Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/LttgP8ZKCcEXcDhKzPn9LMdt3ZU.roa
File:                     LttgP8ZKCcEXcDhKzPn9LMdt3ZU.roa (raw, json)
Hash identifier:          Om+8L/KyaRK0wLNoo1ink6NXPTbrMzhT5q5V5K0Drm4=
Subject key identifier:   2E:DB:60:3F:C6:4A:09:C1:17:70:38:4A:CC:F9:FD:2C:C7:6D:DD:95
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       01942827BF18D29C98D128830D74C87307B0
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/LttgP8ZKCcEXcDhKzPn9LMdt3ZU.roa
Signing time:             Thu 02 Jan 2025 17:54:41 +0000
ROA not before:           Thu 02 Jan 2025 17:54:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49795
IP address blocks:        178.238.213.0/24 maxlen: 24
                          2a02:730:8000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:bf:18:d2:9c:98:d1:28:83:0d:74:c8:73:07:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Jan  2 17:54:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2edb603fc64a09c11770384accf9fd2cc76ddd95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2c:1e:ff:22:85:b3:12:26:75:30:ae:d4:42:
                    98:de:f7:56:f3:57:9a:0b:c2:8c:b2:0f:ac:75:d9:
                    6b:f0:6d:fc:07:b3:b2:28:35:ad:e0:d5:4d:02:6a:
                    e9:a4:8f:45:40:19:fa:d3:e2:71:81:68:5b:b6:4c:
                    54:86:63:93:c4:95:41:7c:de:56:52:f9:de:25:bf:
                    8d:82:74:52:96:22:f0:93:b8:5f:40:29:bd:34:33:
                    4d:72:c9:fc:b1:6b:e9:ff:92:54:26:48:16:71:63:
                    a8:3e:d0:4d:81:06:c8:57:41:78:20:42:a5:28:ed:
                    e1:83:a1:96:aa:5a:e7:c7:f2:03:22:2c:38:b6:fd:
                    3e:01:20:37:da:b4:d5:ad:30:b3:29:d1:91:17:a7:
                    68:74:88:b4:2c:21:8f:92:9f:81:d9:32:3c:0c:90:
                    3a:44:dc:bc:f8:7e:02:6a:72:34:1b:8f:8f:db:a5:
                    6c:41:d2:08:f3:30:bb:0b:b0:06:92:4a:95:26:3f:
                    c5:f9:87:62:a5:2f:d7:05:98:ed:26:84:9f:c9:b5:
                    a9:ee:12:4d:3a:cf:c0:e6:64:8f:a4:5b:5a:03:94:
                    f2:96:08:df:58:31:a3:72:44:ff:dc:63:3d:94:83:
                    46:0f:e4:75:ed:44:9f:e6:a3:af:61:84:ae:7f:25:
                    07:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DB:60:3F:C6:4A:09:C1:17:70:38:4A:CC:F9:FD:2C:C7:6D:DD:95
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/LttgP8ZKCcEXcDhKzPn9LMdt3ZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.238.213.0/24
                IPv6:
                  2a02:730:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:11:dc:fa:da:06:e6:7f:e1:32:7c:c9:67:d3:57:27:76:0c:
         8b:48:4e:28:35:8d:0e:6d:78:53:1a:2d:22:c4:33:b5:32:5d:
         cd:4a:85:53:ac:da:68:5d:cb:ae:a3:e9:d6:cd:bf:49:9c:4e:
         f1:a3:c9:b9:0a:53:86:c5:81:98:04:da:a0:9b:e3:f3:26:ad:
         34:ed:08:07:08:15:96:d3:e3:13:94:51:10:ac:65:de:93:ae:
         e5:e1:89:46:b9:9b:47:ca:2d:db:58:ca:09:eb:9d:71:e6:0b:
         45:b6:65:ab:9f:fa:e0:b0:86:00:8d:7f:9c:3e:ee:9a:ca:e1:
         35:00:9a:fd:ee:27:3a:ce:5a:18:52:e5:21:46:c7:e2:5d:38:
         4a:90:b9:56:c7:30:e5:d7:35:6e:28:97:bb:bf:60:94:62:e4:
         ea:af:fb:95:12:a0:1b:27:9b:68:f5:df:8e:09:56:95:59:e9:
         4f:8c:7f:30:2f:ca:b1:4a:1a:5f:f5:8e:35:ff:dc:0b:2c:c8:
         02:c7:22:3c:62:94:23:d8:65:53:21:4b:a4:1f:e4:78:39:15:
         28:19:35:54:1e:5f:44:81:ef:04:1e:d4:ce:c8:9d:f0:a5:de:
         bc:d7:bc:dd:51:8d:e1:b3:90:18:c1:e7:d6:30:08:9e:86:10:
         10:0f:d0:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoJ78Y0pyY0SiDDXTIcwewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwMTAyMTc1NDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRiNjAzZmM2NGEwOWMxMTc3MDM4NGFjY2Y5ZmQyY2M3NmRkZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCwe/yKFsxImdTCu1EKY3vdW81ea
C8KMsg+sddlr8G38B7OyKDWt4NVNAmrppI9FQBn60+JxgWhbtkxUhmOTxJVBfN5W
UvneJb+NgnRSliLwk7hfQCm9NDNNcsn8sWvp/5JUJkgWcWOoPtBNgQbIV0F4IEKl
KO3hg6GWqlrnx/IDIiw4tv0+ASA32rTVrTCzKdGRF6dodIi0LCGPkp+B2TI8DJA6
RNy8+H4CanI0G4+P26VsQdII8zC7C7AGkkqVJj/F+YdipS/XBZjtJoSfybWp7hJN
Os/A5mSPpFtaA5TylgjfWDGjckT/3GM9lINGD+R17USf5qOvYYSufyUHRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC7bYD/GSgnBF3A4Ssz5/SzHbd2VMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvTHR0Z1A4WktDY0VYY0RoS3pQbjlMTWR0M1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAsu7VMA8E
AgACMAkDBwAqAgcwgAAwDQYJKoZIhvcNAQELBQADggEBAKoR3PraBuZ/4TJ8yWfT
Vyd2DItITig1jQ5teFMaLSLEM7UyXc1KhVOs2mhdy66j6dbNv0mcTvGjybkKU4bF
gZgE2qCb4/MmrTTtCAcIFZbT4xOUURCsZd6TruXhiUa5m0fKLdtYygnrnXHmC0W2
Zauf+uCwhgCNf5w+7prK4TUAmv3uJzrOWhhS5SFGx+JdOEqQuVbHMOXXNW4ol7u/
YJRi5Oqv+5USoBsnm2j1344JVpVZ6U+MfzAvyrFKGl/1jjX/3AssyALHIjxilCPY
ZVMhS6Qf5Hg5FSgZNVQeX0SB7wQe1M7InfCl3rzXvN1RjeGzkBjB59YwCJ6GEBAP
0JM=
-----END CERTIFICATE-----