Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/qo8hH3umFsFsrmcWHf9AXJqYEd0.roa
File:                     qo8hH3umFsFsrmcWHf9AXJqYEd0.roa (raw, json)
Hash identifier:          FkLjOpjqay7QlxDFP+5MXgv4ECaV9kzUHCNWISKGRqQ=
Subject key identifier:   AA:8F:21:1F:7B:A6:16:C1:6C:AE:67:16:1D:FF:40:5C:9A:98:11:DD
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       018CC802219CE7EC85A265951431A4EB4613
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/qo8hH3umFsFsrmcWHf9AXJqYEd0.roa
Signing time:             Tue 02 Jan 2024 02:30:31 +0000
ROA not before:           Tue 02 Jan 2024 02:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200993
IP address blocks:        178.250.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:21:9c:e7:ec:85:a2:65:95:14:31:a4:eb:46:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 02:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa8f211f7ba616c16cae67161dff405c9a9811dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d7:e6:26:ad:36:63:5f:1f:db:fc:54:19:2f:
                    f6:39:53:1d:97:d7:e4:59:8b:b8:ea:a3:19:30:6f:
                    37:bc:8a:ba:fe:ff:ba:e7:4b:5a:08:cc:95:7f:b3:
                    76:ac:0b:ce:d2:34:2e:c5:68:91:e7:44:0f:08:43:
                    8b:fd:a4:79:7f:72:51:c0:cb:c7:83:68:0f:f0:e7:
                    ec:ee:eb:57:5e:83:db:5f:b6:c4:07:b1:eb:7f:40:
                    84:e4:a0:25:eb:d9:4e:ed:7b:bf:56:e1:1f:08:03:
                    81:96:bf:c8:6d:98:14:58:f2:34:f3:af:eb:f7:d0:
                    99:0e:53:b8:a4:dc:fe:fe:fb:06:f0:fa:00:b0:d8:
                    51:84:5f:ae:9e:e5:73:8e:68:85:32:8a:0f:c1:26:
                    bd:e4:60:a5:0b:70:f3:31:51:2a:2b:1a:cd:46:58:
                    0a:59:62:92:d8:ce:31:7c:27:03:34:7c:a5:cc:50:
                    58:e7:9b:d6:30:28:13:db:7a:ca:ab:91:6c:24:e4:
                    e3:94:02:97:e2:4c:e0:f7:a2:3c:c0:9b:b1:25:e0:
                    25:2c:4d:ca:85:d9:2d:36:dc:db:fb:b7:74:e7:12:
                    4e:40:b2:87:ac:7f:39:02:ad:79:33:56:1b:b7:fb:
                    d2:a6:c9:e0:ad:c3:ed:e8:8b:24:55:04:39:ac:bc:
                    8a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8F:21:1F:7B:A6:16:C1:6C:AE:67:16:1D:FF:40:5C:9A:98:11:DD
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/qo8hH3umFsFsrmcWHf9AXJqYEd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:de:9e:a7:e0:86:d0:a0:88:b5:98:05:b5:f9:b1:4c:78:bd:
         12:8c:ae:30:de:24:6b:57:9c:0f:c7:6e:c1:d0:d5:fc:95:6e:
         85:73:14:d5:a6:85:5a:12:13:9a:67:c5:b0:63:3c:dd:78:eb:
         ce:f6:a9:2e:26:11:69:46:58:e6:a5:c1:f4:ad:04:3f:70:07:
         bd:81:68:51:60:17:d5:7d:bb:dc:17:bf:fc:7b:05:d9:47:7a:
         71:de:4e:30:09:46:4b:45:00:fd:01:9d:17:e6:16:6f:ba:a7:
         ed:19:16:be:b7:36:51:53:e3:33:49:98:2e:4f:9e:e7:80:3f:
         a6:63:d9:76:d3:06:b1:62:a8:8f:2d:5e:e5:55:70:ba:ed:24:
         e0:e8:5b:74:14:86:af:3b:59:6a:42:28:cd:d0:bd:40:0a:ee:
         48:c9:7d:58:9e:4a:36:64:b6:45:22:22:4f:7d:2b:69:0d:5d:
         ce:5c:02:20:a0:e2:0b:47:d7:8c:2a:0f:c9:3a:88:79:29:dc:
         09:70:03:c4:3c:c6:da:ef:04:44:bd:e3:fd:af:e9:bb:9c:aa:
         ec:a1:2e:ad:8b:9a:c0:f9:ff:a2:be:57:ff:45:74:33:5f:35:
         4b:c5:6e:cc:89:76:13:1e:74:32:a0:27:5e:f5:0f:75:e0:3b:
         bf:7f:83:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAiGc5+yFomWVFDGk60YTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjQwMTAyMDIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThmMjExZjdiYTYxNmMxNmNhZTY3MTYxZGZmNDA1YzlhOTgxMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidfmJq02Y18f2/xUGS/2OVMdl9fk
WYu46qMZMG83vIq6/v+650taCMyVf7N2rAvO0jQuxWiR50QPCEOL/aR5f3JRwMvH
g2gP8Ofs7utXXoPbX7bEB7Hrf0CE5KAl69lO7Xu/VuEfCAOBlr/IbZgUWPI086/r
99CZDlO4pNz+/vsG8PoAsNhRhF+unuVzjmiFMooPwSa95GClC3DzMVEqKxrNRlgK
WWKS2M4xfCcDNHylzFBY55vWMCgT23rKq5FsJOTjlAKX4kzg96I8wJuxJeAlLE3K
hdktNtzb+7d05xJOQLKHrH85Aq15M1Ybt/vSpsngrcPt6IskVQQ5rLyKZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqPIR97phbBbK5nFh3/QFyamBHdMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvcW84aEgzdW1Gc0Zzcm1jV0hmOUFYSnFZRWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvq7MA0G
CSqGSIb3DQEBCwUAA4IBAQBF3p6n4IbQoIi1mAW1+bFMeL0SjK4w3iRrV5wPx27B
0NX8lW6FcxTVpoVaEhOaZ8WwYzzdeOvO9qkuJhFpRljmpcH0rQQ/cAe9gWhRYBfV
fbvcF7/8ewXZR3px3k4wCUZLRQD9AZ0X5hZvuqftGRa+tzZRU+MzSZguT57ngD+m
Y9l20waxYqiPLV7lVXC67STg6Ft0FIavO1lqQijN0L1ACu5IyX1Ynko2ZLZFIiJP
fStpDV3OXAIgoOILR9eMKg/JOoh5KdwJcAPEPMba7wREveP9r+m7nKrsoS6ti5rA
+f+ivlf/RXQzXzVLxW7MiXYTHnQyoCde9Q914Du/f4O4
-----END CERTIFICATE-----
Generated at Fri Nov 22 04:55:51 2024 by rpki-client on console-ams.rpki-client.org