Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jQsM9zGmJKiI5h773mLCPynuipc.roa
File:                     jQsM9zGmJKiI5h773mLCPynuipc.roa (raw, json)
Hash identifier:          w/QP5l3BD7XpereOzvtPQW7LpP+YCEJh0yqAVYl7ziA=
Subject key identifier:   8D:0B:0C:F7:31:A6:24:A8:88:E6:1E:FB:DE:62:C2:3F:29:EE:8A:97
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA9EE6A103CC900A2FB8B8361F3E86
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jQsM9zGmJKiI5h773mLCPynuipc.roa
Signing time:             Tue 02 Jan 2024 10:31:39 +0000
ROA not before:           Tue 02 Jan 2024 10:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62816
IP address blocks:        178.253.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:9e:e6:a1:03:cc:90:0a:2f:b8:b8:36:1f:3e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d0b0cf731a624a888e61efbde62c23f29ee8a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:f0:26:d4:31:66:64:a9:70:1c:db:ff:42:5e:
                    dc:74:73:12:12:5a:53:cd:82:8a:a2:1d:a6:32:74:
                    8f:cd:1f:61:7e:67:ef:86:d9:9c:86:06:19:5b:f2:
                    db:8b:0f:95:a0:eb:18:55:e1:4b:55:90:20:6a:4f:
                    f7:03:b0:c9:c9:6a:f4:c9:33:f4:d6:11:0c:e7:ab:
                    8c:27:ba:f2:37:7a:f0:6f:25:5c:1d:c9:31:60:4b:
                    55:bc:fb:cc:13:0f:56:69:2b:1f:ef:eb:75:89:84:
                    7d:24:29:eb:4b:94:cc:09:45:d0:aa:79:75:9c:0d:
                    0e:23:dc:1f:0d:d4:06:12:ac:82:2a:82:1a:5d:1c:
                    7e:f7:e8:ca:c5:34:22:ef:77:80:b7:b3:4e:8d:b9:
                    df:d0:49:42:8a:b1:9f:f2:ce:6c:0d:6b:09:7b:62:
                    38:06:16:b7:77:70:24:12:bb:cc:c5:55:63:fc:d3:
                    bf:0c:0c:33:f8:d0:ba:6d:21:53:b1:47:37:9f:b5:
                    cd:da:96:f7:9b:fe:7b:53:aa:4f:77:6f:fc:1e:c1:
                    d1:97:08:96:5b:d7:24:39:3b:21:21:a8:2b:b5:58:
                    ed:c3:da:f5:63:27:bf:3b:21:34:f5:5e:4b:6f:d7:
                    79:b8:74:b8:ee:a2:d9:b1:3a:c7:53:7a:ca:52:d6:
                    6e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:0B:0C:F7:31:A6:24:A8:88:E6:1E:FB:DE:62:C2:3F:29:EE:8A:97
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jQsM9zGmJKiI5h773mLCPynuipc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:40:f0:16:46:20:ae:ad:22:57:0e:0d:10:1a:f1:83:c5:1b:
         bd:4b:5b:86:b0:de:24:34:97:39:b8:61:77:ab:63:01:8a:41:
         02:a9:4a:64:13:96:a2:2e:fe:23:ab:91:ab:41:2c:8b:19:ed:
         97:c3:23:c6:7d:e4:4c:1b:5a:77:20:fa:1b:6b:2e:d2:91:09:
         e5:2a:94:0f:5d:8f:04:ce:e7:77:3b:02:ce:e9:d5:46:3b:cd:
         3f:4d:75:73:0f:fe:ca:f2:01:1b:ef:18:93:34:e4:fb:24:fc:
         88:6f:c2:99:dc:ad:97:6e:e4:6e:f0:a1:d2:7f:0c:cb:9d:dd:
         34:ed:a7:ed:07:9e:1c:ff:03:b4:35:66:c1:e2:fc:0a:60:f6:
         d0:86:64:bf:25:79:c3:ab:37:66:6c:37:cc:f8:ca:0a:dd:dc:
         25:92:c2:e1:34:35:bd:c4:6b:79:59:6b:22:ff:70:e4:92:c9:
         02:46:d5:4f:4c:a2:46:25:53:db:92:14:0a:37:c0:cb:ef:51:
         06:aa:7b:53:59:8a:02:4a:39:88:35:dd:fe:fa:35:17:67:ce:
         35:2e:da:dc:bf:14:c8:5f:4a:37:14:c3:34:55:88:78:eb:1a:
         67:1c:eb:94:ec:73:9a:32:3d:c2:24:13:99:e7:6d:79:90:8f:
         34:87:1d:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJup7moQPMkAovuLg2Hz6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDBiMGNmNzMxYTYyNGE4ODhlNjFlZmJkZTYyYzIzZjI5ZWU4YTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPAm1DFmZKlwHNv/Ql7cdHMSElpT
zYKKoh2mMnSPzR9hfmfvhtmchgYZW/Lbiw+VoOsYVeFLVZAgak/3A7DJyWr0yTP0
1hEM56uMJ7ryN3rwbyVcHckxYEtVvPvMEw9WaSsf7+t1iYR9JCnrS5TMCUXQqnl1
nA0OI9wfDdQGEqyCKoIaXRx+9+jKxTQi73eAt7NOjbnf0ElCirGf8s5sDWsJe2I4
Bha3d3AkErvMxVVj/NO/DAwz+NC6bSFTsUc3n7XN2pb3m/57U6pPd2/8HsHRlwiW
W9ckOTshIagrtVjtw9r1Yye/OyE09V5Lb9d5uHS47qLZsTrHU3rKUtZubQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI0LDPcxpiSoiOYe+95iwj8p7oqXMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvalFzTTl6R21KS2lJNWg3NzNtTENQeW51aXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv03MA0G
CSqGSIb3DQEBCwUAA4IBAQBZQPAWRiCurSJXDg0QGvGDxRu9S1uGsN4kNJc5uGF3
q2MBikECqUpkE5aiLv4jq5GrQSyLGe2XwyPGfeRMG1p3IPobay7SkQnlKpQPXY8E
zud3OwLO6dVGO80/TXVzD/7K8gEb7xiTNOT7JPyIb8KZ3K2XbuRu8KHSfwzLnd00
7aftB54c/wO0NWbB4vwKYPbQhmS/JXnDqzdmbDfM+MoK3dwlksLhNDW9xGt5WWsi
/3DkkskCRtVPTKJGJVPbkhQKN8DL71EGqntTWYoCSjmINd3++jUXZ841LtrcvxTI
X0o3FMM0VYh46xpnHOuU7HOaMj3CJBOZ5215kI80hx3j
-----END CERTIFICATE-----