Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/eBrn60Df7uG_ub_L-IV105lzs58.roa
File:                     eBrn60Df7uG_ub_L-IV105lzs58.roa (raw, json)
Hash identifier:          O8+G2XvuPwR1yEXnK+zmEZeJLzoyxFForxI59j5WNAY=
Subject key identifier:   78:1A:E7:EB:40:DF:EE:E1:BF:B9:BF:CB:F8:85:75:D3:99:73:B3:9F
Certificate issuer:       /CN=d298a0714cc1bf25ac7c7f1cf6c2886c8c6192a3
Certificate serial:       019421B21BF49B165294099598A8120C21D6
Authority key identifier: D2:98:A0:71:4C:C1:BF:25:AC:7C:7F:1C:F6:C2:88:6C:8C:61:92:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0pigcUzBvyWsfH8c9sKIbIxhkqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/eBrn60Df7uG_ub_L-IV105lzs58.roa
Signing time:             Wed 01 Jan 2025 11:48:28 +0000
ROA not before:           Wed 01 Jan 2025 11:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        176.120.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/0pigcUzBvyWsfH8c9sKIbIxhkqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/0pigcUzBvyWsfH8c9sKIbIxhkqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0pigcUzBvyWsfH8c9sKIbIxhkqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1b:f4:9b:16:52:94:09:95:98:a8:12:0c:21:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d298a0714cc1bf25ac7c7f1cf6c2886c8c6192a3
        Validity
            Not Before: Jan  1 11:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=781ae7eb40dfeee1bfb9bfcbf88575d39973b39f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:35:f1:9e:32:1b:0e:76:e8:df:80:36:97:4c:
                    46:85:32:7b:e9:41:40:49:1a:85:f7:85:eb:77:b6:
                    a1:1f:33:11:fb:b0:e7:64:f6:db:1a:2c:cb:76:bc:
                    2d:ea:8f:f5:b7:fa:97:65:da:ce:9f:4d:22:7c:69:
                    9d:f8:43:74:34:2a:b2:ea:00:2c:6b:78:45:f6:0a:
                    96:af:4f:9c:1b:bc:7b:0b:63:7d:d2:5c:11:15:4a:
                    da:9c:b2:95:37:05:98:49:76:9c:84:92:ee:2d:9c:
                    5a:22:ff:4f:fb:f4:6e:96:13:24:80:aa:d8:92:27:
                    c9:86:5a:56:12:26:2d:1a:d7:33:aa:08:62:33:bd:
                    4d:89:79:fd:52:b3:22:82:23:e4:e2:b4:9c:a8:66:
                    1b:cd:f4:07:25:92:5b:9b:f9:09:5c:2b:21:09:be:
                    6e:67:5d:fb:a2:1b:b8:6e:fe:da:24:6b:21:76:f5:
                    df:57:73:72:fd:b8:10:68:df:ac:f8:10:d3:0f:0f:
                    2d:dd:25:26:1a:a8:02:7c:8a:cd:1d:43:15:66:32:
                    96:2e:7b:39:3c:54:31:07:06:97:7c:5c:6f:07:b8:
                    73:b9:56:61:74:3a:5a:2c:f4:f4:6b:89:02:79:77:
                    08:98:9a:d0:64:0e:c6:27:86:ba:c2:92:a1:af:91:
                    9c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:1A:E7:EB:40:DF:EE:E1:BF:B9:BF:CB:F8:85:75:D3:99:73:B3:9F
            X509v3 Authority Key Identifier:
                keyid:D2:98:A0:71:4C:C1:BF:25:AC:7C:7F:1C:F6:C2:88:6C:8C:61:92:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0pigcUzBvyWsfH8c9sKIbIxhkqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/eBrn60Df7uG_ub_L-IV105lzs58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/0pigcUzBvyWsfH8c9sKIbIxhkqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:c8:9f:7c:94:73:a1:a8:1f:df:da:70:35:68:22:08:a7:02:
         93:cb:9d:39:52:6c:ea:57:be:12:72:a4:57:f4:af:dd:7b:93:
         64:88:60:df:37:92:38:a3:32:3e:86:6c:cc:3a:e8:c8:c3:ed:
         87:d6:b3:40:61:0c:24:3d:ad:ff:c5:11:22:3b:45:4b:15:2f:
         a2:f0:31:60:17:44:6c:a8:06:cd:05:33:d7:8c:0f:f3:8b:71:
         26:fe:a6:cc:0c:86:ce:55:09:49:36:ee:9e:e1:35:b9:7c:ea:
         31:c0:07:0a:e6:06:49:cf:80:67:f1:74:56:1b:00:e4:b7:7a:
         12:85:67:1f:18:0c:f0:0b:2b:c0:5c:8f:59:c6:06:a2:e0:99:
         3e:55:1e:ac:3d:ba:87:e0:82:d6:d3:93:45:6f:95:8a:1b:ed:
         6d:9c:10:de:6d:29:b3:fa:5b:92:89:60:03:70:5c:66:56:c7:
         a5:9d:38:95:ab:ad:5b:db:43:8d:d9:f0:8c:2a:34:77:07:d9:
         69:7e:60:63:e8:2c:ca:65:39:7f:8d:01:d9:d8:0f:1c:a0:1b:
         ea:7a:74:c0:20:2a:38:68:96:30:c6:f5:3b:65:c9:02:49:4e:
         bb:b8:3f:28:1c:df:ae:87:d1:9f:65:04:8a:64:0f:ff:0b:f8:
         54:61:1f:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshv0mxZSlAmVmKgSDCHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOThhMDcxNGNjMWJmMjVhYzdjN2YxY2Y2YzI4ODZjOGM2
MTkyYTMwHhcNMjUwMTAxMTE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODFhZTdlYjQwZGZlZWUxYmZiOWJmY2JmODg1NzVkMzk5NzNiMzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjXxnjIbDnbo34A2l0xGhTJ76UFA
SRqF94Xrd7ahHzMR+7DnZPbbGizLdrwt6o/1t/qXZdrOn00ifGmd+EN0NCqy6gAs
a3hF9gqWr0+cG7x7C2N90lwRFUranLKVNwWYSXachJLuLZxaIv9P+/RulhMkgKrY
kifJhlpWEiYtGtczqghiM71NiXn9UrMigiPk4rScqGYbzfQHJZJbm/kJXCshCb5u
Z137ohu4bv7aJGshdvXfV3Ny/bgQaN+s+BDTDw8t3SUmGqgCfIrNHUMVZjKWLns5
PFQxBwaXfFxvB7hzuVZhdDpaLPT0a4kCeXcImJrQZA7GJ4a6wpKhr5GcbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHga5+tA3+7hv7m/y/iFddOZc7OfMB8GA1UdIwQY
MBaAFNKYoHFMwb8lrHx/HPbCiGyMYZKjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHBpZ2NVekJ2eVdzZkg4YzlzS0liSXhoa3FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kOTdhZWEtZmEzMi00NmRhLTg1MWUt
NzVhNDcyNWFhNmZkLzEvZUJybjYwRGY3dUdfdWJfTC1JVjEwNWx6czU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kOTdhZWEtZmEzMi00NmRhLTg1MWUtNzVhNDcyNWFhNmZk
LzEvMHBpZ2NVekJ2eVdzZkg4YzlzS0liSXhoa3FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHgSMA0G
CSqGSIb3DQEBCwUAA4IBAQDPyJ98lHOhqB/f2nA1aCIIpwKTy505UmzqV74ScqRX
9K/de5NkiGDfN5I4ozI+hmzMOujIw+2H1rNAYQwkPa3/xREiO0VLFS+i8DFgF0Rs
qAbNBTPXjA/zi3Em/qbMDIbOVQlJNu6e4TW5fOoxwAcK5gZJz4Bn8XRWGwDkt3oS
hWcfGAzwCyvAXI9Zxgai4Jk+VR6sPbqH4ILW05NFb5WKG+1tnBDebSmz+luSiWAD
cFxmVselnTiVq61b20ON2fCMKjR3B9lpfmBj6CzKZTl/jQHZ2A8coBvqenTAICo4
aJYwxvU7ZckCSU67uD8oHN+uh9GfZQSKZA//C/hUYR/T
-----END CERTIFICATE-----