Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jWtaAH7xk0SHacbcFjKhDClE0Jc.roa
File:                     jWtaAH7xk0SHacbcFjKhDClE0Jc.roa (raw, json)
Hash identifier:          T3RJwQKqscKdk4T24elIrty2SXcd+6Szt5byIzx+j9Y=
Subject key identifier:   8D:6B:5A:00:7E:F1:93:44:87:69:C6:DC:16:32:A1:0C:29:44:D0:97
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018DA90DF4B53D99941EAEA6FC141CF502EB
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jWtaAH7xk0SHacbcFjKhDClE0Jc.roa
Signing time:             Wed 14 Feb 2024 19:18:00 +0000
ROA not before:           Wed 14 Feb 2024 19:18:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215567
IP address blocks:        178.253.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a9:0d:f4:b5:3d:99:94:1e:ae:a6:fc:14:1c:f5:02:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Feb 14 19:18:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8d6b5a007ef193448769c6dc1632a10c2944d097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:03:4a:f1:d8:9b:f9:da:11:b9:c3:f6:d8:5a:
                    20:30:8a:0e:bb:36:5e:54:8f:08:f1:b2:c1:7b:f2:
                    71:0f:84:cf:58:03:fd:87:4a:f0:bd:6c:0f:2c:a9:
                    38:60:4e:f8:94:15:39:20:c0:b7:6c:04:7a:04:23:
                    2b:fa:12:bb:87:68:16:a5:81:63:26:44:bb:3e:45:
                    d1:e7:61:29:e4:9e:ad:9c:0f:a7:6d:5b:45:fa:3e:
                    e8:aa:08:65:ff:d0:e4:03:12:c7:5f:50:0f:ab:e5:
                    05:24:49:03:a3:03:94:ef:63:cb:5f:b1:4c:06:33:
                    d0:9e:f4:96:56:0b:cd:66:5f:47:b9:48:84:c2:3b:
                    a8:6c:05:e6:f9:dc:3f:ce:0a:86:d8:9a:36:ca:ee:
                    ff:95:82:42:7d:7d:e7:df:88:92:00:1e:51:82:6f:
                    01:f3:ae:ec:06:c3:f8:15:e4:e1:f4:e8:e1:0d:8f:
                    25:45:91:6d:ec:6a:96:3f:d2:ec:70:84:5c:d7:01:
                    08:fe:c6:3c:15:44:42:13:d5:73:ff:ad:97:f9:02:
                    91:b8:80:f2:bc:16:0f:d5:c9:7d:9b:85:5e:72:fc:
                    d7:c7:c1:2b:63:04:8d:e8:19:a4:b2:ed:c6:86:e6:
                    a9:eb:2b:7e:c2:78:4c:ab:b6:cf:7c:29:ce:43:e0:
                    ed:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:6B:5A:00:7E:F1:93:44:87:69:C6:DC:16:32:A1:0C:29:44:D0:97
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jWtaAH7xk0SHacbcFjKhDClE0Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d4:20:2b:70:88:cd:73:b3:19:32:1f:cd:2d:a9:cb:29:57:
         7e:57:e3:db:10:cc:0b:79:2f:31:02:e4:6d:98:5c:27:6b:64:
         c5:fa:e8:f0:08:2d:32:71:54:cd:70:1f:8a:95:93:bc:6b:ab:
         97:ea:09:b5:a4:b1:07:b6:4d:9d:a0:37:2e:a8:0c:67:fe:de:
         82:31:43:40:2f:65:81:50:0c:52:80:c9:bf:20:85:c8:96:7c:
         ea:f6:ec:94:b4:97:b7:7f:7b:6d:d6:df:4f:4f:e8:4b:97:4a:
         58:ac:58:85:f7:63:6d:c3:c9:53:bb:a8:33:c4:82:a5:fd:2e:
         bf:d8:b3:50:d1:b9:66:8c:3b:a9:86:b0:09:4a:66:34:c2:8a:
         62:64:4d:55:2d:99:00:48:70:f4:81:b3:d1:47:66:f4:eb:1c:
         80:1d:d5:02:54:81:f0:14:a5:00:68:ac:45:a6:8b:e7:70:a9:
         8f:d6:f5:34:db:a7:31:a9:5a:44:b4:e0:f3:3e:ee:3c:3c:a8:
         6e:39:82:e7:b2:5f:f4:76:36:1a:00:15:75:aa:d6:a3:23:84:
         40:e6:09:f5:ec:ee:bb:fa:05:f4:84:30:78:6c:98:16:3f:85:
         ab:18:fc:9a:1a:a2:33:19:8f:11:9e:fb:b1:0f:85:a8:80:5d:
         66:4f:7b:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2pDfS1PZmUHq6m/BQc9QLrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMjE0MTkxODAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDZiNWEwMDdlZjE5MzQ0ODc2OWM2ZGMxNjMyYTEwYzI5NDRkMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigNK8dib+doRucP22FogMIoOuzZe
VI8I8bLBe/JxD4TPWAP9h0rwvWwPLKk4YE74lBU5IMC3bAR6BCMr+hK7h2gWpYFj
JkS7PkXR52Ep5J6tnA+nbVtF+j7oqghl/9DkAxLHX1APq+UFJEkDowOU72PLX7FM
BjPQnvSWVgvNZl9HuUiEwjuobAXm+dw/zgqG2Jo2yu7/lYJCfX3n34iSAB5Rgm8B
867sBsP4FeTh9OjhDY8lRZFt7GqWP9LscIRc1wEI/sY8FURCE9Vz/62X+QKRuIDy
vBYP1cl9m4VecvzXx8ErYwSN6Bmksu3Ghuap6yt+wnhMq7bPfCnOQ+DtaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1rWgB+8ZNEh2nG3BYyoQwpRNCXMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvald0YUFIN3hrMFNIYWNiY0ZqS2hEQ2xFMEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0gMA0G
CSqGSIb3DQEBCwUAA4IBAQCX1CArcIjNc7MZMh/NLanLKVd+V+PbEMwLeS8xAuRt
mFwna2TF+ujwCC0ycVTNcB+KlZO8a6uX6gm1pLEHtk2doDcuqAxn/t6CMUNAL2WB
UAxSgMm/IIXIlnzq9uyUtJe3f3tt1t9PT+hLl0pYrFiF92Ntw8lTu6gzxIKl/S6/
2LNQ0blmjDuphrAJSmY0wopiZE1VLZkASHD0gbPRR2b06xyAHdUCVIHwFKUAaKxF
povncKmP1vU026cxqVpEtODzPu48PKhuOYLnsl/0djYaABV1qtajI4RA5gn17O67
+gX0hDB4bJgWP4WrGPyaGqIzGY8RnvuxD4WogF1mT3sZ
-----END CERTIFICATE-----