Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/01CdWbGh7Iblu72TWh19DMuKsTg.roa
File:                     01CdWbGh7Iblu72TWh19DMuKsTg.roa (raw, json)
Hash identifier:          UMhszvGboz7Q5LH0CKudFHnP8+S6bLFVIG5m3eTTe34=
Subject key identifier:   D3:50:9D:59:B1:A1:EC:86:E5:BB:BD:93:5A:1D:7D:0C:CB:8A:B1:38
Certificate issuer:       /CN=cb6bf2b89584ec96080048dc3fdc2e3983c277f3
Certificate serial:       019427B666A20424A18EA23C98A18E41B0C3
Authority key identifier: CB:6B:F2:B8:95:84:EC:96:08:00:48:DC:3F:DC:2E:39:83:C2:77:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2vyuJWE7JYIAEjcP9wuOYPCd_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/01CdWbGh7Iblu72TWh19DMuKsTg.roa
Signing time:             Thu 02 Jan 2025 15:50:52 +0000
ROA not before:           Thu 02 Jan 2025 15:50:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198012
IP address blocks:        178.255.24.0/21 maxlen: 21
                          2a13:4540::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/y2vyuJWE7JYIAEjcP9wuOYPCd_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/y2vyuJWE7JYIAEjcP9wuOYPCd_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2vyuJWE7JYIAEjcP9wuOYPCd_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:66:a2:04:24:a1:8e:a2:3c:98:a1:8e:41:b0:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb6bf2b89584ec96080048dc3fdc2e3983c277f3
        Validity
            Not Before: Jan  2 15:50:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3509d59b1a1ec86e5bbbd935a1d7d0ccb8ab138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e3:61:ca:35:42:a1:97:c2:d2:63:c4:b2:1b:
                    34:3d:fc:cd:c2:c5:a1:43:8b:49:fd:32:39:49:90:
                    ad:92:eb:cf:40:75:c3:6d:56:32:54:41:f7:4e:46:
                    70:51:32:0e:9a:06:5a:d2:70:f7:58:b6:68:b6:a0:
                    51:6c:85:09:86:0e:a8:05:eb:e2:7b:8c:2a:08:af:
                    d6:9b:8f:72:91:9c:06:a7:ed:0a:0a:a3:9b:f2:e9:
                    4c:1c:61:aa:ee:42:ce:fc:07:1d:47:90:5a:70:aa:
                    2f:67:d9:5c:4e:b8:fc:35:85:e9:74:ef:7d:80:06:
                    f7:51:12:dd:55:2b:f3:7e:15:23:97:62:ef:3d:87:
                    2e:7d:1f:b4:15:38:bb:e5:82:26:56:8b:4f:16:91:
                    da:fa:8d:66:43:de:00:00:3b:ad:6c:92:c5:61:b2:
                    43:d1:ee:dd:83:e4:21:0d:38:1f:34:89:ac:19:11:
                    49:2e:51:84:9f:5c:19:c7:ee:e9:68:4f:36:ca:6b:
                    28:07:89:d8:12:e3:f4:c9:c9:c4:86:29:2b:b1:02:
                    64:e9:c1:21:c6:c2:b9:9e:35:20:18:b1:ba:29:82:
                    e0:49:f6:3c:bd:bd:45:cf:7f:70:a3:22:0b:3d:aa:
                    58:72:bf:1f:b9:9c:e6:c2:0c:22:5c:da:3d:bd:58:
                    da:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:50:9D:59:B1:A1:EC:86:E5:BB:BD:93:5A:1D:7D:0C:CB:8A:B1:38
            X509v3 Authority Key Identifier:
                keyid:CB:6B:F2:B8:95:84:EC:96:08:00:48:DC:3F:DC:2E:39:83:C2:77:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2vyuJWE7JYIAEjcP9wuOYPCd_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/01CdWbGh7Iblu72TWh19DMuKsTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/6a87f1-e197-4a23-953d-10fdfce94513/1/y2vyuJWE7JYIAEjcP9wuOYPCd_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.24.0/21
                IPv6:
                  2a13:4540::/29

    Signature Algorithm: sha256WithRSAEncryption
         c1:0f:31:77:6d:6d:77:9d:4e:39:be:4b:d5:af:2c:48:18:71:
         28:e3:21:0f:85:20:41:0e:98:7e:7e:e3:06:98:c4:95:45:f6:
         1e:fd:5b:7d:28:d4:8c:4b:99:88:52:d9:e5:dc:fb:1a:bc:27:
         63:84:05:64:07:1d:9b:6f:94:a0:78:c8:e9:33:16:2a:a2:92:
         34:75:76:a5:f1:17:bf:ce:36:46:ba:c7:3b:05:65:e8:23:d3:
         ca:27:83:88:3e:3d:71:2a:42:6d:af:57:ec:4d:a2:9d:a1:cc:
         26:83:b0:09:62:72:07:34:48:64:78:36:8b:96:7c:68:01:60:
         b0:d2:08:9c:a6:29:e9:00:41:80:10:3f:0c:45:5f:e9:ae:30:
         b4:de:ba:91:7d:f3:c8:46:d9:dc:04:bc:db:46:b7:08:c6:fe:
         b3:e6:87:37:33:f0:a9:43:8c:68:9f:96:39:88:94:db:46:2e:
         a3:10:a7:28:37:37:4b:29:40:2d:3b:6d:96:1d:1a:3d:33:ef:
         4f:03:2b:6e:af:76:ad:c4:91:f7:5c:86:19:6e:50:07:7e:77:
         6e:c1:35:ca:45:e4:63:13:4a:21:78:bb:91:b7:66:94:0c:30:
         60:87:99:36:78:a3:99:67:97:da:ef:8a:a3:d0:fd:04:f6:86:
         53:6f:32:d0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntmaiBCShjqI8mKGOQbDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNmJmMmI4OTU4NGVjOTYwODAwNDhkYzNmZGMyZTM5ODNj
Mjc3ZjMwHhcNMjUwMTAyMTU1MDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzUwOWQ1OWIxYTFlYzg2ZTViYmJkOTM1YTFkN2QwY2NiOGFiMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqONhyjVCoZfC0mPEshs0PfzNwsWh
Q4tJ/TI5SZCtkuvPQHXDbVYyVEH3TkZwUTIOmgZa0nD3WLZotqBRbIUJhg6oBevi
e4wqCK/Wm49ykZwGp+0KCqOb8ulMHGGq7kLO/AcdR5BacKovZ9lcTrj8NYXpdO99
gAb3URLdVSvzfhUjl2LvPYcufR+0FTi75YImVotPFpHa+o1mQ94AADutbJLFYbJD
0e7dg+QhDTgfNImsGRFJLlGEn1wZx+7paE82ymsoB4nYEuP0ycnEhikrsQJk6cEh
xsK5njUgGLG6KYLgSfY8vb1Fz39woyILPapYcr8fuZzmwgwiXNo9vVjaSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNNQnVmxoeyG5bu9k1odfQzLirE4MB8GA1UdIwQY
MBaAFMtr8riVhOyWCABI3D/cLjmDwnfzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJ2eXVKV0U3SllJQUVqY1A5d3VPWVBDZF9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC82YTg3ZjEtZTE5Ny00YTIzLTk1M2Qt
MTBmZGZjZTk0NTEzLzEvMDFDZFdiR2g3SWJsdTcyVFdoMTlETXVLc1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC82YTg3ZjEtZTE5Ny00YTIzLTk1M2QtMTBmZGZjZTk0NTEz
LzEveTJ2eXVKV0U3SllJQUVqY1A5d3VPWVBDZF9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDsv8YMA0E
AgACMAcDBQMqE0VAMA0GCSqGSIb3DQEBCwUAA4IBAQDBDzF3bW13nU45vkvVryxI
GHEo4yEPhSBBDph+fuMGmMSVRfYe/Vt9KNSMS5mIUtnl3PsavCdjhAVkBx2bb5Sg
eMjpMxYqopI0dXal8Re/zjZGusc7BWXoI9PKJ4OIPj1xKkJtr1fsTaKdocwmg7AJ
YnIHNEhkeDaLlnxoAWCw0gicpinpAEGAED8MRV/prjC03rqRffPIRtncBLzbRrcI
xv6z5oc3M/CpQ4xon5Y5iJTbRi6jEKcoNzdLKUAtO22WHRo9M+9PAytur3atxJH3
XIYZblAHfnduwTXKReRjE0oheLuRt2aUDDBgh5k2eKOZZ5fa74qj0P0E9oZTbzLQ
-----END CERTIFICATE-----