Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/9a234c-6512-4447-823c-0db7259f20b8/1/duguTeW8ErmRr7f5ZEryR3oV58E.roa
File:                     duguTeW8ErmRr7f5ZEryR3oV58E.roa (raw, json)
Hash identifier:          q3OOsJ7Kv17p8ez5C5AQYcTLGWf82piJmxtRxe/QdaM=
Subject key identifier:   76:E8:2E:4D:E5:BC:12:B9:91:AF:B7:F9:64:4A:F2:47:7A:15:E7:C1
Certificate issuer:       /CN=848b1294d2769fa37b348acc5dabfcb8fe6f9998
Certificate serial:       01965DCED3737D22CAA84CEF4A9B5D122CB9
Authority key identifier: 84:8B:12:94:D2:76:9F:A3:7B:34:8A:CC:5D:AB:FC:B8:FE:6F:99:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hIsSlNJ2n6N7NIrMXav8uP5vmZg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/9a234c-6512-4447-823c-0db7259f20b8/1/duguTeW8ErmRr7f5ZEryR3oV58E.roa
Signing time:             Tue 22 Apr 2025 14:02:37 +0000
ROA not before:           Tue 22 Apr 2025 14:02:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51524
IP address blocks:        178.213.40.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/9a234c-6512-4447-823c-0db7259f20b8/1/hIsSlNJ2n6N7NIrMXav8uP5vmZg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/9a234c-6512-4447-823c-0db7259f20b8/1/hIsSlNJ2n6N7NIrMXav8uP5vmZg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hIsSlNJ2n6N7NIrMXav8uP5vmZg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 17:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5d:ce:d3:73:7d:22:ca:a8:4c:ef:4a:9b:5d:12:2c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=848b1294d2769fa37b348acc5dabfcb8fe6f9998
        Validity
            Not Before: Apr 22 14:02:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76e82e4de5bc12b991afb7f9644af2477a15e7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b9:db:fe:8e:37:89:7f:fc:7e:36:be:32:b4:
                    8a:9a:42:1f:1b:04:7b:ff:af:30:1d:c6:f4:07:b1:
                    c6:d1:02:0a:99:dc:68:1e:e6:00:af:58:d9:49:3e:
                    2e:54:f8:f3:30:89:54:3d:31:27:e5:8e:7b:09:23:
                    15:8f:b5:5f:ca:bc:8c:09:56:4a:98:4e:d1:52:af:
                    66:36:c5:d5:32:12:1f:bb:df:5d:6f:97:f7:91:10:
                    eb:c6:ac:02:b7:d5:a9:be:de:8f:0f:38:03:b3:d2:
                    3a:ae:3e:f1:79:40:0e:a4:8b:b0:83:e6:77:32:32:
                    31:5e:ae:a6:e3:46:af:9f:f5:36:65:19:77:e0:15:
                    46:86:3c:48:3d:da:33:bb:35:5d:33:44:2f:a7:e1:
                    54:7c:6a:45:e8:98:09:fe:fb:78:d1:6b:75:af:8a:
                    c2:7e:75:36:b6:47:43:b0:63:6a:35:4d:a6:55:43:
                    92:85:6b:3f:27:c3:b5:5e:f5:c3:c5:3b:41:7a:09:
                    61:38:24:3f:98:bb:86:ce:dd:7b:26:8a:54:95:8e:
                    96:e9:dd:51:ce:cc:34:35:75:7f:d9:97:3e:d6:87:
                    54:8e:72:26:42:71:ab:f5:d2:1b:16:bd:12:5a:4b:
                    13:38:50:a7:3a:19:57:88:4d:e0:81:e3:a1:af:be:
                    f5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E8:2E:4D:E5:BC:12:B9:91:AF:B7:F9:64:4A:F2:47:7A:15:E7:C1
            X509v3 Authority Key Identifier:
                keyid:84:8B:12:94:D2:76:9F:A3:7B:34:8A:CC:5D:AB:FC:B8:FE:6F:99:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hIsSlNJ2n6N7NIrMXav8uP5vmZg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/9a234c-6512-4447-823c-0db7259f20b8/1/duguTeW8ErmRr7f5ZEryR3oV58E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/9a234c-6512-4447-823c-0db7259f20b8/1/hIsSlNJ2n6N7NIrMXav8uP5vmZg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:d0:5d:22:34:12:8f:f9:bf:d4:c9:df:15:6b:39:a5:40:0c:
         37:3d:b5:19:ec:3c:ea:d0:41:fb:3a:9f:f9:31:41:f9:ba:d4:
         b9:54:1b:e7:ba:eb:fe:18:0c:85:ef:d1:b3:3b:7c:0a:5e:03:
         d8:be:4f:6c:cf:d6:f7:44:7f:ee:dd:a8:f2:0d:49:36:38:3e:
         b0:95:3c:d7:38:61:49:dd:70:25:4f:51:79:8e:24:a2:e3:4e:
         f1:77:1e:7d:6d:03:f9:00:aa:71:b4:66:7e:07:13:ea:fe:fa:
         54:7f:ef:eb:eb:02:1e:24:1d:2c:11:25:a2:46:5d:ba:00:66:
         bc:28:79:68:51:ef:c3:0b:cd:81:7f:0e:3b:4f:4e:a4:9b:19:
         8f:1d:e1:0f:fe:31:13:df:56:49:32:99:91:b6:7b:1a:d6:4f:
         6d:9b:95:4f:96:b6:2b:46:48:f2:2f:47:65:d6:d3:4b:7d:98:
         3f:39:99:7b:8a:4d:18:c5:cd:28:a5:12:ee:63:3c:2e:aa:90:
         8a:85:55:76:28:ad:2e:55:6e:71:76:6d:99:f1:6a:4f:fa:94:
         34:74:6b:2f:75:51:57:de:8e:a3:83:2e:9f:a7:92:cc:ad:39:
         f0:8a:1f:c5:a0:c8:85:9b:15:ca:22:c8:54:40:d5:eb:06:84:
         86:44:5d:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZdztNzfSLKqEzvSptdEiy5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OGIxMjk0ZDI3NjlmYTM3YjM0OGFjYzVkYWJmY2I4ZmU2
Zjk5OTgwHhcNMjUwNDIyMTQwMjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmU4MmU0ZGU1YmMxMmI5OTFhZmI3Zjk2NDRhZjI0NzdhMTVlN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAprnb/o43iX/8fja+MrSKmkIfGwR7
/68wHcb0B7HG0QIKmdxoHuYAr1jZST4uVPjzMIlUPTEn5Y57CSMVj7VfyryMCVZK
mE7RUq9mNsXVMhIfu99db5f3kRDrxqwCt9Wpvt6PDzgDs9I6rj7xeUAOpIuwg+Z3
MjIxXq6m40avn/U2ZRl34BVGhjxIPdozuzVdM0Qvp+FUfGpF6JgJ/vt40Wt1r4rC
fnU2tkdDsGNqNU2mVUOShWs/J8O1XvXDxTtBeglhOCQ/mLuGzt17JopUlY6W6d1R
zsw0NXV/2Zc+1odUjnImQnGr9dIbFr0SWksTOFCnOhlXiE3ggeOhr771HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHboLk3lvBK5ka+3+WRK8kd6FefBMB8GA1UdIwQY
MBaAFISLEpTSdp+jezSKzF2r/Lj+b5mYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaElzU2xOSjJuNk43TklyTVhhdjh1UDV2bVpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy85YTIzNGMtNjUxMi00NDQ3LTgyM2Mt
MGRiNzI1OWYyMGI4LzEvZHVndVRlVzhFcm1ScjdmNVpFcnlSM29WNThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy85YTIzNGMtNjUxMi00NDQ3LTgyM2MtMGRiNzI1OWYyMGI4
LzEvaElzU2xOSjJuNk43TklyTVhhdjh1UDV2bVpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstUoMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ0F0iNBKP+b/Uyd8VazmlQAw3PbUZ7Dzq0EH7Op/5
MUH5utS5VBvnuuv+GAyF79GzO3wKXgPYvk9sz9b3RH/u3ajyDUk2OD6wlTzXOGFJ
3XAlT1F5jiSi407xdx59bQP5AKpxtGZ+BxPq/vpUf+/r6wIeJB0sESWiRl26AGa8
KHloUe/DC82Bfw47T06kmxmPHeEP/jET31ZJMpmRtnsa1k9tm5VPlrYrRkjyL0dl
1tNLfZg/OZl7ik0Yxc0opRLuYzwuqpCKhVV2KK0uVW5xdm2Z8WpP+pQ0dGsvdVFX
3o6jgy6fp5LMrTnwih/FoMiFmxXKIshUQNXrBoSGRF0p
-----END CERTIFICATE-----