Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/xGHmqqAvpgXtnn70CJjn_6vcRxI.roa
File:                     xGHmqqAvpgXtnn70CJjn_6vcRxI.roa (raw, json)
Hash identifier:          WiIiY4NxE690Si1r20xhsYIziF00otOrMB4gMiSxDz4=
Subject key identifier:   C4:61:E6:AA:A0:2F:A6:05:ED:9E:7E:F4:08:98:E7:FF:AB:DC:47:12
Certificate issuer:       /CN=b91b91504983091506a1a944457a4558b94dab7f
Certificate serial:       018CC8DF2386AAD8E3E49FD37BB04EC313B8
Authority key identifier: B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/xGHmqqAvpgXtnn70CJjn_6vcRxI.roa
Signing time:             Tue 02 Jan 2024 06:31:56 +0000
ROA not before:           Tue 02 Jan 2024 06:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35534
IP address blocks:        178.175.160.0/23 maxlen: 24
                          178.175.162.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:23:86:aa:d8:e3:e4:9f:d3:7b:b0:4e:c3:13:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91b91504983091506a1a944457a4558b94dab7f
        Validity
            Not Before: Jan  2 06:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c461e6aaa02fa605ed9e7ef40898e7ffabdc4712
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:39:09:03:57:44:8d:46:93:ed:d1:1d:2f:6a:
                    fc:97:3a:7e:91:62:63:47:52:d1:37:42:e3:d2:0f:
                    79:28:2a:27:5f:f2:ea:20:e6:c1:05:d0:e4:9a:b8:
                    bd:28:f2:82:14:5a:38:68:3a:f0:aa:97:64:fc:25:
                    01:3e:61:79:3e:25:cf:a5:fe:0b:f8:14:73:df:13:
                    be:04:e6:53:f6:06:f4:01:32:c2:e9:e6:eb:23:7b:
                    5a:10:7c:7a:4a:40:53:56:b3:e2:2f:aa:84:57:a8:
                    b1:36:e6:ac:e4:8c:23:49:ff:a4:ca:42:04:fb:d9:
                    a0:42:0c:67:27:7a:58:78:db:27:53:d8:73:2e:cd:
                    04:3c:50:58:57:d8:72:06:86:f4:7a:86:9c:eb:85:
                    2a:ed:ad:d2:11:73:40:2d:43:15:8d:4d:02:0b:64:
                    93:db:30:e9:c2:47:57:4b:54:0d:ac:15:21:98:85:
                    44:3c:27:22:71:19:76:01:06:d2:cf:e3:11:74:d5:
                    84:14:ee:7f:cf:51:61:a7:3f:a6:84:63:67:ed:3d:
                    61:ce:da:5f:83:81:17:c1:26:47:1a:d3:a7:7d:19:
                    9e:ac:75:8d:b5:7b:57:f0:92:fc:c3:e1:e1:b4:4a:
                    7e:48:bd:b3:e5:c6:b3:ad:82:67:ca:4c:bc:fe:9f:
                    e6:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:61:E6:AA:A0:2F:A6:05:ED:9E:7E:F4:08:98:E7:FF:AB:DC:47:12
            X509v3 Authority Key Identifier:
                keyid:B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/xGHmqqAvpgXtnn70CJjn_6vcRxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:85:ed:b9:10:b4:f6:7a:ec:19:8c:e6:40:c7:dc:9b:8a:7c:
         82:6b:84:22:d5:80:9c:0e:b1:e1:1b:49:2f:f3:f0:b7:c2:6a:
         4f:f3:88:bf:9b:0f:62:e1:72:c9:62:2a:15:cf:c5:89:e5:e3:
         71:22:d1:c1:e0:68:b3:24:40:60:9c:9a:bb:40:07:84:fe:8d:
         f6:24:3a:85:fb:7d:08:36:a1:4c:7c:67:ed:47:34:e5:db:af:
         f3:65:5f:e6:b8:ca:f5:4f:86:93:9b:b6:da:75:18:04:37:06:
         4a:36:99:e1:03:6a:61:fe:99:d3:06:bd:82:2b:00:ae:bc:00:
         b8:45:f6:5e:e5:e5:3c:6c:af:7e:20:f5:d0:15:c2:f9:a9:91:
         35:c3:71:62:c3:d5:d1:61:a2:36:01:2c:b9:aa:9a:45:ce:7b:
         5a:6c:96:fa:ad:b5:3e:48:88:c0:37:f5:ea:bd:c6:22:3a:7d:
         51:ac:63:64:89:ac:1d:7d:19:ce:c6:8c:5d:e4:25:f0:55:c8:
         2f:95:86:3a:57:f6:6b:f1:3f:ec:e7:5e:91:52:39:90:09:bb:
         0f:13:1e:3f:91:3a:1c:ed:b0:52:24:27:02:30:7b:3c:61:2b:
         eb:ed:bd:fe:d8:13:59:c2:52:aa:db:d1:26:48:51:05:47:b4:
         45:e1:ac:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3yOGqtjj5J/Te7BOwxO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWI5MTUwNDk4MzA5MTUwNmExYTk0NDQ1N2E0NTU4Yjk0
ZGFiN2YwHhcNMjQwMTAyMDYzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDYxZTZhYWEwMmZhNjA1ZWQ5ZTdlZjQwODk4ZTdmZmFiZGM0NzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjkJA1dEjUaT7dEdL2r8lzp+kWJj
R1LRN0Lj0g95KConX/LqIObBBdDkmri9KPKCFFo4aDrwqpdk/CUBPmF5PiXPpf4L
+BRz3xO+BOZT9gb0ATLC6ebrI3taEHx6SkBTVrPiL6qEV6ixNuas5IwjSf+kykIE
+9mgQgxnJ3pYeNsnU9hzLs0EPFBYV9hyBob0eoac64Uq7a3SEXNALUMVjU0CC2ST
2zDpwkdXS1QNrBUhmIVEPCcicRl2AQbSz+MRdNWEFO5/z1Fhpz+mhGNn7T1hztpf
g4EXwSZHGtOnfRmerHWNtXtX8JL8w+HhtEp+SL2z5cazrYJnyky8/p/mwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRh5qqgL6YF7Z5+9AiY5/+r3EcSMB8GA1UdIwQY
MBaAFLkbkVBJgwkVBqGpREV6RVi5Tat/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjct
OWRkNmU4OGZjYzhkLzEveEdIbXFxQXZwZ1h0bm43MENKam5fNnZjUnhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjctOWRkNmU4OGZjYzhk
LzEvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsq+gMA0G
CSqGSIb3DQEBCwUAA4IBAQCkhe25ELT2euwZjOZAx9ybinyCa4Qi1YCcDrHhG0kv
8/C3wmpP84i/mw9i4XLJYioVz8WJ5eNxItHB4GizJEBgnJq7QAeE/o32JDqF+30I
NqFMfGftRzTl26/zZV/muMr1T4aTm7badRgENwZKNpnhA2ph/pnTBr2CKwCuvAC4
RfZe5eU8bK9+IPXQFcL5qZE1w3Fiw9XRYaI2ASy5qppFzntabJb6rbU+SIjAN/Xq
vcYiOn1RrGNkiawdfRnOxoxd5CXwVcgvlYY6V/Zr8T/s516RUjmQCbsPEx4/kToc
7bBSJCcCMHs8YSvr7b3+2BNZwlKq29EmSFEFR7RF4ayN
-----END CERTIFICATE-----