Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1ih4JL-TMpl360dVI5rkD8ze_dE.roa
File:                     1ih4JL-TMpl360dVI5rkD8ze_dE.roa (raw, json)
Hash identifier:          NEIq2z/nCRxFWcYfZF1/4pJU+0HCQyNCM5fxeGgM1QQ=
Subject key identifier:   D6:28:78:24:BF:93:32:99:77:EB:47:55:23:9A:E4:0F:CC:DE:FD:D1
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BAA2D7B313A72F1A4FE7CEFF5E928B
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1ih4JL-TMpl360dVI5rkD8ze_dE.roa
Signing time:             Tue 02 Jan 2024 10:31:40 +0000
ROA not before:           Tue 02 Jan 2024 10:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395517
IP address blocks:        178.253.16.0/24 maxlen: 24
                          178.253.38.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 01:57:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:a2:d7:b3:13:a7:2f:1a:4f:e7:ce:ff:5e:92:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6287824bf93329977eb4755239ae40fccdefdd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ae:d0:a8:bc:64:db:dc:22:89:d5:9f:98:ae:
                    94:61:8c:1e:2b:69:c4:1f:4d:56:c4:fc:b6:b9:75:
                    78:49:af:e0:11:bf:e6:1d:38:5e:37:0d:40:71:66:
                    c7:f8:f7:01:bf:e2:b4:c5:d8:d0:21:79:4b:c7:96:
                    22:1e:94:7b:29:b7:83:cd:f8:d7:13:e4:fd:c5:b9:
                    af:59:eb:f4:14:fc:b2:e0:d8:8b:cd:f1:dc:16:2f:
                    59:69:fc:dc:f7:e9:57:d6:3f:63:a7:c0:0a:16:39:
                    0b:47:1f:03:b4:ef:d9:4c:55:11:65:b7:08:a5:e6:
                    2c:4c:8d:b0:f3:d0:b5:d7:71:87:8e:00:ad:ff:69:
                    0a:e2:8e:fe:62:3f:82:4d:e6:cf:64:7b:f7:bc:78:
                    2f:23:6a:98:3d:1b:e0:cd:ae:c7:3e:30:34:21:88:
                    2b:70:12:98:30:3d:18:86:b2:73:05:49:d6:12:01:
                    70:63:43:4b:16:23:07:80:bf:e6:c9:68:ba:02:4c:
                    b7:e0:e5:ac:13:9c:e6:32:73:b6:fc:0e:1c:63:43:
                    27:0b:08:e2:e2:74:ad:36:59:ff:81:de:a9:91:8a:
                    70:d6:a3:4c:96:c1:66:e3:af:bb:53:ce:2e:e6:de:
                    b8:0e:01:bb:84:23:73:1a:ea:9f:cd:38:7f:7d:46:
                    23:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:28:78:24:BF:93:32:99:77:EB:47:55:23:9A:E4:0F:CC:DE:FD:D1
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/1ih4JL-TMpl360dVI5rkD8ze_dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.16.0/24
                  178.253.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:2b:02:85:02:c4:c2:60:8e:0e:d1:c9:a0:ee:52:98:2c:5f:
         4f:e8:17:01:e6:33:8d:4e:99:6c:15:55:1d:1b:12:34:b8:c7:
         4b:36:7a:78:34:45:d7:06:37:62:af:3f:66:49:79:38:c6:27:
         e7:c4:01:74:17:ca:a4:07:86:db:83:f8:4e:45:3b:8a:c7:3d:
         7c:33:cf:90:62:03:9f:43:b3:a2:d6:d0:a9:e5:16:7d:2f:32:
         19:48:59:20:b9:e5:0e:c4:9d:e5:02:40:19:b2:55:c7:01:8a:
         06:79:b2:8b:be:8d:5d:12:58:f0:58:5f:f2:21:fe:d5:c9:10:
         5e:7f:88:db:96:98:41:13:bd:15:8d:82:e8:04:c9:0f:0e:9a:
         5a:7b:0e:5c:44:b8:ad:cf:df:30:97:8e:34:be:e1:6c:46:22:
         b6:3f:1b:eb:bc:c6:a1:a9:5c:29:f5:9f:d9:04:45:f5:01:89:
         31:ba:c5:9a:12:e3:e2:8e:09:d4:67:d2:44:6c:a9:21:e5:09:
         24:2a:e8:20:76:9f:d2:d7:30:25:09:0e:4f:a3:16:22:66:27:
         bb:d9:47:c3:70:f1:5b:91:7f:a1:73:9f:de:f6:6c:85:09:4c:
         8d:b4:80:85:4e:69:5f:af:f8:89:f0:56:ad:4d:87:e3:6e:f8:
         dd:8b:16:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJuqLXsxOnLxpP587/XpKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjI4NzgyNGJmOTMzMjk5NzdlYjQ3NTUyMzlhZTQwZmNjZGVmZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq7QqLxk29wiidWfmK6UYYweK2nE
H01WxPy2uXV4Sa/gEb/mHTheNw1AcWbH+PcBv+K0xdjQIXlLx5YiHpR7KbeDzfjX
E+T9xbmvWev0FPyy4NiLzfHcFi9Zafzc9+lX1j9jp8AKFjkLRx8DtO/ZTFURZbcI
peYsTI2w89C113GHjgCt/2kK4o7+Yj+CTebPZHv3vHgvI2qYPRvgza7HPjA0IYgr
cBKYMD0YhrJzBUnWEgFwY0NLFiMHgL/myWi6Aky34OWsE5zmMnO2/A4cY0MnCwji
4nStNln/gd6pkYpw1qNMlsFm46+7U84u5t64DgG7hCNzGuqfzTh/fUYjawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYoeCS/kzKZd+tHVSOa5A/M3v3RMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvMWloNEpMLVRNcGwzNjBkVkk1cmtEOHplX2RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv0QAwQB
sv0mMA0GCSqGSIb3DQEBCwUAA4IBAQBAKwKFAsTCYI4O0cmg7lKYLF9P6BcB5jON
TplsFVUdGxI0uMdLNnp4NEXXBjdirz9mSXk4xifnxAF0F8qkB4bbg/hORTuKxz18
M8+QYgOfQ7Oi1tCp5RZ9LzIZSFkgueUOxJ3lAkAZslXHAYoGebKLvo1dEljwWF/y
If7VyRBef4jblphBE70VjYLoBMkPDppaew5cRLitz98wl440vuFsRiK2PxvrvMah
qVwp9Z/ZBEX1AYkxusWaEuPijgnUZ9JEbKkh5QkkKuggdp/S1zAlCQ5PoxYiZie7
2UfDcPFbkX+hc5/e9myFCUyNtICFTmlfr/iJ8FatTYfjbvjdixbL
-----END CERTIFICATE-----