Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/vsuobB7Q7M7H0d2b7icsBX46rF8.roa
File:                     vsuobB7Q7M7H0d2b7icsBX46rF8.roa (raw, json)
Hash identifier:          7WzZ613I/LXa4Zefx9tEqY2ZhSRre3hj1QC98fA5RuY=
Subject key identifier:   BE:CB:A8:6C:1E:D0:EC:CE:C7:D1:DD:9B:EE:27:2C:05:7E:3A:AC:5F
Certificate issuer:       /CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
Certificate serial:       019425211BFAF89165239129CC65006616FE
Authority key identifier: 87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/vsuobB7Q7M7H0d2b7icsBX46rF8.roa
Signing time:             Thu 02 Jan 2025 03:48:34 +0000
ROA not before:           Thu 02 Jan 2025 03:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56322
IP address blocks:        178.250.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:1b:fa:f8:91:65:23:91:29:cc:65:00:66:16:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8778ad8168e09cf92d4e0498257f8e9ceabf0692
        Validity
            Not Before: Jan  2 03:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=becba86c1ed0eccec7d1dd9bee272c057e3aac5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:42:a9:84:70:39:62:5f:12:a9:bf:a4:bd:d7:
                    e8:61:6e:1f:2c:7e:f1:f3:58:ce:02:e7:13:60:c2:
                    5c:15:e7:77:56:96:09:85:b4:3f:c2:8c:a6:81:3b:
                    9a:2b:4f:d6:de:e9:27:0e:f8:80:73:3e:d0:26:c7:
                    ea:ca:12:c9:95:c4:1b:43:36:15:e6:51:ca:b7:7d:
                    47:de:de:e3:18:38:f0:22:de:e0:e1:c5:6a:f3:ae:
                    55:ca:e7:14:7e:ff:1c:9c:5f:5e:2b:b3:69:c4:5e:
                    5f:6d:dd:44:13:3b:05:74:c0:22:7e:d2:f3:bc:67:
                    39:be:c6:60:27:f1:27:f8:8e:b5:cb:2e:9e:02:78:
                    3e:d5:41:3e:75:7e:bf:b9:7a:3e:91:a8:26:62:6d:
                    17:04:a7:6a:bd:f2:03:3f:87:ee:f1:13:dd:91:47:
                    87:ea:be:1d:f1:15:ea:52:b5:d1:bc:13:19:f6:b4:
                    16:70:5d:82:84:ad:6c:3c:5d:c1:13:c5:d1:21:0a:
                    a0:5f:78:e6:84:04:d8:64:f7:16:68:69:7a:15:35:
                    91:66:33:f4:83:5a:be:1d:ca:20:d8:58:0e:d0:54:
                    82:4e:46:b1:7c:45:0e:ae:9f:18:d7:d8:e4:88:c2:
                    fe:6e:07:99:69:11:f7:2c:89:2f:63:cb:e2:95:f8:
                    ee:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:CB:A8:6C:1E:D0:EC:CE:C7:D1:DD:9B:EE:27:2C:05:7E:3A:AC:5F
            X509v3 Authority Key Identifier:
                keyid:87:78:AD:81:68:E0:9C:F9:2D:4E:04:98:25:7F:8E:9C:EA:BF:06:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3itgWjgnPktTgSYJX-OnOq_BpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/vsuobB7Q7M7H0d2b7icsBX46rF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/f07f8d-9df0-49c6-b2f0-aa9d691811e7/1/h3itgWjgnPktTgSYJX-OnOq_BpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.250.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:f1:66:03:77:d8:89:f0:2a:8d:a3:64:8b:ca:8d:57:32:b5:
         2a:a3:64:19:3f:5f:8a:fc:65:9f:95:b0:fb:46:72:5d:23:be:
         20:ec:ac:28:40:83:1b:7b:1c:fd:48:2a:05:6b:4d:00:2b:60:
         f4:5d:82:5b:55:21:e8:4c:c3:69:99:aa:9f:c9:f3:5f:db:4b:
         67:8b:fc:9f:f6:be:2f:79:c9:1e:f5:b7:72:e8:12:51:0b:f9:
         ff:cf:08:96:38:f1:92:4e:52:47:ef:71:78:05:93:aa:0b:fd:
         0e:8b:87:22:a7:0e:0c:e9:4f:9f:a3:19:c9:11:53:38:b2:98:
         c9:8b:f6:b9:d5:89:e0:89:76:75:12:21:b7:9a:75:e4:4c:05:
         4e:6c:5b:cb:71:e3:4d:dc:66:ea:f6:73:78:c2:72:1a:ea:0e:
         de:d0:fc:80:ab:d1:97:23:9d:97:e9:3e:40:ad:5d:7a:16:10:
         7e:22:a2:bd:8c:dc:00:69:dc:be:7e:99:d5:f3:ac:f0:9f:06:
         91:16:cc:99:31:98:08:25:6d:42:3e:06:92:57:27:41:54:b4:
         18:1c:e1:41:93:d5:01:61:21:be:d6:0d:bb:27:68:c2:d6:ec:
         af:fa:69:90:e0:2b:2f:a8:c9:bd:f9:91:e2:11:07:6a:a1:4a:
         19:df:25:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIRv6+JFlI5EpzGUAZhb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NzhhZDgxNjhlMDljZjkyZDRlMDQ5ODI1N2Y4ZTljZWFi
ZjA2OTIwHhcNMjUwMTAyMDM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWNiYTg2YzFlZDBlY2NlYzdkMWRkOWJlZTI3MmMwNTdlM2FhYzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkKphHA5Yl8Sqb+kvdfoYW4fLH7x
81jOAucTYMJcFed3VpYJhbQ/woymgTuaK0/W3uknDviAcz7QJsfqyhLJlcQbQzYV
5lHKt31H3t7jGDjwIt7g4cVq865VyucUfv8cnF9eK7NpxF5fbd1EEzsFdMAiftLz
vGc5vsZgJ/En+I61yy6eAng+1UE+dX6/uXo+kagmYm0XBKdqvfIDP4fu8RPdkUeH
6r4d8RXqUrXRvBMZ9rQWcF2ChK1sPF3BE8XRIQqgX3jmhATYZPcWaGl6FTWRZjP0
g1q+Hcog2FgO0FSCTkaxfEUOrp8Y19jkiML+bgeZaRH3LIkvY8vilfjumQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7LqGwe0OzOx9Hdm+4nLAV+OqxfMB8GA1UdIwQY
MBaAFId4rYFo4Jz5LU4EmCV/jpzqvwaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAt
YWE5ZDY5MTgxMWU3LzEvdnN1b2JCN1E3TTdIMGQyYjdpY3NCWDQ2ckY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mMDdmOGQtOWRmMC00OWM2LWIyZjAtYWE5ZDY5MTgxMWU3
LzEvaDNpdGdXamduUGt0VGdTWUpYLU9uT3FfQnBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvq8MA0G
CSqGSIb3DQEBCwUAA4IBAQB28WYDd9iJ8CqNo2SLyo1XMrUqo2QZP1+K/GWflbD7
RnJdI74g7KwoQIMbexz9SCoFa00AK2D0XYJbVSHoTMNpmaqfyfNf20tni/yf9r4v
ecke9bdy6BJRC/n/zwiWOPGSTlJH73F4BZOqC/0Oi4cipw4M6U+foxnJEVM4spjJ
i/a51YngiXZ1EiG3mnXkTAVObFvLceNN3Gbq9nN4wnIa6g7e0PyAq9GXI52X6T5A
rV16FhB+IqK9jNwAady+fpnV86zwnwaRFsyZMZgIJW1CPgaSVydBVLQYHOFBk9UB
YSG+1g27J2jC1uyv+mmQ4CsvqMm9+ZHiEQdqoUoZ3yUa
-----END CERTIFICATE-----