:4b:0e:1c:e5:1e:7c:15:57:86:06:8b:e6:
                    7e:9e:0e:c2:c2:bb:ca:f7:40:c5:7b:21:e2:a1:a5:
                    29:38:fa:b3:ba:63:aa:ed:69:a1:7c:54:35:94:3b:
                    90:81:3c:6e:f0:af:5e:90:5e:41:30:33:01:53:ba:
                    ac:46:3a:a5:d9:ca:c8:0a:09:94:bb:43:b7:84:9d:
                    71:5e:ca:b1:fc:ea:94:d7:95:db:4f:d7:52:2b:3e:
                    32:fe:70:3a:2f:ba:3c:dc:c7:56:5f:b8:21:9e:44:
                    0e:de:47:a1:91:2e:ab:23:c1:15:46:33:19:07:9f:
                    d1:c8:43:2b:72:2d:b2:be:c6:90:9c:46:67:f4:e6:
                    a0:18:d8:c9:2d:93:80:31:77:52:b1:f8:88:fd:6e:
                    d1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:EA:06:E8:9B:0D:FA:B5:90:59:33:42:07:44:F6:0A:E9:2B:AB:6B
            X509v3 Authority Key Identifier:
                keyid:D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/JeoG6JsN-rWQWTNCB0T2Cukrq2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:17:9e:64:58:5e:af:ef:8a:9b:3a:a3:e1:3d:fb:d1:07:39:
         26:bd:4a:6d:22:be:e5:32:ab:9b:06:46:1d:97:dd:df:99:70:
         9a:41:09:b8:dc:44:f8:f6:a9:6d:0a:5b:0f:1a:31:4d:05:77:
         dd:3f:f6:96:7a:f1:a7:17:49:e6:e1:08:a6:47:9a:c8:b4:bc:
         04:b8:dc:17:a4:36:f8:18:da:58:22:a1:e2:6c:c9:63:d5:3d:
         3a:d7:3c:26:3f:d2:19:2f:4e:b8:41:a4:6c:47:fa:51:75:3f:
         4d:9a:1c:24:42:a9:6a:42:c8:b5:7b:22:85:ac:b0:7a:a0:b8:
         bf:77:98:25:20:7f:c1:05:e3:8c:34:a6:d4:93:36:11:2f:e5:
         13:1c:9a:fb:55:2e:84:0a:53:e2:e0:8e:90:f9:c7:43:01:c2:
         6b:0c:82:49:a9:25:49:ce:9c:f3:66:e0:33:11:ab:e1:d5:81:
         53:ae:92:5a:b3:d3:e6:25:b1:9c:cb:d0:ca:c7:8f:09:c2:9f:
         77:3c:9b:a8:17:d7:c6:68:c1:85:f9:3b:88:20:66:f9:61:12:
         0d:1d:92:73:4f:c2:b5:99:7d:4b:68:35:45:7c:30:e0:71:20:
         41:92:f4:a2:9a:7f:fe:69:50:41:ec:af:9a:84:4d:d9:81:21:
         39:43:9a:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6dYowVg9qKM0PTu8sRTPAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OTkyMmNhOGQxMzlhNGQwM2Q2ZDU3Y2JjODE3N2RjMDVm
ZWI5ZWMwHhcNMjQwNDAyMDU1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWVhMDZlODliMGRmYWI1OTA1OTMzNDIwNzQ0ZjYwYWU5MmJhYjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh21lyCam1Hk/ct7qbqD3FkwuZc6Q
w5RfIkbRSNHezowlcsRBvgkoUKQyfYaiCyAoXRCkioSt78zI2dcM0VrWmV78LrW3
T4dKNASnZDmVMx0hBomHMW1rR/yYHt4WP3kyK9UKJJUG/ztmK9JLDhzlHnwVV4YG
i+Z+ng7CwrvK90DFeyHioaUpOPqzumOq7WmhfFQ1lDuQgTxu8K9ekF5BMDMBU7qs
Rjql2crICgmUu0O3hJ1xXsqx/OqU15XbT9dSKz4y/nA6L7o83MdWX7ghnkQO3keh
kS6rI8EVRjMZB5/RyEMrci2yvsaQnEZn9OagGNjJLZOAMXdSsfiI/W7RkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXqBuibDfq1kFkzQgdE9grpK6trMB8GA1UdIwQY
MBaAFNSZIsqNE5pNA9bVfLyBd9wF/rnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUt
ZThiNjBhMmRkNmI0LzEvSmVvRzZKc04tcldRV1ROQ0IwVDJDdWtycTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUtZThiNjBhMmRkNmI0
LzEvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu3HMA0G
CSqGSIb3DQEBCwUAA4IBAQBQF55kWF6v74qbOqPhPfvRBzkmvUptIr7lMqubBkYd
l93fmXCaQQm43ET49qltClsPGjFNBXfdP/aWevGnF0nm4QimR5rItLwEuNwXpDb4
GNpYIqHibMlj1T061zwmP9IZL064QaRsR/pRdT9NmhwkQqlqQsi1eyKFrLB6oLi/
d5glIH/BBeOMNKbUkzYRL+UTHJr7VS6EClPi4I6Q+cdDAcJrDIJJqSVJzpzzZuAz
Eavh1YFTrpJas9PmJbGcy9DKx48Jwp93PJuoF9fGaMGF+TuIIGb5YRINHZJzT8K1
mX1LaDVFfDDgcSBBkvSimn/+aVBB7K+ahE3ZgSE5Q5pl
-----END CERTIFICATE-----