Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/FHjjaCL7QaSxR7Yf_uDdz3cQhuA.roa
File:                     FHjjaCL7QaSxR7Yf_uDdz3cQhuA.roa (raw, json)
Hash identifier:          Brv6WLVF3QRBSayqPg/J2H5JWwF8VVYLp0UA1sg3bSA=
Subject key identifier:   14:78:E3:68:22:FB:41:A4:B1:47:B6:1F:FE:E0:DD:CF:77:10:86:E0
Certificate issuer:       /CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
Certificate serial:       019424458DC040A24BE1C323589BDB5141E0
Authority key identifier: AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/FHjjaCL7QaSxR7Yf_uDdz3cQhuA.roa
Signing time:             Wed 01 Jan 2025 23:48:45 +0000
ROA not before:           Wed 01 Jan 2025 23:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212258
IP address blocks:        188.247.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8d:c0:40:a2:4b:e1:c3:23:58:9b:db:51:41:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab8c6c58b607ff23ae7175a61682c75480f1e214
        Validity
            Not Before: Jan  1 23:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1478e36822fb41a4b147b61ffee0ddcf771086e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d0:95:4c:8b:76:1d:c3:1f:4e:69:80:47:b1:
                    09:ef:50:7d:cb:8a:a9:b4:d8:68:e7:27:b0:1a:85:
                    18:11:d9:45:c4:6f:ba:3d:99:92:6c:87:cc:d1:69:
                    f3:32:70:2d:53:38:66:dc:5c:3f:78:c6:e1:4b:07:
                    a9:c1:30:b7:6a:bb:e8:3a:fd:e7:d6:c6:2e:02:f8:
                    0a:9a:5f:81:03:f3:a2:2b:4b:fe:3d:81:5c:a6:4e:
                    17:69:08:5d:d8:6e:6a:4e:26:e6:cb:c5:e8:e3:cf:
                    5c:3e:87:55:99:5c:e5:b5:8b:2b:b3:13:e0:46:32:
                    37:6a:0f:3a:c4:c5:9c:12:70:71:ae:bd:7f:b7:cf:
                    af:e8:c7:23:03:a9:89:84:67:8f:83:a0:3f:a5:e8:
                    ed:d2:2a:4c:f8:cf:bc:e1:6a:12:0d:78:f0:b7:f4:
                    4f:2e:05:15:80:7c:6e:e0:76:a0:1b:f1:e6:9b:a5:
                    b0:ba:1d:26:b0:41:45:df:38:50:5f:d8:6c:f2:0a:
                    ac:0f:f8:1a:ac:a6:50:a2:6b:65:fd:70:37:30:96:
                    88:d1:e8:a6:c3:d0:b6:84:2e:16:a0:23:75:b0:71:
                    51:9c:e8:bd:93:84:e1:2d:62:a8:b1:a3:d9:5d:51:
                    53:2c:64:d6:40:e9:29:20:98:4b:12:ab:9f:1e:fc:
                    51:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:78:E3:68:22:FB:41:A4:B1:47:B6:1F:FE:E0:DD:CF:77:10:86:E0
            X509v3 Authority Key Identifier:
                keyid:AB:8C:6C:58:B6:07:FF:23:AE:71:75:A6:16:82:C7:54:80:F1:E2:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4xsWLYH_yOucXWmFoLHVIDx4hQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/FHjjaCL7QaSxR7Yf_uDdz3cQhuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/efb8ee-c5c4-4467-a0cc-88a3c41faee2/1/q4xsWLYH_yOucXWmFoLHVIDx4hQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.247.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:a4:a2:ce:1a:db:b7:29:d4:8f:a6:e4:96:26:77:17:47:f7:
         2a:62:7f:3a:4c:86:6d:c9:4e:f9:15:61:1d:d1:e2:05:a8:0d:
         7c:93:9c:02:f9:ea:48:d1:a6:07:b1:00:57:ed:ed:c3:33:4c:
         6d:7d:c4:41:3c:ab:f1:98:12:08:6d:b0:0b:38:32:b5:f9:be:
         90:ea:25:f6:f2:dc:00:f6:bb:6e:a2:e3:64:3b:4d:44:70:90:
         6a:78:46:12:36:b8:31:a3:6b:ad:81:01:14:73:32:25:46:7d:
         7e:4d:be:90:93:3c:4d:f5:94:a5:4c:85:f5:32:28:1a:cf:86:
         a7:67:03:82:cc:60:3b:7d:1c:05:d3:ba:dd:6b:10:7b:9f:76:
         d4:4f:1d:25:e7:5d:77:c6:65:7e:dd:f3:ec:5c:32:15:00:b5:
         3d:56:d9:2f:7f:c0:b6:8a:e7:5b:ec:53:5b:f8:f1:ce:98:15:
         2b:d7:2f:32:75:7b:2c:1f:20:cc:17:a4:87:81:72:1a:1f:57:
         ec:99:62:95:97:b1:c9:3d:97:b8:ce:81:27:bf:55:52:87:d6:
         e5:7e:7e:0c:38:e4:d0:eb:bc:96:09:d9:94:90:3a:0d:e2:4d:
         58:f4:f2:68:c3:fe:7b:cd:f7:c9:c6:fd:84:65:e5:7e:c8:fa:
         c5:25:93:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRY3AQKJL4cMjWJvbUUHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiOGM2YzU4YjYwN2ZmMjNhZTcxNzVhNjE2ODJjNzU0ODBm
MWUyMTQwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDc4ZTM2ODIyZmI0MWE0YjE0N2I2MWZmZWUwZGRjZjc3MTA4NmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNCVTIt2HcMfTmmAR7EJ71B9y4qp
tNho5yewGoUYEdlFxG+6PZmSbIfM0WnzMnAtUzhm3Fw/eMbhSwepwTC3arvoOv3n
1sYuAvgKml+BA/OiK0v+PYFcpk4XaQhd2G5qTibmy8Xo489cPodVmVzltYsrsxPg
RjI3ag86xMWcEnBxrr1/t8+v6McjA6mJhGePg6A/pejt0ipM+M+84WoSDXjwt/RP
LgUVgHxu4HagG/Hmm6Wwuh0msEFF3zhQX9hs8gqsD/garKZQomtl/XA3MJaI0eim
w9C2hC4WoCN1sHFRnOi9k4ThLWKosaPZXVFTLGTWQOkpIJhLEqufHvxRGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR442gi+0GksUe2H/7g3c93EIbgMB8GA1UdIwQY
MBaAFKuMbFi2B/8jrnF1phaCx1SA8eIUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2Mt
ODhhM2M0MWZhZWUyLzEvRkhqamFDTDdRYVN4UjdZZl91RGR6M2NRaHVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lZmI4ZWUtYzVjNC00NDY3LWEwY2MtODhhM2M0MWZhZWUy
LzEvcTR4c1dMWUhfeU91Y1hXbUZvTEhWSUR4NGhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPfsMA0G
CSqGSIb3DQEBCwUAA4IBAQCCpKLOGtu3KdSPpuSWJncXR/cqYn86TIZtyU75FWEd
0eIFqA18k5wC+epI0aYHsQBX7e3DM0xtfcRBPKvxmBIIbbALODK1+b6Q6iX28twA
9rtuouNkO01EcJBqeEYSNrgxo2utgQEUczIlRn1+Tb6QkzxN9ZSlTIX1Migaz4an
ZwOCzGA7fRwF07rdaxB7n3bUTx0l5113xmV+3fPsXDIVALU9Vtkvf8C2iudb7FNb
+PHOmBUr1y8ydXssHyDMF6SHgXIaH1fsmWKVl7HJPZe4zoEnv1VSh9blfn4MOOTQ
67yWCdmUkDoN4k1Y9PJow/57zffJxv2EZeV+yPrFJZPK
-----END CERTIFICATE-----