Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/s7If1fs88wt5UvTwMUjAybHdDyo.roa
File:                     s7If1fs88wt5UvTwMUjAybHdDyo.roa (raw, json)
Hash identifier:          juzi9hh80WOfbwwDVrDa1fHeUNQyan4kHoDgkY/zvn0=
Subject key identifier:   B3:B2:1F:D5:FB:3C:F3:0B:79:52:F4:F0:31:48:C0:C9:B1:DD:0F:2A
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01958A7F3E9F21A9FC4304FC075171FE9CC5
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/s7If1fs88wt5UvTwMUjAybHdDyo.roa
Signing time:             Wed 12 Mar 2025 13:15:49 +0000
ROA not before:           Wed 12 Mar 2025 13:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39650
IP address blocks:        178.239.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8a:7f:3e:9f:21:a9:fc:43:04:fc:07:51:71:fe:9c:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Mar 12 13:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3b21fd5fb3cf30b7952f4f03148c0c9b1dd0f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:44:dd:ac:26:55:ff:16:8b:24:12:9c:5d:7b:
                    5b:7e:6c:16:73:46:3d:bf:ee:e1:67:d6:04:da:9c:
                    6b:21:89:a6:3d:e2:0d:4b:4d:ce:a8:11:d6:0c:b2:
                    51:f4:91:d2:53:99:23:3b:c5:af:0b:cf:04:39:76:
                    10:8f:29:1f:c4:de:2b:88:36:1e:06:09:1d:1e:93:
                    da:c4:c9:38:b0:31:35:56:72:43:56:2d:ed:05:0b:
                    e4:c4:b8:b0:56:a7:94:7e:30:39:b4:51:e1:93:5f:
                    2f:48:ce:cd:ae:3f:9c:27:57:39:93:76:3f:f3:22:
                    02:48:f5:b8:0d:1a:97:ec:80:74:77:05:2a:ed:8e:
                    9e:83:b8:d8:15:39:83:35:2f:f6:4c:d9:80:3f:4b:
                    bf:dc:fb:77:53:9c:02:b8:1c:36:a4:74:67:10:55:
                    88:47:ef:61:10:1c:c8:0e:d0:68:58:f8:fb:42:d1:
                    c1:5c:a1:f3:c6:d5:5b:81:cb:0e:a2:a1:70:57:9a:
                    79:0a:3e:b0:12:24:43:93:a8:91:eb:1c:c5:ec:07:
                    3f:1c:eb:bd:ac:13:c3:2a:e7:5b:b1:2b:68:d5:46:
                    c5:d1:aa:5b:fb:de:c9:b8:81:31:81:c5:0b:92:9d:
                    58:43:e0:71:88:fd:b4:85:2d:2d:69:a3:aa:a4:47:
                    ae:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:B2:1F:D5:FB:3C:F3:0B:79:52:F4:F0:31:48:C0:C9:B1:DD:0F:2A
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/s7If1fs88wt5UvTwMUjAybHdDyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:0f:9b:c6:df:a4:93:90:9b:61:d7:21:13:f8:c7:b2:fc:d6:
         a0:cb:ea:24:db:15:6b:ff:11:0e:e6:da:9d:b8:dc:33:f6:bc:
         67:49:1a:82:8c:3a:dc:7d:39:ff:c5:78:25:4b:3c:58:75:b0:
         ee:39:95:c0:fa:19:2e:42:20:ae:fc:2a:a5:59:2c:7f:8e:d6:
         e2:36:5c:fe:5b:a9:de:38:f7:88:df:27:5c:ad:5d:8d:d0:5a:
         69:bc:14:63:04:28:e9:17:00:07:c1:c3:36:c6:e5:0b:86:d9:
         aa:47:32:67:89:f4:bc:51:74:76:a3:96:0b:5d:c0:19:b4:35:
         55:47:27:b3:60:1b:a9:5a:65:8e:04:88:3c:05:7a:20:6b:33:
         62:39:5f:59:47:e9:6a:b3:e5:8e:ed:be:12:6d:1d:b1:fb:d6:
         e5:33:3b:fa:74:e9:87:fb:b9:88:d1:ad:9d:2a:cf:f4:b2:e5:
         45:eb:6f:a5:3d:d4:8f:5e:b4:07:ba:6b:09:be:3d:d1:89:ed:
         71:c6:c6:ee:0b:c7:5d:6f:c4:f1:05:e7:d6:1f:23:0a:84:96:
         f2:25:29:81:fc:4e:92:e6:e5:85:50:48:70:00:f4:b4:af:3e:
         e7:3f:8a:fc:87:d3:c5:4f:f3:98:b6:e5:b2:51:4e:db:d0:55:
         94:e4:75:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWKfz6fIan8QwT8B1Fx/pzFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwMzEyMTMxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2IyMWZkNWZiM2NmMzBiNzk1MmY0ZjAzMTQ4YzBjOWIxZGQwZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kTdrCZV/xaLJBKcXXtbfmwWc0Y9
v+7hZ9YE2pxrIYmmPeINS03OqBHWDLJR9JHSU5kjO8WvC88EOXYQjykfxN4riDYe
BgkdHpPaxMk4sDE1VnJDVi3tBQvkxLiwVqeUfjA5tFHhk18vSM7Nrj+cJ1c5k3Y/
8yICSPW4DRqX7IB0dwUq7Y6eg7jYFTmDNS/2TNmAP0u/3Pt3U5wCuBw2pHRnEFWI
R+9hEBzIDtBoWPj7QtHBXKHzxtVbgcsOoqFwV5p5Cj6wEiRDk6iR6xzF7Ac/HOu9
rBPDKudbsSto1UbF0apb+97JuIExgcULkp1YQ+BxiP20hS0taaOqpEeuXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOyH9X7PPMLeVL08DFIwMmx3Q8qMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvczdJZjFmczg4d3Q1VXZUd01VakF5YkhkRHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsu+ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCgD5vG36STkJth1yET+Mey/Nagy+ok2xVr/xEO5tqd
uNwz9rxnSRqCjDrcfTn/xXglSzxYdbDuOZXA+hkuQiCu/CqlWSx/jtbiNlz+W6ne
OPeI3ydcrV2N0FppvBRjBCjpFwAHwcM2xuULhtmqRzJnifS8UXR2o5YLXcAZtDVV
RyezYBupWmWOBIg8BXogazNiOV9ZR+lqs+WO7b4SbR2x+9blMzv6dOmH+7mI0a2d
Ks/0suVF62+lPdSPXrQHumsJvj3Rie1xxsbuC8ddb8TxBefWHyMKhJbyJSmB/E6S
5uWFUEhwAPS0rz7nP4r8h9PFT/OYtuWyUU7b0FWU5HXA
-----END CERTIFICATE-----