Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/P74RoCejA-s4gw2ikx4z-JzbAX0.roa
File:                     P74RoCejA-s4gw2ikx4z-JzbAX0.roa (raw, json)
Hash identifier:          WH/JP5p+3AwKW4dILaxVaqN99P8yPNT4M/BOz21ltwE=
Subject key identifier:   3F:BE:11:A0:27:A3:03:EB:38:83:0D:A2:93:1E:33:F8:9C:DB:01:7D
Certificate issuer:       /CN=0b78b2d3f62700fe67e593b5a33d1cf91789252f
Certificate serial:       018CC56E7F9F940E7A846EF5D10149E179C5
Authority key identifier: 0B:78:B2:D3:F6:27:00:FE:67:E5:93:B5:A3:3D:1C:F9:17:89:25:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/P74RoCejA-s4gw2ikx4z-JzbAX0.roa
Signing time:             Mon 01 Jan 2024 14:30:02 +0000
ROA not before:           Mon 01 Jan 2024 14:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202275
IP address blocks:        176.113.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:7f:9f:94:0e:7a:84:6e:f5:d1:01:49:e1:79:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b78b2d3f62700fe67e593b5a33d1cf91789252f
        Validity
            Not Before: Jan  1 14:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fbe11a027a303eb38830da2931e33f89cdb017d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8c:05:c1:c4:1f:53:6d:31:d7:91:51:32:6b:
                    30:34:58:3c:fa:a1:20:bc:93:ef:bc:73:3e:7c:2e:
                    dd:23:c7:29:6a:07:d5:96:da:14:f7:89:0e:b3:b6:
                    c3:c6:c0:71:09:74:6a:8b:d9:fc:49:a3:41:e0:7f:
                    d4:38:ec:4f:ff:48:0b:dc:dc:d2:91:4b:69:57:b0:
                    c2:8e:6a:2d:3c:ef:f8:5f:91:e5:f8:ce:0d:dd:9a:
                    cf:f3:d0:52:ee:d2:6f:18:ac:fa:91:87:4a:40:c2:
                    dd:93:83:c5:61:cc:da:0f:9c:5b:70:35:cf:b9:76:
                    35:04:67:8a:f9:56:bf:a0:28:7d:f0:c9:c6:bb:b5:
                    1b:17:ad:a3:fc:d3:2b:a6:4e:6e:6e:b3:e8:56:3b:
                    2d:03:c9:34:ff:9b:b2:00:d4:b9:89:b3:a8:ed:ee:
                    53:01:0f:a3:c0:1c:d6:01:a9:48:ae:ef:6b:e2:03:
                    55:6a:bc:20:98:f8:5f:fc:2b:85:17:57:ce:42:d3:
                    1f:68:ea:1d:d6:57:c9:d5:d5:5b:34:a2:6d:f8:23:
                    70:6e:77:89:ec:f8:e3:01:cc:d6:76:d5:2b:ec:de:
                    3c:78:b7:53:c9:0a:3e:eb:cc:2b:bd:54:e0:91:08:
                    41:60:21:5b:ff:ef:18:22:bb:1f:fd:b7:93:90:a5:
                    e7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:BE:11:A0:27:A3:03:EB:38:83:0D:A2:93:1E:33:F8:9C:DB:01:7D
            X509v3 Authority Key Identifier:
                keyid:0B:78:B2:D3:F6:27:00:FE:67:E5:93:B5:A3:3D:1C:F9:17:89:25:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/P74RoCejA-s4gw2ikx4z-JzbAX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/cd7047-0816-4821-8dea-6078efd0785e/1/C3iy0_YnAP5n5ZO1oz0c-ReJJS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.113.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:e0:04:5d:00:68:c1:a2:5e:dd:4b:2e:39:24:14:1a:67:33:
         42:ad:2b:8a:b1:52:59:d5:ce:71:48:9c:d6:19:0d:c1:54:3e:
         57:43:9b:84:15:f1:00:1a:4f:91:31:a1:c3:a9:cb:fb:89:83:
         1f:ab:36:97:b5:3b:cf:17:1f:b2:21:f2:09:3e:b7:d6:52:0a:
         ce:f1:60:9b:6c:62:d2:99:38:ce:99:f4:e4:be:a1:cc:11:09:
         c3:a9:5d:0b:86:4a:d3:6c:ea:4b:66:e5:9c:52:69:b4:e3:4d:
         41:09:47:24:5f:e8:65:e4:45:37:e3:dd:4d:ad:dd:2a:80:0a:
         44:9b:fb:dd:f5:e0:f8:23:71:6a:3b:68:57:fb:b0:da:a2:9d:
         e6:c3:6e:62:a6:04:ff:14:9f:58:71:b2:66:4e:3e:93:3c:05:
         1b:f6:68:0e:05:03:6f:ba:7b:6c:43:a7:a6:c3:8e:e9:3a:df:
         32:8e:ce:e7:2e:84:fd:f3:61:62:11:50:dc:40:77:44:5a:5c:
         a5:5d:05:f2:2a:f9:20:ad:a9:50:56:68:48:2e:41:09:6b:08:
         f5:44:b7:c8:bc:30:8b:61:38:b5:e6:b2:41:2b:3a:6f:a5:4d:
         e6:42:f3:86:e9:20:52:93:a5:08:2f:bd:5f:d1:a1:bd:5f:84:
         4f:0e:31:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbn+flA56hG710QFJ4XnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNzhiMmQzZjYyNzAwZmU2N2U1OTNiNWEzM2QxY2Y5MTc4
OTI1MmYwHhcNMjQwMTAxMTQzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJlMTFhMDI3YTMwM2ViMzg4MzBkYTI5MzFlMzNmODljZGIwMTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4wFwcQfU20x15FRMmswNFg8+qEg
vJPvvHM+fC7dI8cpagfVltoU94kOs7bDxsBxCXRqi9n8SaNB4H/UOOxP/0gL3NzS
kUtpV7DCjmotPO/4X5Hl+M4N3ZrP89BS7tJvGKz6kYdKQMLdk4PFYczaD5xbcDXP
uXY1BGeK+Va/oCh98MnGu7UbF62j/NMrpk5ubrPoVjstA8k0/5uyANS5ibOo7e5T
AQ+jwBzWAalIru9r4gNVarwgmPhf/CuFF1fOQtMfaOod1lfJ1dVbNKJt+CNwbneJ
7PjjAczWdtUr7N48eLdTyQo+68wrvVTgkQhBYCFb/+8YIrsf/beTkKXnNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD++EaAnowPrOIMNopMeM/ic2wF9MB8GA1UdIwQY
MBaAFAt4stP2JwD+Z+WTtaM9HPkXiSUvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzNpeTBfWW5BUDVuNVpPMW96MGMtUmVKSlM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9jZDcwNDctMDgxNi00ODIxLThkZWEt
NjA3OGVmZDA3ODVlLzEvUDc0Um9DZWpBLXM0Z3cyaWt4NHotSnpiQVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9jZDcwNDctMDgxNi00ODIxLThkZWEtNjA3OGVmZDA3ODVl
LzEvQzNpeTBfWW5BUDVuNVpPMW96MGMtUmVKSlM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHFeMA0G
CSqGSIb3DQEBCwUAA4IBAQAs4ARdAGjBol7dSy45JBQaZzNCrSuKsVJZ1c5xSJzW
GQ3BVD5XQ5uEFfEAGk+RMaHDqcv7iYMfqzaXtTvPFx+yIfIJPrfWUgrO8WCbbGLS
mTjOmfTkvqHMEQnDqV0LhkrTbOpLZuWcUmm0401BCUckX+hl5EU3491Nrd0qgApE
m/vd9eD4I3FqO2hX+7Daop3mw25ipgT/FJ9YcbJmTj6TPAUb9mgOBQNvuntsQ6em
w47pOt8yjs7nLoT982FiEVDcQHdEWlylXQXyKvkgralQVmhILkEJawj1RLfIvDCL
YTi15rJBKzpvpU3mQvOG6SBSk6UIL71f0aG9X4RPDjHH
-----END CERTIFICATE-----