Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/tPRKrvGLFu3a3vq2774BZYcrIO8.roa
File:                     tPRKrvGLFu3a3vq2774BZYcrIO8.roa (raw, json)
Hash identifier:          t5BVhKazYjAcin/fS5C+gEPIcA8521fY/GYZtVh5RfI=
Subject key identifier:   B4:F4:4A:AE:F1:8B:16:ED:DA:DE:FA:B6:EF:BE:01:65:87:2B:20:EF
Certificate issuer:       /CN=5867ac6985cc0b3fea216945c92eb2e932189403
Certificate serial:       018CC94DD11A0AF73989C13B97F679696735
Authority key identifier: 58:67:AC:69:85:CC:0B:3F:EA:21:69:45:C9:2E:B2:E9:32:18:94:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/tPRKrvGLFu3a3vq2774BZYcrIO8.roa
Signing time:             Tue 02 Jan 2024 08:32:49 +0000
ROA not before:           Tue 02 Jan 2024 08:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        178.211.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d1:1a:0a:f7:39:89:c1:3b:97:f6:79:69:67:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5867ac6985cc0b3fea216945c92eb2e932189403
        Validity
            Not Before: Jan  2 08:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4f44aaef18b16eddadefab6efbe0165872b20ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:40:3e:cb:eb:61:3d:a3:cf:46:4e:bc:74:4f:
                    f8:91:ca:03:19:e9:19:69:6b:43:18:3d:34:56:3a:
                    be:0a:b0:97:17:d2:09:44:fd:55:3a:a9:fe:29:a6:
                    31:25:50:ac:1c:67:07:59:e1:09:fa:94:0a:dd:3d:
                    29:e4:39:55:fb:8a:de:0b:cc:41:f6:ac:da:e7:93:
                    3d:46:47:58:b3:3d:29:e0:15:e6:6e:fb:13:d9:80:
                    27:25:69:e4:3b:d8:00:b9:a3:f8:f6:42:2a:0d:96:
                    24:97:4e:49:31:c2:d3:d2:67:7c:de:b7:ff:45:36:
                    97:e6:c4:f1:a9:e0:81:68:0e:da:a2:ab:80:65:ff:
                    63:82:6e:7a:51:c9:8a:86:b7:ed:e4:cf:4a:de:1e:
                    8a:f5:0c:e6:ed:a8:87:85:60:89:05:1c:ae:e8:e8:
                    0f:bf:0c:66:3c:85:c4:73:0a:28:92:46:b9:f3:3c:
                    b4:87:67:d7:6c:96:68:83:a7:10:f3:67:e3:06:aa:
                    eb:87:f6:5c:e0:dd:66:dd:c1:f6:8c:98:ff:b0:ac:
                    f4:b4:98:83:79:05:45:01:5b:74:5d:81:95:ac:cd:
                    db:09:13:2b:f0:19:32:42:a4:79:9a:00:a8:65:e7:
                    a3:04:91:e4:4d:43:cb:9d:b7:00:96:2a:d1:9a:34:
                    13:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F4:4A:AE:F1:8B:16:ED:DA:DE:FA:B6:EF:BE:01:65:87:2B:20:EF
            X509v3 Authority Key Identifier:
                keyid:58:67:AC:69:85:CC:0B:3F:EA:21:69:45:C9:2E:B2:E9:32:18:94:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WGesaYXMCz_qIWlFyS6y6TIYlAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/tPRKrvGLFu3a3vq2774BZYcrIO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/f4827b-3d1d-4acb-a773-cb168afdb343/1/WGesaYXMCz_qIWlFyS6y6TIYlAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.211.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:3c:f8:24:12:f6:2b:0c:0f:87:96:6f:4f:41:79:be:91:17:
         f2:39:41:26:12:ea:a9:87:a0:29:ce:43:ea:60:d2:d9:9e:da:
         da:3b:16:23:74:3f:71:25:81:23:98:74:6d:0f:e0:bc:f0:52:
         50:ee:16:50:f3:95:7b:3c:3f:27:6b:5c:1c:69:95:d2:66:65:
         cf:c8:e7:fb:7d:df:97:a1:21:c6:14:01:08:ef:37:99:c1:13:
         a6:84:73:36:d5:67:20:28:53:8a:9b:b8:1f:63:a4:b8:13:6c:
         30:40:5d:c2:c5:1d:41:40:7f:a7:4c:df:e4:b6:ce:59:5c:05:
         49:02:58:46:19:e3:c6:c3:7b:bd:fd:c6:60:0d:1c:e2:1e:6e:
         6c:8a:56:cc:34:bc:19:3e:83:24:ba:2f:76:26:ff:ae:0d:ff:
         08:31:ad:a0:d4:b7:c2:5a:a5:63:be:59:f0:36:94:9c:59:99:
         7e:63:c8:e9:22:c4:1f:d8:5b:8f:41:8d:60:7b:92:ef:3a:7b:
         a3:7b:30:b8:7b:48:8c:43:31:c1:b6:79:c4:0c:5d:27:e9:7f:
         03:b2:c3:f8:f3:08:92:79:0c:4d:17:b7:8e:63:db:26:57:56:
         63:26:86:52:35:20:61:da:ff:eb:58:60:9e:02:17:c7:17:83:
         e9:34:30:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdEaCvc5icE7l/Z5aWc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4NjdhYzY5ODVjYzBiM2ZlYTIxNjk0NWM5MmViMmU5MzIx
ODk0MDMwHhcNMjQwMTAyMDgzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGY0NGFhZWYxOGIxNmVkZGFkZWZhYjZlZmJlMDE2NTg3MmIyMGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUA+y+thPaPPRk68dE/4kcoDGekZ
aWtDGD00Vjq+CrCXF9IJRP1VOqn+KaYxJVCsHGcHWeEJ+pQK3T0p5DlV+4reC8xB
9qza55M9RkdYsz0p4BXmbvsT2YAnJWnkO9gAuaP49kIqDZYkl05JMcLT0md83rf/
RTaX5sTxqeCBaA7aoquAZf9jgm56UcmKhrft5M9K3h6K9Qzm7aiHhWCJBRyu6OgP
vwxmPIXEcwookka58zy0h2fXbJZog6cQ82fjBqrrh/Zc4N1m3cH2jJj/sKz0tJiD
eQVFAVt0XYGVrM3bCRMr8BkyQqR5mgCoZeejBJHkTUPLnbcAlirRmjQT5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLT0Sq7xixbt2t76tu++AWWHKyDvMB8GA1UdIwQY
MBaAFFhnrGmFzAs/6iFpRckusukyGJQDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0dlc2FZWE1Del9xSVdsRnlTNnk2VElZbEFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9mNDgyN2ItM2QxZC00YWNiLWE3NzMt
Y2IxNjhhZmRiMzQzLzEvdFBSS3J2R0xGdTNhM3ZxMjc3NEJaWWNySU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9mNDgyN2ItM2QxZC00YWNiLWE3NzMtY2IxNjhhZmRiMzQz
LzEvV0dlc2FZWE1Del9xSVdsRnlTNnk2VElZbEFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstOOMA0G
CSqGSIb3DQEBCwUAA4IBAQBCPPgkEvYrDA+Hlm9PQXm+kRfyOUEmEuqph6ApzkPq
YNLZntraOxYjdD9xJYEjmHRtD+C88FJQ7hZQ85V7PD8na1wcaZXSZmXPyOf7fd+X
oSHGFAEI7zeZwROmhHM21WcgKFOKm7gfY6S4E2wwQF3CxR1BQH+nTN/kts5ZXAVJ
AlhGGePGw3u9/cZgDRziHm5silbMNLwZPoMkui92Jv+uDf8IMa2g1LfCWqVjvlnw
NpScWZl+Y8jpIsQf2FuPQY1ge5LvOnujezC4e0iMQzHBtnnEDF0n6X8DssP48wiS
eQxNF7eOY9smV1ZjJoZSNSBh2v/rWGCeAhfHF4PpNDDt
-----END CERTIFICATE-----