Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/E1zmer2HQ42L-ZbrhVzM2WRRCOU.roa
File:                     E1zmer2HQ42L-ZbrhVzM2WRRCOU.roa (raw, json)
Hash identifier:          eVg/2SqnrO1UK2jgl9y6mxRaocphwbjGhWyCXVZPNH0=
Subject key identifier:   13:5C:E6:7A:BD:87:43:8D:8B:F9:96:EB:85:5C:CC:D9:64:51:08:E5
Certificate issuer:       /CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
Certificate serial:       018CCA2ABF234FFDE840134EDB00435B6946
Authority key identifier: 63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/E1zmer2HQ42L-ZbrhVzM2WRRCOU.roa
Signing time:             Tue 02 Jan 2024 12:34:08 +0000
ROA not before:           Tue 02 Jan 2024 12:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8586
IP address blocks:        178.16.238.0/24 maxlen: 24
                          178.16.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:bf:23:4f:fd:e8:40:13:4e:db:00:43:5b:69:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63495a4cecbeafb3eadf6ed0349bb0b96da464ee
        Validity
            Not Before: Jan  2 12:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=135ce67abd87438d8bf996eb855cccd9645108e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:56:6f:ee:6e:96:8a:ab:b7:29:d1:1f:60:36:
                    96:7a:3b:01:c5:af:68:5b:e7:04:50:40:b9:bb:be:
                    89:c8:e3:87:7a:a5:ac:f3:5a:87:06:c4:c7:f8:1b:
                    a2:0e:23:79:98:ed:06:4c:50:06:09:19:32:48:28:
                    ff:fe:97:c4:ca:70:69:96:f8:a2:eb:f2:1a:ab:65:
                    e9:88:54:07:8a:81:4f:54:5e:38:ff:d0:c7:ff:d4:
                    45:52:6e:b6:d6:80:2c:27:d1:30:8a:f1:ff:5d:1d:
                    53:53:90:85:31:de:d8:fc:9c:b6:ed:56:a1:76:96:
                    50:ec:33:e0:b0:b3:f2:af:2b:63:d3:eb:2f:99:29:
                    9d:17:3b:1e:ba:11:a5:28:d0:03:64:70:97:d7:e9:
                    d6:a6:d1:0c:79:64:9e:18:42:24:a4:e0:20:c9:6a:
                    ec:0b:96:a8:aa:6e:99:e2:d9:cc:11:64:c9:07:a4:
                    1f:0a:cb:03:18:f4:7e:17:4c:b9:98:28:b6:f1:38:
                    8e:aa:cc:47:d9:3e:41:c9:69:8a:e3:f8:2f:e3:30:
                    8a:da:d6:0e:0d:e6:68:f9:32:b3:de:d7:12:45:ee:
                    2b:34:93:d9:fb:ec:47:78:52:7c:79:38:d2:19:59:
                    76:38:71:c0:74:9c:3d:09:3b:69:d4:cc:44:0b:c9:
                    fe:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:5C:E6:7A:BD:87:43:8D:8B:F9:96:EB:85:5C:CC:D9:64:51:08:E5
            X509v3 Authority Key Identifier:
                keyid:63:49:5A:4C:EC:BE:AF:B3:EA:DF:6E:D0:34:9B:B0:B9:6D:A4:64:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y0laTOy-r7Pq327QNJuwuW2kZO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/E1zmer2HQ42L-ZbrhVzM2WRRCOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/1fde18-2873-4fe0-869c-3820f7ee2cb8/1/Y0laTOy-r7Pq327QNJuwuW2kZO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.16.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:ef:04:49:95:42:a7:ef:53:a2:00:24:c2:19:d4:98:86:0e:
         ce:bb:83:a0:95:b7:a4:51:38:18:48:b5:1f:71:55:ad:77:40:
         b2:a2:a0:68:4c:9e:c1:ff:62:45:44:b1:54:50:a6:da:38:91:
         8d:fb:08:11:fe:5d:d0:e7:1d:55:bc:03:b0:49:19:70:ec:e1:
         c0:17:28:76:42:e0:8e:74:87:7a:6b:ca:57:f1:e8:58:b2:c4:
         7e:ba:46:1c:7f:cd:ac:ca:69:20:83:c4:e6:92:a0:e8:23:2c:
         c5:eb:9a:c3:2b:d7:67:9b:5d:0d:d0:09:88:56:dd:b5:ae:6d:
         15:8a:b1:f4:e9:35:29:54:da:b1:cc:88:32:49:44:57:8d:57:
         c9:1f:53:58:f6:7c:39:4e:fd:a2:7d:9f:6c:da:7f:90:76:49:
         c5:d1:cd:00:91:79:16:8a:4f:e4:01:42:30:ed:83:1d:33:f1:
         6a:77:e6:f8:dd:fe:ec:5a:e5:a8:aa:a9:49:95:8b:1f:96:72:
         52:74:6e:a8:b5:27:05:e0:ab:ae:64:cc:86:a5:e1:43:38:1c:
         4d:c8:51:a9:07:f4:05:ac:bf:47:06:6f:9d:a7:bf:03:24:54:
         ed:d8:9c:6a:47:4a:0a:46:fa:09:09:6a:4b:db:fd:28:8b:8d:
         7b:ff:75:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKr8jT/3oQBNO2wBDW2lGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNDk1YTRjZWNiZWFmYjNlYWRmNmVkMDM0OWJiMGI5NmRh
NDY0ZWUwHhcNMjQwMTAyMTIzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzVjZTY3YWJkODc0MzhkOGJmOTk2ZWI4NTVjY2NkOTY0NTEwOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlZv7m6Wiqu3KdEfYDaWejsBxa9o
W+cEUEC5u76JyOOHeqWs81qHBsTH+BuiDiN5mO0GTFAGCRkySCj//pfEynBplvii
6/Iaq2XpiFQHioFPVF44/9DH/9RFUm621oAsJ9EwivH/XR1TU5CFMd7Y/Jy27Vah
dpZQ7DPgsLPyrytj0+svmSmdFzseuhGlKNADZHCX1+nWptEMeWSeGEIkpOAgyWrs
C5aoqm6Z4tnMEWTJB6QfCssDGPR+F0y5mCi28TiOqsxH2T5ByWmK4/gv4zCK2tYO
DeZo+TKz3tcSRe4rNJPZ++xHeFJ8eTjSGVl2OHHAdJw9CTtp1MxEC8n+lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBNc5nq9h0ONi/mW64VczNlkUQjlMB8GA1UdIwQY
MBaAFGNJWkzsvq+z6t9u0DSbsLltpGTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMt
MzgyMGY3ZWUyY2I4LzEvRTF6bWVyMkhRNDJMLVpicmhWek0yV1JSQ09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8xZmRlMTgtMjg3My00ZmUwLTg2OWMtMzgyMGY3ZWUyY2I4
LzEvWTBsYVRPeS1yN1BxMzI3UU5KdXd1VzJrWk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBshDuMA0G
CSqGSIb3DQEBCwUAA4IBAQA47wRJlUKn71OiACTCGdSYhg7Ou4OglbekUTgYSLUf
cVWtd0CyoqBoTJ7B/2JFRLFUUKbaOJGN+wgR/l3Q5x1VvAOwSRlw7OHAFyh2QuCO
dId6a8pX8ehYssR+ukYcf82symkgg8TmkqDoIyzF65rDK9dnm10N0AmIVt21rm0V
irH06TUpVNqxzIgySURXjVfJH1NY9nw5Tv2ifZ9s2n+QdknF0c0AkXkWik/kAUIw
7YMdM/Fqd+b43f7sWuWoqqlJlYsflnJSdG6otScF4KuuZMyGpeFDOBxNyFGpB/QF
rL9HBm+dp78DJFTt2JxqR0oKRvoJCWpL2/0oi417/3XR
-----END CERTIFICATE-----