Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/9H76wVSP_30LlQzGSvHmjCfRKx4.roa
File:                     9H76wVSP_30LlQzGSvHmjCfRKx4.roa (raw, json)
Hash identifier:          hL1zea3/y4IYOyotEob3fdGdDR5+WAH9FS4A+DVyczo=
Subject key identifier:   F4:7E:FA:C1:54:8F:FF:7D:0B:95:0C:C6:4A:F1:E6:8C:27:D1:2B:1E
Certificate issuer:       /CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
Certificate serial:       018CC94E2F5D9E9CC16B1D5A81D950109FCC
Authority key identifier: A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/9H76wVSP_30LlQzGSvHmjCfRKx4.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51465
IP address blocks:        193.91.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2f:5d:9e:9c:c1:6b:1d:5a:81:d9:50:10:9f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f47efac1548fff7d0b950cc64af1e68c27d12b1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e4:73:94:73:6b:1d:3a:05:c3:ba:9f:97:9a:
                    8a:93:59:1b:3c:67:81:72:28:90:f8:96:49:f0:08:
                    c7:37:50:56:78:bc:d8:d6:f3:16:ac:f8:72:71:18:
                    8a:e0:76:98:ad:0b:03:93:f9:73:7c:92:81:3e:ee:
                    dd:09:4d:a2:b4:8b:6f:7e:57:03:6b:18:3c:c2:4e:
                    09:46:0d:3d:fc:d3:7e:fe:38:c9:3f:17:fc:06:bd:
                    6a:f7:97:f4:e5:25:39:49:7c:0d:5e:74:c5:5d:b6:
                    a2:c2:e0:ea:45:2c:f1:52:4d:69:d8:10:52:cc:ef:
                    b8:4e:a3:6b:6d:ff:09:64:e6:fb:bc:8c:60:be:e5:
                    7c:cf:b8:c3:27:11:6e:ee:12:ad:0a:c2:91:c8:38:
                    99:1c:fd:b8:6f:87:a5:1a:e1:30:ea:53:ca:1d:0c:
                    1c:62:e2:b2:7c:49:a8:7d:b7:58:89:fd:7c:99:34:
                    8d:d0:ff:a4:60:79:a8:4e:a9:b4:17:58:cc:eb:6b:
                    5e:ad:ad:16:8b:0a:9e:62:27:97:42:d4:78:e7:64:
                    18:5f:a1:af:d6:2b:b3:eb:b0:17:90:4a:86:51:a6:
                    e7:2d:fc:ef:81:79:1a:df:ad:69:75:09:84:dd:05:
                    48:32:8a:75:87:1c:f8:fd:7d:5e:eb:b8:2d:26:33:
                    2c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:7E:FA:C1:54:8F:FF:7D:0B:95:0C:C6:4A:F1:E6:8C:27:D1:2B:1E
            X509v3 Authority Key Identifier:
                keyid:A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/9H76wVSP_30LlQzGSvHmjCfRKx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.91.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         de:17:58:55:e6:72:d4:0d:ab:2d:e9:98:f2:3e:ae:81:33:30:
         32:d3:44:5a:39:50:46:60:70:16:17:14:87:22:30:0d:9e:2c:
         fe:e6:62:33:3d:6e:08:a5:b2:6b:6f:d1:59:2d:a3:98:00:5d:
         b7:5b:54:16:35:a5:dc:53:35:57:f5:7e:bd:b5:f5:b4:4f:4e:
         3e:3d:31:1a:db:16:1f:85:f2:8e:96:72:a2:0e:91:54:2b:92:
         87:26:39:f5:09:da:02:c9:8d:2a:8f:51:53:6f:a8:01:94:d5:
         cd:47:45:8e:f3:62:9a:d4:c6:0c:55:ab:b1:44:c5:aa:d9:b9:
         4d:69:c7:4a:c0:49:4c:c1:84:7b:8d:45:48:20:1c:6d:2a:c7:
         39:f7:42:dc:ca:43:84:9a:d0:d2:08:a7:77:a7:f5:87:21:f1:
         a9:47:f5:18:28:2c:e7:eb:78:68:48:b5:44:4b:8b:23:ee:6b:
         bd:a2:d3:08:bf:c5:6d:85:c2:21:81:47:5c:62:e3:04:a4:aa:
         52:e8:a3:88:5e:15:7c:38:6e:ed:03:d6:5a:de:d4:61:a7:11:
         a1:d4:ef:3c:f4:6d:92:48:ee:99:ab:79:73:1b:b6:ca:bc:17:
         d5:c5:1d:41:45:ce:24:b6:37:83:97:60:1c:f6:52:26:02:04:
         de:ab:92:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTi9dnpzBax1agdlQEJ/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODI0MzA4YmM4M2I0ZWU1NmYxYzBjMWI5ZmJmYzMxMWIw
Y2Q0NGEwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDdlZmFjMTU0OGZmZjdkMGI5NTBjYzY0YWYxZTY4YzI3ZDEyYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuRzlHNrHToFw7qfl5qKk1kbPGeB
ciiQ+JZJ8AjHN1BWeLzY1vMWrPhycRiK4HaYrQsDk/lzfJKBPu7dCU2itItvflcD
axg8wk4JRg09/NN+/jjJPxf8Br1q95f05SU5SXwNXnTFXbaiwuDqRSzxUk1p2BBS
zO+4TqNrbf8JZOb7vIxgvuV8z7jDJxFu7hKtCsKRyDiZHP24b4elGuEw6lPKHQwc
YuKyfEmofbdYif18mTSN0P+kYHmoTqm0F1jM62tera0WiwqeYieXQtR452QYX6Gv
1iuz67AXkEqGUabnLfzvgXka361pdQmE3QVIMop1hxz4/X1e67gtJjMstwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPR++sFUj/99C5UMxkrx5own0SseMB8GA1UdIwQY
MBaAFKSCQwi8g7TuVvHAwbn7/DEbDNRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1Yzkt
MTk2ZTZmMzc1ZmQ2LzEvOUg3NndWU1BfMzBMbFF6R1N2SG1qQ2ZSS3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1YzktMTk2ZTZmMzc1ZmQ2
LzEvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVsFMA0G
CSqGSIb3DQEBCwUAA4IBAQDeF1hV5nLUDast6ZjyPq6BMzAy00RaOVBGYHAWFxSH
IjANniz+5mIzPW4IpbJrb9FZLaOYAF23W1QWNaXcUzVX9X69tfW0T04+PTEa2xYf
hfKOlnKiDpFUK5KHJjn1CdoCyY0qj1FTb6gBlNXNR0WO82Ka1MYMVauxRMWq2blN
acdKwElMwYR7jUVIIBxtKsc590LcykOEmtDSCKd3p/WHIfGpR/UYKCzn63hoSLVE
S4sj7mu9otMIv8VthcIhgUdcYuMEpKpS6KOIXhV8OG7tA9Za3tRhpxGh1O889G2S
SO6Zq3lzG7bKvBfVxR1BRc4ktjeDl2Ac9lImAgTeq5Lj
-----END CERTIFICATE-----