Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/4lNgV9E2GPU_J9E23in_L9bT054.roa
File:                     4lNgV9E2GPU_J9E23in_L9bT054.roa (raw, json)
Hash identifier:          W9HNsQ8DbHddEeJorpue5UWRkXs+jtb2jRwt8KXrV0I=
Subject key identifier:   E2:53:60:57:D1:36:18:F5:3F:27:D1:36:DE:29:FF:2F:D6:D3:D3:9E
Certificate issuer:       /CN=ff017f878432b2fe31f58153b44a81659d50ba20
Certificate serial:       018F7160E22CFA4E888B2950575ED2161358
Authority key identifier: FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/4lNgV9E2GPU_J9E23in_L9bT054.roa
Signing time:             Mon 13 May 2024 09:55:25 +0000
ROA not before:           Mon 13 May 2024 09:55:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42546
IP address blocks:        178.214.192.0/19 maxlen: 19
                          178.214.192.0/21 maxlen: 21
                          178.214.200.0/21 maxlen: 21
                          178.214.208.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:71:60:e2:2c:fa:4e:88:8b:29:50:57:5e:d2:16:13:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff017f878432b2fe31f58153b44a81659d50ba20
        Validity
            Not Before: May 13 09:55:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2536057d13618f53f27d136de29ff2fd6d3d39e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:83:26:c8:ff:e5:16:60:e6:f9:7d:93:5e:63:
                    3e:01:c3:63:4a:00:66:bf:95:4f:3a:ff:5e:a5:a5:
                    81:b8:1d:40:18:fd:03:eb:95:43:f9:03:01:05:11:
                    e4:d0:30:a6:2b:99:c2:fe:5b:14:f2:d9:ae:b6:9d:
                    98:91:e1:52:dd:7b:b7:d1:f2:f4:b0:de:4e:fe:39:
                    0b:a6:23:c2:53:da:5a:96:3f:7d:64:d8:8a:db:53:
                    79:23:53:2c:8a:79:78:ee:d0:4c:cb:a4:63:03:c1:
                    d8:ac:10:a3:48:fc:aa:33:27:d6:d6:7e:dd:48:0b:
                    89:44:fd:3c:4f:22:d2:fd:55:ca:98:4f:be:7e:7b:
                    28:79:10:68:79:cc:ad:3c:c9:2d:08:c2:0b:5d:34:
                    b9:e6:5d:c1:e9:82:f3:93:b6:06:b0:d1:42:11:c8:
                    bd:49:7e:b6:db:fc:e2:db:6e:6d:8c:54:b7:b5:d3:
                    90:b7:7d:33:a3:0f:57:83:79:5a:78:77:17:e8:05:
                    ac:b9:21:f5:95:7b:0d:48:fe:cd:da:fc:60:ad:15:
                    e6:4a:b7:96:bb:44:88:58:a0:00:ef:15:e0:4e:d0:
                    c3:ea:62:3e:12:37:4d:22:f8:72:10:65:9d:b5:af:
                    fa:4a:b4:0b:23:22:0d:f6:9d:ad:6e:91:36:4d:2c:
                    05:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:53:60:57:D1:36:18:F5:3F:27:D1:36:DE:29:FF:2F:D6:D3:D3:9E
            X509v3 Authority Key Identifier:
                keyid:FF:01:7F:87:84:32:B2:FE:31:F5:81:53:B4:4A:81:65:9D:50:BA:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/4lNgV9E2GPU_J9E23in_L9bT054.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7a4ffb-0289-466c-a2f5-30207773f760/1/_wF_h4Qysv4x9YFTtEqBZZ1QuiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.214.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         74:8b:25:38:0c:40:03:36:aa:62:43:ae:61:5a:88:81:7b:2f:
         c3:d9:af:45:20:65:e9:40:bd:ed:6b:a6:d6:50:7c:85:32:1a:
         da:f1:6c:92:0d:8f:64:e8:d5:dc:26:2a:c6:e1:76:38:f3:8d:
         22:a4:88:d1:16:fa:6d:55:fd:de:26:a1:74:7d:a7:b4:2d:15:
         ce:36:31:0b:c7:19:8a:a3:14:18:8b:39:a8:28:6f:ca:f0:92:
         91:6e:8f:28:4a:96:f2:eb:48:64:e0:f5:bb:73:c2:87:99:fc:
         0a:87:c2:3f:5c:4b:75:33:ee:66:22:f9:67:5a:90:19:d3:63:
         ec:d1:55:e0:54:71:20:7a:09:2a:a1:ff:1a:c7:a5:6d:e3:8a:
         ee:37:77:2e:bf:02:d2:6f:7b:59:76:45:a7:06:ec:6a:0f:26:
         c6:03:76:da:ed:b6:09:4b:de:aa:c7:97:16:37:5d:76:44:ac:
         56:26:0f:5e:78:d6:60:c5:26:54:0e:bf:19:b0:ab:c2:1c:9d:
         bb:11:b8:6d:c7:78:99:8b:31:e3:97:79:cb:0f:d3:70:f9:34:
         04:b6:22:ba:d4:00:15:c1:e8:cb:8f:e1:44:68:b3:f3:6c:00:
         e7:d9:2b:28:44:73:54:29:01:d3:09:37:ce:31:5e:f2:77:24:
         3c:af:b8:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9xYOIs+k6IiylQV17SFhNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMDE3Zjg3ODQzMmIyZmUzMWY1ODE1M2I0NGE4MTY1OWQ1
MGJhMjAwHhcNMjQwNTEzMDk1NTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjUzNjA1N2QxMzYxOGY1M2YyN2QxMzZkZTI5ZmYyZmQ2ZDNkMzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIMmyP/lFmDm+X2TXmM+AcNjSgBm
v5VPOv9epaWBuB1AGP0D65VD+QMBBRHk0DCmK5nC/lsU8tmutp2YkeFS3Xu30fL0
sN5O/jkLpiPCU9palj99ZNiK21N5I1Msinl47tBMy6RjA8HYrBCjSPyqMyfW1n7d
SAuJRP08TyLS/VXKmE++fnsoeRBoecytPMktCMILXTS55l3B6YLzk7YGsNFCEci9
SX622/zi225tjFS3tdOQt30zow9Xg3laeHcX6AWsuSH1lXsNSP7N2vxgrRXmSreW
u0SIWKAA7xXgTtDD6mI+EjdNIvhyEGWdta/6SrQLIyIN9p2tbpE2TSwF3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJTYFfRNhj1PyfRNt4p/y/W09OeMB8GA1UdIwQY
MBaAFP8Bf4eEMrL+MfWBU7RKgWWdULogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUt
MzAyMDc3NzNmNzYwLzEvNGxOZ1Y5RTJHUFVfSjlFMjNpbl9MOWJUMDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YTRmZmItMDI4OS00NjZjLWEyZjUtMzAyMDc3NzNmNzYw
LzEvX3dGX2g0UXlzdjR4OVlGVHRFcUJaWjFRdWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFstbAMA0G
CSqGSIb3DQEBCwUAA4IBAQB0iyU4DEADNqpiQ65hWoiBey/D2a9FIGXpQL3ta6bW
UHyFMhra8WySDY9k6NXcJirG4XY4840ipIjRFvptVf3eJqF0fae0LRXONjELxxmK
oxQYizmoKG/K8JKRbo8oSpby60hk4PW7c8KHmfwKh8I/XEt1M+5mIvlnWpAZ02Ps
0VXgVHEgegkqof8ax6Vt44ruN3cuvwLSb3tZdkWnBuxqDybGA3ba7bYJS96qx5cW
N112RKxWJg9eeNZgxSZUDr8ZsKvCHJ27Ebhtx3iZizHjl3nLD9Nw+TQEtiK61AAV
wejLj+FEaLPzbADn2SsoRHNUKQHTCTfOMV7ydyQ8r7i6
-----END CERTIFICATE-----