Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/nG9TSLmC6IDejRcYoVc6wUiKz_E.roa
File:                     nG9TSLmC6IDejRcYoVc6wUiKz_E.roa (raw, json)
Hash identifier:          1Lv5/VZjhXuQu/3kZW1TD7QBtDo/s8U+RPvYWQ58eG8=
Subject key identifier:   9C:6F:53:48:B9:82:E8:80:DE:8D:17:18:A1:57:3A:C1:48:8A:CF:F1
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA97BC1C880628086F3D454EF0AE93
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/nG9TSLmC6IDejRcYoVc6wUiKz_E.roa
Signing time:             Tue 02 Jan 2024 10:31:37 +0000
ROA not before:           Tue 02 Jan 2024 10:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41378
IP address blocks:        178.253.52.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:97:bc:1c:88:06:28:08:6f:3d:45:4e:f0:ae:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c6f5348b982e880de8d1718a1573ac1488acff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:42:3e:aa:27:9f:99:ef:27:f9:d9:3d:89:be:
                    5e:eb:3d:be:ac:ce:2b:e3:be:c5:b9:c5:36:61:07:
                    be:76:87:17:5e:95:87:ac:8b:8f:e8:7a:8a:89:45:
                    06:5e:b6:ec:a8:aa:8b:dd:fb:d7:57:17:5a:14:ab:
                    58:af:3e:d6:82:24:d6:8d:de:45:b5:79:37:cb:ff:
                    da:cd:ab:e0:5c:d1:a8:61:79:13:ac:96:8e:2d:62:
                    59:19:71:38:5e:81:a5:99:9a:19:e6:88:42:1c:91:
                    f7:f2:da:d6:52:1d:e8:aa:bd:00:8d:ab:3a:f6:63:
                    69:21:33:47:95:82:d0:1d:e1:96:74:59:43:08:d3:
                    b6:f2:66:c1:c1:22:28:d2:f5:6c:f7:2e:1a:d2:ec:
                    e4:c0:b8:fc:ee:44:0d:c7:9e:65:a1:35:ac:9f:6a:
                    aa:e0:4b:3c:13:36:43:9f:c0:7b:79:51:af:86:ca:
                    e4:b8:6a:92:89:38:16:68:0b:5f:63:d9:01:1c:62:
                    b3:ce:0d:cd:4d:2c:cd:23:07:bc:af:e9:77:c1:44:
                    85:7a:12:66:f5:78:b5:fa:cd:54:8a:26:37:6c:0a:
                    eb:e5:10:73:c0:c4:64:c2:63:88:f3:40:3e:85:2e:
                    c0:e7:42:7c:2b:1f:57:aa:11:6f:25:89:c9:49:4a:
                    8c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:6F:53:48:B9:82:E8:80:DE:8D:17:18:A1:57:3A:C1:48:8A:CF:F1
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/nG9TSLmC6IDejRcYoVc6wUiKz_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         64:57:99:69:e1:99:db:81:32:e7:fc:40:2a:1c:33:99:62:c2:
         c6:7c:a0:1d:bb:c0:08:1e:da:e6:48:de:4b:04:33:95:08:cf:
         f9:88:54:3f:4f:d7:3d:9a:5e:b5:ab:e3:30:43:e4:ad:cd:b5:
         7c:26:9b:e2:75:af:dc:14:8f:7a:60:b5:68:3c:22:43:0c:6e:
         77:23:1f:9d:f1:d1:48:04:06:68:90:51:9a:03:51:1b:9a:fb:
         4b:b9:2a:42:b0:2a:e3:b9:5d:e4:3c:42:4b:c3:24:5a:b9:1d:
         b7:91:34:4d:4c:6a:9c:13:a9:ae:42:0d:0d:b0:87:11:f0:10:
         09:e1:34:9c:f3:83:31:65:89:23:94:25:fb:94:86:1e:dc:a7:
         4e:6b:0b:91:2b:d4:b6:7f:a5:9e:37:2e:79:b5:e3:6a:3f:ac:
         ea:36:c4:e3:a3:a8:49:27:ef:8d:84:7e:f5:fc:ce:2a:29:17:
         8b:ec:cc:6b:24:ea:73:d4:89:86:62:97:dd:00:55:a7:67:4a:
         36:f9:5a:b0:c0:d5:60:6d:44:6f:6c:1d:63:17:eb:a4:ac:1e:
         0b:57:16:81:e9:fe:2f:ac:1c:0b:a8:ad:1d:12:a7:8d:41:17:
         d6:05:c7:ef:3f:30:8a:23:62:f2:49:60:5a:22:56:16:31:41:
         25:d4:d7:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupe8HIgGKAhvPUVO8K6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzZmNTM0OGI5ODJlODgwZGU4ZDE3MThhMTU3M2FjMTQ4OGFjZmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUI+qiefme8n+dk9ib5e6z2+rM4r
477FucU2YQe+docXXpWHrIuP6HqKiUUGXrbsqKqL3fvXVxdaFKtYrz7WgiTWjd5F
tXk3y//azavgXNGoYXkTrJaOLWJZGXE4XoGlmZoZ5ohCHJH38trWUh3oqr0Ajas6
9mNpITNHlYLQHeGWdFlDCNO28mbBwSIo0vVs9y4a0uzkwLj87kQNx55loTWsn2qq
4Es8EzZDn8B7eVGvhsrkuGqSiTgWaAtfY9kBHGKzzg3NTSzNIwe8r+l3wUSFehJm
9Xi1+s1UiiY3bArr5RBzwMRkwmOI80A+hS7A50J8Kx9XqhFvJYnJSUqMSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxvU0i5guiA3o0XGKFXOsFIis/xMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvbkc5VFNMbUM2SURlalJjWW9WYzZ3VWlLel9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsv00MA0G
CSqGSIb3DQEBCwUAA4IBAQBkV5lp4ZnbgTLn/EAqHDOZYsLGfKAdu8AIHtrmSN5L
BDOVCM/5iFQ/T9c9ml61q+MwQ+StzbV8Jpvida/cFI96YLVoPCJDDG53Ix+d8dFI
BAZokFGaA1EbmvtLuSpCsCrjuV3kPEJLwyRauR23kTRNTGqcE6muQg0NsIcR8BAJ
4TSc84MxZYkjlCX7lIYe3KdOawuRK9S2f6WeNy55teNqP6zqNsTjo6hJJ++NhH71
/M4qKReL7MxrJOpz1ImGYpfdAFWnZ0o2+VqwwNVgbURvbB1jF+ukrB4LVxaB6f4v
rBwLqK0dEqeNQRfWBcfvPzCKI2LySWBaIlYWMUEl1Ne5
-----END CERTIFICATE-----