Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/fgtQ1ImN6E6pm20UwK9SCRn_M0s.roa
File:                     fgtQ1ImN6E6pm20UwK9SCRn_M0s.roa (raw, json)
Hash identifier:          7pxIRaJZNLUEqkO0tfTqS8bv7RNAKsaHlMkx/nSU3X4=
Subject key identifier:   7E:0B:50:D4:89:8D:E8:4E:A9:9B:6D:14:C0:AF:52:09:19:FF:33:4B
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D5A4A85AEFAC433C99113F4F1F09
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/fgtQ1ImN6E6pm20UwK9SCRn_M0s.roa
Signing time:             Tue 02 Jan 2024 12:33:08 +0000
ROA not before:           Tue 02 Jan 2024 12:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201671
IP address blocks:        185.78.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d5:a4:a8:5a:ef:ac:43:3c:99:11:3f:4f:1f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e0b50d4898de84ea99b6d14c0af520919ff334b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:48:dc:fa:91:7e:c0:d0:50:1b:35:7f:36:61:
                    90:ed:a0:44:67:64:05:2d:cc:90:16:f4:eb:ec:a5:
                    df:ff:95:6c:14:25:d6:e6:a4:f2:6f:62:e3:c2:0a:
                    f7:7c:f2:a3:8a:e2:ca:4f:a7:c0:6f:58:0e:bc:27:
                    86:84:b9:e1:dc:3b:be:f6:1a:27:5c:44:53:ed:c8:
                    6a:56:5f:6b:96:a7:ab:cc:8c:a8:c0:f3:91:38:61:
                    5a:2f:e0:bb:a2:e1:55:74:dd:98:05:d9:ed:5d:c5:
                    6c:7a:01:3f:3d:6f:c8:73:3b:ab:8f:d4:4f:65:ba:
                    26:a4:a2:bb:8c:48:90:65:20:de:01:c1:b9:83:52:
                    dd:00:18:b6:55:05:af:f4:0c:22:2c:92:f0:8c:aa:
                    67:17:55:5a:48:ce:ea:0e:22:23:30:bf:75:8d:39:
                    9b:c6:48:1d:fc:a0:b6:0a:95:14:3e:91:1a:73:29:
                    c3:94:3e:9e:7c:da:92:51:54:e2:f1:ca:b1:ec:dc:
                    c4:66:ba:5b:bc:8d:f8:77:15:39:81:ad:30:1d:3b:
                    c5:c7:70:70:81:c3:17:b9:33:d7:f6:11:f4:89:a1:
                    5c:96:2c:52:9d:d2:e2:fb:cf:af:54:91:a7:79:3f:
                    cb:29:bd:24:dd:36:2f:91:da:fe:85:bc:8b:a8:82:
                    cb:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:0B:50:D4:89:8D:E8:4E:A9:9B:6D:14:C0:AF:52:09:19:FF:33:4B
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/fgtQ1ImN6E6pm20UwK9SCRn_M0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:24:cf:f4:63:1c:3f:a7:b7:e2:9f:38:8b:fb:69:14:be:2e:
         95:50:d9:a7:6e:ed:15:c5:94:27:2f:ba:ec:be:09:36:35:c6:
         85:0a:4a:31:8c:8c:f3:da:75:42:74:07:2d:19:50:3b:fd:a1:
         c7:3d:b6:24:e5:24:79:b5:c8:ad:8d:b8:08:8a:93:64:e1:22:
         ed:75:b4:25:dd:f5:fb:4f:0b:36:42:49:a9:a4:45:cc:ac:74:
         97:4a:20:07:5f:bd:4e:15:6a:4e:fb:5d:64:c6:e5:cc:c7:5f:
         89:a3:c3:81:69:d6:6a:6f:00:8f:f9:34:ce:c9:a4:2d:fb:6b:
         ac:7a:8f:82:a2:c5:da:fd:89:35:84:4b:32:3d:3f:fc:a1:8b:
         e1:ae:66:a9:06:ea:d5:04:8f:3d:b0:2a:e0:b8:34:d9:00:8a:
         bf:84:70:95:7b:92:eb:4a:cb:c5:20:79:85:1d:63:69:b1:d7:
         c1:91:99:cd:c4:56:23:d6:36:47:0e:d4:55:00:12:99:b5:02:
         18:98:09:60:37:dd:fe:6f:c5:98:9f:79:90:d9:54:d1:8e:40:
         5a:c0:68:78:63:23:b1:91:8e:d5:fd:2e:68:ba:a4:b6:ae:64:
         aa:c9:55:d9:46:74:e3:77:f3:0e:25:f0:be:ed:52:14:c7:d0:
         47:6c:f1:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdWkqFrvrEM8mRE/Tx8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTBiNTBkNDg5OGRlODRlYTk5YjZkMTRjMGFmNTIwOTE5ZmYzMzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUjc+pF+wNBQGzV/NmGQ7aBEZ2QF
LcyQFvTr7KXf/5VsFCXW5qTyb2Ljwgr3fPKjiuLKT6fAb1gOvCeGhLnh3Du+9hon
XERT7chqVl9rlqerzIyowPOROGFaL+C7ouFVdN2YBdntXcVsegE/PW/Iczurj9RP
ZbompKK7jEiQZSDeAcG5g1LdABi2VQWv9AwiLJLwjKpnF1VaSM7qDiIjML91jTmb
xkgd/KC2CpUUPpEacynDlD6efNqSUVTi8cqx7NzEZrpbvI34dxU5ga0wHTvFx3Bw
gcMXuTPX9hH0iaFclixSndLi+8+vVJGneT/LKb0k3TYvkdr+hbyLqILLzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4LUNSJjehOqZttFMCvUgkZ/zNLMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvZmd0UTFJbU42RTZwbTIwVXdLOVNDUm5fTTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuU5MMA0G
CSqGSIb3DQEBCwUAA4IBAQBPJM/0Yxw/p7finziL+2kUvi6VUNmnbu0VxZQnL7rs
vgk2NcaFCkoxjIzz2nVCdActGVA7/aHHPbYk5SR5tcitjbgIipNk4SLtdbQl3fX7
Tws2QkmppEXMrHSXSiAHX71OFWpO+11kxuXMx1+Jo8OBadZqbwCP+TTOyaQt+2us
eo+CosXa/Yk1hEsyPT/8oYvhrmapBurVBI89sCrguDTZAIq/hHCVe5LrSsvFIHmF
HWNpsdfBkZnNxFYj1jZHDtRVABKZtQIYmAlgN93+b8WYn3mQ2VTRjkBawGh4YyOx
kY7V/S5ouqS2rmSqyVXZRnTjd/MOJfC+7VIUx9BHbPEF
-----END CERTIFICATE-----