Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/_TUNxgdnH12PYmgIvUcY7X7i7PY.roa
File:                     _TUNxgdnH12PYmgIvUcY7X7i7PY.roa (raw, json)
Hash identifier:          Aqq9ohIBAAPhlWxNC7l3iTZBALhOFtbkJlIEF/lxubs=
Subject key identifier:   FD:35:0D:C6:07:67:1F:5D:8F:62:68:08:BD:47:18:ED:7E:E2:EC:F6
Certificate issuer:       /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial:       0192B8C42B7B10C8303A18828D3F706BD4F5
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/_TUNxgdnH12PYmgIvUcY7X7i7PY.roa
Signing time:             Wed 23 Oct 2024 09:45:16 +0000
ROA not before:           Wed 23 Oct 2024 09:45:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        178.212.58.0/24 maxlen: 24
                          178.212.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:c4:2b:7b:10:c8:30:3a:18:82:8d:3f:70:6b:d4:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
        Validity
            Not Before: Oct 23 09:45:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd350dc607671f5d8f626808bd4718ed7ee2ecf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:10:85:4f:96:cb:0f:52:7b:45:83:a9:34:40:
                    3d:4b:b9:db:75:c5:e7:c6:7d:ad:f9:2f:b2:eb:e2:
                    f2:6e:23:16:27:bd:a7:97:d4:eb:e4:cf:d8:7d:d4:
                    ba:65:f4:1a:bf:18:84:ef:a7:03:c8:93:72:ad:58:
                    9d:78:60:88:1d:d1:77:43:57:45:d1:7a:3d:83:fa:
                    44:25:e1:c4:dc:90:75:e6:d9:b7:68:a7:b9:06:e1:
                    3c:c0:35:33:8d:35:f1:41:db:6a:13:69:88:d4:a5:
                    96:f2:6a:a9:4e:7a:cd:11:63:f6:8e:ab:06:81:64:
                    77:8e:fe:16:c1:81:5a:41:91:10:11:99:0c:73:01:
                    fb:fe:5b:9f:6e:91:a3:d9:14:5c:eb:bb:e5:84:ac:
                    fa:38:7f:b0:99:28:c9:3f:63:fb:fb:37:86:c3:4b:
                    6e:cb:7c:c3:bc:29:50:a4:18:ad:5b:9c:3a:d8:83:
                    88:46:9a:1f:b6:b6:e9:ed:d4:4c:e7:0f:75:26:f2:
                    2f:8b:45:bc:4f:58:c3:bd:c5:04:75:b6:97:47:47:
                    74:49:00:ec:93:ba:ea:90:5b:33:62:13:ea:f4:42:
                    24:59:56:78:dc:ca:ad:39:32:a9:dd:d9:3d:24:bf:
                    d9:67:1f:81:c9:23:91:73:05:ca:60:f0:e7:4b:75:
                    f0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:35:0D:C6:07:67:1F:5D:8F:62:68:08:BD:47:18:ED:7E:E2:EC:F6
            X509v3 Authority Key Identifier:
                keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/_TUNxgdnH12PYmgIvUcY7X7i7PY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:e5:6c:ab:94:c5:0d:49:45:06:e4:d4:eb:67:87:2a:14:e6:
         16:3a:63:b7:87:90:28:55:2e:af:10:25:41:7b:a8:85:ce:92:
         50:f9:a1:58:a4:1a:cb:12:25:75:40:d2:39:df:3b:5c:34:65:
         9a:dd:a8:41:2d:99:9f:a8:ea:36:0b:07:4f:c5:77:78:e9:5e:
         09:0d:71:52:ae:70:30:81:12:ad:9e:4d:e8:40:d5:24:65:d5:
         9f:fb:e8:5e:ff:6b:c8:0e:9e:aa:7f:d1:69:66:50:77:c0:c8:
         04:3e:7c:18:92:93:fa:bd:a8:f7:0b:a8:5e:73:2b:01:3a:6e:
         59:79:39:e8:3a:b4:02:82:e0:58:7f:85:8e:b7:2d:11:b1:f5:
         1e:85:b3:18:b8:2f:f6:a0:d7:b6:b6:ca:9b:b7:68:d5:4c:c3:
         20:be:97:59:18:e3:6a:7e:0d:5a:94:4c:60:09:68:35:04:78:
         2a:68:f1:e3:0a:51:2a:ea:66:72:9b:b1:b9:54:63:af:c5:36:
         e7:46:65:de:0b:07:29:b5:7a:a9:ee:cc:0a:67:a8:56:f2:bc:
         c5:67:ac:18:0b:f4:e9:6e:d0:95:63:87:03:e7:94:39:5e:a3:
         b4:22:eb:25:15:39:8a:c2:22:55:be:a4:9d:50:df:b8:47:75:
         6c:61:70:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK4xCt7EMgwOhiCjT9wa9T1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjQxMDIzMDk0NTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDM1MGRjNjA3NjcxZjVkOGY2MjY4MDhiZDQ3MThlZDdlZTJlY2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhCFT5bLD1J7RYOpNEA9S7nbdcXn
xn2t+S+y6+LybiMWJ72nl9Tr5M/YfdS6ZfQavxiE76cDyJNyrVideGCIHdF3Q1dF
0Xo9g/pEJeHE3JB15tm3aKe5BuE8wDUzjTXxQdtqE2mI1KWW8mqpTnrNEWP2jqsG
gWR3jv4WwYFaQZEQEZkMcwH7/lufbpGj2RRc67vlhKz6OH+wmSjJP2P7+zeGw0tu
y3zDvClQpBitW5w62IOIRpoftrbp7dRM5w91JvIvi0W8T1jDvcUEdbaXR0d0SQDs
k7rqkFszYhPq9EIkWVZ43MqtOTKp3dk9JL/ZZx+BySORcwXKYPDnS3XwdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP01DcYHZx9dj2JoCL1HGO1+4uz2MB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvX1RVTnhnZG5IMTJQWW1nSXZVY1k3WDdpN1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBstQ6MA0G
CSqGSIb3DQEBCwUAA4IBAQB85WyrlMUNSUUG5NTrZ4cqFOYWOmO3h5AoVS6vECVB
e6iFzpJQ+aFYpBrLEiV1QNI53ztcNGWa3ahBLZmfqOo2CwdPxXd46V4JDXFSrnAw
gRKtnk3oQNUkZdWf++he/2vIDp6qf9FpZlB3wMgEPnwYkpP6vaj3C6hecysBOm5Z
eTnoOrQCguBYf4WOty0RsfUehbMYuC/2oNe2tsqbt2jVTMMgvpdZGONqfg1alExg
CWg1BHgqaPHjClEq6mZym7G5VGOvxTbnRmXeCwcptXqp7swKZ6hW8rzFZ6wYC/Tp
btCVY4cD55Q5XqO0IuslFTmKwiJVvqSdUN+4R3VsYXAt
-----END CERTIFICATE-----