Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/aCBZh_uSGRgo1qnDalU_FasNYr4.roa
File:                     aCBZh_uSGRgo1qnDalU_FasNYr4.roa (raw, json)
Hash identifier:          i2+RbNB+nDy2Q/a8lrYklmUi874qGqYHWcjHurV2Gf8=
Subject key identifier:   68:20:59:87:FB:92:19:18:28:D6:A9:C3:6A:55:3F:15:AB:0D:62:BE
Certificate issuer:       /CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
Certificate serial:       018CC2DAC5FECEE80679D756A9B7309CC2CC
Authority key identifier: 20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/aCBZh_uSGRgo1qnDalU_FasNYr4.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50987
IP address blocks:        178.219.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 22:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c5:fe:ce:e8:06:79:d7:56:a9:b7:30:9c:c2:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20f638107abb84ae6fb03cc1db2cfd1bc4487f8d
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68205987fb92191828d6a9c36a553f15ab0d62be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:09:2f:74:52:35:49:5e:4a:ba:0b:dc:b5:dc:
                    df:94:52:cc:07:63:19:e8:6d:b3:15:2c:04:8c:4e:
                    1b:62:40:3e:14:20:5d:29:63:83:91:e6:d3:04:e8:
                    b9:31:4b:00:db:9a:2b:ee:7c:47:bc:9c:8c:df:87:
                    23:9e:0a:63:4e:02:55:15:04:32:e0:0c:6f:4d:d2:
                    1b:ac:5c:8d:be:a0:6f:0a:f9:05:9c:40:07:0a:a8:
                    ca:f9:6c:1d:18:e3:77:c6:c8:86:0f:49:cb:ad:99:
                    24:39:3b:5a:69:ad:ac:ce:ff:97:f8:fd:7c:31:b7:
                    fb:e6:0b:e8:5e:83:fa:8c:e0:29:75:16:73:6e:ff:
                    f4:83:dd:9b:79:0c:9b:d8:99:b5:f2:f0:66:c4:70:
                    c5:ae:bf:ca:da:a1:88:0f:cb:38:4f:cf:57:11:e7:
                    26:bc:45:cc:ac:b4:98:b7:a3:d1:87:cd:1c:02:a7:
                    fa:d2:af:a9:47:fe:59:63:e2:0e:3a:fb:aa:ce:56:
                    94:57:25:46:21:78:74:69:b6:2f:e9:e1:84:d5:19:
                    48:ee:d0:55:07:c2:5a:b1:83:59:32:08:f4:a5:d8:
                    ac:b7:91:0b:fa:5e:06:29:5a:1b:bc:48:48:c4:ce:
                    0c:4c:57:01:46:12:42:b5:bd:a2:d7:0a:61:61:02:
                    d7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:20:59:87:FB:92:19:18:28:D6:A9:C3:6A:55:3F:15:AB:0D:62:BE
            X509v3 Authority Key Identifier:
                keyid:20:F6:38:10:7A:BB:84:AE:6F:B0:3C:C1:DB:2C:FD:1B:C4:48:7F:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPY4EHq7hK5vsDzB2yz9G8RIf40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/aCBZh_uSGRgo1qnDalU_FasNYr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4f5808-1c04-4255-9b84-a82836de05fc/1/IPY4EHq7hK5vsDzB2yz9G8RIf40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:ad:8e:c1:3d:75:68:fa:6c:82:e7:3a:69:3b:45:54:c5:81:
         d5:59:6d:2a:e7:f1:42:cd:59:59:32:f0:7f:fc:48:ff:cf:f1:
         7f:d7:59:96:11:e2:c7:df:f4:59:2d:03:75:cf:8b:09:19:99:
         27:a6:8e:b9:1e:c2:76:d7:3d:d1:f5:08:0a:39:f0:69:60:89:
         5e:96:9c:61:48:33:37:6c:f1:a8:ba:27:e2:30:5d:98:4c:7f:
         e1:0b:a2:cc:fc:bc:6d:9e:6e:f7:c0:60:f2:08:2d:05:84:c3:
         85:b5:e2:57:22:97:75:f4:71:89:30:e3:39:f6:66:38:d1:c9:
         91:61:b7:10:f1:1f:85:e8:ce:af:b4:a2:13:1b:e4:eb:a3:a5:
         b0:53:34:fd:0d:de:e7:c0:ae:33:00:6d:70:6b:3d:78:18:52:
         16:ad:1f:3b:73:4c:46:d1:90:5e:cb:2f:91:24:1a:ec:e1:8d:
         0b:a7:3b:6b:64:40:74:ac:2b:5d:75:9c:ea:53:34:6e:49:c8:
         92:04:37:1a:02:81:0f:07:5e:00:65:b3:02:b9:53:e1:1c:4d:
         04:ff:e4:9e:87:0f:a7:e5:79:9e:e5:93:39:38:20:69:2b:11:
         2b:e7:f8:47:99:62:71:9a:c4:d3:e6:ca:c4:ef:c0:12:7d:aa:
         60:db:bd:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sX+zugGeddWqbcwnMLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjYzODEwN2FiYjg0YWU2ZmIwM2NjMWRiMmNmZDFiYzQ0
ODdmOGQwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODIwNTk4N2ZiOTIxOTE4MjhkNmE5YzM2YTU1M2YxNWFiMGQ2MmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwkvdFI1SV5KugvctdzflFLMB2MZ
6G2zFSwEjE4bYkA+FCBdKWODkebTBOi5MUsA25or7nxHvJyM34cjngpjTgJVFQQy
4AxvTdIbrFyNvqBvCvkFnEAHCqjK+WwdGON3xsiGD0nLrZkkOTtaaa2szv+X+P18
Mbf75gvoXoP6jOApdRZzbv/0g92beQyb2Jm18vBmxHDFrr/K2qGID8s4T89XEecm
vEXMrLSYt6PRh80cAqf60q+pR/5ZY+IOOvuqzlaUVyVGIXh0abYv6eGE1RlI7tBV
B8JasYNZMgj0pdist5EL+l4GKVobvEhIxM4MTFcBRhJCtb2i1wphYQLXGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGggWYf7khkYKNapw2pVPxWrDWK+MB8GA1UdIwQY
MBaAFCD2OBB6u4Sub7A8wdss/RvESH+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQt
YTgyODM2ZGUwNWZjLzEvYUNCWmhfdVNHUmdvMXFuRGFsVV9GYXNOWXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80ZjU4MDgtMWMwNC00MjU1LTliODQtYTgyODM2ZGUwNWZj
LzEvSVBZNEVIcTdoSzV2c0R6QjJ5ejlHOFJJZjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstsQMA0G
CSqGSIb3DQEBCwUAA4IBAQAfrY7BPXVo+myC5zppO0VUxYHVWW0q5/FCzVlZMvB/
/Ej/z/F/11mWEeLH3/RZLQN1z4sJGZknpo65HsJ21z3R9QgKOfBpYIlelpxhSDM3
bPGouifiMF2YTH/hC6LM/Lxtnm73wGDyCC0FhMOFteJXIpd19HGJMOM59mY40cmR
YbcQ8R+F6M6vtKITG+Tro6WwUzT9Dd7nwK4zAG1waz14GFIWrR87c0xG0ZBeyy+R
JBrs4Y0LpztrZEB0rCtddZzqUzRuSciSBDcaAoEPB14AZbMCuVPhHE0E/+Sehw+n
5Xme5ZM5OCBpKxEr5/hHmWJxmsTT5srE78ASfapg273E
-----END CERTIFICATE-----