Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/tFvZtEXqN_G3dx-K6csgFwrDiOg.roa
File:                     tFvZtEXqN_G3dx-K6csgFwrDiOg.roa (raw, json)
Hash identifier:          w0cs+He9REBaqEbwIUxSCF7po5ZMrW1zxR0zaxxMIwY=
Subject key identifier:   B4:5B:D9:B4:45:EA:37:F1:B7:77:1F:8A:E9:CB:20:17:0A:C3:88:E8
Certificate issuer:       /CN=374e2729b17369890a1512f643cd08e4ba2ff414
Certificate serial:       019176D73BF1FBE4E4E0A4D76E87F1E6D2CB
Authority key identifier: 37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/tFvZtEXqN_G3dx-K6csgFwrDiOg.roa
Signing time:             Wed 21 Aug 2024 21:28:22 +0000
ROA not before:           Wed 21 Aug 2024 21:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        178.20.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:d7:3b:f1:fb:e4:e4:e0:a4:d7:6e:87:f1:e6:d2:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374e2729b17369890a1512f643cd08e4ba2ff414
        Validity
            Not Before: Aug 21 21:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b45bd9b445ea37f1b7771f8ae9cb20170ac388e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:87:fb:26:3c:20:16:c0:a5:4d:f5:c8:33:5d:
                    a5:26:c3:51:55:52:73:9e:43:13:82:ad:b8:95:3c:
                    78:1e:5b:5a:40:d8:8a:ab:87:c2:89:5a:73:de:f8:
                    38:f8:cd:ec:4e:1c:5a:a3:0a:1e:3d:90:09:2c:12:
                    df:7c:6f:08:52:9c:58:e7:85:6d:9d:26:7f:f4:c3:
                    23:40:5b:2d:09:9b:8d:de:b3:2a:77:2b:a3:41:3b:
                    ec:a2:81:52:47:5a:24:c2:d8:34:08:95:e6:a0:56:
                    af:56:e8:39:a9:09:b8:c1:4e:59:1e:f8:00:3a:89:
                    bc:a3:d0:64:78:75:b9:7f:06:24:03:c5:ac:ee:67:
                    17:a0:f5:da:8e:41:37:c3:83:0e:f8:af:f2:76:54:
                    20:b1:ef:50:c5:80:43:7b:f7:36:c3:84:7d:81:a9:
                    44:7a:72:50:c7:11:f1:fa:dd:1f:18:38:ff:23:36:
                    30:23:b7:d1:01:69:a8:1b:3e:9b:f7:5a:bb:88:87:
                    fb:07:a7:9d:08:af:27:ad:ed:fd:80:1b:23:15:24:
                    55:c2:18:97:69:67:b6:06:99:4b:09:bd:13:9c:93:
                    9c:1b:c8:ec:39:f2:4f:d2:5a:45:7f:49:25:9b:b0:
                    1a:94:1f:ca:ff:49:c4:5a:d9:a8:b7:4b:c7:71:fa:
                    1b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5B:D9:B4:45:EA:37:F1:B7:77:1F:8A:E9:CB:20:17:0A:C3:88:E8
            X509v3 Authority Key Identifier:
                keyid:37:4E:27:29:B1:73:69:89:0A:15:12:F6:43:CD:08:E4:BA:2F:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N04nKbFzaYkKFRL2Q80I5Lov9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/tFvZtEXqN_G3dx-K6csgFwrDiOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/952230-c262-41cc-b956-cfc46a76ec78/1/N04nKbFzaYkKFRL2Q80I5Lov9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.20.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:8f:81:58:e7:9c:c3:72:f6:50:10:13:6c:0c:e8:a0:a2:cc:
         1f:b6:7d:5f:bd:db:fe:86:86:50:5c:da:2d:d5:d9:32:de:40:
         e4:a5:76:4d:bc:e7:6b:02:e5:09:77:b7:da:4a:8d:f3:06:f5:
         22:75:9b:c1:c6:f9:46:c2:aa:5b:3d:61:4e:86:c8:d4:2b:c8:
         aa:6d:1e:21:39:20:8a:ba:bc:e3:6f:84:4f:3e:de:6c:d0:5b:
         5e:6c:2d:1b:f4:5d:0b:5e:c0:2a:ba:74:36:f9:fc:4e:58:27:
         ae:27:2a:ce:2c:01:5d:c8:54:0b:98:50:18:86:18:1d:3a:71:
         8b:ff:56:79:ca:0b:cd:7a:b3:28:d1:33:b4:aa:f8:93:3b:a1:
         9f:aa:01:5d:2c:90:aa:ff:27:08:0f:3c:81:9b:f4:4c:c0:5a:
         47:db:0c:5a:ac:4d:74:a4:92:3d:e1:85:e9:bc:c6:ef:c2:8d:
         09:e1:06:ac:29:de:73:b4:08:ae:3c:67:98:07:18:7e:b7:f8:
         cf:a6:1b:a5:42:66:1a:87:f3:df:cd:87:2b:10:2c:5f:49:b8:
         a8:22:7b:4c:d0:99:e4:cc:1c:62:b8:b8:55:51:06:ba:e1:e3:
         bd:70:25:e5:fc:2b:b0:71:d0:dd:15:ba:21:82:12:9d:40:9d:
         88:76:fd:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF21zvx++Tk4KTXbofx5tLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGUyNzI5YjE3MzY5ODkwYTE1MTJmNjQzY2QwOGU0YmEy
ZmY0MTQwHhcNMjQwODIxMjEyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDViZDliNDQ1ZWEzN2YxYjc3NzFmOGFlOWNiMjAxNzBhYzM4OGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYf7JjwgFsClTfXIM12lJsNRVVJz
nkMTgq24lTx4HltaQNiKq4fCiVpz3vg4+M3sThxaowoePZAJLBLffG8IUpxY54Vt
nSZ/9MMjQFstCZuN3rMqdyujQTvsooFSR1okwtg0CJXmoFavVug5qQm4wU5ZHvgA
Oom8o9BkeHW5fwYkA8Ws7mcXoPXajkE3w4MO+K/ydlQgse9QxYBDe/c2w4R9galE
enJQxxHx+t0fGDj/IzYwI7fRAWmoGz6b91q7iIf7B6edCK8nre39gBsjFSRVwhiX
aWe2BplLCb0TnJOcG8jsOfJP0lpFf0klm7AalB/K/0nEWtmot0vHcfob1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRb2bRF6jfxt3cfiunLIBcKw4joMB8GA1UdIwQY
MBaAFDdOJymxc2mJChUS9kPNCOS6L/QUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYt
Y2ZjNDZhNzZlYzc4LzEvdEZ2WnRFWHFOX0czZHgtSzZjc2dGd3JEaU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC85NTIyMzAtYzI2Mi00MWNjLWI5NTYtY2ZjNDZhNzZlYzc4
LzEvTjA0bktiRnphWWtLRlJMMlE4MEk1TG92OUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAshTUMA0G
CSqGSIb3DQEBCwUAA4IBAQB7j4FY55zDcvZQEBNsDOigoswftn1fvdv+hoZQXNot
1dky3kDkpXZNvOdrAuUJd7faSo3zBvUidZvBxvlGwqpbPWFOhsjUK8iqbR4hOSCK
urzjb4RPPt5s0FtebC0b9F0LXsAqunQ2+fxOWCeuJyrOLAFdyFQLmFAYhhgdOnGL
/1Z5ygvNerMo0TO0qviTO6GfqgFdLJCq/ycIDzyBm/RMwFpH2wxarE10pJI94YXp
vMbvwo0J4QasKd5ztAiuPGeYBxh+t/jPphulQmYah/PfzYcrECxfSbioIntM0Jnk
zBxiuLhVUQa64eO9cCXl/CuwcdDdFbohghKdQJ2Idv2d
-----END CERTIFICATE-----