Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/9H7gt8W0ly2AiuDIaMEczt6Fk_M.roa
File:                     9H7gt8W0ly2AiuDIaMEczt6Fk_M.roa (raw, json)
Hash identifier:          6rdHcdOr9EZbyw864yVNJe8xSlLQIQitZlEbWAKuA5U=
Subject key identifier:   F4:7E:E0:B7:C5:B4:97:2D:80:8A:E0:C8:68:C1:1C:CE:DE:85:93:F3
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA98F51D10667279838A2021F51A7D
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/9H7gt8W0ly2AiuDIaMEczt6Fk_M.roa
Signing time:             Tue 02 Jan 2024 10:31:38 +0000
ROA not before:           Tue 02 Jan 2024 10:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46844
IP address blocks:        178.253.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:98:f5:1d:10:66:72:79:83:8a:20:21:f5:1a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f47ee0b7c5b4972d808ae0c868c11ccede8593f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8c:92:1a:d8:8d:ac:95:ff:34:b6:7a:24:c1:
                    cb:69:2a:aa:9d:59:95:9d:da:03:69:00:d6:f8:d9:
                    82:c2:98:4f:3b:83:6d:01:4d:59:fa:11:13:05:77:
                    d2:bc:1e:cf:26:85:bd:4c:7a:dd:63:a0:03:d5:cc:
                    72:27:84:44:38:45:ae:6a:66:e2:09:04:ff:96:b2:
                    c1:ed:8d:48:a0:b2:da:0e:1a:45:91:be:e2:62:2c:
                    8a:92:47:6a:37:3b:89:40:c5:5a:b3:9c:e7:24:11:
                    19:8b:83:1e:01:62:b0:a9:17:2a:31:39:08:b2:18:
                    40:07:07:79:8a:01:b2:31:c7:c2:00:28:d6:71:a4:
                    72:a5:d3:a5:dc:f7:4d:c4:34:18:df:3a:e1:fe:36:
                    35:30:49:16:e3:9a:84:51:2b:d5:fe:6e:a5:28:16:
                    0a:50:4d:6c:f8:73:1d:0a:50:5b:87:fd:f9:62:6f:
                    a0:77:2b:31:55:9d:1c:f8:e4:27:ba:e5:d8:4d:19:
                    fb:68:50:b8:89:17:67:26:c0:b2:6f:98:28:48:33:
                    5a:bd:94:f8:79:f6:67:65:7c:e8:bf:f4:59:d7:40:
                    86:7a:ee:03:a3:cd:a1:70:81:39:17:32:31:d3:50:
                    86:e3:29:43:c8:01:92:e8:31:93:02:40:e7:32:01:
                    95:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:7E:E0:B7:C5:B4:97:2D:80:8A:E0:C8:68:C1:1C:CE:DE:85:93:F3
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/9H7gt8W0ly2AiuDIaMEczt6Fk_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:b9:be:83:62:61:93:cc:60:73:78:ea:24:4a:ed:94:96:c5:
         ab:c4:2e:bc:18:70:f8:51:9b:c4:e7:74:58:7d:d7:4b:73:31:
         2d:81:82:c7:4d:87:14:2b:66:66:7f:f0:1e:f0:db:c1:1a:aa:
         7e:df:33:3e:03:39:0b:d5:c7:fa:c4:b8:07:d6:15:cb:d3:c2:
         9d:2f:e0:71:a9:b5:1a:b7:fc:34:df:36:12:84:d7:33:28:51:
         29:4b:75:e4:ff:f5:e0:30:81:73:9f:3d:30:54:b6:29:93:77:
         68:13:32:3b:a3:2b:ab:aa:0c:91:04:0d:32:16:4f:56:f6:a1:
         16:b6:87:66:3f:af:df:1e:42:a6:5f:52:46:e1:5c:a9:0e:1d:
         c8:39:e9:9b:08:9c:09:88:c1:53:37:1c:e4:45:3b:3d:43:d5:
         4e:2b:24:a6:a2:24:4d:1f:4f:62:95:ee:dd:1c:2b:b0:9d:32:
         bf:7e:c2:67:e2:03:9d:29:90:12:ca:be:30:32:c0:b3:f7:44:
         37:01:89:0f:6a:c6:d0:4a:6a:2a:d0:0f:a6:0e:d5:38:c1:4d:
         fc:cf:85:b7:c4:cd:0c:b4:d8:d3:23:9d:83:cf:93:7e:58:81:
         77:84:eb:cc:a0:21:2e:fe:cf:a0:47:83:8f:5a:f9:84:86:15:
         b5:61:b8:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupj1HRBmcnmDiiAh9Rp9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDdlZTBiN2M1YjQ5NzJkODA4YWUwYzg2OGMxMWNjZWRlODU5M2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIySGtiNrJX/NLZ6JMHLaSqqnVmV
ndoDaQDW+NmCwphPO4NtAU1Z+hETBXfSvB7PJoW9THrdY6AD1cxyJ4REOEWuambi
CQT/lrLB7Y1IoLLaDhpFkb7iYiyKkkdqNzuJQMVas5znJBEZi4MeAWKwqRcqMTkI
shhABwd5igGyMcfCACjWcaRypdOl3PdNxDQY3zrh/jY1MEkW45qEUSvV/m6lKBYK
UE1s+HMdClBbh/35Ym+gdysxVZ0c+OQnuuXYTRn7aFC4iRdnJsCyb5goSDNavZT4
efZnZXzov/RZ10CGeu4Do82hcIE5FzIx01CG4ylDyAGS6DGTAkDnMgGVVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPR+4LfFtJctgIrgyGjBHM7ehZPzMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvOUg3Z3Q4VzBseTJBaXVESWFNRWN6dDZGa19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0QMA0G
CSqGSIb3DQEBCwUAA4IBAQBUub6DYmGTzGBzeOokSu2UlsWrxC68GHD4UZvE53RY
fddLczEtgYLHTYcUK2Zmf/Ae8NvBGqp+3zM+AzkL1cf6xLgH1hXL08KdL+BxqbUa
t/w03zYShNczKFEpS3Xk//XgMIFznz0wVLYpk3doEzI7oyurqgyRBA0yFk9W9qEW
todmP6/fHkKmX1JG4VypDh3IOembCJwJiMFTNxzkRTs9Q9VOKySmoiRNH09ile7d
HCuwnTK/fsJn4gOdKZASyr4wMsCz90Q3AYkPasbQSmoq0A+mDtU4wU38z4W3xM0M
tNjTI52Dz5N+WIF3hOvMoCEu/s+gR4OPWvmEhhW1Ybhu
-----END CERTIFICATE-----