Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/Cc8kDTTGCvTk9PhKqknQ1q92X7U.roa
File:                     Cc8kDTTGCvTk9PhKqknQ1q92X7U.roa (raw, json)
Hash identifier:          bmsp44cRsC89hB7tbHLMlzhVddTSqdlYUipX09gklvk=
Subject key identifier:   09:CF:24:0D:34:C6:0A:F4:E4:F4:F8:4A:AA:49:D0:D6:AF:76:5F:B5
Certificate issuer:       /CN=b91b91504983091506a1a944457a4558b94dab7f
Certificate serial:       018CC8DF2464D4D05721119401A96F2C9DCE
Authority key identifier: B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/Cc8kDTTGCvTk9PhKqknQ1q92X7U.roa
Signing time:             Tue 02 Jan 2024 06:31:56 +0000
ROA not before:           Tue 02 Jan 2024 06:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51246
IP address blocks:        178.175.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:24:64:d4:d0:57:21:11:94:01:a9:6f:2c:9d:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91b91504983091506a1a944457a4558b94dab7f
        Validity
            Not Before: Jan  2 06:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09cf240d34c60af4e4f4f84aaa49d0d6af765fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:73:21:e9:41:32:d3:45:11:ac:b5:63:de:5f:
                    76:dd:f2:10:45:f1:2c:a1:8b:fd:8e:15:ec:6b:aa:
                    e2:d1:1a:fa:aa:90:8e:34:96:3f:7e:27:ac:c5:49:
                    43:d5:ff:0f:70:d1:60:f5:11:08:f0:75:86:ec:02:
                    b4:4f:33:9a:70:71:95:ae:e0:98:6f:6c:9d:ef:84:
                    d4:e8:5f:87:19:26:8f:4a:cc:d8:f3:5d:db:ac:4c:
                    eb:c4:ab:04:f6:3a:e2:fa:8c:90:dc:42:d4:d3:5e:
                    c7:52:b4:64:cb:d0:0f:d7:57:95:69:96:1a:54:7d:
                    05:e4:78:cf:ae:88:23:de:4a:ea:14:63:9d:a1:3b:
                    a1:d1:ea:70:25:f1:aa:6f:62:74:2f:12:a0:74:58:
                    4f:ad:76:14:2f:17:ce:ea:fc:fa:86:e8:08:7c:ed:
                    b1:16:88:08:fe:e0:fd:3a:2f:4e:4f:7d:52:a6:18:
                    6d:b2:84:ca:b2:28:cb:6c:8a:c4:10:81:9f:30:cd:
                    fe:6e:20:de:6b:1a:82:a7:19:11:63:30:45:0b:b7:
                    31:95:e7:9d:fc:ac:1b:1a:4d:ce:59:ee:74:c7:15:
                    92:bc:88:77:a7:15:80:a0:0d:c9:83:43:de:f5:85:
                    4f:7c:8d:c9:e8:b0:d2:5b:d6:49:b6:1f:f0:b2:bf:
                    b3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:CF:24:0D:34:C6:0A:F4:E4:F4:F8:4A:AA:49:D0:D6:AF:76:5F:B5
            X509v3 Authority Key Identifier:
                keyid:B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/Cc8kDTTGCvTk9PhKqknQ1q92X7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e4:32:5c:08:13:3e:62:17:c9:04:b8:57:ee:e4:cd:8a:10:93:
         05:2e:41:50:0f:55:be:7d:d1:32:f9:a8:29:d1:ce:94:e9:f6:
         a9:1d:d5:c5:5a:11:71:26:ac:23:f0:3a:72:cb:21:45:89:4b:
         a6:a9:e6:53:13:5f:b5:24:26:22:f7:ec:ad:1f:02:94:a4:55:
         a0:ad:1c:27:f9:47:2b:aa:41:89:ce:d3:ce:4f:06:10:a3:38:
         16:18:41:9e:ac:84:b8:62:d6:c5:29:2c:67:d9:72:66:30:76:
         9b:e7:b2:a7:ae:a8:d9:78:80:9e:d9:e2:ef:f1:93:39:c4:1c:
         33:08:6f:3f:33:2e:64:5d:1e:04:c6:b7:8e:6f:6b:0a:1b:4f:
         d8:32:9a:2f:c9:f4:e2:3a:55:e8:6e:00:18:e7:5e:f1:2d:ee:
         aa:36:0f:80:d5:fd:8f:b8:32:15:00:1b:62:2a:fd:2f:1d:ad:
         75:1f:c1:60:a2:89:99:fc:0a:a7:e6:b7:d5:b7:8e:f8:df:f8:
         3e:9d:bd:e0:63:9d:bd:73:36:d3:2f:03:00:14:76:c6:cc:2d:
         7a:35:4d:b4:2d:25:c3:e1:e6:66:f9:e8:d5:9d:90:07:41:d9:
         20:c3:04:52:65:4e:4c:c0:48:12:bf:b4:2c:a7:a9:dd:c8:37:
         d6:c7:d5:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yRk1NBXIRGUAalvLJ3OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWI5MTUwNDk4MzA5MTUwNmExYTk0NDQ1N2E0NTU4Yjk0
ZGFiN2YwHhcNMjQwMTAyMDYzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWNmMjQwZDM0YzYwYWY0ZTRmNGY4NGFhYTQ5ZDBkNmFmNzY1ZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXMh6UEy00URrLVj3l923fIQRfEs
oYv9jhXsa6ri0Rr6qpCONJY/fiesxUlD1f8PcNFg9REI8HWG7AK0TzOacHGVruCY
b2yd74TU6F+HGSaPSszY813brEzrxKsE9jri+oyQ3ELU017HUrRky9AP11eVaZYa
VH0F5HjProgj3krqFGOdoTuh0epwJfGqb2J0LxKgdFhPrXYULxfO6vz6hugIfO2x
FogI/uD9Oi9OT31SphhtsoTKsijLbIrEEIGfMM3+biDeaxqCpxkRYzBFC7cxleed
/KwbGk3OWe50xxWSvIh3pxWAoA3Jg0Pe9YVPfI3J6LDSW9ZJth/wsr+zCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnPJA00xgr05PT4SqpJ0Navdl+1MB8GA1UdIwQY
MBaAFLkbkVBJgwkVBqGpREV6RVi5Tat/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjct
OWRkNmU4OGZjYzhkLzEvQ2M4a0RUVEdDdlRrOVBoS3FrblExcTkyWDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjctOWRkNmU4OGZjYzhk
LzEvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsq+WMA0G
CSqGSIb3DQEBCwUAA4IBAQDkMlwIEz5iF8kEuFfu5M2KEJMFLkFQD1W+fdEy+agp
0c6U6fapHdXFWhFxJqwj8DpyyyFFiUumqeZTE1+1JCYi9+ytHwKUpFWgrRwn+Ucr
qkGJztPOTwYQozgWGEGerIS4YtbFKSxn2XJmMHab57KnrqjZeICe2eLv8ZM5xBwz
CG8/My5kXR4ExreOb2sKG0/YMpovyfTiOlXobgAY517xLe6qNg+A1f2PuDIVABti
Kv0vHa11H8FgoomZ/Aqn5rfVt4743/g+nb3gY529czbTLwMAFHbGzC16NU20LSXD
4eZm+ejVnZAHQdkgwwRSZU5MwEgSv7Qsp6ndyDfWx9W0
-----END CERTIFICATE-----