Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/dng2uDh6lJXR5He8xuv-L2VXlo0.roa
File:                     dng2uDh6lJXR5He8xuv-L2VXlo0.roa (raw, json)
Hash identifier:          HUyAFB/bD/HxDe6bs8xZwm/6K8YNamvKlhmEqmirgjY=
Subject key identifier:   76:78:36:B8:38:7A:94:95:D1:E4:77:BC:C6:EB:FE:2F:65:57:96:8D
Certificate issuer:       /CN=b91b91504983091506a1a944457a4558b94dab7f
Certificate serial:       018CC8DF25CE7084F54A40584C1300062E6E
Authority key identifier: B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/dng2uDh6lJXR5He8xuv-L2VXlo0.roa
Signing time:             Tue 02 Jan 2024 06:31:56 +0000
ROA not before:           Tue 02 Jan 2024 06:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202965
IP address blocks:        178.175.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:25:ce:70:84:f5:4a:40:58:4c:13:00:06:2e:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91b91504983091506a1a944457a4558b94dab7f
        Validity
            Not Before: Jan  2 06:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=767836b8387a9495d1e477bcc6ebfe2f6557968d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:3f:db:78:f7:46:0d:8c:ae:42:c6:6b:9b:48:
                    e1:a6:f5:ec:f0:5b:31:1a:5b:c7:d7:30:68:e5:cb:
                    ab:85:73:db:72:a4:5b:b3:70:d5:18:76:52:28:5d:
                    4c:dd:8c:38:c8:dc:03:12:6e:02:b0:e7:51:ef:45:
                    41:2d:f4:1e:9f:4b:ef:49:21:e0:38:e9:93:de:a9:
                    40:84:c4:a6:49:92:f5:76:7a:02:4b:43:aa:c9:11:
                    70:4f:a0:0d:a4:dd:1a:db:69:5f:c1:ef:bd:f8:7c:
                    67:5c:35:a7:9a:26:af:3e:9d:5a:7f:3a:ce:5f:cc:
                    a0:6e:6c:95:ae:94:36:0d:22:b5:91:34:ba:0d:06:
                    b2:8e:8d:87:39:66:f3:37:6b:f6:00:32:09:34:fb:
                    75:30:ac:40:30:fa:f7:ab:17:65:ed:ed:02:27:ae:
                    ad:65:7c:ef:7c:05:79:b5:89:89:27:a8:f6:59:a2:
                    3e:fa:6f:c8:c3:1b:57:5b:2d:8e:56:08:4f:ce:83:
                    2b:6f:e4:79:52:b5:63:2f:25:1a:b3:a3:a7:e4:5d:
                    9f:16:96:49:90:1e:d9:19:f4:71:67:a6:f7:a1:f0:
                    1c:21:dd:32:3e:a4:aa:61:89:e5:2e:dc:c1:b7:f5:
                    6a:8b:0c:7d:a7:1c:5a:93:ac:d4:ad:f1:a0:6e:71:
                    42:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:78:36:B8:38:7A:94:95:D1:E4:77:BC:C6:EB:FE:2F:65:57:96:8D
            X509v3 Authority Key Identifier:
                keyid:B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/dng2uDh6lJXR5He8xuv-L2VXlo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:f4:df:f8:4a:b2:40:c0:fe:66:93:38:eb:6c:30:51:a5:35:
         71:72:9a:23:b3:95:48:4a:6b:e0:ee:eb:5f:ec:cc:53:92:37:
         b5:ce:46:77:da:ca:68:21:c2:87:b9:28:87:26:1c:cf:7d:29:
         32:53:60:fc:31:60:23:ed:d3:87:db:28:f9:ec:cd:39:da:0b:
         34:d3:00:64:db:8b:a0:5d:05:3b:72:8b:c7:54:34:81:22:c6:
         20:4f:1d:41:c3:07:c5:63:8b:4b:96:79:85:23:8e:52:16:dd:
         e7:1e:61:4c:78:25:94:cb:3f:e5:8a:1f:c8:19:2d:fc:ad:2b:
         ce:6f:e2:72:13:35:51:2b:79:36:a5:93:ea:bc:1e:25:2a:58:
         f8:10:25:ed:79:e8:d0:1c:8e:f6:2b:1b:29:64:bb:8a:92:dd:
         1a:8f:5b:9d:fe:52:a1:cc:0f:91:0a:2e:b8:cc:97:a5:75:77:
         e5:f3:c9:d7:94:6a:01:ba:61:f9:9f:bc:da:3d:ec:31:5f:8c:
         f7:24:ed:68:04:c9:bf:46:74:bf:c2:02:15:94:62:0b:df:36:
         a3:d9:27:45:0d:0f:37:ec:5f:4d:4e:6b:9e:f2:a5:ed:2b:73:
         91:82:5c:f7:8d:04:8b:6d:e2:c2:83:ed:b7:7c:38:14:ed:e8:
         22:6b:09:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yXOcIT1SkBYTBMABi5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWI5MTUwNDk4MzA5MTUwNmExYTk0NDQ1N2E0NTU4Yjk0
ZGFiN2YwHhcNMjQwMTAyMDYzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njc4MzZiODM4N2E5NDk1ZDFlNDc3YmNjNmViZmUyZjY1NTc5NjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4z/bePdGDYyuQsZrm0jhpvXs8Fsx
GlvH1zBo5curhXPbcqRbs3DVGHZSKF1M3Yw4yNwDEm4CsOdR70VBLfQen0vvSSHg
OOmT3qlAhMSmSZL1dnoCS0OqyRFwT6ANpN0a22lfwe+9+HxnXDWnmiavPp1afzrO
X8ygbmyVrpQ2DSK1kTS6DQayjo2HOWbzN2v2ADIJNPt1MKxAMPr3qxdl7e0CJ66t
ZXzvfAV5tYmJJ6j2WaI++m/IwxtXWy2OVghPzoMrb+R5UrVjLyUas6On5F2fFpZJ
kB7ZGfRxZ6b3ofAcId0yPqSqYYnlLtzBt/Vqiwx9pxxak6zUrfGgbnFCzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZ4Nrg4epSV0eR3vMbr/i9lV5aNMB8GA1UdIwQY
MBaAFLkbkVBJgwkVBqGpREV6RVi5Tat/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjct
OWRkNmU4OGZjYzhkLzEvZG5nMnVEaDZsSlhSNUhlOHh1di1MMlZYbG8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjctOWRkNmU4OGZjYzhk
LzEvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsq+XMA0G
CSqGSIb3DQEBCwUAA4IBAQBb9N/4SrJAwP5mkzjrbDBRpTVxcpojs5VISmvg7utf
7MxTkje1zkZ32spoIcKHuSiHJhzPfSkyU2D8MWAj7dOH2yj57M052gs00wBk24ug
XQU7covHVDSBIsYgTx1BwwfFY4tLlnmFI45SFt3nHmFMeCWUyz/lih/IGS38rSvO
b+JyEzVRK3k2pZPqvB4lKlj4ECXteejQHI72KxspZLuKkt0aj1ud/lKhzA+RCi64
zJeldXfl88nXlGoBumH5n7zaPewxX4z3JO1oBMm/RnS/wgIVlGIL3zaj2SdFDQ83
7F9NTmue8qXtK3ORglz3jQSLbeLCg+23fDgU7egiawnI
-----END CERTIFICATE-----