Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/maY-vY2_rXNLvgIjnm7-CtwkgV0.roa
File:                     maY-vY2_rXNLvgIjnm7-CtwkgV0.roa (raw, json)
Hash identifier:          UOOD5hucNOwFC5ONOYdRpbn5LOMsVGO1Jo+ZUGOhn0c=
Subject key identifier:   99:A6:3E:BD:8D:BF:AD:73:4B:BE:02:23:9E:6E:FE:0A:DC:24:81:5D
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       018CC42492004311EB53AE4489E4F0D1B981
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/maY-vY2_rXNLvgIjnm7-CtwkgV0.roa
Signing time:             Mon 01 Jan 2024 08:29:40 +0000
ROA not before:           Mon 01 Jan 2024 08:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198961
IP address blocks:        178.254.171.0/24 maxlen: 24
                          178.254.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:92:00:43:11:eb:53:ae:44:89:e4:f0:d1:b9:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  1 08:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99a63ebd8dbfad734bbe02239e6efe0adc24815d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:3d:f5:ff:03:e5:51:8d:6e:ce:9c:98:be:39:
                    4e:17:6e:6f:21:82:f4:eb:ef:64:2f:22:df:a4:83:
                    44:e8:4c:78:52:01:54:d6:7f:30:49:d1:7c:5d:29:
                    6d:dd:b7:0f:d1:9b:98:cb:51:f4:19:3e:5c:bb:ee:
                    fa:29:9b:b9:e7:ae:68:4c:54:98:4b:72:4a:ba:7f:
                    01:bd:8e:fa:ea:63:18:a0:ff:8e:3e:e4:0e:fd:49:
                    1b:05:71:01:d2:9e:d3:b9:28:4a:3c:2d:6b:f4:e0:
                    05:8a:fe:7b:6e:ca:ed:71:15:80:ce:98:28:12:eb:
                    da:42:aa:bd:07:72:49:99:69:89:79:6a:12:d6:d1:
                    e0:ba:47:3f:86:d7:6f:a2:01:a6:08:ea:fd:e4:e8:
                    e2:86:8d:15:9f:47:05:4c:3e:6a:12:ec:0a:ae:20:
                    99:94:31:9f:fc:e9:d0:33:d5:2c:d4:3d:ed:e3:81:
                    95:f7:07:41:ec:5e:3e:78:4f:af:cc:0f:cc:79:a1:
                    9d:3e:57:69:c0:eb:4d:86:0a:2b:bc:fc:ef:25:90:
                    ca:48:97:1e:67:86:b2:bc:6d:04:7c:76:77:73:26:
                    ae:d7:ad:de:86:b1:92:5c:6f:dc:36:19:e6:15:91:
                    c4:0a:1f:25:c0:28:83:b5:fb:9d:ab:fe:f3:89:26:
                    2b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:A6:3E:BD:8D:BF:AD:73:4B:BE:02:23:9E:6E:FE:0A:DC:24:81:5D
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/maY-vY2_rXNLvgIjnm7-CtwkgV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.171.0/24
                  178.254.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:32:d4:1f:f0:c6:97:51:d3:64:db:20:b6:b4:03:4f:a5:08:
         89:01:b5:68:08:a0:77:3a:8c:ca:88:94:40:33:8a:95:f3:a0:
         75:c4:ff:c4:b8:c4:14:63:f9:32:b2:16:5a:6f:a8:71:8d:e8:
         b6:91:05:84:fd:df:7b:fd:e5:74:d9:c5:58:19:31:0c:66:3f:
         6f:31:36:46:6d:cd:7c:0e:00:54:56:30:35:2d:b2:94:21:d0:
         ce:d0:11:5a:ff:8a:ef:96:18:a7:7c:f2:51:a3:57:51:82:7b:
         59:b7:83:38:ab:d5:34:80:16:25:61:db:f2:81:5a:3b:91:7d:
         fc:1e:91:8c:97:cf:00:0d:26:99:6d:83:0e:86:06:7a:32:69:
         ff:13:60:31:cc:b8:63:ed:53:70:02:7f:15:37:fd:fe:8a:bf:
         90:19:93:5c:39:cb:70:8b:2b:72:86:dc:7d:35:5b:3e:d1:0d:
         99:13:46:39:51:d1:75:d2:8e:ef:e0:e0:52:30:1b:0f:4e:e5:
         b9:91:17:25:5e:1f:50:79:15:b9:08:e4:56:11:31:67:d0:61:
         91:ba:a4:54:5a:57:57:1a:d3:4e:da:eb:54:85:e2:6b:fc:46:
         39:6b:f4:98:0e:5c:0b:6b:3f:79:13:28:4d:89:b1:35:30:51:
         df:46:65:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJJIAQxHrU65EieTw0bmBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjQwMTAxMDgyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWE2M2ViZDhkYmZhZDczNGJiZTAyMjM5ZTZlZmUwYWRjMjQ4MTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwz31/wPlUY1uzpyYvjlOF25vIYL0
6+9kLyLfpINE6Ex4UgFU1n8wSdF8XSlt3bcP0ZuYy1H0GT5cu+76KZu5565oTFSY
S3JKun8BvY766mMYoP+OPuQO/UkbBXEB0p7TuShKPC1r9OAFiv57bsrtcRWAzpgo
EuvaQqq9B3JJmWmJeWoS1tHgukc/htdvogGmCOr95Ojiho0Vn0cFTD5qEuwKriCZ
lDGf/OnQM9Us1D3t44GV9wdB7F4+eE+vzA/MeaGdPldpwOtNhgorvPzvJZDKSJce
Z4ayvG0EfHZ3cyau163ehrGSXG/cNhnmFZHECh8lwCiDtfudq/7ziSYrnwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJmmPr2Nv61zS74CI55u/grcJIFdMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvbWFZLXZZMl9yWE5MdmdJam5tNy1DdHdrZ1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsv6rAwQA
sv6zMA0GCSqGSIb3DQEBCwUAA4IBAQAzMtQf8MaXUdNk2yC2tANPpQiJAbVoCKB3
OozKiJRAM4qV86B1xP/EuMQUY/kyshZab6hxjei2kQWE/d97/eV02cVYGTEMZj9v
MTZGbc18DgBUVjA1LbKUIdDO0BFa/4rvlhinfPJRo1dRgntZt4M4q9U0gBYlYdvy
gVo7kX38HpGMl88ADSaZbYMOhgZ6Mmn/E2AxzLhj7VNwAn8VN/3+ir+QGZNcOctw
iytyhtx9NVs+0Q2ZE0Y5UdF10o7v4OBSMBsPTuW5kRclXh9QeRW5CORWETFn0GGR
uqRUWldXGtNO2utUheJr/EY5a/SYDlwLaz95EyhNibE1MFHfRmWq
-----END CERTIFICATE-----