Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/0RNs9Mddt1Mt5bndetqsJMgXR18.roa
File:                     0RNs9Mddt1Mt5bndetqsJMgXR18.roa (raw, json)
Hash identifier:          RbF/dtn4Z98rVfvaitdvZJ8t6/8GrxRY7OHgosZzIr8=
Subject key identifier:   D1:13:6C:F4:C7:5D:B7:53:2D:E5:B9:DD:7A:DA:AC:24:C8:17:47:5F
Certificate issuer:       /CN=d34403a30b313759af9626afd8d3d23805fcc80e
Certificate serial:       0190DF2B0E24F2A5BECDCB95FA1C5C401079
Authority key identifier: D3:44:03:A3:0B:31:37:59:AF:96:26:AF:D8:D3:D2:38:05:FC:C8:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/00QDowsxN1mvliav2NPSOAX8yA4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/0RNs9Mddt1Mt5bndetqsJMgXR18.roa
Signing time:             Tue 23 Jul 2024 10:37:39 +0000
ROA not before:           Tue 23 Jul 2024 10:37:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56754
IP address blocks:        178.217.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/00QDowsxN1mvliav2NPSOAX8yA4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/00QDowsxN1mvliav2NPSOAX8yA4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/00QDowsxN1mvliav2NPSOAX8yA4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:df:2b:0e:24:f2:a5:be:cd:cb:95:fa:1c:5c:40:10:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d34403a30b313759af9626afd8d3d23805fcc80e
        Validity
            Not Before: Jul 23 10:37:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1136cf4c75db7532de5b9dd7adaac24c817475f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e6:58:5b:5a:99:c1:78:9e:57:43:a9:6a:67:
                    08:ff:3e:39:6a:92:a9:92:fb:6c:a6:75:5b:8d:27:
                    36:01:63:65:c9:dc:d1:21:fe:5c:00:2f:0c:40:86:
                    15:e7:82:23:3b:96:08:84:60:03:48:77:a3:ae:21:
                    79:be:9f:de:18:13:eb:bf:e8:e1:31:e4:a1:b3:b5:
                    0d:1b:6c:c6:24:61:38:be:69:cb:b5:c7:33:45:33:
                    4d:32:b5:05:9c:d0:0b:a2:6c:ab:37:d7:72:62:5a:
                    ee:9c:fc:94:30:99:7d:ac:26:37:32:ba:ce:f2:5f:
                    f3:94:1f:6d:9f:9e:f8:d2:74:93:bb:01:be:24:8e:
                    22:30:c5:63:00:2f:30:a7:b3:72:26:d3:a3:41:21:
                    55:27:d0:85:8e:6b:63:f8:00:a9:d2:58:cc:d7:bc:
                    85:6b:73:5a:90:bb:35:e2:d9:5d:10:f6:2f:e6:cb:
                    38:9b:5a:6e:7f:42:2f:43:d2:15:f4:5c:ad:18:96:
                    ec:3f:0c:5e:83:48:16:e9:e2:3e:49:ae:eb:66:b4:
                    10:e9:9a:19:ae:71:3b:2d:cd:a0:e0:c0:82:23:8b:
                    cf:9a:88:f3:42:ba:67:de:e0:e7:00:b7:24:6e:4e:
                    d4:e8:e6:5c:22:bf:73:f1:6e:50:ce:22:4c:90:6f:
                    e5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:13:6C:F4:C7:5D:B7:53:2D:E5:B9:DD:7A:DA:AC:24:C8:17:47:5F
            X509v3 Authority Key Identifier:
                keyid:D3:44:03:A3:0B:31:37:59:AF:96:26:AF:D8:D3:D2:38:05:FC:C8:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00QDowsxN1mvliav2NPSOAX8yA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/0RNs9Mddt1Mt5bndetqsJMgXR18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/5678cd-d77b-4563-afe3-b40527dd43fc/1/00QDowsxN1mvliav2NPSOAX8yA4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.217.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:ea:06:a9:de:b2:83:ee:4b:c3:42:0b:08:ca:37:e5:f3:e8:
         e5:a3:1f:98:8e:33:62:2c:44:05:49:cc:31:ba:d5:c2:2a:49:
         89:05:50:33:b2:f0:dc:79:91:1a:b6:80:df:34:30:68:34:96:
         15:60:28:dc:2b:23:13:3b:f7:b5:02:5b:0f:f5:7a:79:80:43:
         35:54:a9:d3:ab:aa:bc:a3:4f:e8:34:d9:90:8f:b9:96:eb:2f:
         39:39:c7:9b:ee:f4:09:68:18:26:7e:d8:25:4f:6e:cc:56:d4:
         3d:d4:85:a5:c0:79:9b:88:08:3d:1b:fd:05:14:6a:e8:ca:c7:
         42:43:97:68:f6:49:1c:de:4c:8e:b2:4c:5c:27:c7:4f:9d:c9:
         cd:90:e1:8e:28:79:9c:8c:9f:0a:2c:66:60:f8:d4:fe:28:2b:
         87:47:e9:64:8b:f3:1c:98:0e:14:aa:e4:c4:57:a5:bb:41:59:
         fa:a4:e2:bf:d7:cc:ac:ee:da:2c:c8:e3:9d:36:6a:08:4d:74:
         26:1f:11:55:bf:95:85:dd:de:83:47:11:c7:c3:ff:e2:88:41:
         5d:0a:49:0d:61:b4:e5:0d:7d:b7:5b:03:e2:1e:5b:6f:d4:34:
         6a:be:cd:6d:8d:35:c5:39:b1:a3:49:00:27:fb:cf:ea:c5:8f:
         99:fa:3d:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDfKw4k8qW+zcuV+hxcQBB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNDQwM2EzMGIzMTM3NTlhZjk2MjZhZmQ4ZDNkMjM4MDVm
Y2M4MGUwHhcNMjQwNzIzMTAzNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTEzNmNmNGM3NWRiNzUzMmRlNWI5ZGQ3YWRhYWMyNGM4MTc0NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+ZYW1qZwXieV0OpamcI/z45apKp
kvtspnVbjSc2AWNlydzRIf5cAC8MQIYV54IjO5YIhGADSHejriF5vp/eGBPrv+jh
MeShs7UNG2zGJGE4vmnLtcczRTNNMrUFnNALomyrN9dyYlrunPyUMJl9rCY3MrrO
8l/zlB9tn5740nSTuwG+JI4iMMVjAC8wp7NyJtOjQSFVJ9CFjmtj+ACp0ljM17yF
a3NakLs14tldEPYv5ss4m1puf0IvQ9IV9FytGJbsPwxeg0gW6eI+Sa7rZrQQ6ZoZ
rnE7Lc2g4MCCI4vPmojzQrpn3uDnALckbk7U6OZcIr9z8W5QziJMkG/lbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNETbPTHXbdTLeW53XrarCTIF0dfMB8GA1UdIwQY
MBaAFNNEA6MLMTdZr5Ymr9jT0jgF/MgOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDBRRG93c3hOMW12bGlhdjJOUFNPQVg4eUE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81Njc4Y2QtZDc3Yi00NTYzLWFmZTMt
YjQwNTI3ZGQ0M2ZjLzEvMFJOczlNZGR0MU10NWJuZGV0cXNKTWdYUjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81Njc4Y2QtZDc3Yi00NTYzLWFmZTMtYjQwNTI3ZGQ0M2Zj
LzEvMDBRRG93c3hOMW12bGlhdjJOUFNPQVg4eUE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstnrMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ6gap3rKD7kvDQgsIyjfl8+jlox+YjjNiLEQFScwx
utXCKkmJBVAzsvDceZEatoDfNDBoNJYVYCjcKyMTO/e1AlsP9Xp5gEM1VKnTq6q8
o0/oNNmQj7mW6y85Oceb7vQJaBgmftglT27MVtQ91IWlwHmbiAg9G/0FFGroysdC
Q5do9kkc3kyOskxcJ8dPncnNkOGOKHmcjJ8KLGZg+NT+KCuHR+lki/McmA4UquTE
V6W7QVn6pOK/18ys7tosyOOdNmoITXQmHxFVv5WF3d6DRxHHw//iiEFdCkkNYbTl
DX23WwPiHltv1DRqvs1tjTXFObGjSQAn+8/qxY+Z+j0c
-----END CERTIFICATE-----