Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/j9fsH4fji6u6DtjyUtf5cZA62wY.roa
File:                     j9fsH4fji6u6DtjyUtf5cZA62wY.roa (raw, json)
Hash identifier:          Nwmv4D79NmgxxwjoHZOXI+NI6uzf0SceDkg8prxoPzg=
Subject key identifier:   8F:D7:EC:1F:87:E3:8B:AB:BA:0E:D8:F2:52:D7:F9:71:90:3A:DB:06
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       0192040C4FEB76CA762D90533AA90C699257
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/j9fsH4fji6u6DtjyUtf5cZA62wY.roa
Signing time:             Wed 18 Sep 2024 07:32:48 +0000
ROA not before:           Wed 18 Sep 2024 07:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215232
IP address blocks:        178.236.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:04:0c:4f:eb:76:ca:76:2d:90:53:3a:a9:0c:69:92:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Sep 18 07:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fd7ec1f87e38babba0ed8f252d7f971903adb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:92:df:05:5a:e4:54:f2:97:b8:9a:1d:cd:52:
                    30:8c:19:b7:db:9d:2e:d9:99:2a:3f:ea:1a:87:48:
                    81:b1:18:4d:8c:05:8e:69:06:72:2d:49:45:09:50:
                    3d:ec:57:37:91:ca:47:a6:f3:88:e0:73:3f:1e:be:
                    de:ff:4a:a8:d5:5e:43:f0:e6:ea:b2:53:91:41:11:
                    64:b3:59:98:e6:ce:70:99:f2:98:e8:f8:2d:13:9e:
                    3e:38:f4:cf:59:51:15:28:05:5b:80:31:0b:9a:7f:
                    cf:eb:a6:19:4d:66:be:66:72:08:ca:94:43:4f:ec:
                    9a:b9:dd:bc:98:0e:6c:a4:14:86:2a:b9:b8:1e:69:
                    bf:ef:f8:25:cd:c5:a0:18:19:e5:78:19:65:3e:d2:
                    2e:b0:e8:72:65:71:d5:9b:52:61:8e:a5:70:5d:c5:
                    8b:42:65:98:f2:4b:48:a3:bf:fa:3e:74:50:87:ad:
                    27:0d:b1:96:db:71:65:2f:60:ff:06:27:c5:fa:56:
                    0a:6e:b1:c6:39:55:e4:96:37:13:28:32:f9:8d:7f:
                    36:eb:bc:b2:cd:02:e4:f4:da:6f:42:e9:63:d3:3f:
                    c7:72:29:d5:ba:f8:89:88:d4:eb:02:3f:7e:81:6f:
                    b4:33:18:31:0f:1f:3b:fb:4e:7c:6c:05:24:8f:e2:
                    f3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D7:EC:1F:87:E3:8B:AB:BA:0E:D8:F2:52:D7:F9:71:90:3A:DB:06
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/j9fsH4fji6u6DtjyUtf5cZA62wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:64:df:a0:94:00:2d:e2:ef:33:ce:cd:0f:bf:ae:33:73:ec:
         1b:20:da:5e:85:a8:e6:d7:c8:9c:be:7e:76:e9:8f:e7:03:fe:
         bb:78:a5:6f:81:b1:fb:57:4e:94:d5:7b:db:8b:2f:4c:e6:ca:
         95:c9:55:66:3e:f3:e7:4b:fe:59:72:6d:ea:59:be:39:60:4f:
         96:d0:f7:03:9f:13:45:1a:20:92:0f:ee:f9:d6:7a:fb:b3:31:
         35:da:b8:f2:5c:56:c3:13:32:75:13:4f:f1:df:5a:c4:96:b8:
         b8:2b:b7:0d:2e:d9:3d:11:48:cc:af:8d:37:c4:2b:e5:d3:9c:
         1f:53:ce:cf:24:fe:53:36:e6:14:80:ad:e4:82:21:ce:c5:1f:
         1b:77:7c:8b:19:ca:ad:35:6e:93:31:71:a8:56:ba:35:e7:6f:
         90:7a:48:62:2b:3e:c2:c8:8a:1d:89:83:90:1e:5b:87:64:9e:
         68:a2:b9:13:5c:87:cd:8b:db:70:93:c0:83:72:4a:9c:52:d1:
         77:cb:6b:5a:3a:03:cc:72:27:8a:8b:d9:bd:19:4c:fd:86:a4:
         a5:8f:f4:6b:a7:9a:47:94:43:fb:33:b8:b9:e4:18:f8:77:98:
         32:72:5c:41:2b:67:80:0e:c7:ca:f0:51:89:7b:34:e5:f2:8e:
         90:b0:ba:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIEDE/rdsp2LZBTOqkMaZJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQwOTE4MDczMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ3ZWMxZjg3ZTM4YmFiYmEwZWQ4ZjI1MmQ3Zjk3MTkwM2FkYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZLfBVrkVPKXuJodzVIwjBm3250u
2ZkqP+oah0iBsRhNjAWOaQZyLUlFCVA97Fc3kcpHpvOI4HM/Hr7e/0qo1V5D8Obq
slORQRFks1mY5s5wmfKY6PgtE54+OPTPWVEVKAVbgDELmn/P66YZTWa+ZnIIypRD
T+yaud28mA5spBSGKrm4Hmm/7/glzcWgGBnleBllPtIusOhyZXHVm1JhjqVwXcWL
QmWY8ktIo7/6PnRQh60nDbGW23FlL2D/BifF+lYKbrHGOVXkljcTKDL5jX8267yy
zQLk9NpvQulj0z/HcinVuviJiNTrAj9+gW+0MxgxDx87+058bAUkj+LzwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI/X7B+H44urug7Y8lLX+XGQOtsGMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvajlmc0g0ZmppNnU2RHRqeVV0ZjVjWkE2MndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuzzMA0G
CSqGSIb3DQEBCwUAA4IBAQCAZN+glAAt4u8zzs0Pv64zc+wbINpehajm18icvn52
6Y/nA/67eKVvgbH7V06U1Xvbiy9M5sqVyVVmPvPnS/5Zcm3qWb45YE+W0PcDnxNF
GiCSD+751nr7szE12rjyXFbDEzJ1E0/x31rElri4K7cNLtk9EUjMr403xCvl05wf
U87PJP5TNuYUgK3kgiHOxR8bd3yLGcqtNW6TMXGoVro152+QekhiKz7CyIodiYOQ
HluHZJ5oorkTXIfNi9twk8CDckqcUtF3y2taOgPMcieKi9m9GUz9hqSlj/Rrp5pH
lEP7M7i55Bj4d5gyclxBK2eADsfK8FGJezTl8o6QsLoY
-----END CERTIFICATE-----