Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/9y3Rgel4mqZS2K3AdCH8YKWUE8M.roa
File:                     9y3Rgel4mqZS2K3AdCH8YKWUE8M.roa (raw, json)
Hash identifier:          lJWcdffitapF6lTbN+0mH5m+bI9avA1xzxdZgX3uqEQ=
Subject key identifier:   F7:2D:D1:81:E9:78:9A:A6:52:D8:AD:C0:74:21:FC:60:A5:94:13:C3
Certificate issuer:       /CN=b91b91504983091506a1a944457a4558b94dab7f
Certificate serial:       018CC8DF252AB191A04E3D8B07244C20F2D7
Authority key identifier: B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/9y3Rgel4mqZS2K3AdCH8YKWUE8M.roa
Signing time:             Tue 02 Jan 2024 06:31:56 +0000
ROA not before:           Tue 02 Jan 2024 06:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57776
IP address blocks:        178.175.156.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:25:2a:b1:91:a0:4e:3d:8b:07:24:4c:20:f2:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91b91504983091506a1a944457a4558b94dab7f
        Validity
            Not Before: Jan  2 06:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f72dd181e9789aa652d8adc07421fc60a59413c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2a:25:c9:f6:d5:a7:97:08:3c:be:ce:2e:98:
                    f4:60:bd:4b:73:3b:e9:61:1e:23:66:32:e0:69:4c:
                    d3:b9:ba:db:af:50:85:71:18:0d:20:9a:54:99:83:
                    ac:2d:69:75:ff:71:b0:95:94:80:d9:0f:91:7b:ef:
                    59:14:c1:1e:9a:52:24:0b:fb:c2:9f:35:b5:9a:3e:
                    85:e5:f3:08:a4:d5:e0:32:9e:a8:2a:b8:20:b3:a2:
                    67:4a:64:28:3e:c9:ef:0e:42:1d:bb:c8:fb:d7:53:
                    5c:40:07:72:4b:18:df:05:87:d5:b3:29:17:3d:15:
                    e4:44:ec:25:96:61:96:95:3a:72:a4:18:9c:42:5e:
                    94:d1:46:e5:11:a9:91:a9:84:1a:c5:82:ab:b3:7d:
                    dd:57:b2:af:f1:df:27:dc:74:1c:ea:18:ab:75:ed:
                    58:14:8b:1f:bd:1f:8e:93:b8:7b:15:3b:1a:be:14:
                    7c:7d:bc:f1:5e:4d:dd:05:f5:25:d9:5e:3a:7c:dd:
                    cd:c8:1e:07:30:bd:b9:ac:f3:b3:61:0b:60:12:54:
                    33:ca:36:83:ef:e3:76:a5:76:ba:1c:78:8a:cf:2e:
                    be:fa:26:63:3f:72:30:0f:6e:84:3b:93:b8:35:c9:
                    a1:12:60:3d:0d:0d:af:2b:01:41:89:2f:2c:e2:12:
                    f5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:2D:D1:81:E9:78:9A:A6:52:D8:AD:C0:74:21:FC:60:A5:94:13:C3
            X509v3 Authority Key Identifier:
                keyid:B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/9y3Rgel4mqZS2K3AdCH8YKWUE8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         dd:5f:6f:c5:a9:ec:b9:82:d2:c7:3e:f4:f7:ee:f8:38:8d:92:
         57:b3:85:0b:1e:8a:2f:4a:74:c3:cf:1a:18:37:e2:ea:7b:a0:
         99:34:5c:12:0a:1e:82:2e:09:b3:85:a0:0d:7c:12:fa:15:27:
         55:c5:c7:ca:d8:a1:d4:4c:51:53:68:b1:e6:22:c0:86:df:41:
         48:05:52:a5:67:06:6d:26:a0:9d:13:39:d2:f5:ed:52:48:36:
         01:fb:c3:e3:f7:d9:d3:6f:c0:a4:d8:98:50:98:4d:2e:91:a6:
         37:7a:49:22:73:a0:61:b5:4b:82:37:c4:05:dd:2c:3e:ae:24:
         a2:87:7a:4c:37:4d:b5:82:2a:da:01:ec:46:25:8a:f0:5e:f1:
         d2:d9:f1:ba:02:e6:ee:92:5a:6e:27:80:64:3a:38:7f:b1:8a:
         7b:6b:9b:a2:8a:95:0a:00:33:2f:e4:a8:dd:57:e7:9c:47:97:
         d7:9b:3f:af:6d:3d:a2:59:db:f9:53:5a:22:d6:b4:8f:3b:16:
         78:e5:78:a7:08:8d:4f:2f:97:25:1f:fc:68:a3:49:56:15:b1:
         73:52:00:16:ad:17:42:c3:b8:96:f1:b4:15:d0:f4:6c:5c:63:
         31:3f:5c:a9:98:41:ba:fe:71:5a:d4:17:05:b8:4d:99:95:22:
         31:20:4b:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yUqsZGgTj2LByRMIPLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWI5MTUwNDk4MzA5MTUwNmExYTk0NDQ1N2E0NTU4Yjk0
ZGFiN2YwHhcNMjQwMTAyMDYzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzJkZDE4MWU5Nzg5YWE2NTJkOGFkYzA3NDIxZmM2MGE1OTQxM2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiolyfbVp5cIPL7OLpj0YL1Lczvp
YR4jZjLgaUzTubrbr1CFcRgNIJpUmYOsLWl1/3GwlZSA2Q+Re+9ZFMEemlIkC/vC
nzW1mj6F5fMIpNXgMp6oKrggs6JnSmQoPsnvDkIdu8j711NcQAdySxjfBYfVsykX
PRXkROwllmGWlTpypBicQl6U0UblEamRqYQaxYKrs33dV7Kv8d8n3HQc6hirde1Y
FIsfvR+Ok7h7FTsavhR8fbzxXk3dBfUl2V46fN3NyB4HML25rPOzYQtgElQzyjaD
7+N2pXa6HHiKzy6++iZjP3IwD26EO5O4NcmhEmA9DQ2vKwFBiS8s4hL1jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPct0YHpeJqmUtitwHQh/GCllBPDMB8GA1UdIwQY
MBaAFLkbkVBJgwkVBqGpREV6RVi5Tat/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjct
OWRkNmU4OGZjYzhkLzEvOXkzUmdlbDRtcVpTMkszQWRDSDhZS1dVRThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjctOWRkNmU4OGZjYzhk
LzEvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsq+cMA0G
CSqGSIb3DQEBCwUAA4IBAQDdX2/Fqey5gtLHPvT37vg4jZJXs4ULHoovSnTDzxoY
N+Lqe6CZNFwSCh6CLgmzhaANfBL6FSdVxcfK2KHUTFFTaLHmIsCG30FIBVKlZwZt
JqCdEznS9e1SSDYB+8Pj99nTb8Ck2JhQmE0ukaY3ekkic6BhtUuCN8QF3Sw+riSi
h3pMN021giraAexGJYrwXvHS2fG6AubuklpuJ4BkOjh/sYp7a5uiipUKADMv5Kjd
V+ecR5fXmz+vbT2iWdv5U1oi1rSPOxZ45XinCI1PL5clH/xoo0lWFbFzUgAWrRdC
w7iW8bQV0PRsXGMxP1ypmEG6/nFa1BcFuE2ZlSIxIEuR
-----END CERTIFICATE-----