Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/pPbBpbUx0P6YgFHR3yN4EsXFkp4.roa
File:                     pPbBpbUx0P6YgFHR3yN4EsXFkp4.roa (raw, json)
Hash identifier:          Q9AbKoociic28sbhUIXWSWmZ3o+pWg2xK96baX8NMXc=
Subject key identifier:   A4:F6:C1:A5:B5:31:D0:FE:98:80:51:D1:DF:23:78:12:C5:C5:92:9E
Certificate issuer:       /CN=69507f066f2bb0389dd88436074e1426114f2d92
Certificate serial:       019031675910A5558A3B02B0ABCD78FEB93B
Authority key identifier: 69:50:7F:06:6F:2B:B0:38:9D:D8:84:36:07:4E:14:26:11:4F:2D:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/pPbBpbUx0P6YgFHR3yN4EsXFkp4.roa
Signing time:             Wed 19 Jun 2024 16:49:34 +0000
ROA not before:           Wed 19 Jun 2024 16:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214798
IP address blocks:        178.208.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:31:67:59:10:a5:55:8a:3b:02:b0:ab:cd:78:fe:b9:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69507f066f2bb0389dd88436074e1426114f2d92
        Validity
            Not Before: Jun 19 16:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4f6c1a5b531d0fe988051d1df237812c5c5929e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:20:8b:cd:bf:13:30:62:0e:73:b5:e6:cd:f9:
                    35:0d:b8:89:e4:c1:fe:33:3d:6a:93:60:eb:b5:bb:
                    cf:c7:c2:8f:65:3c:05:a7:ed:c1:32:e9:26:4a:c4:
                    73:8b:4d:ea:74:47:9a:e1:fa:38:44:73:25:69:4b:
                    c2:c5:1f:10:ee:96:d5:8f:df:87:a4:da:f3:ac:c0:
                    d1:cb:f6:e1:15:8c:17:9f:2f:73:0b:b9:be:4a:dd:
                    3c:9c:2c:6e:ba:00:bd:91:9a:77:87:17:5b:0c:1d:
                    23:f2:87:e5:6f:1f:44:ae:9d:b9:f4:11:64:3e:7c:
                    36:8e:33:d9:40:17:ab:5e:92:c6:8b:56:c0:c7:ec:
                    f6:7b:fe:82:55:a0:de:ae:5e:82:3c:b5:2b:15:38:
                    ad:7f:a4:0d:51:6d:ef:8e:9a:05:fc:52:62:24:c7:
                    ae:da:57:40:54:2f:94:fb:e8:94:da:00:6b:79:cd:
                    ef:4d:4a:4d:ed:53:a1:82:2a:c6:08:fc:4c:17:cb:
                    e8:f4:dc:04:f2:bc:e1:97:d8:f0:47:3b:79:b3:cf:
                    44:2a:19:13:6f:2a:f1:3d:c3:58:b6:5b:8e:ad:b8:
                    58:07:46:05:c2:3d:b2:eb:67:09:3a:a3:71:f9:3b:
                    ab:c7:e5:08:a0:14:76:ad:34:c5:7b:94:84:80:a3:
                    99:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F6:C1:A5:B5:31:D0:FE:98:80:51:D1:DF:23:78:12:C5:C5:92:9E
            X509v3 Authority Key Identifier:
                keyid:69:50:7F:06:6F:2B:B0:38:9D:D8:84:36:07:4E:14:26:11:4F:2D:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVB_Bm8rsDid2IQ2B04UJhFPLZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/pPbBpbUx0P6YgFHR3yN4EsXFkp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/bf8338-8752-4d55-9c31-0e1b8fea8913/1/aVB_Bm8rsDid2IQ2B04UJhFPLZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.208.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:7a:20:1c:20:f3:18:ff:7b:4d:28:63:a2:c5:87:19:e9:7d:
         06:28:71:1a:2a:6d:df:ed:84:6e:12:22:5e:d4:f0:7b:05:5d:
         b1:a2:ae:7c:32:07:a9:0d:0a:69:e3:4c:08:a6:24:59:17:5c:
         7c:aa:a5:75:8e:79:bb:3e:b0:ab:fd:34:f6:ea:c1:1f:a7:61:
         28:ec:1a:9e:64:6a:6e:f4:83:bd:2c:fc:3e:eb:3f:d6:51:f0:
         36:73:f3:28:e8:00:e7:e8:bb:d7:d8:24:7a:be:4c:97:26:91:
         e8:54:dd:62:e0:1d:d3:5d:56:4a:41:9e:6e:66:e6:0e:32:68:
         36:f3:69:33:70:50:ab:cb:d6:b7:ca:5b:b5:f1:77:07:ab:46:
         c9:0c:70:83:bd:c5:e1:2b:26:02:ce:17:a1:6d:2a:26:83:13:
         f9:d2:ba:14:09:4e:2d:a5:7e:ce:0b:4d:4d:73:ce:18:8c:2d:
         68:51:f2:64:08:fe:f6:78:e2:cf:9d:61:8f:d7:aa:1f:f4:fa:
         c9:ee:e5:42:06:6d:cf:c8:bf:64:9b:cf:7e:34:1a:4c:ac:cd:
         88:6a:4a:3f:15:18:ff:b2:03:74:ac:63:f3:f7:1e:af:53:4a:
         2b:5c:bd:3d:05:ff:5f:21:37:d1:1e:42:12:3f:b5:35:9c:dc:
         44:8f:f8:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAxZ1kQpVWKOwKwq814/rk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTA3ZjA2NmYyYmIwMzg5ZGQ4ODQzNjA3NGUxNDI2MTE0
ZjJkOTIwHhcNMjQwNjE5MTY0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGY2YzFhNWI1MzFkMGZlOTg4MDUxZDFkZjIzNzgxMmM1YzU5MjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiCLzb8TMGIOc7Xmzfk1DbiJ5MH+
Mz1qk2DrtbvPx8KPZTwFp+3BMukmSsRzi03qdEea4fo4RHMlaUvCxR8Q7pbVj9+H
pNrzrMDRy/bhFYwXny9zC7m+St08nCxuugC9kZp3hxdbDB0j8oflbx9Erp259BFk
Pnw2jjPZQBerXpLGi1bAx+z2e/6CVaDerl6CPLUrFTitf6QNUW3vjpoF/FJiJMeu
2ldAVC+U++iU2gBrec3vTUpN7VOhgirGCPxMF8vo9NwE8rzhl9jwRzt5s89EKhkT
byrxPcNYtluOrbhYB0YFwj2y62cJOqNx+Turx+UIoBR2rTTFe5SEgKOZSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKT2waW1MdD+mIBR0d8jeBLFxZKeMB8GA1UdIwQY
MBaAFGlQfwZvK7A4ndiENgdOFCYRTy2SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZCX0JtOHJzRGlkMklRMkIwNFVKaEZQTFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9iZjgzMzgtODc1Mi00ZDU1LTljMzEt
MGUxYjhmZWE4OTEzLzEvcFBiQnBiVXgwUDZZZ0ZIUjN5TjRFc1hGa3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9iZjgzMzgtODc1Mi00ZDU1LTljMzEtMGUxYjhmZWE4OTEz
LzEvYVZCX0JtOHJzRGlkMklRMkIwNFVKaEZQTFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstBXMA0G
CSqGSIb3DQEBCwUAA4IBAQCIeiAcIPMY/3tNKGOixYcZ6X0GKHEaKm3f7YRuEiJe
1PB7BV2xoq58MgepDQpp40wIpiRZF1x8qqV1jnm7PrCr/TT26sEfp2Eo7BqeZGpu
9IO9LPw+6z/WUfA2c/Mo6ADn6LvX2CR6vkyXJpHoVN1i4B3TXVZKQZ5uZuYOMmg2
82kzcFCry9a3ylu18XcHq0bJDHCDvcXhKyYCzhehbSomgxP50roUCU4tpX7OC01N
c84YjC1oUfJkCP72eOLPnWGP16of9PrJ7uVCBm3PyL9km89+NBpMrM2Iako/FRj/
sgN0rGPz9x6vU0orXL09Bf9fITfRHkISP7U1nNxEj/ho
-----END CERTIFICATE-----