Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/1n90qyS49Q3-6961DH7nd43IEwE.roa
File:                     1n90qyS49Q3-6961DH7nd43IEwE.roa (raw, json)
Hash identifier:          /HVooTu9CXQ9W1i0EBiIRiO12kC8R6TUVjBh74AB/7k=
Subject key identifier:   D6:7F:74:AB:24:B8:F5:0D:FE:EB:DE:B5:0C:7E:E7:77:8D:C8:13:01
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D43187E10DBCCD2B5C3CF8564E772
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/1n90qyS49Q3-6961DH7nd43IEwE.roa
Signing time:             Tue 02 Jan 2024 08:32:13 +0000
ROA not before:           Tue 02 Jan 2024 08:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208643
IP address blocks:        195.178.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:43:18:7e:10:db:cc:d2:b5:c3:cf:85:64:e7:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d67f74ab24b8f50dfeebdeb50c7ee7778dc81301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c6:fa:10:19:8b:b8:5d:9d:c5:05:c9:b6:09:
                    21:5f:83:29:a0:ae:3c:3b:58:40:4f:be:a5:0e:d6:
                    c4:2b:d2:f9:94:de:e2:69:76:f9:f3:2e:da:d1:01:
                    1c:d9:49:25:0f:53:b3:b3:2d:5d:fc:c8:4b:ae:80:
                    2c:fd:23:81:bf:fd:0c:2f:c4:60:b5:22:5b:e4:09:
                    58:a1:08:21:7d:ab:ab:f4:5e:ec:58:c0:d3:fe:1a:
                    25:1f:62:19:cd:0a:2a:9b:dc:c4:39:64:55:95:a4:
                    cd:31:29:9d:68:c1:10:f0:31:ba:39:91:5b:51:5b:
                    3f:ae:cb:df:92:22:d0:ab:ed:22:da:e7:ee:f7:60:
                    ff:10:69:27:ff:99:be:b9:96:65:d7:3e:9e:40:5e:
                    3c:3c:d0:c7:fb:c8:c1:b1:c5:93:ea:f4:a8:6a:7d:
                    a0:a8:6f:ef:e1:b9:db:4e:01:2d:59:63:12:94:a8:
                    ad:4f:5e:66:ec:6b:4e:d0:1b:c3:00:74:72:f7:03:
                    8e:2a:d6:60:d8:3e:39:28:d6:7c:57:56:e7:3a:f7:
                    a3:a5:c2:06:b2:84:83:c2:a7:28:ca:a6:15:5a:06:
                    03:a6:20:36:04:9b:6b:64:af:23:27:b5:35:6a:9b:
                    9e:e4:03:be:95:2e:56:ed:68:5c:55:e1:7f:03:6e:
                    49:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:7F:74:AB:24:B8:F5:0D:FE:EB:DE:B5:0C:7E:E7:77:8D:C8:13:01
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/1n90qyS49Q3-6961DH7nd43IEwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.178.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:a1:cd:b8:ad:7c:2b:b0:ce:34:f3:4f:12:29:fd:9b:da:a4:
         43:56:f3:e5:d5:5d:17:ac:12:0a:d4:17:9c:97:87:f9:61:0f:
         70:20:7e:4a:3d:16:47:ed:80:a4:bd:52:3d:2a:f1:14:28:25:
         a7:d1:82:6e:fc:df:97:26:4a:97:ce:49:f8:89:3b:e3:4d:6e:
         8a:ca:6c:3f:38:e8:0e:8b:dd:af:9a:e3:09:4a:c8:32:7d:59:
         14:95:cf:d4:83:bd:53:31:7c:73:0b:7e:be:0c:b6:20:20:cd:
         aa:9f:bb:7a:59:ef:e9:0a:b1:e5:1e:7e:8c:d7:54:f0:77:c3:
         aa:d0:1f:9a:35:cc:96:68:6f:43:62:55:df:ed:3a:99:8e:f1:
         49:b2:20:02:c4:da:e6:11:9d:a5:32:e3:43:7c:ae:7f:64:98:
         87:96:b2:61:26:0b:8d:47:a0:36:29:a9:be:53:e5:fd:0a:dd:
         61:a5:51:09:f5:b0:11:e8:c5:87:17:29:29:30:d6:72:47:7f:
         c4:1d:56:8e:a4:ff:8f:8c:1d:fd:2d:04:a0:2d:a7:78:d0:33:
         e0:1b:d4:02:5e:6e:0e:ef:96:8e:2a:23:62:4a:45:c4:3c:fc:
         cf:08:4c:a1:de:5b:b8:80:34:74:43:32:9e:5b:07:54:58:30:
         c9:8f:41:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUMYfhDbzNK1w8+FZOdyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjdmNzRhYjI0YjhmNTBkZmVlYmRlYjUwYzdlZTc3NzhkYzgxMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsb6EBmLuF2dxQXJtgkhX4MpoK48
O1hAT76lDtbEK9L5lN7iaXb58y7a0QEc2UklD1Ozsy1d/MhLroAs/SOBv/0ML8Rg
tSJb5AlYoQghfaur9F7sWMDT/holH2IZzQoqm9zEOWRVlaTNMSmdaMEQ8DG6OZFb
UVs/rsvfkiLQq+0i2ufu92D/EGkn/5m+uZZl1z6eQF48PNDH+8jBscWT6vSoan2g
qG/v4bnbTgEtWWMSlKitT15m7GtO0BvDAHRy9wOOKtZg2D45KNZ8V1bnOvejpcIG
soSDwqcoyqYVWgYDpiA2BJtrZK8jJ7U1apue5AO+lS5W7WhcVeF/A25JzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZ/dKskuPUN/uvetQx+53eNyBMBMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvMW45MHF5UzQ5UTMtNjk2MURIN25kNDNJRXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7KdMA0G
CSqGSIb3DQEBCwUAA4IBAQCCoc24rXwrsM40808SKf2b2qRDVvPl1V0XrBIK1Bec
l4f5YQ9wIH5KPRZH7YCkvVI9KvEUKCWn0YJu/N+XJkqXzkn4iTvjTW6Kymw/OOgO
i92vmuMJSsgyfVkUlc/Ug71TMXxzC36+DLYgIM2qn7t6We/pCrHlHn6M11Twd8Oq
0B+aNcyWaG9DYlXf7TqZjvFJsiACxNrmEZ2lMuNDfK5/ZJiHlrJhJguNR6A2Kam+
U+X9Ct1hpVEJ9bAR6MWHFykpMNZyR3/EHVaOpP+PjB39LQSgLad40DPgG9QCXm4O
75aOKiNiSkXEPPzPCEyh3lu4gDR0QzKeWwdUWDDJj0E0
-----END CERTIFICATE-----