Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/c9GKE2B4-8uvcJE4TCoxad3pVlY.roa
File:                     c9GKE2B4-8uvcJE4TCoxad3pVlY.roa (raw, json)
Hash identifier:          uzeuBb8w1hX5WmUUSuB0oPZ/O4jC/KfODFLhIAT2ojs=
Subject key identifier:   73:D1:8A:13:60:78:FB:CB:AF:70:91:38:4C:2A:31:69:DD:E9:56:56
Certificate issuer:       /CN=602be661e57c14659a608e9f6be605d6250047fc
Certificate serial:       018CC6B800E4D7460866664362A4D35498F7
Authority key identifier: 60:2B:E6:61:E5:7C:14:65:9A:60:8E:9F:6B:E6:05:D6:25:00:47:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YCvmYeV8FGWaYI6fa-YF1iUAR_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/c9GKE2B4-8uvcJE4TCoxad3pVlY.roa
Signing time:             Mon 01 Jan 2024 20:29:56 +0000
ROA not before:           Mon 01 Jan 2024 20:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41544
IP address blocks:        195.78.92.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/YCvmYeV8FGWaYI6fa-YF1iUAR_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/YCvmYeV8FGWaYI6fa-YF1iUAR_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YCvmYeV8FGWaYI6fa-YF1iUAR_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 14:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:00:e4:d7:46:08:66:66:43:62:a4:d3:54:98:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=602be661e57c14659a608e9f6be605d6250047fc
        Validity
            Not Before: Jan  1 20:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73d18a136078fbcbaf7091384c2a3169dde95656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:75:84:e9:e3:30:45:3f:b2:04:1d:8a:2f:cd:
                    5d:d5:26:b2:24:a3:a7:f8:1f:22:59:7d:e5:bc:da:
                    40:48:a9:e8:9e:0b:44:b7:1e:a4:19:cc:1d:7a:fc:
                    d5:ec:3e:0a:45:81:e3:2a:8b:73:05:96:cf:95:63:
                    dd:96:50:d3:8f:97:e6:00:b7:97:49:90:2c:bc:9d:
                    39:0f:6d:90:ae:07:71:d7:03:f1:59:c6:bf:fe:8b:
                    7c:17:95:4b:0c:8a:db:82:1f:d5:2f:78:e7:d5:76:
                    5c:b0:5e:47:6a:6f:6f:cb:75:79:b4:e6:d4:e3:02:
                    1f:1b:d3:51:0a:75:92:62:13:db:7f:61:03:85:c8:
                    c5:b9:fc:ed:bc:ae:60:a6:e8:dd:08:de:6d:a0:a4:
                    ff:07:7e:7d:bb:11:d8:ae:07:60:e3:e1:28:7b:b7:
                    a2:95:1e:30:af:d0:0c:17:20:9b:9a:81:e4:d7:1d:
                    07:7b:98:60:dc:9f:45:3f:a6:6d:3d:8a:46:01:60:
                    62:7b:3a:d9:a8:ee:10:77:a4:f8:e0:f2:75:66:96:
                    a5:28:1b:a1:ac:1d:0d:e4:3b:3e:82:e7:8d:81:72:
                    86:89:9b:a5:59:9e:dc:78:86:d6:86:f2:ac:39:34:
                    10:7a:18:3f:60:b6:4d:4f:0d:79:a8:bf:0c:15:4b:
                    a9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D1:8A:13:60:78:FB:CB:AF:70:91:38:4C:2A:31:69:DD:E9:56:56
            X509v3 Authority Key Identifier:
                keyid:60:2B:E6:61:E5:7C:14:65:9A:60:8E:9F:6B:E6:05:D6:25:00:47:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YCvmYeV8FGWaYI6fa-YF1iUAR_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/c9GKE2B4-8uvcJE4TCoxad3pVlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/YCvmYeV8FGWaYI6fa-YF1iUAR_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.78.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:9b:49:12:f2:8b:36:75:e6:a7:8d:7b:d0:be:de:45:2e:29:
         1b:76:8b:31:aa:5d:e6:98:38:51:e1:e0:f9:a6:ec:d3:86:65:
         55:a9:2c:ba:3a:42:65:11:31:6c:ab:b6:f2:55:75:a3:02:a6:
         14:3c:0b:78:b3:59:23:93:b4:c1:59:5a:11:64:14:78:f4:70:
         48:21:cf:f6:45:43:79:f6:db:5a:43:10:7c:37:76:35:35:a6:
         20:35:82:45:09:df:40:44:e4:73:c6:29:b8:3b:76:08:4f:ca:
         26:67:ec:87:aa:7e:87:a6:7b:84:f3:fe:f9:26:42:a0:57:2a:
         63:ad:3b:d7:a8:25:6a:8c:33:04:b0:c2:11:32:71:e7:a0:3a:
         2b:4b:4a:2f:d2:15:cf:d1:12:23:11:fc:aa:7d:7b:81:04:e3:
         04:a7:c9:94:10:3f:86:a6:bd:a8:5c:81:26:99:41:2f:5c:a4:
         b0:67:cb:91:ba:a5:66:e9:43:55:83:be:35:92:92:9f:f7:c6:
         d5:6d:72:68:40:82:3a:56:1d:a6:15:7f:ef:41:0c:9e:70:8d:
         3a:bf:8e:56:74:94:74:37:6b:16:8b:27:fe:6e:64:29:e9:a1:
         22:62:c0:70:17:03:d0:56:cd:e1:ae:a2:5a:3f:6e:81:bf:47:
         55:2e:48:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuADk10YIZmZDYqTTVJj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMmJlNjYxZTU3YzE0NjU5YTYwOGU5ZjZiZTYwNWQ2MjUw
MDQ3ZmMwHhcNMjQwMTAxMjAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2QxOGExMzYwNzhmYmNiYWY3MDkxMzg0YzJhMzE2OWRkZTk1NjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHWE6eMwRT+yBB2KL81d1SayJKOn
+B8iWX3lvNpASKnongtEtx6kGcwdevzV7D4KRYHjKotzBZbPlWPdllDTj5fmALeX
SZAsvJ05D22Qrgdx1wPxWca//ot8F5VLDIrbgh/VL3jn1XZcsF5Ham9vy3V5tObU
4wIfG9NRCnWSYhPbf2EDhcjFufztvK5gpujdCN5toKT/B359uxHYrgdg4+Eoe7ei
lR4wr9AMFyCbmoHk1x0He5hg3J9FP6ZtPYpGAWBiezrZqO4Qd6T44PJ1ZpalKBuh
rB0N5Ds+gueNgXKGiZulWZ7ceIbWhvKsOTQQehg/YLZNTw15qL8MFUupNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHPRihNgePvLr3CROEwqMWnd6VZWMB8GA1UdIwQY
MBaAFGAr5mHlfBRlmmCOn2vmBdYlAEf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUN2bVllVjhGR1dhWUk2ZmEtWUYxaVVBUl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85NzQyMTMtNDlmZC00YzVjLTgwMTQt
YmQzYTYzMGVlNWNjLzEvYzlHS0UyQjQtOHV2Y0pFNFRDb3hhZDNwVmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85NzQyMTMtNDlmZC00YzVjLTgwMTQtYmQzYTYzMGVlNWNj
LzEvWUN2bVllVjhGR1dhWUk2ZmEtWUYxaVVBUl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw05cMA0G
CSqGSIb3DQEBCwUAA4IBAQBJm0kS8os2deanjXvQvt5FLikbdosxql3mmDhR4eD5
puzThmVVqSy6OkJlETFsq7byVXWjAqYUPAt4s1kjk7TBWVoRZBR49HBIIc/2RUN5
9ttaQxB8N3Y1NaYgNYJFCd9ARORzxim4O3YIT8omZ+yHqn6HpnuE8/75JkKgVypj
rTvXqCVqjDMEsMIRMnHnoDorS0ov0hXP0RIjEfyqfXuBBOMEp8mUED+Gpr2oXIEm
mUEvXKSwZ8uRuqVm6UNVg741kpKf98bVbXJoQII6Vh2mFX/vQQyecI06v45WdJR0
N2sWiyf+bmQp6aEiYsBwFwPQVs3hrqJaP26Bv0dVLki/
-----END CERTIFICATE-----