Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/P9EZqlT14QdIDUthiMHl7hO6pqI.roa
File:                     P9EZqlT14QdIDUthiMHl7hO6pqI.roa (raw, json)
Hash identifier:          FmExaKTaJ5EhnwPKfjoU4c2Dg1HC4wVDxMZ0sTv4yoA=
Subject key identifier:   3F:D1:19:AA:54:F5:E1:07:48:0D:4B:61:88:C1:E5:EE:13:BA:A6:A2
Certificate issuer:       /CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
Certificate serial:       019349F4A59181E3AEE712031B11D01E61C7
Authority key identifier: B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/P9EZqlT14QdIDUthiMHl7hO6pqI.roa
Signing time:             Wed 20 Nov 2024 14:23:09 +0000
ROA not before:           Wed 20 Nov 2024 14:23:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        178.248.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:f4:a5:91:81:e3:ae:e7:12:03:1b:11:d0:1e:61:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b39ecd24f321988deb7c19dca052a4e3c49b60ea
        Validity
            Not Before: Nov 20 14:23:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fd119aa54f5e107480d4b6188c1e5ee13baa6a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:40:61:18:4d:34:46:c3:db:b0:32:aa:c9:2b:
                    58:db:67:12:a2:0a:da:86:cd:95:5f:d6:8b:35:22:
                    2c:98:f8:09:89:8a:ce:20:07:eb:92:6d:30:cf:02:
                    a6:42:e3:1c:6c:7d:10:fe:ae:6a:89:fd:81:4c:db:
                    e9:ac:18:30:0a:3f:61:b5:5d:a9:9e:37:4b:e8:d7:
                    a4:aa:8e:d9:0d:cf:c8:0a:c7:03:3a:35:d3:b8:49:
                    0c:40:99:b4:84:93:72:a1:38:11:80:0b:f0:75:cb:
                    5c:3c:84:36:20:3e:04:9f:a8:eb:ef:7d:a2:31:e4:
                    0f:c8:6a:c2:4e:e2:ca:00:79:1f:24:ff:95:c6:86:
                    4e:73:b5:5f:30:17:da:fa:35:1d:36:78:4e:4a:53:
                    06:c4:de:ee:12:d2:07:46:e2:19:d1:58:c9:9c:b0:
                    f0:cc:0d:4e:e7:89:0d:d4:fb:e3:87:5d:a6:d3:a6:
                    f6:c6:44:b4:6d:49:f6:f8:03:c7:13:ff:87:71:e0:
                    af:30:06:7d:07:63:c7:b4:64:e0:df:16:b7:72:f4:
                    4c:01:07:ef:60:9d:d6:63:96:f2:f3:93:82:00:27:
                    2a:f8:5e:75:ca:42:c8:db:8e:32:dd:b2:cb:7d:1d:
                    2a:4e:9e:56:25:63:aa:ca:7f:fa:74:41:a3:cc:d4:
                    f4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D1:19:AA:54:F5:E1:07:48:0D:4B:61:88:C1:E5:EE:13:BA:A6:A2
            X509v3 Authority Key Identifier:
                keyid:B3:9E:CD:24:F3:21:98:8D:EB:7C:19:DC:A0:52:A4:E3:C4:9B:60:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s57NJPMhmI3rfBncoFKk48SbYOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/P9EZqlT14QdIDUthiMHl7hO6pqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e3826d-5ada-4e43-9084-1ba695faef25/1/s57NJPMhmI3rfBncoFKk48SbYOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:cd:ec:7e:f2:ec:86:f2:a0:ba:73:e2:93:a1:da:13:3d:c3:
         f9:7c:34:e4:b1:1b:7b:64:bf:7b:3b:ef:93:c1:b4:0e:8b:0d:
         2d:77:c8:8f:16:63:7b:ba:28:f5:2d:b3:db:a2:62:11:2c:be:
         4b:98:86:ea:7a:fd:a4:00:f5:18:33:e3:33:5d:f3:e8:ac:97:
         cf:08:77:4b:35:de:5d:8c:c0:35:52:68:9e:85:9c:a3:96:fc:
         21:b5:db:0d:e6:a8:ba:70:bd:f3:78:07:b6:cf:75:2a:00:04:
         b8:d9:3a:3c:e8:2e:9d:02:a0:2b:c8:60:b4:db:2d:91:4f:f1:
         9f:6f:87:d9:0c:39:f6:01:cb:34:8f:cd:e5:05:17:a9:8f:77:
         34:c0:7b:43:6e:90:80:6d:a9:bf:b5:03:0f:d3:b4:4b:3f:0c:
         6f:82:25:6b:8a:af:0b:0f:dd:6a:e0:df:eb:7e:53:05:88:2e:
         8b:31:9a:2a:ff:71:da:55:31:ee:cc:5b:7f:76:7a:af:27:96:
         27:86:d5:ea:09:ab:f9:ff:35:08:2d:d9:64:44:b0:da:6e:57:
         99:f6:2b:62:23:b7:04:ad:61:96:30:50:23:b0:7a:f5:9f:41:
         c6:e9:87:d9:08:8f:26:19:a8:9b:33:ec:29:51:82:9c:19:86:
         59:7a:fd:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNJ9KWRgeOu5xIDGxHQHmHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOWVjZDI0ZjMyMTk4OGRlYjdjMTlkY2EwNTJhNGUzYzQ5
YjYwZWEwHhcNMjQxMTIwMTQyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQxMTlhYTU0ZjVlMTA3NDgwZDRiNjE4OGMxZTVlZTEzYmFhNmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0BhGE00RsPbsDKqyStY22cSogra
hs2VX9aLNSIsmPgJiYrOIAfrkm0wzwKmQuMcbH0Q/q5qif2BTNvprBgwCj9htV2p
njdL6Nekqo7ZDc/ICscDOjXTuEkMQJm0hJNyoTgRgAvwdctcPIQ2ID4En6jr732i
MeQPyGrCTuLKAHkfJP+VxoZOc7VfMBfa+jUdNnhOSlMGxN7uEtIHRuIZ0VjJnLDw
zA1O54kN1Pvjh12m06b2xkS0bUn2+APHE/+HceCvMAZ9B2PHtGTg3xa3cvRMAQfv
YJ3WY5by85OCACcq+F51ykLI244y3bLLfR0qTp5WJWOqyn/6dEGjzNT0sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/RGapU9eEHSA1LYYjB5e4TuqaiMB8GA1UdIwQY
MBaAFLOezSTzIZiN63wZ3KBSpOPEm2DqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQt
MWJhNjk1ZmFlZjI1LzEvUDlFWnFsVDE0UWRJRFV0aGlNSGw3aE82cHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lMzgyNmQtNWFkYS00ZTQzLTkwODQtMWJhNjk1ZmFlZjI1
LzEvczU3TkpQTWhtSTNyZkJuY29GS2s0OFNiWU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsvhMMA0G
CSqGSIb3DQEBCwUAA4IBAQApzex+8uyG8qC6c+KTodoTPcP5fDTksRt7ZL97O++T
wbQOiw0td8iPFmN7uij1LbPbomIRLL5LmIbqev2kAPUYM+MzXfPorJfPCHdLNd5d
jMA1UmiehZyjlvwhtdsN5qi6cL3zeAe2z3UqAAS42To86C6dAqAryGC02y2RT/Gf
b4fZDDn2Acs0j83lBRepj3c0wHtDbpCAbam/tQMP07RLPwxvgiVriq8LD91q4N/r
flMFiC6LMZoq/3HaVTHuzFt/dnqvJ5YnhtXqCav5/zUILdlkRLDableZ9itiI7cE
rWGWMFAjsHr1n0HG6YfZCI8mGaibM+wpUYKcGYZZev3u
-----END CERTIFICATE-----