Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_8ZQWuUaGZ9feBTbscjwZbx48pM.roa
File:                     _8ZQWuUaGZ9feBTbscjwZbx48pM.roa (raw, json)
Hash identifier:          TNfC23AEZS88V+zreqHVoePX0RM2CaFufz271/b9FGE=
Subject key identifier:   FF:C6:50:5A:E5:1A:19:9F:5F:78:14:DB:B1:C8:F0:65:BC:78:F2:93
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019427B55C4AC3A1C5E63A6E10DD9E2BAB7A
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_8ZQWuUaGZ9feBTbscjwZbx48pM.roa
Signing time:             Thu 02 Jan 2025 15:49:44 +0000
ROA not before:           Thu 02 Jan 2025 15:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205786
IP address blocks:        178.253.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5c:4a:c3:a1:c5:e6:3a:6e:10:dd:9e:2b:ab:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  2 15:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffc6505ae51a199f5f7814dbb1c8f065bc78f293
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:41:fc:2c:27:a7:1a:78:69:34:04:d6:6a:1e:
                    6b:d7:78:52:a1:18:73:5e:f6:f3:2c:60:e4:db:f0:
                    03:ae:c1:be:79:4f:5d:e7:aa:af:79:35:da:f5:6e:
                    f9:14:b6:e6:85:63:5a:bc:42:5a:e4:69:cf:58:ea:
                    93:2b:2e:82:aa:8d:9e:a7:27:a7:87:5f:78:6e:d3:
                    51:ce:e9:e1:59:35:30:98:28:84:51:27:65:b2:b6:
                    23:03:b1:07:49:bb:06:06:49:2c:5c:7c:4a:4a:2e:
                    8a:90:ed:47:c4:9c:a0:55:71:0b:c6:0b:98:21:1f:
                    b6:11:30:1f:9e:f6:2c:53:06:8b:18:3f:36:61:21:
                    4f:97:78:26:7b:82:33:f2:99:b1:ca:29:76:d7:62:
                    85:2f:40:b8:92:f8:d7:4e:52:aa:1b:94:2d:fd:42:
                    f7:55:19:25:5d:a0:1f:22:5f:4d:68:96:8e:f2:2e:
                    6b:79:a5:31:0f:7e:85:86:07:86:74:14:aa:ce:8a:
                    59:cd:04:b2:b1:d1:52:8a:36:63:3a:7a:2c:57:2d:
                    a2:c1:1b:4a:52:9e:b9:1d:62:8b:19:cd:ba:9d:e9:
                    50:b2:7d:07:0a:67:6d:c5:63:f8:d8:cc:37:b0:05:
                    b2:0f:6e:a1:01:3b:34:e2:c8:cc:09:db:d1:b1:33:
                    f0:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:C6:50:5A:E5:1A:19:9F:5F:78:14:DB:B1:C8:F0:65:BC:78:F2:93
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/_8ZQWuUaGZ9feBTbscjwZbx48pM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:03:89:a4:73:73:79:da:23:a0:47:47:27:6a:b0:a7:a6:36:
         25:6f:7c:c5:bb:02:a9:5e:44:45:c2:e6:95:82:9c:30:d1:3c:
         cc:75:38:16:25:e3:ab:9e:63:a3:91:b8:7f:58:20:ac:36:2a:
         87:4a:d2:cd:38:df:f4:b9:3f:e5:c9:5e:01:e8:18:3d:92:d9:
         9c:e7:e3:69:e8:64:fb:6e:ca:8b:9d:74:0f:a5:8e:57:22:7f:
         e5:57:1f:0b:28:f1:10:f8:02:b5:3d:0d:5a:87:6e:aa:59:ec:
         e4:77:38:d0:0e:29:f1:4f:9f:09:7a:9d:4f:46:dd:fe:20:12:
         d8:12:48:99:a5:05:e5:38:5d:a2:80:ce:77:6a:f8:22:d6:c4:
         87:1d:1a:5b:44:5b:c7:17:ad:36:6d:83:84:84:43:07:7c:d9:
         2b:0e:7b:5c:b3:b7:04:14:b1:fe:1d:52:fb:e3:0f:59:12:61:
         a4:fd:07:13:4e:ee:b5:43:65:ec:b1:0b:6b:de:e0:3a:cf:08:
         e8:5c:6a:0a:05:9c:bf:63:9f:8a:69:64:28:1a:54:0e:82:21:
         d6:16:cc:e4:f4:3f:71:b8:08:c2:f7:95:e0:b2:05:2e:e8:04:
         4c:7f:31:10:80:75:5c:5b:bc:3e:43:cc:3b:fc:cd:66:cc:16:
         03:90:26:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntVxKw6HF5jpuEN2eK6t6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUwMTAyMTU0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmM2NTA1YWU1MWExOTlmNWY3ODE0ZGJiMWM4ZjA2NWJjNzhmMjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9UH8LCenGnhpNATWah5r13hSoRhz
XvbzLGDk2/ADrsG+eU9d56qveTXa9W75FLbmhWNavEJa5GnPWOqTKy6Cqo2epyen
h194btNRzunhWTUwmCiEUSdlsrYjA7EHSbsGBkksXHxKSi6KkO1HxJygVXELxguY
IR+2ETAfnvYsUwaLGD82YSFPl3gme4Iz8pmxyil212KFL0C4kvjXTlKqG5Qt/UL3
VRklXaAfIl9NaJaO8i5reaUxD36FhgeGdBSqzopZzQSysdFSijZjOnosVy2iwRtK
Up65HWKLGc26nelQsn0HCmdtxWP42Mw3sAWyD26hATs04sjMCdvRsTPw2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/GUFrlGhmfX3gU27HI8GW8ePKTMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvXzhaUVd1VWFHWjlmZUJUYnNjandaYng0OHBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv33MA0G
CSqGSIb3DQEBCwUAA4IBAQCVA4mkc3N52iOgR0cnarCnpjYlb3zFuwKpXkRFwuaV
gpww0TzMdTgWJeOrnmOjkbh/WCCsNiqHStLNON/0uT/lyV4B6Bg9ktmc5+Np6GT7
bsqLnXQPpY5XIn/lVx8LKPEQ+AK1PQ1ah26qWezkdzjQDinxT58Jep1PRt3+IBLY
EkiZpQXlOF2igM53avgi1sSHHRpbRFvHF602bYOEhEMHfNkrDntcs7cEFLH+HVL7
4w9ZEmGk/QcTTu61Q2XssQtr3uA6zwjoXGoKBZy/Y5+KaWQoGlQOgiHWFszk9D9x
uAjC95XgsgUu6ARMfzEQgHVcW7w+Q8w7/M1mzBYDkCaB
-----END CERTIFICATE-----