Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/rG14JypCKngjREqasYbEz3ujs3c.roa
File:                     rG14JypCKngjREqasYbEz3ujs3c.roa (raw, json)
Hash identifier:          u3jqjDncjbRiKvoxwknQIHrA6t36arY5jcUks1zr4OA=
Subject key identifier:   AC:6D:78:27:2A:42:2A:78:23:44:4A:9A:B1:86:C4:CF:7B:A3:B3:77
Certificate issuer:       /CN=d298a0714cc1bf25ac7c7f1cf6c2886c8c6192a3
Certificate serial:       0191935F763848AA5F108B387FF8CF8C9E50
Authority key identifier: D2:98:A0:71:4C:C1:BF:25:AC:7C:7F:1C:F6:C2:88:6C:8C:61:92:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0pigcUzBvyWsfH8c9sKIbIxhkqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/rG14JypCKngjREqasYbEz3ujs3c.roa
Signing time:             Tue 27 Aug 2024 10:26:32 +0000
ROA not before:           Tue 27 Aug 2024 10:26:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        176.120.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/0pigcUzBvyWsfH8c9sKIbIxhkqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/0pigcUzBvyWsfH8c9sKIbIxhkqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0pigcUzBvyWsfH8c9sKIbIxhkqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:93:5f:76:38:48:aa:5f:10:8b:38:7f:f8:cf:8c:9e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d298a0714cc1bf25ac7c7f1cf6c2886c8c6192a3
        Validity
            Not Before: Aug 27 10:26:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac6d78272a422a7823444a9ab186c4cf7ba3b377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:b2:21:57:b8:01:07:58:9e:ac:a6:db:1b:c1:
                    95:25:69:a1:21:4d:10:b5:57:2b:d1:6a:72:22:52:
                    3f:a2:37:73:2c:27:a8:2e:6e:4e:44:58:9d:81:31:
                    a4:13:f6:4a:1e:fd:50:da:f5:b0:bb:b4:ac:88:3c:
                    6f:d9:3e:8f:3a:d6:db:a8:d8:9b:72:5d:6b:79:b3:
                    78:0a:26:72:b4:37:ad:d7:82:8e:1f:b1:a8:fd:21:
                    d6:2d:f6:c2:4c:f4:4a:57:f0:29:67:1e:b3:df:34:
                    a3:9f:4c:6a:b9:ca:3c:97:c4:23:97:d6:ac:61:14:
                    80:fd:b3:12:2a:c7:1d:d1:bf:31:37:b5:6f:de:a2:
                    76:c6:a2:8e:47:30:28:06:3f:32:57:80:45:e2:bc:
                    c1:65:27:7b:f8:7f:40:56:f0:9f:d6:25:b9:92:1f:
                    56:bf:f8:68:d9:b1:04:39:cb:3f:18:74:f3:5b:99:
                    35:42:9a:cf:5b:f7:c2:00:b7:7e:75:cc:ea:9d:19:
                    b6:40:b3:8b:d3:54:d1:e7:06:23:18:85:71:b8:7d:
                    48:c5:fe:a6:bb:92:d0:3b:28:ad:a7:b0:11:92:2a:
                    95:73:db:12:dc:5a:f5:5a:b5:8b:f2:d8:24:ec:00:
                    5a:41:f5:43:4a:74:93:d9:30:29:89:0a:0e:88:06:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:6D:78:27:2A:42:2A:78:23:44:4A:9A:B1:86:C4:CF:7B:A3:B3:77
            X509v3 Authority Key Identifier:
                keyid:D2:98:A0:71:4C:C1:BF:25:AC:7C:7F:1C:F6:C2:88:6C:8C:61:92:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0pigcUzBvyWsfH8c9sKIbIxhkqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/rG14JypCKngjREqasYbEz3ujs3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d97aea-fa32-46da-851e-75a4725aa6fd/1/0pigcUzBvyWsfH8c9sKIbIxhkqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:42:5a:eb:16:60:ac:bd:f1:e4:9c:db:73:69:0f:0c:6d:86:
         36:d1:8e:e1:4b:b3:df:6f:c0:b0:75:ab:26:b8:16:5e:05:6e:
         6f:76:41:05:64:04:b9:0e:0e:9f:a0:67:50:dd:a5:d2:4a:ae:
         71:d0:88:2a:c9:f2:5b:57:24:2d:55:71:83:01:ef:7d:3d:20:
         e8:92:44:5f:19:bd:5d:00:15:be:b7:87:4e:32:16:cf:a2:bf:
         bd:37:e0:69:90:c4:c2:cf:9f:7a:62:4d:e2:20:e7:b1:a8:9f:
         77:b0:e5:28:02:48:b8:5e:4d:31:2f:b5:f1:fe:00:ec:b7:e5:
         17:87:60:82:1e:51:9d:89:35:fd:c1:fa:d4:08:ab:56:80:ec:
         be:12:57:e5:a1:84:61:59:6d:69:e0:d7:bc:5d:eb:71:ac:26:
         52:7a:c6:5d:f3:7e:59:f4:00:9e:fc:b9:48:c3:63:ef:f4:4a:
         42:c1:22:89:94:7b:c5:aa:c2:6a:15:46:e0:c0:ce:34:4c:38:
         fc:ab:1a:31:ea:ac:b5:7d:92:f7:6b:ae:b9:41:65:e3:3a:39:
         e8:47:51:15:de:eb:df:2d:d1:e3:9d:0f:80:55:16:cc:d6:9f:
         03:e1:b3:43:7b:29:16:79:d3:8a:21:3f:85:45:72:c5:4c:75:
         bc:fe:f0:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGTX3Y4SKpfEIs4f/jPjJ5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyOThhMDcxNGNjMWJmMjVhYzdjN2YxY2Y2YzI4ODZjOGM2
MTkyYTMwHhcNMjQwODI3MTAyNjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzZkNzgyNzJhNDIyYTc4MjM0NDRhOWFiMTg2YzRjZjdiYTNiMzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLIhV7gBB1ierKbbG8GVJWmhIU0Q
tVcr0WpyIlI/ojdzLCeoLm5ORFidgTGkE/ZKHv1Q2vWwu7SsiDxv2T6POtbbqNib
cl1rebN4CiZytDet14KOH7Go/SHWLfbCTPRKV/ApZx6z3zSjn0xquco8l8Qjl9as
YRSA/bMSKscd0b8xN7Vv3qJ2xqKORzAoBj8yV4BF4rzBZSd7+H9AVvCf1iW5kh9W
v/ho2bEEOcs/GHTzW5k1QprPW/fCALd+dczqnRm2QLOL01TR5wYjGIVxuH1Ixf6m
u5LQOyitp7ARkiqVc9sS3Fr1WrWL8tgk7ABaQfVDSnST2TApiQoOiAaG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxteCcqQip4I0RKmrGGxM97o7N3MB8GA1UdIwQY
MBaAFNKYoHFMwb8lrHx/HPbCiGyMYZKjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHBpZ2NVekJ2eVdzZkg4YzlzS0liSXhoa3FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kOTdhZWEtZmEzMi00NmRhLTg1MWUt
NzVhNDcyNWFhNmZkLzEvckcxNEp5cENLbmdqUkVxYXNZYkV6M3VqczNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kOTdhZWEtZmEzMi00NmRhLTg1MWUtNzVhNDcyNWFhNmZk
LzEvMHBpZ2NVekJ2eVdzZkg4YzlzS0liSXhoa3FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHgSMA0G
CSqGSIb3DQEBCwUAA4IBAQC7QlrrFmCsvfHknNtzaQ8MbYY20Y7hS7Pfb8Cwdasm
uBZeBW5vdkEFZAS5Dg6foGdQ3aXSSq5x0IgqyfJbVyQtVXGDAe99PSDokkRfGb1d
ABW+t4dOMhbPor+9N+BpkMTCz596Yk3iIOexqJ93sOUoAki4Xk0xL7Xx/gDst+UX
h2CCHlGdiTX9wfrUCKtWgOy+ElfloYRhWW1p4Ne8XetxrCZSesZd835Z9ACe/LlI
w2Pv9EpCwSKJlHvFqsJqFUbgwM40TDj8qxox6qy1fZL3a665QWXjOjnoR1EV3uvf
LdHjnQ+AVRbM1p8D4bNDeykWedOKIT+FRXLFTHW8/vDt
-----END CERTIFICATE-----