Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/7gYKG5uJbvFGoEzmdJiqOWcNt-M.roa
File:                     7gYKG5uJbvFGoEzmdJiqOWcNt-M.roa (raw, json)
Hash identifier:          ddbkG6RatiCb1bAmSk3oanzvJH6usOisbK32bitkeWQ=
Subject key identifier:   EE:06:0A:1B:9B:89:6E:F1:46:A0:4C:E6:74:98:AA:39:67:0D:B7:E3
Certificate issuer:       /CN=0b78b2d3f62700fe67e593b5a33d1cf91789252f
Certificate serial:       018CC56E80476E5C76F757CC237FD5B9811C
Authority key identifier: 0B:78:B2:D3:F6:27:00:FE:67:E5:93:B5:A3:3D:1C:F9:17:89:25:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/7gYKG5uJbvFGoEzmdJiqOWcNt-M.roa
Signing time:             Mon 01 Jan 2024 14:30:02 +0000
ROA not before:           Mon 01 Jan 2024 14:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205478
IP address blocks:        176.113.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:80:47:6e:5c:76:f7:57:cc:23:7f:d5:b9:81:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b78b2d3f62700fe67e593b5a33d1cf91789252f
        Validity
            Not Before: Jan  1 14:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee060a1b9b896ef146a04ce67498aa39670db7e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:aa:ab:90:56:a2:1a:46:77:ab:e6:d6:fd:70:
                    d1:41:7a:be:2b:ab:d4:5d:7e:37:78:9e:9b:88:87:
                    e4:f3:ab:73:6d:1a:87:b0:8c:ea:e5:fb:91:3e:5a:
                    9b:b3:77:5b:ae:b2:1d:df:e7:b3:6a:78:59:3a:e3:
                    8c:4f:26:48:e1:b1:d3:6e:1e:c6:8f:6e:b2:fa:bb:
                    f6:ae:17:2d:b4:3c:80:57:7f:48:64:42:97:95:49:
                    20:a6:1d:86:e8:82:5a:46:91:ba:81:e8:ac:ba:d4:
                    4e:b7:8b:bd:78:e9:55:f7:c8:23:40:ef:7f:d9:fc:
                    57:2f:9b:67:bb:91:f2:0a:88:87:99:4b:9f:4e:b2:
                    fc:5b:e7:59:0d:bc:4a:20:95:63:1c:b2:f1:9c:44:
                    cf:d3:98:4b:c0:98:1d:c1:b4:92:ac:b7:49:fa:9b:
                    3a:3a:cc:18:20:75:c7:11:31:53:26:8d:a5:57:ac:
                    91:cc:c4:f1:12:2d:6a:3a:8d:8a:ec:f6:77:49:89:
                    e2:fc:d0:4b:17:01:fc:19:72:00:fa:d7:5a:0f:a6:
                    cd:d1:d8:d0:d7:d2:27:c1:a0:c3:77:86:94:fd:8a:
                    d4:fc:1e:6c:4d:51:fb:da:dd:19:78:1c:a1:49:9f:
                    bf:d9:89:b9:7b:17:d0:34:9a:e3:96:24:28:cf:88:
                    e4:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:06:0A:1B:9B:89:6E:F1:46:A0:4C:E6:74:98:AA:39:67:0D:B7:E3
            X509v3 Authority Key Identifier:
                keyid:0B:78:B2:D3:F6:27:00:FE:67:E5:93:B5:A3:3D:1C:F9:17:89:25:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/7gYKG5uJbvFGoEzmdJiqOWcNt-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7a:86:2c:5e:6d:35:8f:fc:92:fd:47:b6:54:83:1a:4b:96:
         fd:0d:b5:fd:a9:da:a3:24:67:6a:83:78:db:e9:da:72:a9:07:
         f3:71:ed:67:c6:7d:29:1c:67:60:de:10:bf:ec:aa:61:27:f7:
         6a:a5:bb:7a:20:1b:26:1d:dc:0c:21:b0:8c:ab:07:72:01:7a:
         4c:e8:a9:af:67:2f:07:b5:b6:56:c0:0e:23:b2:3a:c8:74:b7:
         33:7f:3c:56:5f:64:dd:16:39:d8:e5:15:c0:f0:57:20:95:47:
         4e:f3:9f:6a:ff:bb:49:75:3e:7b:65:31:a5:05:92:66:d1:55:
         98:fb:91:b5:a0:30:f3:14:54:de:89:56:e9:f6:dc:ba:fb:80:
         55:01:87:b4:99:2b:09:a2:f3:81:84:20:ae:be:b7:1a:db:f1:
         6c:68:28:b9:98:e7:b4:64:65:ce:0e:75:18:cf:5c:10:f7:cc:
         29:76:6b:93:39:79:19:9e:f7:b2:2d:d0:13:b3:59:d7:9b:2e:
         4e:b6:ec:b1:20:10:9d:38:dd:29:ae:06:b6:62:f5:18:d4:12:
         20:33:f7:7e:ce:22:f0:d5:9c:c2:a8:54:da:41:21:36:e2:4f:
         6e:7c:19:47:8d:32:a1:79:22:79:94:db:33:c0:83:01:3d:2f:
         22:bb:6b:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFboBHblx291fMI3/VuYEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNzhiMmQzZjYyNzAwZmU2N2U1OTNiNWEzM2QxY2Y5MTc4
OTI1MmYwHhcNMjQwMTAxMTQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTA2MGExYjliODk2ZWYxNDZhMDRjZTY3NDk4YWEzOTY3MGRiN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56qrkFaiGkZ3q+bW/XDRQXq+K6vU
XX43eJ6biIfk86tzbRqHsIzq5fuRPlqbs3dbrrId3+ezanhZOuOMTyZI4bHTbh7G
j26y+rv2rhcttDyAV39IZEKXlUkgph2G6IJaRpG6geisutROt4u9eOlV98gjQO9/
2fxXL5tnu5HyCoiHmUufTrL8W+dZDbxKIJVjHLLxnETP05hLwJgdwbSSrLdJ+ps6
OswYIHXHETFTJo2lV6yRzMTxEi1qOo2K7PZ3SYni/NBLFwH8GXIA+tdaD6bN0djQ
19InwaDDd4aU/YrU/B5sTVH72t0ZeByhSZ+/2Ym5exfQNJrjliQoz4jkGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4GChubiW7xRqBM5nSYqjlnDbfjMB8GA1UdIwQY
MBaAFAt4stP2JwD+Z+WTtaM9HPkXiSUvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzNpeTBfWW5BUDVuNVpPMW96MGMtUmVKSlM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jZDcwNDctMDgxNi00ODIxLThkZWEt
NjA3OGVmZDA3ODVlLzEvN2dZS0c1dUpidkZHb0V6bWRKaXFPV2NOdC1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jZDcwNDctMDgxNi00ODIxLThkZWEtNjA3OGVmZDA3ODVl
LzEvQzNpeTBfWW5BUDVuNVpPMW96MGMtUmVKSlM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHFfMA0G
CSqGSIb3DQEBCwUAA4IBAQAueoYsXm01j/yS/Ue2VIMaS5b9DbX9qdqjJGdqg3jb
6dpyqQfzce1nxn0pHGdg3hC/7KphJ/dqpbt6IBsmHdwMIbCMqwdyAXpM6KmvZy8H
tbZWwA4jsjrIdLczfzxWX2TdFjnY5RXA8FcglUdO859q/7tJdT57ZTGlBZJm0VWY
+5G1oDDzFFTeiVbp9ty6+4BVAYe0mSsJovOBhCCuvrca2/FsaCi5mOe0ZGXODnUY
z1wQ98wpdmuTOXkZnveyLdATs1nXmy5OtuyxIBCdON0prga2YvUY1BIgM/d+ziLw
1ZzCqFTaQSE24k9ufBlHjTKheSJ5lNszwIMBPS8iu2ty
-----END CERTIFICATE-----