Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/VJexUrP8FbwmSUAAdgR4SU6dJFY.roa
File:                     VJexUrP8FbwmSUAAdgR4SU6dJFY.roa (raw, json)
Hash identifier:          lojiSc2AvnfcAjBPHikspAEM4H6TszWVLCvTC+n5zxg=
Subject key identifier:   54:97:B1:52:B3:FC:15:BC:26:49:40:00:76:04:78:49:4E:9D:24:56
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       018CC802204B57A1F58E318CEC6EA7456CE0
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/VJexUrP8FbwmSUAAdgR4SU6dJFY.roa
Signing time:             Tue 02 Jan 2024 02:30:31 +0000
ROA not before:           Tue 02 Jan 2024 02:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51961
IP address blocks:        178.250.190.0/23 maxlen: 24
                          178.250.184.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:20:4b:57:a1:f5:8e:31:8c:ec:6e:a7:45:6c:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 02:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5497b152b3fc15bc26494000760478494e9d2456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:e5:9d:56:6b:85:77:53:c7:d4:ed:6d:f2:
                    66:15:28:8f:1c:45:7f:b9:e3:fd:df:c4:db:d6:ec:
                    02:90:50:73:01:9c:53:3e:cd:3f:42:03:1f:e2:9d:
                    83:91:23:32:76:8b:68:70:0c:d9:6c:39:b5:0c:bd:
                    d4:f4:2d:95:50:ac:84:26:b1:00:61:c4:21:1a:d3:
                    44:77:60:6c:85:57:c8:29:c6:b5:a2:4e:bb:25:eb:
                    61:cf:3a:06:e4:97:73:af:ce:bd:0f:bf:b1:74:e5:
                    e6:7d:8c:a1:6a:ee:a6:9d:2a:a2:7a:7f:69:a5:42:
                    10:74:22:e0:84:2b:9a:47:98:d0:40:75:47:47:49:
                    69:cd:14:f2:8d:89:10:c6:2d:cf:a1:aa:70:f2:f8:
                    a6:1f:a5:ec:08:ba:ee:85:9d:6f:7a:dc:c2:c0:45:
                    25:bb:11:76:09:8f:43:b9:67:16:c4:88:9d:9e:cd:
                    97:b3:54:29:13:f4:4b:a1:c5:ab:1a:b4:eb:2a:06:
                    8a:30:87:11:d1:ab:67:34:78:52:a8:26:ca:e8:7e:
                    a8:cd:83:8f:9f:b6:70:31:62:e6:ac:18:78:d1:c7:
                    9b:35:eb:ad:b7:58:8f:00:1e:89:66:2c:40:a9:f6:
                    a4:fe:c7:73:9b:83:51:95:89:eb:ef:2f:a2:fd:06:
                    3d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:97:B1:52:B3:FC:15:BC:26:49:40:00:76:04:78:49:4E:9D:24:56
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/VJexUrP8FbwmSUAAdgR4SU6dJFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.184.0/23
                  178.250.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:c4:fc:a7:c4:9e:48:f3:44:21:3b:e7:b6:28:a5:5d:1b:2a:
         46:a9:b3:61:8b:ae:e8:3c:60:6a:10:49:df:ba:a5:a6:ad:ff:
         8e:84:80:f6:45:5e:ca:7f:35:8f:d0:a0:3a:c1:71:d0:e4:9f:
         70:8f:bd:59:f4:2a:08:a4:98:83:7f:c0:0d:a2:e5:36:53:3b:
         bb:70:1b:90:0f:87:3b:10:cc:30:b0:82:10:da:66:69:8f:bc:
         7c:74:9f:ce:24:fa:5f:92:d7:e9:a7:41:83:df:1c:e4:a1:ce:
         0c:67:f7:cd:58:b5:10:7d:fb:00:ed:d4:d9:77:b1:71:e4:5f:
         fb:cd:b5:e7:7b:f6:cb:a6:36:ee:dc:43:d4:c6:1e:ac:cc:f5:
         0d:26:70:e1:f9:80:cf:91:45:0b:7c:84:77:d3:df:81:29:86:
         fd:84:30:5e:f2:80:20:d8:1d:30:77:7b:be:34:47:f8:48:3a:
         95:7a:2b:e8:60:48:d2:15:19:df:c4:60:53:49:50:d5:82:69:
         0a:ff:07:b0:82:8b:d9:fc:ae:38:5a:59:96:9f:ad:91:1c:76:
         36:6c:95:12:f0:e6:39:a4:cd:dd:06:27:24:f3:5a:52:dc:b9:
         91:57:f6:1d:7c:b2:2c:8e:f4:b3:1e:b5:cb:56:0a:9c:18:ac:
         64:70:79:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAiBLV6H1jjGM7G6nRWzgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwMTAyMDIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDk3YjE1MmIzZmMxNWJjMjY0OTQwMDA3NjA0Nzg0OTRlOWQyNDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnTlnVZrhXdTx9TtbfJmFSiPHEV/
ueP938Tb1uwCkFBzAZxTPs0/QgMf4p2DkSMydotocAzZbDm1DL3U9C2VUKyEJrEA
YcQhGtNEd2BshVfIKca1ok67JethzzoG5Jdzr869D7+xdOXmfYyhau6mnSqien9p
pUIQdCLghCuaR5jQQHVHR0lpzRTyjYkQxi3Poapw8vimH6XsCLruhZ1vetzCwEUl
uxF2CY9DuWcWxIidns2Xs1QpE/RLocWrGrTrKgaKMIcR0atnNHhSqCbK6H6ozYOP
n7ZwMWLmrBh40cebNeutt1iPAB6JZixAqfak/sdzm4NRlYnr7y+i/QY9FQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFSXsVKz/BW8JklAAHYEeElOnSRWMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvVkpleFVyUDhGYndtU1VBQWRnUjRTVTZkSkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBsvq4AwQB
svq+MA0GCSqGSIb3DQEBCwUAA4IBAQCYxPynxJ5I80QhO+e2KKVdGypGqbNhi67o
PGBqEEnfuqWmrf+OhID2RV7KfzWP0KA6wXHQ5J9wj71Z9CoIpJiDf8ANouU2Uzu7
cBuQD4c7EMwwsIIQ2mZpj7x8dJ/OJPpfktfpp0GD3xzkoc4MZ/fNWLUQffsA7dTZ
d7Fx5F/7zbXne/bLpjbu3EPUxh6szPUNJnDh+YDPkUULfIR309+BKYb9hDBe8oAg
2B0wd3u+NEf4SDqVeivoYEjSFRnfxGBTSVDVgmkK/wewgovZ/K44WlmWn62RHHY2
bJUS8OY5pM3dBick81pS3LmRV/YdfLIsjvSzHrXLVgqcGKxkcHnA
-----END CERTIFICATE-----