Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/pgR4KbeLq45E2YXWbBrRhAT3UPM.roa
File:                     pgR4KbeLq45E2YXWbBrRhAT3UPM.roa (raw, json)
Hash identifier:          dRDJP/XBN42/UuoXW9BnzqyMUBkyYkYJjD4qwUYpDlM=
Subject key identifier:   A6:04:78:29:B7:8B:AB:8E:44:D9:85:D6:6C:1A:D1:84:04:F7:50:F3
Certificate issuer:       /CN=c9b232958097b5863eafd047bb315171eaa01fb7
Certificate serial:       018CC56EBB02EB59A91F198107831338876E
Authority key identifier: C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/pgR4KbeLq45E2YXWbBrRhAT3UPM.roa
Signing time:             Mon 01 Jan 2024 14:30:17 +0000
ROA not before:           Mon 01 Jan 2024 14:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42890
IP address blocks:        178.255.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:bb:02:eb:59:a9:1f:19:81:07:83:13:38:87:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b232958097b5863eafd047bb315171eaa01fb7
        Validity
            Not Before: Jan  1 14:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6047829b78bab8e44d985d66c1ad18404f750f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f5:bb:9e:b0:8d:58:d7:ec:53:92:b7:c8:07:
                    56:93:da:67:48:6d:73:20:86:9f:b7:b6:f4:20:ef:
                    c8:05:46:6b:a5:37:55:55:be:4a:ae:eb:9e:6b:38:
                    07:07:f1:c8:5e:09:1d:42:7a:b2:57:8f:6a:f6:75:
                    cb:61:c1:db:c6:4e:91:d1:01:04:76:aa:ac:d2:d7:
                    de:94:0e:a5:bf:fe:66:57:a1:67:5b:20:60:f5:87:
                    e9:d8:f7:c2:82:13:b4:2b:a8:cb:2a:42:3b:f5:f6:
                    d2:95:bd:4f:1a:92:a7:2f:7c:04:7c:bc:29:e2:5e:
                    7e:1b:41:5f:43:84:2b:7b:e7:0a:ed:63:0b:24:6f:
                    29:78:84:55:20:c1:70:60:62:6d:36:4f:fa:28:e6:
                    24:16:64:d0:f4:e0:e7:10:03:b5:0f:46:dc:8a:a7:
                    a0:98:8c:94:79:df:37:0e:70:e1:3e:67:39:99:52:
                    9f:73:c8:b9:bf:47:aa:2a:be:6e:e1:ea:02:52:80:
                    99:ef:81:fe:b5:a9:4e:b4:b2:fa:ba:4c:e9:ed:9b:
                    61:0f:45:f8:95:ee:a4:b5:93:13:f5:c6:5e:eb:57:
                    6f:80:7d:46:19:3d:93:c6:ea:fc:ef:3e:25:d6:69:
                    46:49:05:05:01:cf:4a:ed:d1:86:b5:92:f0:00:de:
                    e9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:04:78:29:B7:8B:AB:8E:44:D9:85:D6:6C:1A:D1:84:04:F7:50:F3
            X509v3 Authority Key Identifier:
                keyid:C9:B2:32:95:80:97:B5:86:3E:AF:D0:47:BB:31:51:71:EA:A0:1F:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybIylYCXtYY-r9BHuzFRceqgH7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/pgR4KbeLq45E2YXWbBrRhAT3UPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f35432-cf99-4f19-a76e-07b7fef0858f/1/ybIylYCXtYY-r9BHuzFRceqgH7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:fc:4d:d9:9c:20:22:70:e5:f3:51:61:de:e0:31:4f:e0:cb:
         27:ea:b7:14:41:90:0d:bf:ee:34:93:93:de:a1:09:06:f2:51:
         ec:22:6d:84:4f:08:2c:83:86:76:a6:93:e2:02:5f:31:7f:82:
         c9:73:bb:91:2a:d7:b0:e7:55:56:2b:d6:6a:03:f4:ff:11:e5:
         8c:2f:08:ed:d9:26:39:97:f2:d0:ce:2a:92:b2:af:3e:5b:4b:
         88:da:26:bc:90:cb:88:48:6c:f9:08:af:ee:e0:48:64:12:83:
         67:d1:10:73:cf:df:51:2a:b2:2c:d5:3a:9e:f2:5a:64:cc:70:
         05:58:47:e3:d1:fe:b4:c0:53:53:20:4d:f6:98:9b:03:8a:9d:
         52:6b:09:e4:a3:34:50:e4:01:95:4c:e7:7b:76:11:80:9a:93:
         80:b9:1e:29:96:d8:32:c4:6c:b0:ad:f6:4e:35:43:6e:fe:34:
         4a:a3:63:d2:b7:2d:9e:23:fb:ad:2c:38:d5:fa:be:9c:20:89:
         b0:b1:10:49:c2:48:1c:d7:3a:57:dd:f9:44:33:c7:ba:a5:18:
         ee:ce:d9:c8:b3:02:07:53:aa:d2:7f:8c:11:9e:c6:d6:ed:e2:
         47:20:28:a0:fd:5e:55:08:1d:88:8f:cf:cd:15:72:89:f6:f0:
         3f:2f:84:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbrsC61mpHxmBB4MTOIduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjIzMjk1ODA5N2I1ODYzZWFmZDA0N2JiMzE1MTcxZWFh
MDFmYjcwHhcNMjQwMTAxMTQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjA0NzgyOWI3OGJhYjhlNDRkOTg1ZDY2YzFhZDE4NDA0Zjc1MGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPW7nrCNWNfsU5K3yAdWk9pnSG1z
IIaft7b0IO/IBUZrpTdVVb5KruueazgHB/HIXgkdQnqyV49q9nXLYcHbxk6R0QEE
dqqs0tfelA6lv/5mV6FnWyBg9Yfp2PfCghO0K6jLKkI79fbSlb1PGpKnL3wEfLwp
4l5+G0FfQ4Qre+cK7WMLJG8peIRVIMFwYGJtNk/6KOYkFmTQ9ODnEAO1D0bciqeg
mIyUed83DnDhPmc5mVKfc8i5v0eqKr5u4eoCUoCZ74H+talOtLL6ukzp7ZthD0X4
le6ktZMT9cZe61dvgH1GGT2Txur87z4l1mlGSQUFAc9K7dGGtZLwAN7phwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYEeCm3i6uORNmF1mwa0YQE91DzMB8GA1UdIwQY
MBaAFMmyMpWAl7WGPq/QR7sxUXHqoB+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUt
MDdiN2ZlZjA4NThmLzEvcGdSNEtiZUxxNDVFMllYV2JCclJoQVQzVVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMzU0MzItY2Y5OS00ZjE5LWE3NmUtMDdiN2ZlZjA4NThm
LzEveWJJeWxZQ1h0WVktcjlCSHV6RlJjZXFnSDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsv8gMA0G
CSqGSIb3DQEBCwUAA4IBAQC//E3ZnCAicOXzUWHe4DFP4Msn6rcUQZANv+40k5Pe
oQkG8lHsIm2ETwgsg4Z2ppPiAl8xf4LJc7uRKtew51VWK9ZqA/T/EeWMLwjt2SY5
l/LQziqSsq8+W0uI2ia8kMuISGz5CK/u4EhkEoNn0RBzz99RKrIs1Tqe8lpkzHAF
WEfj0f60wFNTIE32mJsDip1SawnkozRQ5AGVTOd7dhGAmpOAuR4pltgyxGywrfZO
NUNu/jRKo2PSty2eI/utLDjV+r6cIImwsRBJwkgc1zpX3flEM8e6pRjuztnIswIH
U6rSf4wRnsbW7eJHICig/V5VCB2Ij8/NFXKJ9vA/L4S8
-----END CERTIFICATE-----