Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/9zOiPn1minz1G0jBU1k7OS8fH98.roa
File:                     9zOiPn1minz1G0jBU1k7OS8fH98.roa (raw, json)
Hash identifier:          PIr9DZ/Me263Niqs6RY1UTCbKaxeqJIXQVm8WBufB9c=
Subject key identifier:   F7:33:A2:3E:7D:66:8A:7C:F5:1B:48:C1:53:59:3B:39:2F:1F:1F:DF
Certificate issuer:       /CN=0170a169b6cd411022279e9ff997f134ff54ab1c
Certificate serial:       018CC9BCEB575ECF5B438844048DA390ECED
Authority key identifier: 01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/9zOiPn1minz1G0jBU1k7OS8fH98.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9192
IP address blocks:        91.126.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:eb:57:5e:cf:5b:43:88:44:04:8d:a3:90:ec:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0170a169b6cd411022279e9ff997f134ff54ab1c
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f733a23e7d668a7cf51b48c153593b392f1f1fdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:01:a2:d8:61:56:1e:b5:d3:84:9f:31:f3:4a:
                    1a:87:4f:2c:9e:df:dd:80:ae:a5:c3:db:e4:e4:e1:
                    a9:47:06:14:b2:b9:d5:ea:f7:6b:ff:f2:30:b5:7e:
                    f3:82:16:61:b7:29:e1:23:ac:a1:21:b3:e0:67:82:
                    58:07:29:fe:39:d1:d5:ad:fc:47:12:9f:cf:a0:69:
                    f3:b8:17:0b:a9:32:ef:bf:f5:dc:d7:f3:0a:6c:d5:
                    f0:1d:44:53:5e:2c:63:74:55:1d:35:ac:80:6b:28:
                    83:89:23:60:19:2e:68:bf:b9:cb:88:c0:04:93:0a:
                    7d:f4:47:e2:b6:d0:66:63:1a:03:10:a3:a3:7f:e0:
                    19:eb:ba:93:fe:75:a1:ea:22:f5:cb:e5:ba:c1:d9:
                    59:27:ee:1e:36:53:8f:00:10:43:f3:e4:85:e8:e2:
                    b9:85:db:9b:43:93:4b:6a:69:79:81:23:a5:fb:69:
                    c9:69:47:e1:de:3f:91:cd:b0:09:1c:04:4c:1d:8a:
                    49:be:17:f9:28:fe:39:b0:58:fa:3a:e5:fb:43:6f:
                    2e:68:8c:ee:90:7c:05:62:52:1c:29:37:53:47:46:
                    08:9d:bd:99:3d:5d:4b:b6:d5:37:f6:77:cf:c1:70:
                    3d:b5:bc:76:c9:61:e3:e3:ee:e2:e7:9f:e0:22:8b:
                    bd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:33:A2:3E:7D:66:8A:7C:F5:1B:48:C1:53:59:3B:39:2F:1F:1F:DF
            X509v3 Authority Key Identifier:
                keyid:01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/9zOiPn1minz1G0jBU1k7OS8fH98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.126.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:32:fa:ee:1b:3c:3e:0d:45:d4:a4:b9:49:89:4e:00:ac:96:
         4f:d3:50:24:da:c4:c0:6d:89:08:cc:44:7f:03:45:c5:b5:71:
         66:17:41:9e:6a:24:56:2a:80:d7:24:3d:d7:02:99:d6:88:8d:
         9d:d2:b0:02:06:63:44:b2:6e:20:b1:20:2a:17:b9:c5:28:60:
         66:1e:11:79:85:59:ce:93:8f:97:d2:48:7c:3e:a3:c8:0a:99:
         90:a8:7b:36:86:58:3f:bc:0a:7f:63:de:71:59:a5:e4:d7:4e:
         b2:bb:48:5f:9e:b5:31:43:72:9b:3f:80:8e:aa:03:0a:ef:d2:
         6a:4e:d6:a7:eb:e7:7c:38:b4:df:ea:7d:c4:49:98:19:58:d6:
         0a:dc:73:80:26:43:39:75:a2:d7:32:60:39:3b:5c:3d:9b:01:
         ec:b0:59:d6:75:39:16:2c:54:35:b2:bc:4a:61:18:82:7c:a9:
         a6:0d:ec:98:d5:b0:22:81:7a:fb:18:0d:2e:3d:e4:72:80:5e:
         5b:6f:1a:48:11:77:05:0b:ad:7b:c7:3c:70:69:c4:5c:ee:41:
         26:d7:43:a4:3e:23:8b:e7:45:f9:0c:3f:bd:ab:a3:de:09:2c:
         73:42:0e:1a:82:b0:10:58:19:bd:0f:72:4f:27:65:0d:b3:4b:
         88:20:b1:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvOtXXs9bQ4hEBI2jkOztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNzBhMTY5YjZjZDQxMTAyMjI3OWU5ZmY5OTdmMTM0ZmY1
NGFiMWMwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzMzYTIzZTdkNjY4YTdjZjUxYjQ4YzE1MzU5M2IzOTJmMWYxZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgGi2GFWHrXThJ8x80oah08snt/d
gK6lw9vk5OGpRwYUsrnV6vdr//IwtX7zghZhtynhI6yhIbPgZ4JYByn+OdHVrfxH
Ep/PoGnzuBcLqTLvv/Xc1/MKbNXwHURTXixjdFUdNayAayiDiSNgGS5ov7nLiMAE
kwp99EfittBmYxoDEKOjf+AZ67qT/nWh6iL1y+W6wdlZJ+4eNlOPABBD8+SF6OK5
hdubQ5NLaml5gSOl+2nJaUfh3j+RzbAJHARMHYpJvhf5KP45sFj6OuX7Q28uaIzu
kHwFYlIcKTdTR0YInb2ZPV1LttU39nfPwXA9tbx2yWHj4+7i55/gIou94wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPczoj59Zop89RtIwVNZOzkvHx/fMB8GA1UdIwQY
MBaAFAFwoWm2zUEQIieen/mX8TT/VKscMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVhDaGFiYk5RUkFpSjU2Zi1aZnhOUDlVcXh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xZTc3N2YtOTg2Yi00ZTM0LThkODEt
N2Q0YmIyMzgwNDg3LzEvOXpPaVBuMW1pbnoxRzBqQlUxazdPUzhmSDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xZTc3N2YtOTg2Yi00ZTM0LThkODEtN2Q0YmIyMzgwNDg3
LzEvQVhDaGFiYk5RUkFpSjU2Zi1aZnhOUDlVcXh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW35OMA0G
CSqGSIb3DQEBCwUAA4IBAQCaMvruGzw+DUXUpLlJiU4ArJZP01Ak2sTAbYkIzER/
A0XFtXFmF0GeaiRWKoDXJD3XApnWiI2d0rACBmNEsm4gsSAqF7nFKGBmHhF5hVnO
k4+X0kh8PqPICpmQqHs2hlg/vAp/Y95xWaXk106yu0hfnrUxQ3KbP4COqgMK79Jq
Ttan6+d8OLTf6n3ESZgZWNYK3HOAJkM5daLXMmA5O1w9mwHssFnWdTkWLFQ1srxK
YRiCfKmmDeyY1bAigXr7GA0uPeRygF5bbxpIEXcFC617xzxwacRc7kEm10OkPiOL
50X5DD+9q6PeCSxzQg4agrAQWBm9D3JPJ2UNs0uIILFS
-----END CERTIFICATE-----