Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/msPxpy5FoOmeN6O_2aDBJh6Sc0M.roa
File:                     msPxpy5FoOmeN6O_2aDBJh6Sc0M.roa (raw, json)
Hash identifier:          UivlcnJjcGkDEJfArncfqqViFEOVqr83WZyFnf+V4CE=
Subject key identifier:   9A:C3:F1:A7:2E:45:A0:E9:9E:37:A3:BF:D9:A0:C1:26:1E:92:73:43
Certificate issuer:       /CN=631aca5f9a1dcfa19704d1f0377f1b9fe9145e08
Certificate serial:       018CC500173CD7E80FA9EFC1126DF2C83571
Authority key identifier: 63:1A:CA:5F:9A:1D:CF:A1:97:04:D1:F0:37:7F:1B:9F:E9:14:5E:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YxrKX5odz6GXBNHwN38bn-kUXgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/msPxpy5FoOmeN6O_2aDBJh6Sc0M.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199081
IP address blocks:        178.239.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/YxrKX5odz6GXBNHwN38bn-kUXgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/YxrKX5odz6GXBNHwN38bn-kUXgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YxrKX5odz6GXBNHwN38bn-kUXgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:17:3c:d7:e8:0f:a9:ef:c1:12:6d:f2:c8:35:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=631aca5f9a1dcfa19704d1f0377f1b9fe9145e08
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ac3f1a72e45a0e99e37a3bfd9a0c1261e927343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:29:2b:98:66:db:ce:81:a6:77:5a:1b:66:b9:
                    36:01:31:0d:0d:31:11:a6:6a:1b:e3:79:f8:84:be:
                    d1:56:9a:49:e7:7b:71:0b:a6:0c:ba:5b:f7:9d:a3:
                    76:5d:e5:48:44:43:59:66:37:0a:f5:f4:8d:62:b3:
                    19:32:17:2d:cd:a8:17:0d:d8:f9:00:68:30:e0:43:
                    9e:14:54:93:64:84:f9:c2:89:57:9d:b1:e1:94:a1:
                    e6:29:bc:00:7b:f9:13:3e:70:5a:89:cd:d1:71:10:
                    2c:1c:3c:81:b4:46:3a:a1:ed:d3:ac:71:5b:a4:dc:
                    4a:26:8c:de:90:b1:22:92:59:39:94:8d:a3:bb:e9:
                    0c:18:92:f7:52:7e:86:4c:a8:36:81:d9:25:cb:82:
                    f4:7b:34:a4:b9:f8:21:03:69:4f:35:c9:ea:ee:69:
                    aa:8d:4f:26:78:a1:e8:6c:75:c1:fd:10:67:1e:7d:
                    9b:6c:59:e7:66:2b:a1:65:0c:ad:12:fd:c9:fb:2e:
                    c8:29:72:4e:4b:8c:f4:f8:97:48:97:8f:79:93:b0:
                    d0:a5:51:0f:53:eb:4a:25:94:c7:a6:ac:2a:16:c6:
                    64:79:9c:3e:a9:f7:09:b0:b7:5d:62:76:fd:2c:06:
                    08:8b:3f:55:10:a1:a2:c0:91:4d:05:6c:4e:96:2b:
                    9e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C3:F1:A7:2E:45:A0:E9:9E:37:A3:BF:D9:A0:C1:26:1E:92:73:43
            X509v3 Authority Key Identifier:
                keyid:63:1A:CA:5F:9A:1D:CF:A1:97:04:D1:F0:37:7F:1B:9F:E9:14:5E:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YxrKX5odz6GXBNHwN38bn-kUXgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/msPxpy5FoOmeN6O_2aDBJh6Sc0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/f0775c-da2e-4d7d-8019-d2b02a403c7b/1/YxrKX5odz6GXBNHwN38bn-kUXgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ce:d6:ab:b2:a9:e8:5c:1a:c9:b0:de:be:66:05:d1:ef:a1:
         5a:43:17:88:ba:b4:6c:dd:f6:6d:08:06:2e:7a:db:e8:77:f2:
         67:a3:72:39:95:ff:c4:d1:7f:08:34:10:71:d5:b5:41:fb:f3:
         de:0f:dc:ff:82:7f:b0:3f:9f:5d:82:b3:11:a6:4b:e9:05:67:
         8c:da:75:f1:b2:09:5f:c6:86:b9:89:97:3e:d5:10:94:7b:f3:
         b5:5f:cf:90:35:4a:80:d9:ff:2e:c3:39:94:13:ad:cd:2f:96:
         a2:de:da:27:85:f1:ac:6b:2f:4b:93:f6:00:c8:2c:db:d2:9e:
         b4:c5:a2:83:de:4d:2f:e5:d2:51:e8:3b:24:fb:9e:09:2d:1c:
         21:db:93:79:0d:92:0a:ad:76:5f:3e:02:31:0e:d7:60:db:c1:
         66:c1:98:c7:b3:a1:63:43:3d:03:26:b0:81:41:71:5a:81:22:
         9c:96:da:36:50:9a:60:04:4d:fe:e9:8e:57:e9:44:bf:ae:9c:
         aa:8e:a0:02:68:cd:42:27:50:3d:4e:e7:f9:e9:38:e6:71:6f:
         8b:01:96:a2:18:9a:17:34:c9:58:ec:e0:ce:ff:19:ac:2f:fd:
         e4:25:82:07:c7:f3:46:b9:77:03:da:94:5d:cd:ae:25:e5:f6:
         04:32:bf:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABc81+gPqe/BEm3yyDVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMWFjYTVmOWExZGNmYTE5NzA0ZDFmMDM3N2YxYjlmZTkx
NDVlMDgwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWMzZjFhNzJlNDVhMGU5OWUzN2EzYmZkOWEwYzEyNjFlOTI3MzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSkrmGbbzoGmd1obZrk2ATENDTER
pmob43n4hL7RVppJ53txC6YMulv3naN2XeVIRENZZjcK9fSNYrMZMhctzagXDdj5
AGgw4EOeFFSTZIT5wolXnbHhlKHmKbwAe/kTPnBaic3RcRAsHDyBtEY6oe3TrHFb
pNxKJozekLEiklk5lI2ju+kMGJL3Un6GTKg2gdkly4L0ezSkufghA2lPNcnq7mmq
jU8meKHobHXB/RBnHn2bbFnnZiuhZQytEv3J+y7IKXJOS4z0+JdIl495k7DQpVEP
U+tKJZTHpqwqFsZkeZw+qfcJsLddYnb9LAYIiz9VEKGiwJFNBWxOliueNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrD8acuRaDpnjejv9mgwSYeknNDMB8GA1UdIwQY
MBaAFGMayl+aHc+hlwTR8Dd/G5/pFF4IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXhyS1g1b2R6NkdYQk5Id04zOGJuLWtVWGdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mMDc3NWMtZGEyZS00ZDdkLTgwMTkt
ZDJiMDJhNDAzYzdiLzEvbXNQeHB5NUZvT21lTjZPXzJhREJKaDZTYzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mMDc3NWMtZGEyZS00ZDdkLTgwMTktZDJiMDJhNDAzYzdi
LzEvWXhyS1g1b2R6NkdYQk5Id04zOGJuLWtVWGdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu8ZMA0G
CSqGSIb3DQEBCwUAA4IBAQAlztarsqnoXBrJsN6+ZgXR76FaQxeIurRs3fZtCAYu
etvod/Jno3I5lf/E0X8INBBx1bVB+/PeD9z/gn+wP59dgrMRpkvpBWeM2nXxsglf
xoa5iZc+1RCUe/O1X8+QNUqA2f8uwzmUE63NL5ai3tonhfGsay9Lk/YAyCzb0p60
xaKD3k0v5dJR6Dsk+54JLRwh25N5DZIKrXZfPgIxDtdg28FmwZjHs6FjQz0DJrCB
QXFagSKclto2UJpgBE3+6Y5X6US/rpyqjqACaM1CJ1A9Tuf56TjmcW+LAZaiGJoX
NMlY7ODO/xmsL/3kJYIHx/NGuXcD2pRdza4l5fYEMr+Y
-----END CERTIFICATE-----