Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/J_cON3VbVLjdq96xm_x5GOwujAI.roa
File:                     J_cON3VbVLjdq96xm_x5GOwujAI.roa (raw, json)
Hash identifier:          RBbgDiaoeBywotNtD+5N7VoKhaBA5pNMEj/C4lS7sN0=
Subject key identifier:   27:F7:0E:37:75:5B:54:B8:DD:AB:DE:B1:9B:FC:79:18:EC:2E:8C:02
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA9F8B88FE658F307732E9653A1113
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/J_cON3VbVLjdq96xm_x5GOwujAI.roa
Signing time:             Tue 02 Jan 2024 10:31:40 +0000
ROA not before:           Tue 02 Jan 2024 10:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133973
IP address blocks:        178.253.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:9f:8b:88:fe:65:8f:30:77:32:e9:65:3a:11:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27f70e37755b54b8ddabdeb19bfc7918ec2e8c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:96:cf:d3:6f:81:fb:94:46:20:f9:63:05:da:
                    5f:65:a8:8d:95:66:7b:da:12:b5:aa:55:fe:e3:d0:
                    ed:bf:99:75:11:d6:fa:08:b6:f9:2a:fa:b0:54:3f:
                    f1:18:29:d5:8d:2a:63:3c:e6:fc:78:3b:2e:b5:f9:
                    bb:1b:01:e4:c5:a6:64:e2:71:2a:81:2b:fb:ed:8a:
                    52:59:62:d8:b6:2c:97:d6:8b:b4:e5:a3:0b:93:fb:
                    87:ca:41:4d:54:a7:25:f5:32:3e:ce:0e:3a:f8:ec:
                    e5:60:e1:9f:0f:40:c3:d3:cb:5d:c1:55:73:d9:14:
                    56:99:02:23:9c:67:d2:45:cf:c9:a8:53:5d:32:83:
                    85:40:f9:c2:94:05:13:db:4c:b4:68:86:32:e7:1e:
                    3c:8c:39:f1:5f:51:20:2c:3e:f1:2c:ef:19:3e:2d:
                    fe:37:f1:b7:f0:48:8a:da:60:83:c0:c5:08:45:88:
                    38:d9:54:58:86:05:a9:c3:53:76:af:6d:39:e3:d7:
                    2c:46:ae:57:2c:0e:10:69:de:87:7f:ed:18:6d:a7:
                    fa:99:a3:33:a7:d4:07:f4:0a:12:44:0e:ab:5c:63:
                    4e:9b:10:cb:74:3d:6d:67:d0:43:b5:f0:5a:ea:4d:
                    ca:16:4b:e6:f5:11:8a:e8:15:3f:ce:37:ba:0e:ba:
                    4f:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F7:0E:37:75:5B:54:B8:DD:AB:DE:B1:9B:FC:79:18:EC:2E:8C:02
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/J_cON3VbVLjdq96xm_x5GOwujAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:a3:1d:2e:17:9d:56:af:c1:4f:cf:9e:d0:02:1e:fa:bd:c3:
         16:e6:ac:eb:f8:0b:ce:e1:43:92:12:a2:b0:48:5b:dd:9c:7d:
         5a:54:b0:c7:2f:37:65:c7:82:89:d9:01:3a:90:20:5e:3c:52:
         bb:a6:f9:bc:a8:0c:25:f8:92:c5:97:26:69:67:69:e2:64:16:
         10:41:9d:e7:90:1a:49:e6:82:d6:39:8d:00:f9:f0:5e:17:b5:
         2a:fa:b3:54:84:ce:1a:b6:97:d8:33:d4:ee:c8:6b:04:11:bd:
         43:71:c3:72:11:92:93:d0:7a:b8:b3:e9:c5:2f:fe:4c:5d:53:
         2e:2b:eb:64:ab:4c:4a:46:3c:85:96:b5:bc:66:72:ba:31:0d:
         a7:df:bf:26:f4:78:c5:33:e3:48:ad:d0:ac:26:76:43:8c:ac:
         ab:14:8e:68:98:b3:ef:85:05:56:7b:42:9f:08:1f:37:12:b9:
         31:d4:b6:2f:b3:3e:ff:00:bf:53:30:d9:43:79:e6:09:37:1a:
         6e:7b:87:58:8c:d6:0d:94:a0:02:fa:63:5b:4e:69:35:72:fa:
         c1:f6:c9:f3:26:fa:43:b5:75:32:65:fb:13:6a:c8:51:ad:70:
         0d:a3:d6:41:27:99:eb:a7:8c:be:33:e5:bd:63:2d:ae:f4:32:
         70:f2:e4:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJup+LiP5ljzB3MullOhETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Y3MGUzNzc1NWI1NGI4ZGRhYmRlYjE5YmZjNzkxOGVjMmU4YzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpbP02+B+5RGIPljBdpfZaiNlWZ7
2hK1qlX+49Dtv5l1Edb6CLb5KvqwVD/xGCnVjSpjPOb8eDsutfm7GwHkxaZk4nEq
gSv77YpSWWLYtiyX1ou05aMLk/uHykFNVKcl9TI+zg46+OzlYOGfD0DD08tdwVVz
2RRWmQIjnGfSRc/JqFNdMoOFQPnClAUT20y0aIYy5x48jDnxX1EgLD7xLO8ZPi3+
N/G38EiK2mCDwMUIRYg42VRYhgWpw1N2r20549csRq5XLA4Qad6Hf+0Ybaf6maMz
p9QH9AoSRA6rXGNOmxDLdD1tZ9BDtfBa6k3KFkvm9RGK6BU/zje6DrpPsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCf3Djd1W1S43avesZv8eRjsLowCMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvSl9jT04zVmJWTGpkcTk2eG1feDVHT3d1akFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv00MA0G
CSqGSIb3DQEBCwUAA4IBAQAYox0uF51Wr8FPz57QAh76vcMW5qzr+AvO4UOSEqKw
SFvdnH1aVLDHLzdlx4KJ2QE6kCBePFK7pvm8qAwl+JLFlyZpZ2niZBYQQZ3nkBpJ
5oLWOY0A+fBeF7Uq+rNUhM4atpfYM9TuyGsEEb1DccNyEZKT0Hq4s+nFL/5MXVMu
K+tkq0xKRjyFlrW8ZnK6MQ2n378m9HjFM+NIrdCsJnZDjKyrFI5omLPvhQVWe0Kf
CB83Erkx1LYvsz7/AL9TMNlDeeYJNxpue4dYjNYNlKAC+mNbTmk1cvrB9snzJvpD
tXUyZfsTashRrXANo9ZBJ5nrp4y+M+W9Yy2u9DJw8uQk
-----END CERTIFICATE-----