Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/7A56hVt6dU5qoiAvVK6jGTcVzpA.roa
File:                     7A56hVt6dU5qoiAvVK6jGTcVzpA.roa (raw, json)
Hash identifier:          WrPuXoX0ejV9tQW6wbPaQyxE5UCS7s5qr/uRZC2hWIY=
Subject key identifier:   EC:0E:7A:85:5B:7A:75:4E:6A:A2:20:2F:54:AE:A3:19:37:15:CE:90
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018CCA287579D99D793CE5978D311BD60C9D
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/7A56hVt6dU5qoiAvVK6jGTcVzpA.roa
Signing time:             Tue 02 Jan 2024 12:31:38 +0000
ROA not before:           Tue 02 Jan 2024 12:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210392
IP address blocks:        178.239.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:75:79:d9:9d:79:3c:e5:97:8d:31:1b:d6:0c:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 12:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec0e7a855b7a754e6aa2202f54aea3193715ce90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:88:e3:9a:24:d6:11:6e:9d:8d:05:f9:b4:7f:
                    83:a8:7a:30:12:51:40:3d:c3:2d:05:f0:15:a5:9b:
                    69:3f:fd:30:6e:a3:b0:54:cb:02:99:49:ee:7c:73:
                    20:7d:bb:83:06:70:e2:82:54:d9:eb:66:45:03:1a:
                    61:c3:7e:f4:e4:27:88:69:b9:df:b1:b1:7c:5a:05:
                    0f:ac:9c:29:68:fc:fc:07:fb:04:4d:33:a9:9d:52:
                    6b:f5:81:5a:26:a7:61:b3:53:2b:6b:cc:ac:a6:31:
                    08:d7:34:e6:93:9f:06:44:f2:25:37:f5:d6:87:1c:
                    f7:48:c1:b5:84:2a:17:d4:cf:23:e8:c8:54:e8:18:
                    b2:c6:6f:83:6d:69:32:92:53:dc:97:b8:51:b4:97:
                    86:06:ac:21:9b:76:b2:3a:d9:a0:54:bc:40:d6:63:
                    94:b3:41:08:40:d2:1e:4b:a8:59:ab:85:b4:c8:b6:
                    53:12:00:db:c8:ff:61:45:7f:ca:bd:55:78:8e:12:
                    fe:fe:8d:d1:06:a6:f1:92:b5:ee:06:52:af:38:7f:
                    aa:28:37:31:93:13:3f:29:40:9c:3f:c6:d1:91:31:
                    1e:ab:e7:a1:67:06:de:6a:71:37:84:47:f6:4e:f3:
                    ff:e5:4f:6d:d6:f1:a5:e1:a2:57:25:4f:3d:36:80:
                    de:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:0E:7A:85:5B:7A:75:4E:6A:A2:20:2F:54:AE:A3:19:37:15:CE:90
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/7A56hVt6dU5qoiAvVK6jGTcVzpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:e6:7a:56:d1:cb:a4:2f:48:57:14:4d:17:4b:c0:4b:55:12:
         29:46:00:b9:fe:63:82:fd:34:a4:d6:9d:92:fa:4a:2e:14:11:
         19:7c:66:96:f4:96:e0:57:1d:75:ec:ac:62:39:fb:bc:9d:52:
         2f:3a:60:ea:ba:57:57:cd:44:57:58:7e:a8:ef:8a:c8:30:36:
         84:03:64:cb:65:2c:b4:3f:41:de:53:36:34:f1:3e:3f:4b:84:
         b9:b9:d5:cc:3d:2f:7c:36:1c:e1:a0:46:85:0d:f0:02:38:45:
         19:d4:d8:5c:b9:87:f2:d1:ad:11:9b:ae:f7:28:85:54:08:b7:
         85:42:15:43:0c:13:a0:77:e7:c3:43:e3:02:a6:af:43:e9:77:
         06:f2:57:ec:e1:dc:21:9f:79:9a:7c:c5:49:34:fa:f3:92:79:
         9b:53:48:5d:78:cb:99:cd:29:4c:32:01:5d:86:40:ea:0f:0d:
         8c:66:b3:1b:cf:9c:8b:0a:05:01:7d:bb:5b:64:8d:44:a9:d5:
         f0:95:f7:b9:2e:15:3a:8c:8b:4c:c5:8d:b0:ad:4d:f1:74:b2:
         9a:26:92:e6:fd:6f:92:eb:ec:18:b5:e5:07:0d:31:90:c0:e5:
         6c:eb:cd:0d:fc:31:c7:ae:b8:f8:82:91:37:60:7f:bc:9a:2a:
         02:49:8a:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKHV52Z15POWXjTEb1gydMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwMTAyMTIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzBlN2E4NTViN2E3NTRlNmFhMjIwMmY1NGFlYTMxOTM3MTVjZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYjjmiTWEW6djQX5tH+DqHowElFA
PcMtBfAVpZtpP/0wbqOwVMsCmUnufHMgfbuDBnDiglTZ62ZFAxphw3705CeIabnf
sbF8WgUPrJwpaPz8B/sETTOpnVJr9YFaJqdhs1Mra8yspjEI1zTmk58GRPIlN/XW
hxz3SMG1hCoX1M8j6MhU6Biyxm+DbWkyklPcl7hRtJeGBqwhm3ayOtmgVLxA1mOU
s0EIQNIeS6hZq4W0yLZTEgDbyP9hRX/KvVV4jhL+/o3RBqbxkrXuBlKvOH+qKDcx
kxM/KUCcP8bRkTEeq+ehZwbeanE3hEf2TvP/5U9t1vGl4aJXJU89NoDe3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwOeoVbenVOaqIgL1Suoxk3Fc6QMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvN0E1NmhWdDZkVTVxb2lBdlZLNmpHVGNWenBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+YMA0G
CSqGSIb3DQEBCwUAA4IBAQAD5npW0cukL0hXFE0XS8BLVRIpRgC5/mOC/TSk1p2S
+kouFBEZfGaW9JbgVx117KxiOfu8nVIvOmDquldXzURXWH6o74rIMDaEA2TLZSy0
P0HeUzY08T4/S4S5udXMPS98NhzhoEaFDfACOEUZ1NhcuYfy0a0Rm673KIVUCLeF
QhVDDBOgd+fDQ+MCpq9D6XcG8lfs4dwhn3mafMVJNPrzknmbU0hdeMuZzSlMMgFd
hkDqDw2MZrMbz5yLCgUBfbtbZI1EqdXwlfe5LhU6jItMxY2wrU3xdLKaJpLm/W+S
6+wYteUHDTGQwOVs680N/DHHrrj4gpE3YH+8mioCSYoE
-----END CERTIFICATE-----