Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/e4OoxymcplF2t96_Jif4Sfncn44.roa
File:                     e4OoxymcplF2t96_Jif4Sfncn44.roa (raw, json)
Hash identifier:          /NughOs45Nu+HARUwH7tDl3MvtHJsP5Kp5idWCFXI60=
Subject key identifier:   7B:83:A8:C7:29:9C:A6:51:76:B7:DE:BF:26:27:F8:49:F9:DC:9F:8E
Certificate issuer:       /CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
Certificate serial:       018CC801A8727A534AAF056E6CE1056E2D4A
Authority key identifier: 17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/e4OoxymcplF2t96_Jif4Sfncn44.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        91.199.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a8:72:7a:53:4a:af:05:6e:6c:e1:05:6e:2d:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b83a8c7299ca65176b7debf2627f849f9dc9f8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e3:63:70:f2:97:c6:35:65:4d:68:78:f4:86:
                    3b:6b:23:d4:79:43:84:85:28:b0:3c:cb:71:d3:5e:
                    11:3c:ea:cd:36:41:13:47:00:70:dc:0c:28:be:70:
                    e8:be:f7:2f:ea:ec:25:ab:58:0f:38:d4:76:b0:17:
                    f7:a8:80:c2:87:5f:5e:f0:3c:ef:85:98:61:58:d6:
                    3f:d1:6f:bf:0b:dd:bb:5d:4c:ca:d3:98:c5:29:f1:
                    4e:38:52:d8:3e:91:b3:39:3b:bf:66:ff:d2:fd:08:
                    44:64:1d:33:ce:e0:ef:ef:d2:84:7b:b0:c5:db:6e:
                    df:1d:ae:f2:08:2a:80:a8:7b:b5:b8:44:2b:b6:af:
                    e5:25:2e:1e:be:d2:f1:3d:c0:af:bd:a8:0a:83:d3:
                    39:46:8e:a6:ff:2e:8f:dd:95:7d:9f:bb:45:c0:4c:
                    a1:60:8e:40:f5:ff:f2:59:44:db:a6:96:0f:71:25:
                    24:ef:91:f2:a2:fa:f0:1a:cf:14:66:36:8a:9f:7b:
                    ae:86:61:14:57:60:eb:75:cd:98:fc:66:fc:a1:29:
                    bd:51:2a:15:7e:33:c4:81:10:96:6c:26:3b:bc:8b:
                    00:da:39:f8:66:55:3c:67:6a:e2:83:60:67:57:67:
                    95:ec:cf:b7:2c:9a:e8:b2:e9:76:8f:0d:0d:ba:86:
                    1b:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:83:A8:C7:29:9C:A6:51:76:B7:DE:BF:26:27:F8:49:F9:DC:9F:8E
            X509v3 Authority Key Identifier:
                keyid:17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/e4OoxymcplF2t96_Jif4Sfncn44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:f8:22:05:1a:49:8a:c0:32:ce:7d:ab:c9:7f:aa:3c:32:02:
         61:79:13:f1:d0:e1:b1:7b:d4:e6:b3:bc:8d:23:7e:29:5a:f8:
         8a:f0:81:24:b3:4e:f0:26:26:df:33:8c:be:0e:5b:00:2d:39:
         d0:c3:41:5c:24:1d:c4:40:64:1c:c0:27:ff:fc:d8:43:5f:21:
         8e:23:26:94:4c:8b:27:00:d0:f6:60:c8:74:1b:8e:76:37:10:
         98:97:b8:40:72:c3:af:ab:4b:f5:91:56:73:98:5d:77:1d:b2:
         1e:8b:ce:66:19:0f:6d:ea:d7:19:2e:9a:72:6a:e0:72:f2:5a:
         7e:69:ad:b5:aa:f0:06:c1:3c:cb:fe:d6:05:5b:a1:91:50:16:
         34:3c:59:15:83:27:2c:31:38:7e:d0:23:58:5d:c9:81:aa:c2:
         4c:67:88:8b:1c:7e:dd:c3:60:90:70:ac:49:8c:df:d1:b9:1e:
         26:8a:7e:a8:d2:9e:e2:64:11:19:e3:aa:d3:3f:94:9f:6e:0e:
         23:89:67:3a:1a:64:b8:65:ad:09:9c:da:ad:c1:ea:ce:2e:db:
         8a:ba:3e:18:f3:5a:af:7b:bc:85:f9:0f:5f:42:87:0d:59:24:
         78:d2:22:cf:cd:51:ad:2d:0d:51:67:47:73:f0:96:31:24:89:
         fe:f1:e8:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAahyelNKrwVubOEFbi1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OGM4ZjIwYzkzOWFhYTljODBjY2U2YTBkMTU2NzE4M2Nh
MWM1OTkwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjgzYThjNzI5OWNhNjUxNzZiN2RlYmYyNjI3Zjg0OWY5ZGM5ZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmONjcPKXxjVlTWh49IY7ayPUeUOE
hSiwPMtx014RPOrNNkETRwBw3AwovnDovvcv6uwlq1gPONR2sBf3qIDCh19e8Dzv
hZhhWNY/0W+/C927XUzK05jFKfFOOFLYPpGzOTu/Zv/S/QhEZB0zzuDv79KEe7DF
227fHa7yCCqAqHu1uEQrtq/lJS4evtLxPcCvvagKg9M5Ro6m/y6P3ZV9n7tFwEyh
YI5A9f/yWUTbppYPcSUk75HyovrwGs8UZjaKn3uuhmEUV2Drdc2Y/Gb8oSm9USoV
fjPEgRCWbCY7vIsA2jn4ZlU8Z2rig2BnV2eV7M+3LJrosul2jw0NuoYbbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuDqMcpnKZRdrfevyYn+En53J+OMB8GA1UdIwQY
MBaAFBeMjyDJOaqpyAzOag0VZxg8ocWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjR5UElNazVxcW5JRE01cURSVm5HRHloeFprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy83ZWRkOWEtZmI3Mi00M2Q3LWIyNTIt
NGNkMTFlOGI3NDk3LzEvZTRPb3h5bWNwbEYydDk2X0ppZjRTZm5jbjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy83ZWRkOWEtZmI3Mi00M2Q3LWIyNTItNGNkMTFlOGI3NDk3
LzEvRjR5UElNazVxcW5JRE01cURSVm5HRHloeFprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8dKMA0G
CSqGSIb3DQEBCwUAA4IBAQCr+CIFGkmKwDLOfavJf6o8MgJheRPx0OGxe9Tms7yN
I34pWviK8IEks07wJibfM4y+DlsALTnQw0FcJB3EQGQcwCf//NhDXyGOIyaUTIsn
AND2YMh0G452NxCYl7hAcsOvq0v1kVZzmF13HbIei85mGQ9t6tcZLppyauBy8lp+
aa21qvAGwTzL/tYFW6GRUBY0PFkVgycsMTh+0CNYXcmBqsJMZ4iLHH7dw2CQcKxJ
jN/RuR4min6o0p7iZBEZ46rTP5Sfbg4jiWc6GmS4Za0JnNqtwerOLtuKuj4Y81qv
e7yF+Q9fQocNWSR40iLPzVGtLQ1RZ0dz8JYxJIn+8ejb
-----END CERTIFICATE-----