Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/leMwNsa5zZpIondmUiWJbd9kobU.roa
File:                     leMwNsa5zZpIondmUiWJbd9kobU.roa (raw, json)
Hash identifier:          SM0Ei2Vh6GLxOLCe0TF7D7/4ICthojIJ+P88z5EJY8M=
Subject key identifier:   95:E3:30:36:C6:B9:CD:9A:48:A2:77:66:52:25:89:6D:DF:64:A1:B5
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       018CC80221D9C1E3619E759F812DA9E4CCAE
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/leMwNsa5zZpIondmUiWJbd9kobU.roa
Signing time:             Tue 02 Jan 2024 02:30:32 +0000
ROA not before:           Tue 02 Jan 2024 02:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203394
IP address blocks:        178.250.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:21:d9:c1:e3:61:9e:75:9f:81:2d:a9:e4:cc:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 02:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95e33036c6b9cd9a48a277665225896ddf64a1b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e9:0b:b1:34:05:87:d3:12:d4:37:bf:fc:71:
                    dc:18:d8:82:6a:14:76:b7:6d:75:b2:6a:54:28:b1:
                    91:c0:1e:99:07:96:71:60:ea:85:b9:eb:b2:0b:df:
                    bb:7c:22:9f:19:5f:de:85:ef:f8:c0:37:30:f8:2a:
                    d7:a8:d6:33:0c:47:d4:63:d6:36:74:a1:1c:b5:98:
                    21:7b:cb:05:3a:eb:6f:66:89:02:fd:90:18:a0:75:
                    98:24:5e:67:50:d0:8e:3f:ed:7d:25:93:23:7a:3f:
                    41:7d:03:b3:1d:37:3c:bf:e6:23:82:0d:f6:49:50:
                    73:9b:65:ad:0a:51:10:89:e5:97:7d:db:46:8c:e8:
                    e5:4f:15:83:cb:07:cc:5f:02:96:a6:d3:04:40:ca:
                    0e:3d:a6:8f:3b:1c:9a:d6:6c:55:49:f9:bb:54:57:
                    f9:72:ae:04:ce:96:83:d9:56:21:69:d4:88:90:40:
                    cb:b9:f8:46:43:c0:b0:a1:2e:c0:52:59:f7:4d:db:
                    5c:bc:f7:8a:56:51:48:b7:b1:5f:ce:94:d5:e0:57:
                    ba:83:b2:ec:f9:83:dd:97:dd:82:bd:6d:97:cf:fd:
                    f0:37:a6:a1:7d:3d:6a:bd:06:1c:bc:20:e5:c1:64:
                    68:b8:ce:92:c5:32:61:35:25:d4:cc:b6:34:60:3f:
                    80:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E3:30:36:C6:B9:CD:9A:48:A2:77:66:52:25:89:6D:DF:64:A1:B5
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/leMwNsa5zZpIondmUiWJbd9kobU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:fe:2a:a1:f8:30:a8:21:bc:90:df:19:0b:cd:23:b1:c1:16:
         05:b4:51:fd:01:3e:85:f2:58:38:52:16:f5:80:6d:b8:af:6c:
         47:92:21:00:4e:7b:2a:86:6e:b7:66:67:ae:ea:cf:80:42:7a:
         4c:62:06:b2:ee:ed:71:ec:e3:e3:f9:12:0a:c1:63:a4:0c:52:
         a5:7d:f5:b8:ed:71:c3:2d:bf:12:7c:d8:19:46:ac:01:d8:bf:
         1a:31:59:eb:f2:ab:b7:4b:6e:13:bc:45:43:4d:22:08:60:f6:
         c3:af:c3:65:59:c9:84:58:b3:32:ef:fd:18:da:f8:ee:ed:d7:
         43:5c:1d:3f:72:61:bc:5e:00:b0:f3:af:c4:40:14:ac:77:cf:
         f7:45:4d:72:ee:c5:62:b5:c8:43:31:3e:99:22:1d:37:a5:50:
         e9:ff:9d:ea:0d:16:e8:52:39:6e:45:38:3f:54:8f:48:8d:c6:
         00:9c:85:0f:6c:cf:64:ac:8b:23:9e:0f:a0:0b:19:01:dc:b4:
         61:75:96:3d:32:60:bf:4f:55:53:21:f1:b8:47:56:24:9d:d1:
         cb:b6:1a:0a:16:79:02:95:cb:95:7e:5d:27:05:cb:e5:5d:eb:
         06:bc:75:4e:6d:82:54:aa:9d:b4:23:41:11:ba:ee:34:b7:b7:
         84:17:ca:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAiHZweNhnnWfgS2p5MyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwMTAyMDIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWUzMzAzNmM2YjljZDlhNDhhMjc3NjY1MjI1ODk2ZGRmNjRhMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOkLsTQFh9MS1De//HHcGNiCahR2
t211smpUKLGRwB6ZB5ZxYOqFueuyC9+7fCKfGV/ehe/4wDcw+CrXqNYzDEfUY9Y2
dKEctZghe8sFOutvZokC/ZAYoHWYJF5nUNCOP+19JZMjej9BfQOzHTc8v+Yjgg32
SVBzm2WtClEQieWXfdtGjOjlTxWDywfMXwKWptMEQMoOPaaPOxya1mxVSfm7VFf5
cq4EzpaD2VYhadSIkEDLufhGQ8CwoS7AUln3TdtcvPeKVlFIt7FfzpTV4Fe6g7Ls
+YPdl92CvW2Xz/3wN6ahfT1qvQYcvCDlwWRouM6SxTJhNSXUzLY0YD+AcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXjMDbGuc2aSKJ3ZlIliW3fZKG1MB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvbGVNd05zYTV6WnBJb25kbVVpV0piZDlrb2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvq9MA0G
CSqGSIb3DQEBCwUAA4IBAQCw/iqh+DCoIbyQ3xkLzSOxwRYFtFH9AT6F8lg4Uhb1
gG24r2xHkiEATnsqhm63Zmeu6s+AQnpMYgay7u1x7OPj+RIKwWOkDFKlffW47XHD
Lb8SfNgZRqwB2L8aMVnr8qu3S24TvEVDTSIIYPbDr8NlWcmEWLMy7/0Y2vju7ddD
XB0/cmG8XgCw86/EQBSsd8/3RU1y7sVitchDMT6ZIh03pVDp/53qDRboUjluRTg/
VI9IjcYAnIUPbM9krIsjng+gCxkB3LRhdZY9MmC/T1VTIfG4R1YkndHLthoKFnkC
lcuVfl0nBcvlXesGvHVObYJUqp20I0ERuu40t7eEF8qG
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:13:53 2024 by rpki-client on console-fra.rpki-client.org