Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/y0nCAue1MnTF6z40rGVEYWUm5nk.roa
File:                     y0nCAue1MnTF6z40rGVEYWUm5nk.roa (raw, json)
Hash identifier:          ub6grVQWy25aeX8TqOwo/NevrTVO0jPOhhkG3CGkjOE=
Subject key identifier:   CB:49:C2:02:E7:B5:32:74:C5:EB:3E:34:AC:65:44:61:65:26:E6:79
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BD6EFF8346B9C7E3B53BED3F0ABCC
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/y0nCAue1MnTF6z40rGVEYWUm5nk.roa
Signing time:             Thu 02 Jan 2025 09:49:49 +0000
ROA not before:           Thu 02 Jan 2025 09:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34656
IP address blocks:        178.16.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 01:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d6:ef:f8:34:6b:9c:7e:3b:53:be:d3:f0:ab:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb49c202e7b53274c5eb3e34ac6544616526e679
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:df:36:5c:d4:5e:c5:6f:ac:28:b6:f5:9a:19:
                    7d:dd:3c:06:98:2c:77:6f:92:55:e0:17:8f:67:db:
                    07:3a:d8:e4:7d:80:d0:d9:88:85:26:1b:5b:6c:b3:
                    b9:ee:da:3c:0a:e9:4d:82:6e:a7:1c:cf:d0:32:89:
                    ae:9f:4c:b6:9d:c5:d0:85:97:bc:c7:83:bf:b3:98:
                    83:58:ad:8c:ac:0f:6e:c2:6f:d9:76:0a:5c:aa:55:
                    0a:f2:6d:56:cd:e4:cb:82:d6:89:e3:01:e1:fc:2d:
                    26:57:90:7f:0c:a3:63:bf:93:35:e7:3f:6f:08:66:
                    40:0a:e0:e5:af:f1:e3:42:21:64:3d:28:58:c1:b3:
                    8f:6a:e8:a6:f3:30:9f:a1:f3:67:ae:5e:ff:be:8e:
                    e1:2f:ef:80:70:ed:64:92:29:2a:ab:28:53:e9:18:
                    96:c4:87:c1:90:36:16:81:49:63:02:3d:b1:9b:c7:
                    60:8f:54:36:8b:12:1e:cc:91:02:bc:c6:20:aa:ca:
                    e3:8f:a4:2a:a7:3d:60:eb:14:df:88:93:57:3c:72:
                    4c:7b:01:01:64:c1:22:3f:16:96:d2:07:f1:79:37:
                    63:1c:be:bc:b1:d7:5a:96:a2:7d:2c:8c:08:a2:83:
                    27:8a:0e:46:58:8d:e7:a1:18:9e:c8:f7:b0:bf:27:
                    a2:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:49:C2:02:E7:B5:32:74:C5:EB:3E:34:AC:65:44:61:65:26:E6:79
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/y0nCAue1MnTF6z40rGVEYWUm5nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:dc:c7:af:e7:7e:1f:a2:b2:ac:30:6f:71:e4:c3:86:f4:90:
         8c:b8:b5:28:e7:77:47:45:a1:39:d7:7a:b3:e8:11:25:e8:0c:
         81:a3:dd:5b:80:b1:6c:10:3e:99:fa:1b:c5:cd:6f:1b:10:f8:
         74:2d:51:ea:0c:8e:2d:b9:de:db:b1:1c:f8:05:51:9f:4e:1f:
         00:0d:b8:0f:7e:4c:96:24:00:77:a9:05:1c:ae:70:1f:36:b8:
         3b:3d:c5:f0:6d:cd:9c:6e:55:fe:55:d7:5f:b0:55:ca:e1:29:
         46:96:b3:80:ae:de:96:57:9b:ae:79:c9:b4:db:a8:53:48:fd:
         02:0b:d9:d2:18:e9:9c:ce:3e:e6:0e:97:29:4e:81:e6:b0:38:
         04:30:89:b8:d6:b6:52:81:a0:64:36:3e:0c:e7:3e:f6:c6:5d:
         b9:b7:73:6c:7a:df:4b:f0:29:b3:8e:7d:07:c6:8d:43:41:32:
         1c:a5:ec:3c:5e:a5:c8:06:a2:b3:cd:ee:d1:04:bb:39:a7:75:
         80:2a:ad:e0:78:31:98:0c:62:96:94:55:3a:98:7d:06:fc:87:
         f4:8d:19:ea:60:d5:33:3e:e6:ce:e5:dc:83:fc:0c:16:57:ed:
         0a:66:2c:c9:07:8b:40:f6:08:e4:57:14:76:2b:13:2f:dd:5e:
         cf:24:e5:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9bv+DRrnH47U77T8KvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjQ5YzIwMmU3YjUzMjc0YzVlYjNlMzRhYzY1NDQ2MTY1MjZlNjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAut82XNRexW+sKLb1mhl93TwGmCx3
b5JV4BePZ9sHOtjkfYDQ2YiFJhtbbLO57to8CulNgm6nHM/QMomun0y2ncXQhZe8
x4O/s5iDWK2MrA9uwm/ZdgpcqlUK8m1WzeTLgtaJ4wHh/C0mV5B/DKNjv5M15z9v
CGZACuDlr/HjQiFkPShYwbOPauim8zCfofNnrl7/vo7hL++AcO1kkikqqyhT6RiW
xIfBkDYWgUljAj2xm8dgj1Q2ixIezJECvMYgqsrjj6Qqpz1g6xTfiJNXPHJMewEB
ZMEiPxaW0gfxeTdjHL68sddalqJ9LIwIooMnig5GWI3noRieyPewvyeiGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtJwgLntTJ0xes+NKxlRGFlJuZ5MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEveTBuQ0F1ZTFNblRGNno0MHJHVkVZV1VtNW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshB3MA0G
CSqGSIb3DQEBCwUAA4IBAQBy3Mev534forKsMG9x5MOG9JCMuLUo53dHRaE513qz
6BEl6AyBo91bgLFsED6Z+hvFzW8bEPh0LVHqDI4tud7bsRz4BVGfTh8ADbgPfkyW
JAB3qQUcrnAfNrg7PcXwbc2cblX+VddfsFXK4SlGlrOArt6WV5uuecm026hTSP0C
C9nSGOmczj7mDpcpToHmsDgEMIm41rZSgaBkNj4M5z72xl25t3Nset9L8Cmzjn0H
xo1DQTIcpew8XqXIBqKzze7RBLs5p3WAKq3geDGYDGKWlFU6mH0G/If0jRnqYNUz
PubO5dyD/AwWV+0KZizJB4tA9gjkVxR2KxMv3V7PJOUh
-----END CERTIFICATE-----