Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/lf4o5O9cdWZQhb3j1ES-63-ld0k.roa
File:                     lf4o5O9cdWZQhb3j1ES-63-ld0k.roa (raw, json)
Hash identifier:          MkYv77LnNtclc+nDDwEnxwywSZw8C8g7xWpLHjYSnn8=
Subject key identifier:   95:FE:28:E4:EF:5C:75:66:50:85:BD:E3:D4:44:BE:EB:7F:A5:77:49
Certificate issuer:       /CN=08a297f8cfa1ce6d3fe2c526911c468a9a6318d0
Certificate serial:       019421B1AF075116F08F2BC7C2EC40C85A42
Authority key identifier: 08:A2:97:F8:CF:A1:CE:6D:3F:E2:C5:26:91:1C:46:8A:9A:63:18:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CKKX-M-hzm0_4sUmkRxGippjGNA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/lf4o5O9cdWZQhb3j1ES-63-ld0k.roa
Signing time:             Wed 01 Jan 2025 11:48:00 +0000
ROA not before:           Wed 01 Jan 2025 11:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        178.213.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/CKKX-M-hzm0_4sUmkRxGippjGNA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/CKKX-M-hzm0_4sUmkRxGippjGNA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CKKX-M-hzm0_4sUmkRxGippjGNA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:af:07:51:16:f0:8f:2b:c7:c2:ec:40:c8:5a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08a297f8cfa1ce6d3fe2c526911c468a9a6318d0
        Validity
            Not Before: Jan  1 11:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95fe28e4ef5c75665085bde3d444beeb7fa57749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:de:c0:cb:52:b5:76:16:df:7a:28:4c:e7:de:
                    f4:3a:1a:1c:47:48:8c:a1:82:88:02:d1:d3:34:d7:
                    6b:05:54:b3:9a:cb:ff:9b:83:ed:20:e9:60:c5:2a:
                    eb:1c:a9:ec:15:d2:a7:95:17:1f:e2:1e:c2:01:39:
                    aa:d9:8f:16:15:38:dd:03:4c:8c:1e:b1:1d:85:a6:
                    54:d4:fd:08:fb:f1:54:14:65:1f:7e:99:c4:e1:83:
                    0b:df:86:23:d0:99:d3:3c:c6:0c:9f:7a:9c:fb:93:
                    08:ba:b8:14:c6:a2:ff:11:f3:67:50:91:50:71:35:
                    36:9f:2f:d0:1d:42:ff:1c:e2:46:80:ce:b6:08:61:
                    43:e0:38:90:3c:8a:04:da:3b:f8:61:f0:53:ac:7b:
                    1b:3e:da:1f:1d:44:80:82:98:a4:f8:f8:ff:85:b2:
                    e7:ae:b9:df:81:1b:be:7f:c5:1b:53:68:a7:93:33:
                    c0:0b:32:c4:90:9a:70:f7:fa:b3:5b:f7:5a:01:93:
                    c4:a3:34:de:bb:fa:e6:85:ad:30:19:c0:36:a7:4c:
                    6e:07:c6:f6:7d:00:bd:eb:74:97:0a:40:1d:e3:f5:
                    cf:8f:45:5f:43:07:6d:80:75:fe:b6:b8:1b:57:31:
                    15:15:3e:f4:0e:45:df:1b:8d:3a:c6:7d:5c:97:17:
                    ba:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:FE:28:E4:EF:5C:75:66:50:85:BD:E3:D4:44:BE:EB:7F:A5:77:49
            X509v3 Authority Key Identifier:
                keyid:08:A2:97:F8:CF:A1:CE:6D:3F:E2:C5:26:91:1C:46:8A:9A:63:18:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CKKX-M-hzm0_4sUmkRxGippjGNA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/lf4o5O9cdWZQhb3j1ES-63-ld0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/5f153d-71d9-470a-ba27-971139514bb1/1/CKKX-M-hzm0_4sUmkRxGippjGNA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:30:89:26:3f:47:92:ef:15:d2:31:21:77:87:58:e6:66:80:
         eb:99:a0:4a:a3:a5:0e:c2:48:c3:24:9e:1e:b4:0e:a9:0e:d9:
         df:60:ab:bd:a7:b0:34:5a:f2:90:72:c8:ac:e0:16:b2:b8:bb:
         b1:53:13:3a:a3:e0:fe:a5:50:a5:5f:ae:ce:d1:17:a7:ba:20:
         b3:62:b8:97:73:d5:a7:8b:17:10:c8:92:9b:12:d1:81:ad:c5:
         a8:01:f4:0e:2b:71:43:7f:3e:2e:60:ba:2f:3b:27:01:ed:02:
         2e:b6:ba:e4:b6:a4:d7:d9:06:49:ff:cb:45:fb:eb:64:0a:29:
         78:d5:b2:e4:3a:83:81:d3:dd:d7:06:22:39:a8:a1:1c:a3:36:
         37:d8:df:24:01:e3:c4:07:73:14:aa:d5:0c:19:62:4a:bc:8d:
         c6:0b:2f:ca:19:08:4c:4a:8a:e4:c9:71:2a:b3:67:44:77:b4:
         c6:e3:ba:e9:dd:3d:55:8a:f7:46:fe:f9:30:f8:71:5f:bf:f7:
         cc:e7:53:cc:60:ca:97:ba:a9:df:ef:30:d0:04:43:33:a0:3d:
         98:a7:56:b5:8f:15:ff:1a:6e:44:79:08:9d:3b:92:23:5d:28:
         89:36:29:da:62:45:78:6c:72:92:3b:23:b6:4b:ab:fc:8a:a8:
         57:a5:2c:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsa8HURbwjyvHwuxAyFpCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YTI5N2Y4Y2ZhMWNlNmQzZmUyYzUyNjkxMWM0NjhhOWE2
MzE4ZDAwHhcNMjUwMTAxMTE0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWZlMjhlNGVmNWM3NTY2NTA4NWJkZTNkNDQ0YmVlYjdmYTU3NzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN7Ay1K1dhbfeihM5970OhocR0iM
oYKIAtHTNNdrBVSzmsv/m4PtIOlgxSrrHKnsFdKnlRcf4h7CATmq2Y8WFTjdA0yM
HrEdhaZU1P0I+/FUFGUffpnE4YML34Yj0JnTPMYMn3qc+5MIurgUxqL/EfNnUJFQ
cTU2ny/QHUL/HOJGgM62CGFD4DiQPIoE2jv4YfBTrHsbPtofHUSAgpik+Pj/hbLn
rrnfgRu+f8UbU2inkzPACzLEkJpw9/qzW/daAZPEozTeu/rmha0wGcA2p0xuB8b2
fQC963SXCkAd4/XPj0VfQwdtgHX+trgbVzEVFT70DkXfG406xn1clxe6KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJX+KOTvXHVmUIW949REvut/pXdJMB8GA1UdIwQY
MBaAFAiil/jPoc5tP+LFJpEcRoqaYxjQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0tLWC1NLWh6bTBfNHNVbWtSeEdpcHBqR05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS81ZjE1M2QtNzFkOS00NzBhLWJhMjct
OTcxMTM5NTE0YmIxLzEvbGY0bzVPOWNkV1pRaGIzajFFUy02My1sZDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS81ZjE1M2QtNzFkOS00NzBhLWJhMjctOTcxMTM5NTE0YmIx
LzEvQ0tLWC1NLWh6bTBfNHNVbWtSeEdpcHBqR05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstVLMA0G
CSqGSIb3DQEBCwUAA4IBAQAkMIkmP0eS7xXSMSF3h1jmZoDrmaBKo6UOwkjDJJ4e
tA6pDtnfYKu9p7A0WvKQcsis4BayuLuxUxM6o+D+pVClX67O0RenuiCzYriXc9Wn
ixcQyJKbEtGBrcWoAfQOK3FDfz4uYLovOycB7QIutrrktqTX2QZJ/8tF++tkCil4
1bLkOoOB093XBiI5qKEcozY32N8kAePEB3MUqtUMGWJKvI3GCy/KGQhMSorkyXEq
s2dEd7TG47rp3T1VivdG/vkw+HFfv/fM51PMYMqXuqnf7zDQBEMzoD2Yp1a1jxX/
Gm5EeQidO5IjXSiJNinaYkV4bHKSOyO2S6v8iqhXpSyo
-----END CERTIFICATE-----