Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jv6bkguknuB587UIcPmRs1_Yi6w.roa
File:                     jv6bkguknuB587UIcPmRs1_Yi6w.roa (raw, json)
Hash identifier:          Ji6Ka0soyM71Rd4FIpng5jFKOi5qeY2GE7XwOPSOTwI=
Subject key identifier:   8E:FE:9B:92:0B:A4:9E:E0:79:F3:B5:08:70:F9:91:B3:5F:D8:8B:AC
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018FECD97E65F4EBB0FE1F38068A6ACDCFE8
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jv6bkguknuB587UIcPmRs1_Yi6w.roa
Signing time:             Thu 06 Jun 2024 09:20:27 +0000
ROA not before:           Thu 06 Jun 2024 09:20:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395517
IP address blocks:        178.253.16.0/24 maxlen: 24
                          178.253.38.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ec:d9:7e:65:f4:eb:b0:fe:1f:38:06:8a:6a:cd:cf:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jun  6 09:20:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8efe9b920ba49ee079f3b50870f991b35fd88bac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:03:d4:c8:db:58:4a:d3:e3:58:89:bc:14:71:
                    c0:c2:9c:62:79:a9:45:15:9c:79:60:a9:dd:60:8a:
                    26:65:f7:0c:27:df:83:96:f9:c1:dd:01:d5:1a:91:
                    fb:c2:11:3b:44:26:4a:a3:6c:11:c0:0d:2e:f1:1f:
                    c5:ef:db:fe:f6:e7:b7:01:65:5b:cb:28:79:93:c9:
                    2c:82:62:f6:3f:9c:25:7c:0f:83:49:31:20:1c:ad:
                    00:39:8c:e8:59:cb:3c:9a:11:25:79:6b:43:2f:ac:
                    2a:3d:3e:12:c9:18:8b:2d:a5:ea:97:ec:b9:a0:11:
                    f5:86:b9:4c:41:01:1d:3f:fc:36:16:25:51:f8:46:
                    ca:85:73:e7:eb:fd:cb:de:17:30:f3:b3:91:01:cd:
                    78:d8:47:3e:56:04:67:5d:83:8a:f8:1b:41:fc:60:
                    b6:54:5f:6d:08:83:fd:81:59:8f:d7:ea:e2:66:9c:
                    6b:69:ed:b7:fa:67:b0:22:e9:94:90:ab:6d:a1:0c:
                    1b:3b:ce:34:d3:94:79:fe:d1:a2:09:df:11:66:41:
                    13:ea:72:b5:fb:ec:28:b0:28:37:46:0e:60:ae:81:
                    fc:6a:34:a0:6b:1a:fb:5a:9a:a0:25:c9:a1:c1:25:
                    65:6e:30:03:e5:70:ae:4e:d0:78:d6:4b:b6:bf:e2:
                    3a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:FE:9B:92:0B:A4:9E:E0:79:F3:B5:08:70:F9:91:B3:5F:D8:8B:AC
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/jv6bkguknuB587UIcPmRs1_Yi6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.16.0/24
                  178.253.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:81:40:cd:e9:93:05:9f:be:4d:f2:8e:81:6e:12:98:bd:75:
         16:3c:1c:b6:03:c2:cd:cc:40:c0:52:de:23:26:8a:a8:12:1d:
         f4:b6:1e:55:f7:17:20:b5:b6:2b:21:0a:71:f2:20:83:90:d1:
         41:6a:39:49:81:4f:35:c0:af:20:00:d6:e4:03:c4:6f:b8:47:
         47:ba:5b:21:0b:4d:03:6d:21:b5:8d:3c:1c:d0:f2:77:bb:4f:
         c2:cd:db:cc:a6:cb:1a:ec:3f:de:1b:56:16:5e:71:2e:7f:72:
         f0:65:24:f8:14:ac:9a:69:b3:73:3d:61:9b:1d:f6:ce:55:e4:
         de:4e:a0:0c:db:e6:bf:53:5c:93:6f:c8:9f:73:d9:eb:01:98:
         7d:d7:28:73:bf:16:45:c4:57:a8:fa:e7:9f:23:c1:02:4a:db:
         22:e1:e4:aa:59:67:ae:fc:79:20:c4:30:f8:95:5d:e3:fb:ab:
         e7:c4:a0:83:ad:b5:6f:1b:e6:88:f7:70:c2:93:e1:3f:fe:6f:
         a4:84:82:8c:8c:b3:ef:3a:a5:b7:02:7c:05:f7:cb:6e:a4:bb:
         f5:3f:e3:a9:65:93:f5:8f:cb:8d:0c:f0:85:32:71:7a:55:3b:
         c7:c6:18:c4:19:bd:b5:41:db:90:5c:15:9f:17:18:ed:6d:8b:
         8f:94:94:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/s2X5l9Ouw/h84Bopqzc/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwNjA2MDkyMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWZlOWI5MjBiYTQ5ZWUwNzlmM2I1MDg3MGY5OTFiMzVmZDg4YmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAPUyNtYStPjWIm8FHHAwpxiealF
FZx5YKndYIomZfcMJ9+DlvnB3QHVGpH7whE7RCZKo2wRwA0u8R/F79v+9ue3AWVb
yyh5k8ksgmL2P5wlfA+DSTEgHK0AOYzoWcs8mhEleWtDL6wqPT4SyRiLLaXql+y5
oBH1hrlMQQEdP/w2FiVR+EbKhXPn6/3L3hcw87ORAc142Ec+VgRnXYOK+BtB/GC2
VF9tCIP9gVmP1+riZpxrae23+mewIumUkKttoQwbO84005R5/tGiCd8RZkET6nK1
++wosCg3Rg5groH8ajSgaxr7WpqgJcmhwSVlbjAD5XCuTtB41ku2v+I6awIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI7+m5ILpJ7gefO1CHD5kbNf2IusMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvanY2YmtndWtudUI1ODdVSWNQbVJzMV9ZaTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv0QAwQB
sv0mMA0GCSqGSIb3DQEBCwUAA4IBAQCPgUDN6ZMFn75N8o6BbhKYvXUWPBy2A8LN
zEDAUt4jJoqoEh30th5V9xcgtbYrIQpx8iCDkNFBajlJgU81wK8gANbkA8RvuEdH
ulshC00DbSG1jTwc0PJ3u0/CzdvMpssa7D/eG1YWXnEuf3LwZST4FKyaabNzPWGb
HfbOVeTeTqAM2+a/U1yTb8ifc9nrAZh91yhzvxZFxFeo+uefI8ECStsi4eSqWWeu
/HkgxDD4lV3j+6vnxKCDrbVvG+aI93DCk+E//m+khIKMjLPvOqW3AnwF98tupLv1
P+OpZZP1j8uNDPCFMnF6VTvHxhjEGb21QduQXBWfFxjtbYuPlJTC
-----END CERTIFICATE-----