Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ffrDAfuXA8J-xVLNEbkZL6ZXn2k.roa
File:                     ffrDAfuXA8J-xVLNEbkZL6ZXn2k.roa (raw, json)
Hash identifier:          Yw8ijT/qhV4OTq+EdI5mzef32+gknJ6JYZrlBh3JRKI=
Subject key identifier:   7D:FA:C3:01:FB:97:03:C2:7E:C5:52:CD:11:B9:19:2F:A6:57:9F:69
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018CC64ADDD413F26CDF5CDB3907D7713426
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ffrDAfuXA8J-xVLNEbkZL6ZXn2k.roa
Signing time:             Mon 01 Jan 2024 18:30:44 +0000
ROA not before:           Mon 01 Jan 2024 18:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47447
IP address blocks:        178.251.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:dd:d4:13:f2:6c:df:5c:db:39:07:d7:71:34:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 18:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7dfac301fb9703c27ec552cd11b9192fa6579f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:20:5d:a0:f7:af:6e:6c:a4:99:f6:5b:9e:82:
                    dd:f6:bb:0a:53:cb:45:f2:23:e1:48:26:47:9b:50:
                    d3:45:3e:33:ee:ef:e1:2c:b8:ca:e4:1d:89:9a:3b:
                    08:28:eb:4d:d6:02:3a:62:f1:bd:8a:18:41:88:db:
                    2c:eb:f9:9e:48:9b:dd:6f:9f:f9:e4:e3:26:ed:1e:
                    ea:c4:36:a7:04:3f:c8:51:39:35:0d:7c:56:c3:d3:
                    d9:7e:5b:69:ac:69:06:39:92:ae:39:6c:12:fb:4c:
                    ae:07:2d:09:23:ca:26:d4:8a:af:b1:cb:a7:dd:ac:
                    be:b2:2f:f2:d8:09:71:5e:f3:b0:b6:86:b5:1c:a2:
                    95:64:8c:03:f6:fb:2c:01:e6:46:38:9c:fc:03:27:
                    71:b9:e6:67:0b:db:76:9d:84:d0:3e:77:b0:f5:0a:
                    f4:03:ea:59:7e:a6:8a:cb:c8:0c:26:f9:f2:a4:68:
                    80:fa:e5:15:97:2f:18:72:e4:9d:99:d9:5f:0e:19:
                    4b:e6:ef:e3:95:a2:34:d6:11:c3:4d:7c:3d:2a:e0:
                    be:85:48:a5:2a:e1:47:c0:3a:bf:44:3a:64:c8:40:
                    9f:f8:3a:a0:e8:bb:56:f0:5a:c8:6d:8b:7d:83:61:
                    37:0b:02:5b:c2:a3:de:6c:23:df:18:56:59:f7:1f:
                    e6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:FA:C3:01:FB:97:03:C2:7E:C5:52:CD:11:B9:19:2F:A6:57:9F:69
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ffrDAfuXA8J-xVLNEbkZL6ZXn2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:62:29:61:39:39:07:ce:fd:85:88:98:07:25:1c:ac:54:75:
         8d:fb:b0:c4:72:84:f9:fc:12:18:fd:55:2d:f3:c5:39:4f:b1:
         68:f7:a4:39:0c:11:2d:46:89:4b:97:8d:0f:72:61:75:ab:ff:
         9e:92:9f:63:90:9d:bc:c4:7b:2c:68:f9:78:1a:f5:da:79:81:
         86:4d:af:71:e2:c4:ab:fe:25:92:e2:c8:29:ce:bb:7b:e2:6f:
         29:54:1e:11:8c:45:68:98:6a:ad:d9:c6:bf:a9:ff:8f:bc:8f:
         5a:7f:4b:12:20:1d:d3:55:b2:e4:75:c4:b5:c6:fd:e5:65:a6:
         09:59:61:8c:93:45:92:da:b0:b1:52:57:97:01:13:ee:76:dc:
         bc:c3:a1:9a:24:ac:9b:1a:57:cc:66:06:8d:b3:25:1e:93:e5:
         97:c7:05:4a:91:6d:8a:19:64:7f:1b:5c:55:21:23:1f:39:3e:
         15:14:08:b7:b1:42:05:c9:cf:7a:eb:5a:39:1d:a1:4c:fd:aa:
         e0:f3:d2:03:70:e2:49:d4:54:4e:c1:99:a4:82:22:55:19:24:
         34:5a:36:6d:a7:c6:50:e4:93:2f:2f:32:5b:98:49:7e:3f:12:
         18:3e:d0:98:b3:84:21:3b:5d:7e:15:5c:2a:59:23:5b:e2:47:
         d9:40:de:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSt3UE/Js31zbOQfXcTQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMTAxMTgzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGZhYzMwMWZiOTcwM2MyN2VjNTUyY2QxMWI5MTkyZmE2NTc5ZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5SBdoPevbmykmfZbnoLd9rsKU8tF
8iPhSCZHm1DTRT4z7u/hLLjK5B2JmjsIKOtN1gI6YvG9ihhBiNss6/meSJvdb5/5
5OMm7R7qxDanBD/IUTk1DXxWw9PZfltprGkGOZKuOWwS+0yuBy0JI8om1Iqvscun
3ay+si/y2AlxXvOwtoa1HKKVZIwD9vssAeZGOJz8AydxueZnC9t2nYTQPnew9Qr0
A+pZfqaKy8gMJvnypGiA+uUVly8YcuSdmdlfDhlL5u/jlaI01hHDTXw9KuC+hUil
KuFHwDq/RDpkyECf+Dqg6LtW8FrIbYt9g2E3CwJbwqPebCPfGFZZ9x/mIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH36wwH7lwPCfsVSzRG5GS+mV59pMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvZmZyREFmdVhBOEoteFZMTkVia1pMNlpYbjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvvkMA0G
CSqGSIb3DQEBCwUAA4IBAQCdYilhOTkHzv2FiJgHJRysVHWN+7DEcoT5/BIY/VUt
88U5T7Fo96Q5DBEtRolLl40PcmF1q/+ekp9jkJ28xHssaPl4GvXaeYGGTa9x4sSr
/iWS4sgpzrt74m8pVB4RjEVomGqt2ca/qf+PvI9af0sSIB3TVbLkdcS1xv3lZaYJ
WWGMk0WS2rCxUleXARPudty8w6GaJKybGlfMZgaNsyUek+WXxwVKkW2KGWR/G1xV
ISMfOT4VFAi3sUIFyc9661o5HaFM/arg89IDcOJJ1FROwZmkgiJVGSQ0WjZtp8ZQ
5JMvLzJbmEl+PxIYPtCYs4QhO11+FVwqWSNb4kfZQN4W
-----END CERTIFICATE-----