Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/ebMTrsju8v0PSMywm00Rhmafuns.roa
File:                     ebMTrsju8v0PSMywm00Rhmafuns.roa (raw, json)
Hash identifier:          Tba8u8h0oDBuYQd9cnnY8hnI2suFgm959XriKv6Fumk=
Subject key identifier:   79:B3:13:AE:C8:EE:F2:FD:0F:48:CC:B0:9B:4D:11:86:66:9F:BA:7B
Certificate issuer:       /CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
Certificate serial:       018F15663E2C864C9CA568051C5370F190A6
Authority key identifier: D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/ebMTrsju8v0PSMywm00Rhmafuns.roa
Signing time:             Thu 25 Apr 2024 13:16:13 +0000
ROA not before:           Thu 25 Apr 2024 13:16:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215055
IP address blocks:        178.237.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:66:3e:2c:86:4c:9c:a5:68:05:1c:53:70:f1:90:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d49922ca8d139a4d03d6d57cbc8177dc05feb9ec
        Validity
            Not Before: Apr 25 13:16:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79b313aec8eef2fd0f48ccb09b4d1186669fba7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0a:6e:41:06:87:b1:c8:81:e9:a3:43:66:4e:
                    e0:95:64:cb:93:19:ab:4b:70:5b:2f:30:71:79:4f:
                    41:07:07:c2:20:9d:b7:6f:b0:91:52:c5:1b:6a:df:
                    0e:39:d8:61:99:ed:d4:af:7f:eb:26:c4:cc:b4:5d:
                    f6:85:ae:dc:33:b1:09:a0:b7:89:92:c1:64:49:fc:
                    92:d4:c0:dd:87:4b:f0:97:92:a0:b1:33:17:d0:2f:
                    42:56:3e:1f:ed:45:0b:17:7a:19:84:78:2e:89:b3:
                    f8:21:33:c0:8b:84:72:d8:86:8a:30:3a:5b:2e:22:
                    92:cc:92:57:72:1c:81:fa:be:d5:8d:2a:33:ba:c8:
                    07:b8:78:77:97:22:a4:5a:97:27:cc:11:85:b9:a8:
                    b5:8a:b2:2b:e0:ea:30:3b:c8:22:8a:4c:f2:24:25:
                    46:18:1c:c1:5f:ae:22:57:91:71:01:e9:ab:6b:a2:
                    6c:a1:d2:d0:34:74:07:c5:2c:e7:d1:98:d8:bc:d7:
                    35:5f:f9:c5:98:36:6c:ef:6c:40:75:c5:0e:08:c9:
                    46:20:68:19:ed:f1:0c:74:82:95:32:11:de:0c:3c:
                    7d:21:6c:0a:f7:b1:26:ba:f9:56:3c:d1:f1:0b:99:
                    85:05:5d:ac:fe:61:41:b4:f9:98:6c:70:17:c6:72:
                    72:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B3:13:AE:C8:EE:F2:FD:0F:48:CC:B0:9B:4D:11:86:66:9F:BA:7B
            X509v3 Authority Key Identifier:
                keyid:D4:99:22:CA:8D:13:9A:4D:03:D6:D5:7C:BC:81:77:DC:05:FE:B9:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Jkiyo0Tmk0D1tV8vIF33AX-uew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/ebMTrsju8v0PSMywm00Rhmafuns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/5cecc0-2a53-4500-85ae-e8b60a2dd6b4/1/1Jkiyo0Tmk0D1tV8vIF33AX-uew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.237.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:78:bb:47:28:c2:46:53:41:fa:e6:c6:fb:60:f0:97:7f:e3:
         61:6c:fa:85:50:97:b6:60:d4:7d:8e:d2:a1:af:09:14:d9:34:
         ea:b7:09:de:9b:e8:23:0c:ed:6e:7e:f7:dc:91:98:30:40:13:
         57:5b:43:a6:53:79:0e:c2:70:28:45:ba:43:fb:88:44:df:44:
         81:f9:11:cb:39:fa:71:3c:76:2e:d5:0a:19:55:44:d2:62:a1:
         a1:03:71:e7:e9:d7:88:fc:18:1d:d3:c7:2e:3d:4f:78:8c:d7:
         52:60:a3:ee:65:c7:1a:92:88:fa:c0:8a:0b:25:3d:7d:c7:d3:
         cd:5a:b9:47:ac:99:66:d5:0e:fc:3c:3f:38:08:8f:31:81:a1:
         39:89:56:fd:52:d5:d5:03:b0:0a:0c:40:7b:fa:07:b4:87:c0:
         19:bf:ef:00:5c:ed:b2:c9:bd:47:da:eb:e7:0e:c5:43:21:46:
         ef:dc:25:a0:b2:45:7d:b6:c7:d1:54:83:d8:fb:53:e2:a9:3c:
         10:43:de:30:9d:8e:b7:9c:4d:a1:dc:a0:4d:4b:36:75:10:44:
         df:fd:91:a6:39:e5:34:86:23:fb:dd:21:3d:80:46:d8:f8:bc:
         a9:d7:62:d4:43:f0:02:b6:57:3d:5f:ec:b9:25:3b:29:ff:58:
         0e:35:2e:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8VZj4shkycpWgFHFNw8ZCmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OTkyMmNhOGQxMzlhNGQwM2Q2ZDU3Y2JjODE3N2RjMDVm
ZWI5ZWMwHhcNMjQwNDI1MTMxNjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWIzMTNhZWM4ZWVmMmZkMGY0OGNjYjA5YjRkMTE4NjY2OWZiYTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwpuQQaHsciB6aNDZk7glWTLkxmr
S3BbLzBxeU9BBwfCIJ23b7CRUsUbat8OOdhhme3Ur3/rJsTMtF32ha7cM7EJoLeJ
ksFkSfyS1MDdh0vwl5KgsTMX0C9CVj4f7UULF3oZhHguibP4ITPAi4Ry2IaKMDpb
LiKSzJJXchyB+r7VjSozusgHuHh3lyKkWpcnzBGFuai1irIr4OowO8giikzyJCVG
GBzBX64iV5FxAemra6JsodLQNHQHxSzn0ZjYvNc1X/nFmDZs72xAdcUOCMlGIGgZ
7fEMdIKVMhHeDDx9IWwK97EmuvlWPNHxC5mFBV2s/mFBtPmYbHAXxnJyywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmzE67I7vL9D0jMsJtNEYZmn7p7MB8GA1UdIwQY
MBaAFNSZIsqNE5pNA9bVfLyBd9wF/rnsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUt
ZThiNjBhMmRkNmI0LzEvZWJNVHJzanU4djBQU015d20wMFJobWFmdW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC81Y2VjYzAtMmE1My00NTAwLTg1YWUtZThiNjBhMmRkNmI0
LzEvMUpraXlvMFRtazBEMXRWOHZJRjMzQVgtdWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu3KMA0G
CSqGSIb3DQEBCwUAA4IBAQA0eLtHKMJGU0H65sb7YPCXf+NhbPqFUJe2YNR9jtKh
rwkU2TTqtwnem+gjDO1ufvfckZgwQBNXW0OmU3kOwnAoRbpD+4hE30SB+RHLOfpx
PHYu1QoZVUTSYqGhA3Hn6deI/Bgd08cuPU94jNdSYKPuZccakoj6wIoLJT19x9PN
WrlHrJlm1Q78PD84CI8xgaE5iVb9UtXVA7AKDEB7+ge0h8AZv+8AXO2yyb1H2uvn
DsVDIUbv3CWgskV9tsfRVIPY+1PiqTwQQ94wnY63nE2h3KBNSzZ1EETf/ZGmOeU0
hiP73SE9gEbY+Lyp12LUQ/ACtlc9X+y5JTsp/1gONS78
-----END CERTIFICATE-----