Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/9lhxNiV6njX_ak6yT2dBvD_O3cU.roa
File:                     9lhxNiV6njX_ak6yT2dBvD_O3cU.roa (raw, json)
Hash identifier:          cmjAY3UA63vImpW+y9u3KZURG4OuHrHSwUH4M2UFZeU=
Subject key identifier:   F6:58:71:36:25:7A:9E:35:FF:6A:4E:B2:4F:67:41:BC:3F:CE:DD:C5
Certificate issuer:       /CN=c4b1b458abf797dedcc661e54a685f651834b5d1
Certificate serial:       018CC8DED94A0CB20942EAF7E0779F500305
Authority key identifier: C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/9lhxNiV6njX_ak6yT2dBvD_O3cU.roa
Signing time:             Tue 02 Jan 2024 06:31:36 +0000
ROA not before:           Tue 02 Jan 2024 06:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197610
IP address blocks:        178.136.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:d9:4a:0c:b2:09:42:ea:f7:e0:77:9f:50:03:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4b1b458abf797dedcc661e54a685f651834b5d1
        Validity
            Not Before: Jan  2 06:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6587136257a9e35ff6a4eb24f6741bc3fceddc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:42:57:a3:61:96:86:25:7d:24:2b:5f:7a:eb:
                    0d:ed:92:24:34:7a:d1:d8:88:bf:cc:a4:cb:c7:b2:
                    dc:4b:8b:30:4c:5d:11:9b:92:b0:4b:1c:0a:d9:69:
                    e5:3c:86:90:e6:40:0c:0c:77:20:f5:b6:01:51:21:
                    29:b2:42:c8:e0:22:af:a1:5d:86:9b:16:82:2f:0b:
                    44:24:4f:74:a2:06:e4:85:82:f6:cd:66:9c:3a:49:
                    bf:4e:2a:42:c0:32:7a:13:18:95:f8:cb:09:89:40:
                    db:49:0f:d5:eb:77:37:82:e9:8c:7f:06:bc:7e:d8:
                    1e:fc:06:ba:b3:37:c6:bd:b3:6e:30:43:2b:f5:72:
                    1c:19:e8:9f:79:0a:76:49:58:de:e1:96:b4:fa:cc:
                    eb:88:a3:1e:26:12:7d:54:85:51:08:42:ec:30:af:
                    a5:f6:a3:72:06:fd:b1:48:cf:cf:c2:fd:24:fc:e6:
                    6d:01:7d:91:13:1d:38:1f:0f:cc:35:71:53:c8:e9:
                    b8:d8:68:47:6f:b3:ff:4e:28:43:4b:ed:39:5d:a0:
                    ce:86:8c:43:97:1a:69:81:8c:1d:12:60:94:18:a7:
                    3f:a6:e2:99:69:3d:d7:ba:df:dd:35:ec:4c:c9:b5:
                    01:44:d2:17:fc:0d:d6:a0:7f:fb:6d:e0:a0:1f:c1:
                    f3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:58:71:36:25:7A:9E:35:FF:6A:4E:B2:4F:67:41:BC:3F:CE:DD:C5
            X509v3 Authority Key Identifier:
                keyid:C4:B1:B4:58:AB:F7:97:DE:DC:C6:61:E5:4A:68:5F:65:18:34:B5:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xLG0WKv3l97cxmHlSmhfZRg0tdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/9lhxNiV6njX_ak6yT2dBvD_O3cU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/260e24-2040-4a5c-92cf-ec58a3125ee5/1/xLG0WKv3l97cxmHlSmhfZRg0tdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.136.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:3b:08:c3:f7:a6:2a:f0:dd:cc:0e:f8:56:2e:f8:f2:cc:e3:
         9c:73:72:22:29:79:79:c6:4d:fa:26:34:6f:9a:85:dd:db:b9:
         b7:5f:03:c3:8a:2f:ca:39:a3:42:a7:0e:2b:3a:e0:6f:55:59:
         23:05:c5:76:07:da:a2:04:7e:01:71:a9:40:5c:a4:78:fe:1d:
         06:25:17:b5:e2:68:e1:ec:d8:57:c9:ed:df:37:de:6f:98:62:
         7e:fb:8c:9a:df:74:9c:f8:7f:89:5e:c0:f5:ff:3c:f2:06:b6:
         58:0f:35:ea:94:e4:f6:90:5b:d4:3f:10:ce:08:c8:66:f7:35:
         1e:96:87:9d:2e:ea:cb:0e:86:6d:6e:ed:b3:4b:4f:b4:01:59:
         0d:27:a7:11:7a:aa:5f:7a:8a:52:8c:ec:da:ec:98:45:87:2a:
         1c:e9:2f:5e:4c:ac:2e:30:b0:ee:9b:32:13:6c:54:1e:77:27:
         d9:cb:19:a2:e3:3c:22:e4:28:78:a3:bd:89:d2:32:27:19:a1:
         9e:84:a8:90:4a:3b:13:0b:c5:6f:ad:f2:b1:1d:b9:2c:5b:1f:
         83:88:b0:47:b3:d5:ec:fb:34:3f:66:f1:09:f4:0f:c1:90:de:
         38:b8:22:65:32:de:11:62:96:55:a1:b2:5e:14:68:3a:16:fa:
         4f:1c:f7:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3tlKDLIJQur34HefUAMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0YjFiNDU4YWJmNzk3ZGVkY2M2NjFlNTRhNjg1ZjY1MTgz
NGI1ZDEwHhcNMjQwMTAyMDYzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjU4NzEzNjI1N2E5ZTM1ZmY2YTRlYjI0ZjY3NDFiYzNmY2VkZGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0JXo2GWhiV9JCtfeusN7ZIkNHrR
2Ii/zKTLx7LcS4swTF0Rm5KwSxwK2WnlPIaQ5kAMDHcg9bYBUSEpskLI4CKvoV2G
mxaCLwtEJE90ogbkhYL2zWacOkm/TipCwDJ6ExiV+MsJiUDbSQ/V63c3gumMfwa8
ftge/Aa6szfGvbNuMEMr9XIcGeifeQp2SVje4Za0+szriKMeJhJ9VIVRCELsMK+l
9qNyBv2xSM/Pwv0k/OZtAX2REx04Hw/MNXFTyOm42GhHb7P/TihDS+05XaDOhoxD
lxppgYwdEmCUGKc/puKZaT3Xut/dNexMybUBRNIX/A3WoH/7beCgH8HzkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZYcTYlep41/2pOsk9nQbw/zt3FMB8GA1UdIwQY
MBaAFMSxtFir95fe3MZh5UpoX2UYNLXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2Yt
ZWM1OGEzMTI1ZWU1LzEvOWxoeE5pVjZualhfYWs2eVQyZEJ2RF9PM2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8yNjBlMjQtMjA0MC00YTVjLTkyY2YtZWM1OGEzMTI1ZWU1
LzEveExHMFdLdjNsOTdjeG1IbFNtaGZaUmcwdGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsojkMA0G
CSqGSIb3DQEBCwUAA4IBAQBkOwjD96Yq8N3MDvhWLvjyzOOcc3IiKXl5xk36JjRv
moXd27m3XwPDii/KOaNCpw4rOuBvVVkjBcV2B9qiBH4BcalAXKR4/h0GJRe14mjh
7NhXye3fN95vmGJ++4ya33Sc+H+JXsD1/zzyBrZYDzXqlOT2kFvUPxDOCMhm9zUe
loedLurLDoZtbu2zS0+0AVkNJ6cReqpfeopSjOza7JhFhyoc6S9eTKwuMLDumzIT
bFQedyfZyxmi4zwi5Ch4o72J0jInGaGehKiQSjsTC8VvrfKxHbksWx+DiLBHs9Xs
+zQ/ZvEJ9A/BkN44uCJlMt4RYpZVobJeFGg6FvpPHPfo
-----END CERTIFICATE-----