Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/aMv6gEqWxpGKwwWm6t5nV_iaM3Q.roa
File:                     aMv6gEqWxpGKwwWm6t5nV_iaM3Q.roa (raw, json)
Hash identifier:          +a48j1hsLG2vzEIY2MRVBswlr1+jm51V+Dk+4EhL/9Y=
Subject key identifier:   68:CB:FA:80:4A:96:C6:91:8A:C3:05:A6:EA:DE:67:57:F8:9A:33:74
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       019425211F2D406165A2E0F1B948EA5C6F98
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/aMv6gEqWxpGKwwWm6t5nV_iaM3Q.roa
Signing time:             Thu 02 Jan 2025 03:48:35 +0000
ROA not before:           Thu 02 Jan 2025 03:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        178.250.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:1f:2d:40:61:65:a2:e0:f1:b9:48:ea:5c:6f:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 03:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68cbfa804a96c6918ac305a6eade6757f89a3374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:de:4c:05:61:8e:b0:96:8e:01:ea:f8:e0:ce:
                    d3:3b:d8:91:07:80:0c:6a:55:7f:94:b2:fe:78:f4:
                    d8:2b:9c:5b:a6:80:28:12:30:1c:20:6d:7d:43:e8:
                    4a:43:38:3d:2a:59:72:17:a2:b3:65:24:fe:29:ed:
                    de:de:16:8e:60:de:98:13:c3:10:91:6e:6f:27:99:
                    88:0c:58:d1:10:89:84:ed:d9:33:85:96:a9:6e:fd:
                    cd:ad:13:43:9f:d1:1e:92:0e:99:ea:9e:ab:d4:ac:
                    90:a6:1c:40:f3:8e:a1:b5:25:44:99:2c:dd:8e:89:
                    ad:34:44:b1:32:a0:2f:07:37:ce:b4:3e:b6:a9:91:
                    43:50:0a:10:2e:ce:64:73:71:6a:47:74:89:ba:7d:
                    e2:a5:dc:9f:fc:d3:cf:6b:b0:94:dc:68:30:e6:72:
                    00:46:f6:3d:12:8e:2a:da:69:02:a0:e0:f5:45:0f:
                    0b:ef:4e:fd:60:fd:ee:bd:04:33:a3:3c:4c:01:36:
                    86:f5:01:2d:6d:3b:6c:3e:2c:5c:80:c6:8c:b7:b1:
                    8f:29:81:f3:7f:c3:fe:34:d2:2b:02:d0:3d:74:0b:
                    8e:c5:9c:c3:63:a2:45:97:b4:f3:b3:aa:88:83:da:
                    8c:b7:45:47:7f:30:49:ab:3f:29:5b:fd:f4:bf:09:
                    cb:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:CB:FA:80:4A:96:C6:91:8A:C3:05:A6:EA:DE:67:57:F8:9A:33:74
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/aMv6gEqWxpGKwwWm6t5nV_iaM3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:53:83:91:2a:4f:f5:68:00:89:67:78:36:d1:87:1d:25:c8:
         29:7e:b5:ce:53:81:d5:32:c3:41:44:ae:00:f3:99:c3:61:f5:
         42:c4:69:aa:bf:ac:26:be:fa:7f:a9:56:a9:e2:57:b8:c4:ce:
         f9:e0:7c:e5:8b:78:be:a1:8a:78:5d:93:dd:1c:56:f8:c8:78:
         db:81:67:37:f5:5a:59:75:fd:97:b7:9d:1f:c4:bf:84:b1:f8:
         90:9e:c6:70:62:68:30:e5:ab:7b:a9:48:26:b3:e6:d1:68:1e:
         5d:d3:4c:c7:b0:a9:27:7a:ae:7f:b0:0f:0c:2b:41:5b:9b:cd:
         75:32:6d:d6:af:d8:e8:fc:c9:2a:84:17:df:66:e2:a6:47:a1:
         18:3c:4f:0f:1f:9e:40:78:0d:92:b1:fb:fa:80:9f:4f:c4:a3:
         47:ae:48:4b:dd:dc:34:09:ca:8e:93:20:61:dd:01:de:db:45:
         21:a6:2d:c4:bc:b3:db:49:a9:72:29:91:34:0f:6e:63:7a:ce:
         d5:ba:ea:26:c6:74:d3:34:42:60:95:78:e5:94:bf:c0:2d:15:
         11:16:c3:29:e4:bc:6c:f0:c9:7c:ed:38:6d:12:3d:5e:d7:84:
         90:64:27:8a:c6:f0:e1:db:d2:20:3e:4b:aa:48:32:bc:3b:bc:
         ee:bf:e6:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIR8tQGFlouDxuUjqXG+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjUwMTAyMDM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGNiZmE4MDRhOTZjNjkxOGFjMzA1YTZlYWRlNjc1N2Y4OWEzMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3d5MBWGOsJaOAer44M7TO9iRB4AM
alV/lLL+ePTYK5xbpoAoEjAcIG19Q+hKQzg9KllyF6KzZST+Ke3e3haOYN6YE8MQ
kW5vJ5mIDFjREImE7dkzhZapbv3NrRNDn9Eekg6Z6p6r1KyQphxA846htSVEmSzd
jomtNESxMqAvBzfOtD62qZFDUAoQLs5kc3FqR3SJun3ipdyf/NPPa7CU3Ggw5nIA
RvY9Eo4q2mkCoOD1RQ8L7079YP3uvQQzozxMATaG9QEtbTtsPixcgMaMt7GPKYHz
f8P+NNIrAtA9dAuOxZzDY6JFl7Tzs6qIg9qMt0VHfzBJqz8pW/30vwnLjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjL+oBKlsaRisMFpureZ1f4mjN0MB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvYU12NmdFcVd4cEdLd3dXbTZ0NW5WX2lhTTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvq7MA0G
CSqGSIb3DQEBCwUAA4IBAQAcU4ORKk/1aACJZ3g20YcdJcgpfrXOU4HVMsNBRK4A
85nDYfVCxGmqv6wmvvp/qVap4le4xM754Hzli3i+oYp4XZPdHFb4yHjbgWc39VpZ
df2Xt50fxL+EsfiQnsZwYmgw5at7qUgms+bRaB5d00zHsKkneq5/sA8MK0Fbm811
Mm3Wr9jo/MkqhBffZuKmR6EYPE8PH55AeA2Ssfv6gJ9PxKNHrkhL3dw0CcqOkyBh
3QHe20Uhpi3EvLPbSalyKZE0D25jes7VuuomxnTTNEJglXjllL/ALRURFsMp5Lxs
8Ml87ThtEj1e14SQZCeKxvDh29IgPkuqSDK8O7zuv+Zv
-----END CERTIFICATE-----