Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/9XHxKJ0WI-P3IcOmFgGednxUJbU.roa
File:                     9XHxKJ0WI-P3IcOmFgGednxUJbU.roa (raw, json)
Hash identifier:          ROHwJQ5aBds1pvosQThys7UgHao9D+lnQ9epORD47Ps=
Subject key identifier:   F5:71:F1:28:9D:16:23:E3:F7:21:C3:A6:16:01:9E:76:7C:54:25:B5
Certificate issuer:       /CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
Certificate serial:       018D06E6BA85A42FA7F8FA1F267DD8282C42
Authority key identifier: B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/9XHxKJ0WI-P3IcOmFgGednxUJbU.roa
Signing time:             Sun 14 Jan 2024 07:36:40 +0000
ROA not before:           Sun 14 Jan 2024 07:36:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        178.248.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:06:e6:ba:85:a4:2f:a7:f8:fa:1f:26:7d:d8:28:2c:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
        Validity
            Not Before: Jan 14 07:36:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f571f1289d1623e3f721c3a616019e767c5425b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e8:c1:af:c6:fc:a2:98:03:db:ae:53:32:c9:
                    4d:13:b0:c4:7d:be:dc:e8:dc:8d:02:96:62:be:be:
                    d7:cb:58:90:fc:69:28:ce:1d:25:5c:ef:32:4e:0c:
                    a4:2b:7e:68:78:40:fc:6f:f1:d0:47:05:db:c0:17:
                    9b:2a:be:3b:0a:ce:ca:71:ae:1a:b8:33:15:15:73:
                    9c:16:37:fa:94:f3:3c:45:b9:d9:24:8d:01:f2:52:
                    af:61:74:f4:5b:01:3b:8a:57:ee:31:b5:f4:2e:23:
                    80:74:86:b6:3f:89:2b:c4:15:ba:15:39:90:cc:57:
                    81:5d:b1:06:a1:68:dc:ab:fd:40:f7:55:9f:be:de:
                    32:00:f8:e0:dc:1a:5e:c4:c3:af:cf:d0:ef:c4:ce:
                    61:ff:59:79:79:ca:3d:b2:d0:11:b3:2a:0d:8d:cf:
                    f2:52:61:9f:9b:5d:33:73:69:8b:83:86:ad:48:ad:
                    04:7f:73:68:3d:7a:15:7b:d3:9b:cb:70:e9:13:ef:
                    ce:16:38:f6:66:a2:ca:f0:26:d6:4a:59:78:a3:b3:
                    f0:47:02:9e:9f:4a:ca:bf:67:52:47:a2:23:4c:22:
                    10:ec:fa:97:ab:4b:50:e8:c2:0e:2f:b2:ea:6a:a5:
                    96:36:56:ed:15:5a:48:23:c9:67:57:34:1b:ee:28:
                    a8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:71:F1:28:9D:16:23:E3:F7:21:C3:A6:16:01:9E:76:7C:54:25:B5
            X509v3 Authority Key Identifier:
                keyid:B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/9XHxKJ0WI-P3IcOmFgGednxUJbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:13:c8:83:06:b9:13:5c:c4:a1:01:55:11:b7:f5:ac:f0:4e:
         e2:85:05:00:75:92:f1:87:10:53:86:f8:cc:27:44:fe:05:66:
         33:32:a0:f2:46:f6:bc:9d:fe:28:82:99:83:2f:c9:8f:64:f9:
         dc:74:fd:c4:ae:64:8e:3a:cd:b3:19:b1:a4:2a:cd:f4:5f:0c:
         fa:4d:bd:52:7d:ee:cf:02:f3:6e:1f:e9:fe:c3:f6:f6:a0:82:
         ec:a5:3f:b1:c0:4e:14:59:34:d5:60:64:45:27:c6:00:36:d9:
         eb:b5:1f:fd:24:06:05:dd:59:c7:7d:44:15:f3:7c:63:b7:13:
         96:46:ae:82:ca:c0:f8:d3:b8:cb:15:cb:a5:9f:c7:f3:01:15:
         18:1a:48:51:e8:60:0e:a9:33:3b:e3:e2:0a:37:4f:9a:85:82:
         03:34:b8:6e:f2:95:f9:e1:64:37:5b:31:de:49:00:ad:09:60:
         a3:86:71:bf:41:00:aa:4e:79:b2:d2:87:77:83:b4:42:f7:9c:
         88:6d:14:ec:86:c7:33:91:98:97:da:3a:ce:02:66:98:c3:2d:
         ad:de:8f:bb:b4:44:60:42:a8:9a:93:7a:f1:81:65:c6:e3:71:
         5c:e1:da:66:25:42:4c:48:f6:3f:f8:74:36:77:48:1b:51:49:
         5e:3e:5a:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0G5rqFpC+n+PofJn3YKCxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOWVjZDI0ZjMyMTk4OGRlYjdjMTlkY2EwNTJhNGUzYzQ5
YjYwZWEwHhcNMjQwMTE0MDczNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTcxZjEyODlkMTYyM2UzZjcyMWMzYTYxNjAxOWU3NjdjNTQyNWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjujBr8b8opgD265TMslNE7DEfb7c
6NyNApZivr7Xy1iQ/Gkozh0lXO8yTgykK35oeED8b/HQRwXbwBebKr47Cs7Kca4a
uDMVFXOcFjf6lPM8RbnZJI0B8lKvYXT0WwE7ilfuMbX0LiOAdIa2P4krxBW6FTmQ
zFeBXbEGoWjcq/1A91Wfvt4yAPjg3BpexMOvz9DvxM5h/1l5eco9stARsyoNjc/y
UmGfm10zc2mLg4atSK0Ef3NoPXoVe9Oby3DpE+/OFjj2ZqLK8CbWSll4o7PwRwKe
n0rKv2dSR6IjTCIQ7PqXq0tQ6MIOL7LqaqWWNlbtFVpII8lnVzQb7iiouwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVx8SidFiPj9yHDphYBnnZ8VCW1MB8GA1UdIwQY
MBaAFLOezSTzIZiN63wZ3KBSpOPEm2DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQt
MWJhNjk1ZmFlZjI1LzEvOVhIeEtKMFdJLVAzSWNPbUZnR2VkbnhVSmJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQtMWJhNjk1ZmFlZjI1
LzEvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvhMMA0G
CSqGSIb3DQEBCwUAA4IBAQA/E8iDBrkTXMShAVURt/Ws8E7ihQUAdZLxhxBThvjM
J0T+BWYzMqDyRva8nf4ogpmDL8mPZPncdP3ErmSOOs2zGbGkKs30Xwz6Tb1Sfe7P
AvNuH+n+w/b2oILspT+xwE4UWTTVYGRFJ8YANtnrtR/9JAYF3VnHfUQV83xjtxOW
Rq6CysD407jLFculn8fzARUYGkhR6GAOqTM74+IKN0+ahYIDNLhu8pX54WQ3WzHe
SQCtCWCjhnG/QQCqTnmy0od3g7RC95yIbRTshsczkZiX2jrOAmaYwy2t3o+7tERg
Qqiak3rxgWXG43Fc4dpmJUJMSPY/+HQ2d0gbUUlePlrI
-----END CERTIFICATE-----