Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/c5uocohha5im3UruBUsZ2JvhegE.roa
File:                     c5uocohha5im3UruBUsZ2JvhegE.roa (raw, json)
Hash identifier:          G99oXL6Ltrkbvbve0MXucvvQxMSmAbJK9Wfeb5G0WSI=
Subject key identifier:   73:9B:A8:72:88:61:6B:98:A6:DD:4A:EE:05:4B:19:D8:9B:E1:7A:01
Certificate issuer:       /CN=e5503498ff185d0c607353f43f55e911f62a6802
Certificate serial:       018CC49313A8F7CA1255CB9CE855D8FD33A4
Authority key identifier: E5:50:34:98:FF:18:5D:0C:60:73:53:F4:3F:55:E9:11:F6:2A:68:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5VA0mP8YXQxgc1P0P1XpEfYqaAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/c5uocohha5im3UruBUsZ2JvhegE.roa
Signing time:             Mon 01 Jan 2024 10:30:22 +0000
ROA not before:           Mon 01 Jan 2024 10:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34309
IP address blocks:        176.109.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/5VA0mP8YXQxgc1P0P1XpEfYqaAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/5VA0mP8YXQxgc1P0P1XpEfYqaAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5VA0mP8YXQxgc1P0P1XpEfYqaAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:13:a8:f7:ca:12:55:cb:9c:e8:55:d8:fd:33:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5503498ff185d0c607353f43f55e911f62a6802
        Validity
            Not Before: Jan  1 10:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=739ba87288616b98a6dd4aee054b19d89be17a01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:06:f5:ab:8a:35:53:69:3c:04:dd:e3:52:6f:
                    e0:b1:e7:c5:6b:44:14:bf:25:6f:05:39:fc:50:73:
                    01:85:76:31:2e:b7:a3:45:86:7d:2f:7b:33:56:d0:
                    7a:62:79:3f:fe:f0:8d:08:63:73:44:4c:7e:f1:cf:
                    5f:b8:ee:95:f8:d6:83:a3:05:74:a7:92:dc:b3:88:
                    cf:f2:0a:a7:e8:3a:98:52:db:d5:50:3f:09:aa:86:
                    91:49:aa:18:2f:9f:56:8a:85:f0:da:28:21:fb:6b:
                    72:bc:88:bc:17:25:98:81:23:4a:76:e8:bf:2d:47:
                    30:ef:9c:a1:8b:27:92:26:29:6c:55:e8:19:64:a9:
                    b0:c7:8c:e7:70:9c:cb:b9:47:11:23:9c:81:30:e6:
                    a2:96:f7:55:42:19:0d:a1:93:24:1b:0a:ad:9d:57:
                    41:d5:dc:eb:2f:d0:48:66:2b:e6:99:92:74:1b:00:
                    03:64:c3:29:51:b7:f1:06:64:b3:c2:c0:dd:82:de:
                    10:84:5f:eb:35:d0:b6:3d:01:68:6e:9b:3d:30:1f:
                    1b:f5:5b:60:04:85:70:0c:f6:e4:1e:f4:11:60:a9:
                    28:e6:26:e0:04:eb:4a:fc:b9:fd:b7:f3:55:54:07:
                    97:50:89:22:a9:e6:e0:b7:53:97:cc:0f:4b:55:01:
                    58:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:9B:A8:72:88:61:6B:98:A6:DD:4A:EE:05:4B:19:D8:9B:E1:7A:01
            X509v3 Authority Key Identifier:
                keyid:E5:50:34:98:FF:18:5D:0C:60:73:53:F4:3F:55:E9:11:F6:2A:68:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5VA0mP8YXQxgc1P0P1XpEfYqaAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/c5uocohha5im3UruBUsZ2JvhegE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/5VA0mP8YXQxgc1P0P1XpEfYqaAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.109.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:d0:95:4e:46:a8:76:1d:15:16:21:a9:66:1c:aa:41:44:66:
         f3:9f:97:c0:16:e5:bf:4c:44:ea:09:36:77:cd:9e:8c:0f:be:
         76:f3:fa:93:a0:1a:ad:4f:a2:92:c7:b3:2c:b3:a5:6e:a0:f8:
         dd:f8:0c:fc:0a:a0:c2:5d:64:d6:b4:a1:d8:fc:f7:33:b0:dd:
         d0:93:7d:f5:4d:a4:9f:81:a7:b5:87:59:be:d0:12:c3:da:27:
         04:18:e4:68:c9:8d:20:a6:9d:43:31:00:33:54:1b:1f:60:63:
         cc:00:90:2d:0a:95:9e:06:42:95:49:ed:43:9a:69:be:0e:a5:
         f5:db:85:b6:0f:be:0c:91:d0:38:1e:dd:c5:5a:57:33:7c:32:
         a3:cb:3d:0d:8f:78:c2:50:c6:06:8c:2f:b2:aa:ca:82:ae:7c:
         fa:f1:ff:65:90:cc:f5:70:7e:f6:86:2b:fb:6a:01:e8:2d:5a:
         2d:90:8b:94:63:b8:8b:de:ca:66:94:ba:57:78:57:f3:5c:c3:
         e9:1a:89:3b:1e:47:0e:9a:2a:55:a8:a1:87:92:5d:f5:e7:58:
         28:80:8c:b9:6c:d5:ea:c3:d9:74:44:7b:a0:2e:56:60:0d:d6:
         76:5f:e3:ae:57:03:4d:2a:21:2b:9b:e5:3c:b4:8d:86:8b:71:
         59:d9:93:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkxOo98oSVcuc6FXY/TOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NTAzNDk4ZmYxODVkMGM2MDczNTNmNDNmNTVlOTExZjYy
YTY4MDIwHhcNMjQwMTAxMTAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzliYTg3Mjg4NjE2Yjk4YTZkZDRhZWUwNTRiMTlkODliZTE3YTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgb1q4o1U2k8BN3jUm/gsefFa0QU
vyVvBTn8UHMBhXYxLrejRYZ9L3szVtB6Ynk//vCNCGNzREx+8c9fuO6V+NaDowV0
p5Lcs4jP8gqn6DqYUtvVUD8JqoaRSaoYL59WioXw2igh+2tyvIi8FyWYgSNKdui/
LUcw75yhiyeSJilsVegZZKmwx4zncJzLuUcRI5yBMOailvdVQhkNoZMkGwqtnVdB
1dzrL9BIZivmmZJ0GwADZMMpUbfxBmSzwsDdgt4QhF/rNdC2PQFobps9MB8b9Vtg
BIVwDPbkHvQRYKko5ibgBOtK/Ln9t/NVVAeXUIkiqebgt1OXzA9LVQFYQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHObqHKIYWuYpt1K7gVLGdib4XoBMB8GA1UdIwQY
MBaAFOVQNJj/GF0MYHNT9D9V6RH2KmgCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVZBMG1QOFlYUXhnYzFQMFAxWHBFZllxYUFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC85N2IwYmMtZjRmOC00ZjkwLTg1NTQt
MWUyNzlmN2I2MDIzLzEvYzV1b2NvaGhhNWltM1VydUJVc1oySnZoZWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC85N2IwYmMtZjRmOC00ZjkwLTg1NTQtMWUyNzlmN2I2MDIz
LzEvNVZBMG1QOFlYUXhnYzFQMFAxWHBFZllxYUFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsG3AMA0G
CSqGSIb3DQEBCwUAA4IBAQBK0JVORqh2HRUWIalmHKpBRGbzn5fAFuW/TETqCTZ3
zZ6MD7528/qToBqtT6KSx7Mss6VuoPjd+Az8CqDCXWTWtKHY/PczsN3Qk331TaSf
gae1h1m+0BLD2icEGORoyY0gpp1DMQAzVBsfYGPMAJAtCpWeBkKVSe1Dmmm+DqX1
24W2D74MkdA4Ht3FWlczfDKjyz0Nj3jCUMYGjC+yqsqCrnz68f9lkMz1cH72hiv7
agHoLVotkIuUY7iL3spmlLpXeFfzXMPpGok7HkcOmipVqKGHkl3151gogIy5bNXq
w9l0RHugLlZgDdZ2X+OuVwNNKiErm+U8tI2Gi3FZ2ZPI
-----END CERTIFICATE-----