Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/1b78cd-d005-492c-9167-1bf868a03538/1/HeUZphYprJfrsKa7q-nn6-VVcXg.roa
File:                     HeUZphYprJfrsKa7q-nn6-VVcXg.roa (raw, json)
Hash identifier:          Ahmn/uiYfoljfJieKyus83NK1etVQJGy7pyV8006JBs=
Subject key identifier:   1D:E5:19:A6:16:29:AC:97:EB:B0:A6:BB:AB:E9:E7:EB:E5:55:71:78
Certificate issuer:       /CN=0148d2ca8a2b43b6cad25b22265354fe303911a0
Certificate serial:       018CC26D10674211833ED3C415DE8B6BEC1A
Authority key identifier: 01:48:D2:CA:8A:2B:43:B6:CA:D2:5B:22:26:53:54:FE:30:39:11:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUjSyoorQ7bK0lsiJlNU_jA5EaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/1b78cd-d005-492c-9167-1bf868a03538/1/HeUZphYprJfrsKa7q-nn6-VVcXg.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28924
IP address blocks:        193.178.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/1b78cd-d005-492c-9167-1bf868a03538/1/AUjSyoorQ7bK0lsiJlNU_jA5EaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/1b78cd-d005-492c-9167-1bf868a03538/1/AUjSyoorQ7bK0lsiJlNU_jA5EaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUjSyoorQ7bK0lsiJlNU_jA5EaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 10:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:10:67:42:11:83:3e:d3:c4:15:de:8b:6b:ec:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0148d2ca8a2b43b6cad25b22265354fe303911a0
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1de519a61629ac97ebb0a6bbabe9e7ebe5557178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4b:20:25:b5:b8:6c:7e:a3:33:8d:f9:d5:86:
                    b7:12:33:90:f8:d1:d7:a4:79:dc:86:9e:70:26:86:
                    e2:2f:87:73:8b:4b:50:1a:3f:62:16:47:72:69:7f:
                    4c:26:6a:87:c4:81:c1:78:e5:51:ec:57:a0:8f:7e:
                    1e:92:71:fb:03:fd:07:f8:1d:a5:bd:66:3c:7b:9b:
                    60:6f:4d:0c:13:39:b5:d3:f7:6b:b5:d9:0a:e3:8e:
                    f2:f8:1b:23:63:e3:57:c8:e4:fd:b2:b2:86:79:14:
                    a9:ef:ef:8b:33:c4:2d:66:b1:cf:42:3b:2f:0c:9f:
                    30:f2:11:87:ac:9e:0a:fb:97:2c:61:d9:5a:99:e4:
                    07:cb:33:62:f3:5e:ec:ff:34:9c:37:36:10:be:ef:
                    e5:b8:87:77:60:ff:86:6b:1e:29:a4:27:15:02:ea:
                    25:78:6a:55:91:aa:16:06:db:9e:c6:7d:46:7f:f5:
                    9e:8a:3d:aa:9a:a7:d5:6e:ed:e5:5c:da:1c:c8:23:
                    10:4a:2d:71:45:41:30:29:c8:d4:0b:35:88:cd:b2:
                    8b:fb:cb:1d:a9:8e:2c:c8:69:f5:e3:37:39:a6:b2:
                    c2:e9:c0:8d:fe:77:b7:77:e4:e7:c8:b9:a0:1c:83:
                    64:25:03:fa:eb:59:0f:25:3e:95:32:6c:e9:64:91:
                    a6:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E5:19:A6:16:29:AC:97:EB:B0:A6:BB:AB:E9:E7:EB:E5:55:71:78
            X509v3 Authority Key Identifier:
                keyid:01:48:D2:CA:8A:2B:43:B6:CA:D2:5B:22:26:53:54:FE:30:39:11:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUjSyoorQ7bK0lsiJlNU_jA5EaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b78cd-d005-492c-9167-1bf868a03538/1/HeUZphYprJfrsKa7q-nn6-VVcXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/1b78cd-d005-492c-9167-1bf868a03538/1/AUjSyoorQ7bK0lsiJlNU_jA5EaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:b2:5f:a0:a6:cd:93:d5:6d:3a:a7:43:4a:96:fa:58:c4:66:
         33:36:e0:70:5a:a0:2c:27:50:d0:35:12:d9:ee:85:a7:f9:39:
         fe:19:3f:ac:2f:86:6c:4a:46:ae:ec:d8:71:73:19:2f:eb:0f:
         2d:d3:2f:58:ab:b1:83:6f:8e:12:e6:56:a1:f8:9e:61:2d:72:
         51:f4:fd:2f:17:c1:78:35:78:e9:f4:a6:e2:1b:95:2e:32:90:
         59:a1:f1:fd:43:ba:8f:aa:e1:be:6d:72:a0:73:e8:7a:7a:85:
         67:59:2e:de:bb:2c:83:ea:78:6e:0b:70:b8:e5:0c:56:a3:d5:
         36:0e:c3:76:07:d7:7c:17:39:b6:92:38:3a:51:c2:27:b8:78:
         8b:82:41:ef:72:09:d6:fa:74:d4:80:65:a8:66:25:a2:ae:c5:
         e7:4b:7b:18:38:0a:5c:ad:7d:89:a0:ab:6f:73:be:18:9a:68:
         79:7e:e7:f7:9a:46:eb:b0:58:18:7d:b4:a1:9d:1b:19:3b:fc:
         60:5c:7b:7b:70:68:58:98:46:1d:f1:49:a6:9b:d3:21:6e:3d:
         f6:3c:27:b0:d3:81:ac:cb:ca:23:48:73:78:a7:c6:69:68:9c:
         fa:ae:e3:a0:fa:d9:f1:2b:00:8c:4d:8a:ff:cf:8e:88:d5:fe:
         c8:2e:9f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbRBnQhGDPtPEFd6La+waMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDhkMmNhOGEyYjQzYjZjYWQyNWIyMjI2NTM1NGZlMzAz
OTExYTAwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGU1MTlhNjE2MjlhYzk3ZWJiMGE2YmJhYmU5ZTdlYmU1NTU3MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjksgJbW4bH6jM4351Ya3EjOQ+NHX
pHnchp5wJobiL4dzi0tQGj9iFkdyaX9MJmqHxIHBeOVR7Fegj34eknH7A/0H+B2l
vWY8e5tgb00MEzm10/drtdkK447y+BsjY+NXyOT9srKGeRSp7++LM8QtZrHPQjsv
DJ8w8hGHrJ4K+5csYdlameQHyzNi817s/zScNzYQvu/luId3YP+Gax4ppCcVAuol
eGpVkaoWBtuexn1Gf/Weij2qmqfVbu3lXNocyCMQSi1xRUEwKcjUCzWIzbKL+8sd
qY4syGn14zc5prLC6cCN/ne3d+TnyLmgHINkJQP661kPJT6VMmzpZJGmEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3lGaYWKayX67Cmu6vp5+vlVXF4MB8GA1UdIwQY
MBaAFAFI0sqKK0O2ytJbIiZTVP4wORGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVqU3lvb3JRN2JLMGxzaUpsTlVfakE1RWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xYjc4Y2QtZDAwNS00OTJjLTkxNjct
MWJmODY4YTAzNTM4LzEvSGVVWnBoWXBySmZyc0thN3Etbm42LVZWY1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xYjc4Y2QtZDAwNS00OTJjLTkxNjctMWJmODY4YTAzNTM4
LzEvQVVqU3lvb3JRN2JLMGxzaUpsTlVfakE1RWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbJ3MA0G
CSqGSIb3DQEBCwUAA4IBAQAbsl+gps2T1W06p0NKlvpYxGYzNuBwWqAsJ1DQNRLZ
7oWn+Tn+GT+sL4ZsSkau7Nhxcxkv6w8t0y9Yq7GDb44S5lah+J5hLXJR9P0vF8F4
NXjp9KbiG5UuMpBZofH9Q7qPquG+bXKgc+h6eoVnWS7euyyD6nhuC3C45QxWo9U2
DsN2B9d8Fzm2kjg6UcInuHiLgkHvcgnW+nTUgGWoZiWirsXnS3sYOApcrX2JoKtv
c74Ymmh5fuf3mkbrsFgYfbShnRsZO/xgXHt7cGhYmEYd8Ummm9Mhbj32PCew04Gs
y8ojSHN4p8ZpaJz6ruOg+tnxKwCMTYr/z46I1f7ILp+w
-----END CERTIFICATE-----