Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/0S9ZNRormMCfHyDGV8DZGk2Vqt0.roa
File:                     0S9ZNRormMCfHyDGV8DZGk2Vqt0.roa (raw, json)
Hash identifier:          AP7+4QwoSv/7DUyrsuxlfZWdRY0GtRKldEaP1UE43kg=
Subject key identifier:   D1:2F:59:35:1A:2B:98:C0:9F:1F:20:C6:57:C0:D9:1A:4D:95:AA:DD
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFB04B1E2F67216DED1328F8440ED1
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/0S9ZNRormMCfHyDGV8DZGk2Vqt0.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400687
IP address blocks:        194.76.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b0:4b:1e:2f:67:21:6d:ed:13:28:f8:44:0e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d12f59351a2b98c09f1f20c657c0d91a4d95aadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ad:fd:4e:ec:43:61:1f:e3:ac:0a:50:f2:e3:
                    c6:a3:5d:5e:c7:9d:60:12:6a:26:54:4d:b3:53:cb:
                    4d:25:32:f8:52:55:3c:f0:ab:24:3b:07:a7:84:2a:
                    03:50:dd:c6:26:00:c7:b8:c2:43:9f:1e:b2:03:fd:
                    e9:93:fa:71:f5:fb:9d:71:55:61:bc:91:69:cf:46:
                    c8:33:b4:40:fe:bb:53:4e:2d:6d:c8:28:26:f2:49:
                    cb:6b:8e:ef:86:6b:6a:4e:fa:56:03:d4:90:03:6c:
                    7a:01:08:a1:6f:a2:60:d2:64:e0:4b:3a:6a:17:d7:
                    03:fe:c4:85:d0:b8:f2:39:bf:84:d1:34:c8:3e:8b:
                    79:d1:10:c3:99:e3:f3:d7:d4:2a:62:ed:58:9d:09:
                    07:04:cc:68:aa:c5:17:c9:c4:92:48:2b:dc:c8:62:
                    0a:7d:30:d9:2e:3f:cd:d5:68:57:d3:6c:9f:e1:ec:
                    fa:30:ff:72:58:60:c1:73:d0:ea:9c:59:12:eb:dc:
                    1b:b6:69:1e:ac:17:47:cc:bd:a8:15:6d:36:6c:fd:
                    63:2d:a9:3c:e3:1a:ab:ef:10:97:f0:07:96:c1:3a:
                    30:1f:e4:72:9e:0a:c2:fb:74:9e:6c:dc:5f:c6:f5:
                    28:52:ba:d7:47:99:ce:75:ee:db:1d:9c:fb:d9:ac:
                    3c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:2F:59:35:1A:2B:98:C0:9F:1F:20:C6:57:C0:D9:1A:4D:95:AA:DD
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/0S9ZNRormMCfHyDGV8DZGk2Vqt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:6f:93:77:93:d9:af:a4:85:ee:3d:3a:a2:28:cb:ae:c1:e8:
         56:d9:6d:d8:7a:75:1b:82:9a:9d:42:47:95:dd:f6:6e:d6:53:
         87:b7:7d:1e:84:3e:e2:fa:a3:e8:89:29:d1:bf:85:05:3b:bb:
         56:67:fa:89:00:e9:d8:6b:22:49:60:e4:37:1c:ca:82:2e:73:
         e5:b2:ed:0e:29:0f:5f:2b:64:f8:d1:24:5f:e6:d0:5e:a9:7a:
         cb:02:f2:74:bd:b2:8b:d8:a6:a6:74:fa:63:7d:d9:43:11:5d:
         c5:48:d8:48:fe:af:49:dd:04:59:e9:93:42:39:c8:08:24:27:
         e1:75:61:f2:b5:64:91:d7:cf:55:b2:84:80:28:d4:ea:83:90:
         aa:1b:5d:a7:de:0f:9d:e0:f6:93:8b:f4:36:f0:b7:6e:19:a9:
         a3:f1:0b:3d:45:8f:3e:d5:b1:ec:a6:d8:58:00:9e:6f:57:3f:
         b6:87:3f:f4:42:f8:24:e8:24:72:f8:3a:52:f2:44:62:c8:10:
         f3:e4:3f:4e:bc:d1:34:bd:23:83:dd:36:74:52:cf:cc:bc:93:
         05:b0:e8:5a:9a:17:af:b5:35:0f:64:50:da:bd:e6:a0:13:f9:
         22:45:ef:62:04:76:d1:e7:73:4a:e2:8d:4d:21:ea:24:55:19:
         df:09:f6:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI37BLHi9nIW3tEyj4RA7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTJmNTkzNTFhMmI5OGMwOWYxZjIwYzY1N2MwZDkxYTRkOTVhYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq39TuxDYR/jrApQ8uPGo11ex51g
EmomVE2zU8tNJTL4UlU88KskOwenhCoDUN3GJgDHuMJDnx6yA/3pk/px9fudcVVh
vJFpz0bIM7RA/rtTTi1tyCgm8knLa47vhmtqTvpWA9SQA2x6AQihb6Jg0mTgSzpq
F9cD/sSF0LjyOb+E0TTIPot50RDDmePz19QqYu1YnQkHBMxoqsUXycSSSCvcyGIK
fTDZLj/N1WhX02yf4ez6MP9yWGDBc9DqnFkS69wbtmkerBdHzL2oFW02bP1jLak8
4xqr7xCX8AeWwTowH+RyngrC+3SebNxfxvUoUrrXR5nOde7bHZz72aw8qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEvWTUaK5jAnx8gxlfA2RpNlardMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvMFM5Wk5Sb3JtTUNmSHlER1Y4RFpHazJWcXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkwBMA0G
CSqGSIb3DQEBCwUAA4IBAQAjb5N3k9mvpIXuPTqiKMuuwehW2W3YenUbgpqdQkeV
3fZu1lOHt30ehD7i+qPoiSnRv4UFO7tWZ/qJAOnYayJJYOQ3HMqCLnPlsu0OKQ9f
K2T40SRf5tBeqXrLAvJ0vbKL2KamdPpjfdlDEV3FSNhI/q9J3QRZ6ZNCOcgIJCfh
dWHytWSR189VsoSAKNTqg5CqG12n3g+d4PaTi/Q28LduGamj8Qs9RY8+1bHspthY
AJ5vVz+2hz/0Qvgk6CRy+DpS8kRiyBDz5D9OvNE0vSOD3TZ0Us/MvJMFsOhamhev
tTUPZFDaveagE/kiRe9iBHbR53NK4o1NIeokVRnfCfZr
-----END CERTIFICATE-----