Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/XmOvv05xULfAWuDqrX7juNO-0qI.roa
File:                     XmOvv05xULfAWuDqrX7juNO-0qI.roa (raw, json)
Hash identifier:          eJeMTOSpJLyqSZNQmSL2OZUvlINOSkmPnV9aTneLjHg=
Subject key identifier:   5E:63:AF:BF:4E:71:50:B7:C0:5A:E0:EA:AD:7E:E3:B8:D3:BE:D2:A2
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       019425211CEF45C77CDC5FFA24C0AB405D1C
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/XmOvv05xULfAWuDqrX7juNO-0qI.roa
Signing time:             Thu 02 Jan 2025 03:48:34 +0000
ROA not before:           Thu 02 Jan 2025 03:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200993
IP address blocks:        178.250.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:1c:ef:45:c7:7c:dc:5f:fa:24:c0:ab:40:5d:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 03:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e63afbf4e7150b7c05ae0eaad7ee3b8d3bed2a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c7:35:7d:8b:ee:45:87:f2:5d:42:01:24:bc:
                    c3:70:5c:c6:25:0a:a7:d5:94:6d:99:ef:36:a1:1b:
                    08:40:b5:6a:99:98:09:64:7b:c6:75:2d:35:ce:09:
                    6f:1b:53:db:0c:f4:93:aa:c0:9e:dd:50:b9:15:a0:
                    07:1d:7d:b8:bd:54:bd:73:a8:25:65:37:e9:2a:3d:
                    0d:00:3c:8d:93:21:18:94:c1:56:d3:a1:45:f1:01:
                    27:0e:24:30:36:10:6a:45:e2:bc:45:98:53:bf:27:
                    3d:9a:f8:c3:85:54:34:4b:a6:2a:29:0f:34:d4:a1:
                    7f:04:d8:e5:53:89:63:af:29:65:a3:c0:c2:15:09:
                    51:a6:9c:ca:17:a6:a3:88:84:aa:e8:fc:ec:aa:d6:
                    82:e0:7d:ac:d2:12:82:5b:1b:59:b9:02:74:1f:02:
                    3e:ef:8f:ac:08:6f:22:82:07:98:a8:23:83:a3:ff:
                    d6:6e:97:4b:77:6a:75:e5:12:df:99:f3:32:67:f3:
                    eb:c2:1f:19:99:89:68:73:ea:05:0f:1c:53:4c:b8:
                    73:dd:33:ff:b1:eb:35:56:da:d0:52:4d:fe:12:4e:
                    71:d5:04:5b:d0:e3:c0:27:fd:23:a4:73:01:b6:ad:
                    22:1b:cb:85:28:72:1a:b8:24:f5:5b:2b:76:a9:e8:
                    13:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:63:AF:BF:4E:71:50:B7:C0:5A:E0:EA:AD:7E:E3:B8:D3:BE:D2:A2
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/XmOvv05xULfAWuDqrX7juNO-0qI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:97:8a:7e:1f:44:b4:ba:24:32:95:8c:4d:21:78:63:ea:f0:
         7f:d7:50:89:43:bc:7c:a8:7e:86:0b:f3:18:53:41:63:0a:cd:
         52:75:de:fc:d1:12:eb:db:ca:28:ad:60:a8:bf:1e:b7:d1:ac:
         97:29:21:af:d7:4b:fd:09:ac:e0:59:e7:36:7c:23:ed:0d:90:
         75:80:f7:5b:66:69:6b:8c:8c:dc:9d:c7:7e:76:13:5a:dd:1f:
         7c:38:4a:43:62:3b:42:5a:33:11:d0:60:14:1b:c4:71:c1:d8:
         42:b8:39:85:81:1b:c5:b2:7b:8b:ca:63:f9:e1:38:7a:7d:39:
         d0:2c:46:17:73:1a:16:b2:0e:a6:24:e2:b4:a0:b5:2b:bd:d9:
         9c:7b:d6:b1:42:ad:df:79:f5:f2:c9:fc:8e:d1:bb:46:09:b7:
         c2:1d:2e:64:5b:36:72:02:07:66:98:53:99:f3:63:12:6a:13:
         4c:3b:0f:d9:3a:e7:02:0d:a8:9f:7f:64:cc:86:8e:b1:29:dd:
         5d:d6:7b:bf:71:80:e4:8b:36:15:e6:50:59:2f:f3:0f:ce:57:
         4e:af:b8:b0:a5:10:d8:af:aa:e2:b9:64:2c:a0:8a:db:bc:b1:
         2f:da:12:06:9e:1e:18:1c:8e:c2:00:de:c6:73:1b:62:b5:bc:
         73:ec:5d:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIRzvRcd83F/6JMCrQF0cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjUwMTAyMDM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYzYWZiZjRlNzE1MGI3YzA1YWUwZWFhZDdlZTNiOGQzYmVkMmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcc1fYvuRYfyXUIBJLzDcFzGJQqn
1ZRtme82oRsIQLVqmZgJZHvGdS01zglvG1PbDPSTqsCe3VC5FaAHHX24vVS9c6gl
ZTfpKj0NADyNkyEYlMFW06FF8QEnDiQwNhBqReK8RZhTvyc9mvjDhVQ0S6YqKQ80
1KF/BNjlU4ljryllo8DCFQlRppzKF6ajiISq6PzsqtaC4H2s0hKCWxtZuQJ0HwI+
74+sCG8iggeYqCODo//WbpdLd2p15RLfmfMyZ/Prwh8ZmYloc+oFDxxTTLhz3TP/
ses1VtrQUk3+Ek5x1QRb0OPAJ/0jpHMBtq0iG8uFKHIauCT1Wyt2qegTowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5jr79OcVC3wFrg6q1+47jTvtKiMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvWG1PdnYwNXhVTGZBV3VEcXJYN2p1Tk8tMHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvq7MA0G
CSqGSIb3DQEBCwUAA4IBAQBMl4p+H0S0uiQylYxNIXhj6vB/11CJQ7x8qH6GC/MY
U0FjCs1Sdd780RLr28oorWCovx630ayXKSGv10v9CazgWec2fCPtDZB1gPdbZmlr
jIzcncd+dhNa3R98OEpDYjtCWjMR0GAUG8RxwdhCuDmFgRvFsnuLymP54Th6fTnQ
LEYXcxoWsg6mJOK0oLUrvdmce9axQq3fefXyyfyO0btGCbfCHS5kWzZyAgdmmFOZ
82MSahNMOw/ZOucCDaiff2TMho6xKd1d1nu/cYDkizYV5lBZL/MPzldOr7iwpRDY
r6riuWQsoIrbvLEv2hIGnh4YHI7CAN7Gcxtitbxz7F3O
-----END CERTIFICATE-----