Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/1nj4HGwg5MuYEbOWVgTH5X2QDQA.roa
File:                     1nj4HGwg5MuYEbOWVgTH5X2QDQA.roa (raw, json)
Hash identifier:          qftarU6yG2nJ3oAJOkWVrCfg4dwpOkoLKwJnQuLLSiY=
Subject key identifier:   D6:78:F8:1C:6C:20:E4:CB:98:11:B3:96:56:04:C7:E5:7D:90:0D:00
Certificate issuer:       /CN=e8f99cd884fb5cbab3f3b34e17a80a48adec3fe5
Certificate serial:       018CC86EF11D62806CB1745E4885BB5EA2EB
Authority key identifier: E8:F9:9C:D8:84:FB:5C:BA:B3:F3:B3:4E:17:A8:0A:48:AD:EC:3F:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Pmc2IT7XLqz87NOF6gKSK3sP-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/1nj4HGwg5MuYEbOWVgTH5X2QDQA.roa
Signing time:             Tue 02 Jan 2024 04:29:23 +0000
ROA not before:           Tue 02 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198268
IP address blocks:        178.175.182.0/23 maxlen: 23
                          178.175.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/6Pmc2IT7XLqz87NOF6gKSK3sP-U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/6Pmc2IT7XLqz87NOF6gKSK3sP-U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Pmc2IT7XLqz87NOF6gKSK3sP-U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f1:1d:62:80:6c:b1:74:5e:48:85:bb:5e:a2:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8f99cd884fb5cbab3f3b34e17a80a48adec3fe5
        Validity
            Not Before: Jan  2 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d678f81c6c20e4cb9811b3965604c7e57d900d00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0c:f5:84:61:f9:0b:61:02:39:ed:75:48:3a:
                    1b:be:ff:59:cc:ac:1a:a5:95:66:5c:6b:1d:9d:a8:
                    b2:ca:d6:32:9d:6c:e6:28:7e:ef:5c:e4:1a:18:c3:
                    07:00:fa:60:d3:55:17:80:97:48:9a:1a:b5:27:35:
                    eb:59:86:44:d7:12:cf:d7:3e:49:9b:19:2a:7b:ea:
                    45:eb:82:10:e4:63:b9:f3:fc:6a:f1:64:6d:aa:13:
                    25:54:88:5a:94:02:68:61:5b:84:38:84:a8:44:a6:
                    e4:e9:09:ad:6e:6c:84:6d:a3:7b:d5:7e:4c:70:c9:
                    de:4f:88:a0:da:ff:26:f5:00:d3:be:a8:33:41:d1:
                    3b:0e:4c:7f:ea:84:d3:c8:93:f3:4f:93:fe:e5:e4:
                    c8:ab:64:8a:07:46:42:10:20:1b:5d:82:5d:d9:5e:
                    dd:fe:a8:d1:77:6d:e1:ef:b7:94:cc:cd:47:44:44:
                    b4:69:c7:ca:e8:1b:d8:4c:0b:2b:6c:23:d4:3d:03:
                    d5:f4:14:2e:92:58:fc:81:6d:b2:19:33:f3:32:7f:
                    2b:b2:70:9c:96:33:f5:56:e6:7e:84:ed:15:60:ba:
                    9b:63:66:2b:3a:f7:64:7e:27:b6:b1:e3:22:7d:9c:
                    2d:21:7b:d7:d9:94:be:e6:8c:30:a5:7e:73:10:5e:
                    de:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:78:F8:1C:6C:20:E4:CB:98:11:B3:96:56:04:C7:E5:7D:90:0D:00
            X509v3 Authority Key Identifier:
                keyid:E8:F9:9C:D8:84:FB:5C:BA:B3:F3:B3:4E:17:A8:0A:48:AD:EC:3F:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Pmc2IT7XLqz87NOF6gKSK3sP-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/1nj4HGwg5MuYEbOWVgTH5X2QDQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/d85bc7-58a6-407a-8acb-7509f7f4c5a6/1/6Pmc2IT7XLqz87NOF6gKSK3sP-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:db:d3:89:1d:4a:b0:41:d0:5a:54:4d:55:0b:70:97:83:ee:
         c8:a7:21:76:cf:8e:ca:93:fb:55:ab:5b:55:16:5b:a6:25:4f:
         4c:cc:30:80:44:57:51:96:2d:54:18:61:49:d7:c7:f6:fc:aa:
         4c:c6:3d:af:91:56:5c:87:a2:98:11:45:89:db:b5:23:f5:8b:
         99:2f:86:f6:57:99:a1:6e:1b:27:c2:e0:5f:38:89:8f:14:11:
         d8:47:3b:fa:ca:bd:cc:ef:7b:3f:b9:a8:9c:34:bd:81:9c:22:
         cf:ec:b2:a6:12:99:be:7d:10:ae:7c:e7:01:74:aa:2a:f6:e5:
         44:34:6f:e4:05:41:42:89:0a:6c:1b:50:ec:58:e2:80:bc:3c:
         86:21:ef:aa:15:b8:29:69:d6:40:50:d8:14:25:ce:a1:1a:67:
         dd:f8:71:48:f1:f0:98:c5:38:1a:38:98:62:32:07:60:87:38:
         42:83:f7:43:d0:b1:22:05:1c:01:a0:94:89:69:72:c6:3a:da:
         ce:26:07:5f:f4:6a:a5:6d:42:95:54:d0:66:f6:1c:c4:dc:58:
         12:d4:23:ef:c5:be:f4:58:11:c1:0c:ca:b4:e6:b0:c6:70:92:
         65:b2:46:b1:ad:a0:c6:10:5b:f9:94:4b:57:d6:3c:fe:0e:31:
         4b:57:13:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvEdYoBssXReSIW7XqLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4Zjk5Y2Q4ODRmYjVjYmFiM2YzYjM0ZTE3YTgwYTQ4YWRl
YzNmZTUwHhcNMjQwMTAyMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjc4ZjgxYzZjMjBlNGNiOTgxMWIzOTY1NjA0YzdlNTdkOTAwZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQz1hGH5C2ECOe11SDobvv9ZzKwa
pZVmXGsdnaiyytYynWzmKH7vXOQaGMMHAPpg01UXgJdImhq1JzXrWYZE1xLP1z5J
mxkqe+pF64IQ5GO58/xq8WRtqhMlVIhalAJoYVuEOISoRKbk6QmtbmyEbaN71X5M
cMneT4ig2v8m9QDTvqgzQdE7Dkx/6oTTyJPzT5P+5eTIq2SKB0ZCECAbXYJd2V7d
/qjRd23h77eUzM1HRES0acfK6BvYTAsrbCPUPQPV9BQuklj8gW2yGTPzMn8rsnCc
ljP1VuZ+hO0VYLqbY2YrOvdkfie2seMifZwtIXvX2ZS+5owwpX5zEF7emwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZ4+BxsIOTLmBGzllYEx+V9kA0AMB8GA1UdIwQY
MBaAFOj5nNiE+1y6s/OzTheoCkit7D/lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlBtYzJJVDdYTHF6ODdOT0Y2Z0tTSzNzUC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9kODViYzctNThhNi00MDdhLThhY2It
NzUwOWY3ZjRjNWE2LzEvMW5qNEhHd2c1TXVZRWJPV1ZnVEg1WDJRRFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9kODViYzctNThhNi00MDdhLThhY2ItNzUwOWY3ZjRjNWE2
LzEvNlBtYzJJVDdYTHF6ODdOT0Y2Z0tTSzNzUC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsq+2MA0G
CSqGSIb3DQEBCwUAA4IBAQCu29OJHUqwQdBaVE1VC3CXg+7IpyF2z47Kk/tVq1tV
FlumJU9MzDCARFdRli1UGGFJ18f2/KpMxj2vkVZch6KYEUWJ27Uj9YuZL4b2V5mh
bhsnwuBfOImPFBHYRzv6yr3M73s/uaicNL2BnCLP7LKmEpm+fRCufOcBdKoq9uVE
NG/kBUFCiQpsG1DsWOKAvDyGIe+qFbgpadZAUNgUJc6hGmfd+HFI8fCYxTgaOJhi
MgdghzhCg/dD0LEiBRwBoJSJaXLGOtrOJgdf9GqlbUKVVNBm9hzE3FgS1CPvxb70
WBHBDMq05rDGcJJlskaxraDGEFv5lEtX1jz+DjFLVxMt
-----END CERTIFICATE-----