Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/76_yqnPxhVfyMgpF717negx2iqg.roa
File:                     76_yqnPxhVfyMgpF717negx2iqg.roa (raw, json)
Hash identifier:          BjNfmXn3wwtV0hRo0HiNNUrgUF8EUMuF5d2AA3NE0Bc=
Subject key identifier:   EF:AF:F2:AA:73:F1:85:57:F2:32:0A:45:EF:5E:E7:7A:0C:76:8A:A8
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       018CC64B8EDEE9469E5B46CA00BA8F4D79AF
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/76_yqnPxhVfyMgpF717negx2iqg.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200504
IP address blocks:        193.192.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8e:de:e9:46:9e:5b:46:ca:00:ba:8f:4d:79:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efaff2aa73f18557f2320a45ef5ee77a0c768aa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:96:4a:66:31:57:2e:dd:37:14:32:66:a0:17:
                    be:16:b7:fb:70:5d:0f:10:04:97:18:dd:8a:36:3a:
                    62:d0:d9:d9:fc:30:53:e0:8e:c7:3a:3d:63:fe:1a:
                    8c:53:ec:ca:0b:2d:06:30:c9:71:9e:4b:da:84:0b:
                    41:16:7c:80:5c:68:61:2d:92:19:f6:73:53:e6:f3:
                    ae:8f:da:29:d3:83:8d:95:08:46:55:04:bc:d9:be:
                    32:a5:84:c8:ef:79:ff:87:a9:ed:2f:23:f0:dd:b9:
                    6c:99:47:46:ae:51:b4:61:98:05:6f:f8:df:38:10:
                    b3:73:26:54:96:bc:71:4a:4c:aa:f3:7a:76:c7:82:
                    18:5b:73:c2:48:1a:9e:82:8b:bf:95:5f:93:5e:09:
                    2a:83:84:11:06:62:34:0c:25:e1:21:9f:7c:03:68:
                    7d:51:a6:ab:6f:d5:6d:0f:a0:6c:10:62:d1:bb:b3:
                    6e:d4:64:23:76:9f:df:d5:a5:8c:40:6b:83:ea:1e:
                    2d:13:c4:ef:11:47:3d:03:4f:a3:ab:79:29:a9:64:
                    8c:76:d7:86:bf:21:ba:94:23:e8:16:da:ec:e7:e1:
                    e3:76:c8:11:e0:63:5b:b8:98:30:ce:9b:e1:19:77:
                    d8:84:d6:12:c3:cf:63:9a:2a:fb:1c:08:1a:0e:77:
                    16:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:AF:F2:AA:73:F1:85:57:F2:32:0A:45:EF:5E:E7:7A:0C:76:8A:A8
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/76_yqnPxhVfyMgpF717negx2iqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:ce:8a:fd:1c:86:fe:22:89:8a:e3:0b:ec:67:e2:27:e0:7f:
         37:3a:7f:8e:65:e1:bd:53:a7:4c:0d:6e:0c:ee:45:1b:f5:62:
         a4:3a:ea:af:a0:b8:29:04:fe:23:9a:dc:02:75:be:1b:cc:00:
         e0:fe:73:8c:0d:69:12:5c:c9:ba:8d:71:ae:4c:a7:fa:71:66:
         12:31:ad:34:b0:34:8d:48:94:c8:99:90:bb:18:e2:46:a9:be:
         2e:8c:0f:f7:2d:0b:e1:c8:9f:08:29:d1:ca:f1:2e:96:48:60:
         2c:be:9f:1b:5a:12:b9:91:45:c3:64:ac:6d:c6:40:48:4d:90:
         94:a1:e9:5e:ff:7d:df:8b:20:0d:d1:ee:37:4a:c3:23:c7:50:
         63:29:a0:e4:e1:25:fe:0e:5c:27:39:f9:c9:30:ae:47:01:65:
         83:c8:23:7b:ad:a4:2f:bc:a6:bf:44:77:64:56:43:ae:8f:0c:
         f5:46:e1:37:6c:4d:d6:e8:12:8c:97:d1:12:b8:be:78:8f:d6:
         e1:dc:20:18:c4:b6:5a:cd:aa:ab:51:4b:5c:e3:ab:7d:46:42:
         c0:18:7e:d3:cb:d4:c0:71:2c:79:67:56:37:c7:75:e4:3a:08:
         f7:0b:f4:a2:0e:19:44:2f:fb:ef:8d:23:88:f8:d2:3c:b0:29:
         49:bd:bf:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS47e6UaeW0bKALqPTXmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmFmZjJhYTczZjE4NTU3ZjIzMjBhNDVlZjVlZTc3YTBjNzY4YWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJZKZjFXLt03FDJmoBe+Frf7cF0P
EASXGN2KNjpi0NnZ/DBT4I7HOj1j/hqMU+zKCy0GMMlxnkvahAtBFnyAXGhhLZIZ
9nNT5vOuj9op04ONlQhGVQS82b4ypYTI73n/h6ntLyPw3blsmUdGrlG0YZgFb/jf
OBCzcyZUlrxxSkyq83p2x4IYW3PCSBqegou/lV+TXgkqg4QRBmI0DCXhIZ98A2h9
Uaarb9VtD6BsEGLRu7Nu1GQjdp/f1aWMQGuD6h4tE8TvEUc9A0+jq3kpqWSMdteG
vyG6lCPoFtrs5+HjdsgR4GNbuJgwzpvhGXfYhNYSw89jmir7HAgaDncWbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+v8qpz8YVX8jIKRe9e53oMdoqoMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvNzZfeXFuUHhoVmZ5TWdwRjcxN25lZ3gyaXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcCpMA0G
CSqGSIb3DQEBCwUAA4IBAQBezor9HIb+IomK4wvsZ+In4H83On+OZeG9U6dMDW4M
7kUb9WKkOuqvoLgpBP4jmtwCdb4bzADg/nOMDWkSXMm6jXGuTKf6cWYSMa00sDSN
SJTImZC7GOJGqb4ujA/3LQvhyJ8IKdHK8S6WSGAsvp8bWhK5kUXDZKxtxkBITZCU
oele/33fiyAN0e43SsMjx1BjKaDk4SX+DlwnOfnJMK5HAWWDyCN7raQvvKa/RHdk
VkOujwz1RuE3bE3W6BKMl9ESuL54j9bh3CAYxLZazaqrUUtc46t9RkLAGH7Ty9TA
cSx5Z1Y3x3XkOgj3C/SiDhlEL/vvjSOI+NI8sClJvb9X
-----END CERTIFICATE-----