Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/x9bv_HV21Eo7tr2lOUKa7Cgz_mU.roa
File:                     x9bv_HV21Eo7tr2lOUKa7Cgz_mU.roa (raw, json)
Hash identifier:          Tx5Idy8JR7RzONVgV+tJZkhpLs6ZUbRonlRZbbB8+mU=
Subject key identifier:   C7:D6:EF:FC:75:76:D4:4A:3B:B6:BD:A5:39:42:9A:EC:28:33:FE:65
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       018EA3BC87D2C58FA85F7E320622FDC8795F
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/x9bv_HV21Eo7tr2lOUKa7Cgz_mU.roa
Signing time:             Wed 03 Apr 2024 11:33:45 +0000
ROA not before:           Wed 03 Apr 2024 11:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210092
IP address blocks:        185.253.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a3:bc:87:d2:c5:8f:a8:5f:7e:32:06:22:fd:c8:79:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr  3 11:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7d6effc7576d44a3bb6bda539429aec2833fe65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:eb:72:b3:3f:bf:e5:e5:a8:51:16:f8:e6:5d:
                    70:50:dc:33:50:07:eb:f2:2c:3d:8c:e4:7e:9e:89:
                    66:fe:64:6f:05:66:23:e1:9c:2e:17:9b:2b:1a:f3:
                    10:a4:d8:4c:e4:d8:85:f8:55:c9:0b:24:38:ea:31:
                    d2:1d:95:9c:32:37:07:f5:66:9e:2c:6e:c7:f0:7a:
                    16:53:10:de:7f:31:c3:85:5b:bd:3c:59:62:43:68:
                    a0:fa:0d:2d:10:ba:a4:4f:37:fb:ef:50:b8:68:ac:
                    50:7a:bf:ac:a3:9f:47:aa:3e:31:54:c2:03:83:2e:
                    8b:49:d5:22:09:20:6f:1b:df:e9:83:69:42:79:7d:
                    a3:97:ae:69:e2:b8:09:d3:0b:a1:10:25:86:93:b9:
                    da:f2:61:6d:e1:04:6f:ec:29:8d:99:30:31:fe:97:
                    6d:37:e7:c4:81:68:02:3d:b7:8a:0a:cb:57:ec:ed:
                    21:d0:77:05:5a:bf:bd:bb:10:ee:1a:77:bc:d3:44:
                    6d:c6:81:75:71:49:c2:14:14:9c:a7:1c:c0:2d:d9:
                    c5:10:c1:c8:b7:f1:9a:fd:56:a7:92:61:a3:a9:8b:
                    4e:45:ef:b4:be:b5:7a:71:a2:f5:f3:14:9e:e2:c2:
                    16:d7:b6:3c:de:b6:26:33:8f:a9:89:bd:58:a2:fc:
                    a4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D6:EF:FC:75:76:D4:4A:3B:B6:BD:A5:39:42:9A:EC:28:33:FE:65
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/x9bv_HV21Eo7tr2lOUKa7Cgz_mU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:7a:a6:81:13:e4:5a:90:85:19:94:7e:cc:81:a1:50:68:69:
         45:a3:14:0e:94:1b:eb:51:88:19:d1:42:e8:0f:2f:e1:cb:b4:
         38:ba:51:a0:5e:ec:02:0c:42:50:b4:c9:cf:b4:1e:ff:6a:7a:
         e4:f5:5a:64:0f:b3:af:8a:6d:fe:65:10:c5:5f:16:73:12:7a:
         19:ba:20:a2:91:49:64:6d:57:c5:c5:c5:24:98:42:c9:c3:7b:
         c3:e3:44:f8:bf:a8:03:a7:3e:48:ac:e8:8e:8e:fe:5b:83:89:
         e6:7a:65:3f:50:a3:4b:3d:86:a5:8b:49:0a:2b:01:41:08:39:
         90:96:0e:a1:63:74:15:bd:b0:b9:3e:a8:b4:37:c7:3b:cd:aa:
         bd:be:d0:19:0c:a3:66:e3:ba:8b:e3:44:a6:36:a3:8d:60:97:
         83:fe:a1:cd:a4:0d:49:df:1c:80:c9:c5:fb:b9:5f:b3:0c:f0:
         89:88:85:b3:37:ed:d0:d4:07:20:f4:27:03:a9:1a:1b:ec:cd:
         e4:c3:13:4f:fa:4c:8d:aa:1e:b6:4b:2f:54:1f:8a:28:af:ec:
         85:30:db:1b:8f:b5:45:4e:87:ae:b5:92:a0:af:a6:0e:f3:ce:
         74:89:6a:e6:41:23:ae:62:1b:78:0f:8e:b4:22:d0:f7:15:7f:
         09:52:18:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6jvIfSxY+oX34yBiL9yHlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjQwNDAzMTEzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Q2ZWZmYzc1NzZkNDRhM2JiNmJkYTUzOTQyOWFlYzI4MzNmZTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOtysz+/5eWoURb45l1wUNwzUAfr
8iw9jOR+nolm/mRvBWYj4ZwuF5srGvMQpNhM5NiF+FXJCyQ46jHSHZWcMjcH9Wae
LG7H8HoWUxDefzHDhVu9PFliQ2ig+g0tELqkTzf771C4aKxQer+so59Hqj4xVMID
gy6LSdUiCSBvG9/pg2lCeX2jl65p4rgJ0wuhECWGk7na8mFt4QRv7CmNmTAx/pdt
N+fEgWgCPbeKCstX7O0h0HcFWr+9uxDuGne800RtxoF1cUnCFBScpxzALdnFEMHI
t/Ga/VankmGjqYtORe+0vrV6caL18xSe4sIW17Y83rYmM4+pib1YovykvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfW7/x1dtRKO7a9pTlCmuwoM/5lMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEveDlidl9IVjIxRW83dHIybE9VS2E3Q2d6X21VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf3YMA0G
CSqGSIb3DQEBCwUAA4IBAQBueqaBE+RakIUZlH7MgaFQaGlFoxQOlBvrUYgZ0ULo
Dy/hy7Q4ulGgXuwCDEJQtMnPtB7/anrk9VpkD7Ovim3+ZRDFXxZzEnoZuiCikUlk
bVfFxcUkmELJw3vD40T4v6gDpz5IrOiOjv5bg4nmemU/UKNLPYali0kKKwFBCDmQ
lg6hY3QVvbC5Pqi0N8c7zaq9vtAZDKNm47qL40SmNqONYJeD/qHNpA1J3xyAycX7
uV+zDPCJiIWzN+3Q1Acg9CcDqRob7M3kwxNP+kyNqh62Sy9UH4oor+yFMNsbj7VF
ToeutZKgr6YO8850iWrmQSOuYht4D460ItD3FX8JUhga
-----END CERTIFICATE-----