Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/91e150-d7b5-413a-83f7-7f3eb8f4895f/1/pGCW5DkvL2txC6YFVmT5IqvyUGc.roa
File:                     pGCW5DkvL2txC6YFVmT5IqvyUGc.roa (raw, json)
Hash identifier:          5ajFwR4gCNeLYyRORefH2Dgz+xEf1ju2b+SZ51xkA20=
Subject key identifier:   A4:60:96:E4:39:2F:2F:6B:71:0B:A6:05:56:64:F9:22:AB:F2:50:67
Certificate issuer:       /CN=78c580769d521c89cc797ff699cacf0ba43da9bf
Certificate serial:       018CC26D3D93FE51785DE05241E3962F1517
Authority key identifier: 78:C5:80:76:9D:52:1C:89:CC:79:7F:F6:99:CA:CF:0B:A4:3D:A9:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eMWAdp1SHInMeX_2mcrPC6Q9qb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/91e150-d7b5-413a-83f7-7f3eb8f4895f/1/pGCW5DkvL2txC6YFVmT5IqvyUGc.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        193.24.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/91e150-d7b5-413a-83f7-7f3eb8f4895f/1/eMWAdp1SHInMeX_2mcrPC6Q9qb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/91e150-d7b5-413a-83f7-7f3eb8f4895f/1/eMWAdp1SHInMeX_2mcrPC6Q9qb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eMWAdp1SHInMeX_2mcrPC6Q9qb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3d:93:fe:51:78:5d:e0:52:41:e3:96:2f:15:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78c580769d521c89cc797ff699cacf0ba43da9bf
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a46096e4392f2f6b710ba6055664f922abf25067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:48:15:07:6a:9e:44:22:a2:a5:e5:4a:3c:fe:
                    7a:5d:96:6f:b6:74:a2:dd:f7:ea:e1:cd:35:3b:02:
                    fd:52:6d:e2:2d:b8:6e:b4:20:26:1c:9d:90:b6:7b:
                    75:30:53:97:cb:c9:e1:94:cd:d0:60:27:09:4e:9a:
                    7d:69:cf:44:24:0c:eb:92:85:1f:07:9f:f8:7e:f8:
                    66:4d:0a:04:1a:17:99:cf:ec:a2:33:3d:1f:23:56:
                    9a:d5:4d:20:64:92:a3:d2:30:87:a1:60:31:ac:c5:
                    55:f5:0d:6a:82:61:af:e7:67:f4:ad:73:90:25:2c:
                    97:3f:2b:1a:ce:1f:6e:ff:3c:62:5c:01:89:68:31:
                    99:16:63:da:06:4c:86:df:bf:0d:a3:b4:43:f5:55:
                    81:56:b4:6e:ee:50:fe:30:0d:28:4f:95:8f:b0:e4:
                    f5:a4:ce:27:a5:9c:e7:50:e7:44:ec:e0:07:4e:40:
                    c6:c7:e1:45:d6:d7:9e:24:e9:3f:2e:69:cd:57:6b:
                    5e:73:25:83:cd:c7:5d:42:28:2e:5d:ea:78:d4:0c:
                    60:ce:a7:a6:66:18:3c:6f:8f:aa:41:7a:a3:69:b4:
                    29:f8:7b:53:4f:b7:29:30:1b:31:35:82:11:73:3a:
                    b9:93:87:fc:14:81:97:79:fe:be:3d:02:2a:7f:0e:
                    23:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:60:96:E4:39:2F:2F:6B:71:0B:A6:05:56:64:F9:22:AB:F2:50:67
            X509v3 Authority Key Identifier:
                keyid:78:C5:80:76:9D:52:1C:89:CC:79:7F:F6:99:CA:CF:0B:A4:3D:A9:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eMWAdp1SHInMeX_2mcrPC6Q9qb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/91e150-d7b5-413a-83f7-7f3eb8f4895f/1/pGCW5DkvL2txC6YFVmT5IqvyUGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/91e150-d7b5-413a-83f7-7f3eb8f4895f/1/eMWAdp1SHInMeX_2mcrPC6Q9qb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:9e:5e:c2:6f:a4:e6:c8:09:ac:28:54:7f:dc:72:bd:a5:18:
         42:f3:1c:4c:d1:5b:aa:04:e5:24:21:95:05:fa:86:46:3b:5f:
         44:11:73:99:a6:9a:c7:e5:33:1d:b4:f7:13:2d:4e:33:3e:a9:
         38:9a:f0:7e:93:4b:6b:80:67:ca:a8:8e:1b:1c:67:cd:2b:87:
         89:0e:80:80:a6:17:2f:a2:1a:7b:96:bc:71:a0:41:f5:b3:de:
         16:46:32:28:98:29:f9:b3:ed:c8:04:a4:18:91:ed:77:67:26:
         4b:55:8b:bb:ed:ab:14:5a:34:91:54:80:1b:7c:83:8e:94:d9:
         9d:7f:45:af:2d:f6:7b:ea:bf:c0:6c:dd:4f:e6:77:1e:a8:50:
         42:a1:42:c9:27:84:07:31:5e:2e:16:01:f1:5a:5f:b6:4c:6c:
         6d:63:b4:55:76:c7:74:9c:f0:34:d7:4b:05:db:32:4f:a6:9b:
         a6:a7:74:08:9d:b9:ec:7a:e2:15:62:8f:e4:39:27:fa:b2:29:
         dd:07:30:2b:f1:62:15:bd:4f:4c:d4:c3:5a:b6:51:21:2c:27:
         c7:bb:00:fc:d9:73:34:c3:74:a4:3d:93:48:a2:67:c3:a5:c5:
         01:27:14:2b:88:45:94:a0:38:5f:18:d2:74:ab:cc:13:2e:d9:
         43:02:03:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbT2T/lF4XeBSQeOWLxUXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YzU4MDc2OWQ1MjFjODljYzc5N2ZmNjk5Y2FjZjBiYTQz
ZGE5YmYwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDYwOTZlNDM5MmYyZjZiNzEwYmE2MDU1NjY0ZjkyMmFiZjI1MDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0gVB2qeRCKipeVKPP56XZZvtnSi
3ffq4c01OwL9Um3iLbhutCAmHJ2Qtnt1MFOXy8nhlM3QYCcJTpp9ac9EJAzrkoUf
B5/4fvhmTQoEGheZz+yiMz0fI1aa1U0gZJKj0jCHoWAxrMVV9Q1qgmGv52f0rXOQ
JSyXPysazh9u/zxiXAGJaDGZFmPaBkyG378No7RD9VWBVrRu7lD+MA0oT5WPsOT1
pM4npZznUOdE7OAHTkDGx+FF1teeJOk/LmnNV2tecyWDzcddQiguXep41Axgzqem
Zhg8b4+qQXqjabQp+HtTT7cpMBsxNYIRczq5k4f8FIGXef6+PQIqfw4jjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRgluQ5Ly9rcQumBVZk+SKr8lBnMB8GA1UdIwQY
MBaAFHjFgHadUhyJzHl/9pnKzwukPam/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU1XQWRwMVNISW5NZVhfMm1jclBDNlE5cWI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi85MWUxNTAtZDdiNS00MTNhLTgzZjct
N2YzZWI4ZjQ4OTVmLzEvcEdDVzVEa3ZMMnR4QzZZRlZtVDVJcXZ5VUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi85MWUxNTAtZDdiNS00MTNhLTgzZjctN2YzZWI4ZjQ4OTVm
LzEvZU1XQWRwMVNISW5NZVhfMm1jclBDNlE5cWI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRgsMA0G
CSqGSIb3DQEBCwUAA4IBAQC4nl7Cb6TmyAmsKFR/3HK9pRhC8xxM0VuqBOUkIZUF
+oZGO19EEXOZpprH5TMdtPcTLU4zPqk4mvB+k0trgGfKqI4bHGfNK4eJDoCAphcv
ohp7lrxxoEH1s94WRjIomCn5s+3IBKQYke13ZyZLVYu77asUWjSRVIAbfIOOlNmd
f0WvLfZ76r/AbN1P5nceqFBCoULJJ4QHMV4uFgHxWl+2TGxtY7RVdsd0nPA010sF
2zJPppump3QInbnseuIVYo/kOSf6sindBzAr8WIVvU9M1MNatlEhLCfHuwD82XM0
w3SkPZNIomfDpcUBJxQriEWUoDhfGNJ0q8wTLtlDAgNd
-----END CERTIFICATE-----