Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/n-bsnv75MCJBNtlQOfpmCXwyY6c.roa
File:                     n-bsnv75MCJBNtlQOfpmCXwyY6c.roa (raw, json)
Hash identifier:          KIvmAbIgfVCHCwz9CrzCulyIc1RbOxY5H9QVJBayhyU=
Subject key identifier:   9F:E6:EC:9E:FE:F9:30:22:41:36:D9:50:39:FA:66:09:7C:32:63:A7
Certificate issuer:       /CN=278617740ecd95b704da97a5f9e53c031144426b
Certificate serial:       018CC3B6FB35E16DB999459B97FB3F094ED7
Authority key identifier: 27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/n-bsnv75MCJBNtlQOfpmCXwyY6c.roa
Signing time:             Mon 01 Jan 2024 06:29:58 +0000
ROA not before:           Mon 01 Jan 2024 06:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212886
IP address blocks:        185.236.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:fb:35:e1:6d:b9:99:45:9b:97:fb:3f:09:4e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278617740ecd95b704da97a5f9e53c031144426b
        Validity
            Not Before: Jan  1 06:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fe6ec9efef930224136d95039fa66097c3263a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a6:2c:35:5e:cd:50:22:08:dd:56:e0:c6:1d:
                    78:9b:44:27:18:59:a7:c2:06:20:b1:77:6a:c5:db:
                    93:5f:85:7a:c5:ec:38:38:c3:84:33:56:d1:1c:1f:
                    f1:ad:f1:b3:6a:f7:c0:fc:89:d2:9b:ad:fd:07:f1:
                    c3:f6:c3:d1:c4:bf:d7:e3:99:75:58:ae:e2:5a:dd:
                    55:24:cd:15:02:28:7e:85:6b:ea:94:40:44:69:90:
                    97:87:c4:c4:af:fa:b3:9b:a5:b4:3d:c4:be:29:9f:
                    5e:d6:6e:73:cb:d1:11:d2:db:d4:91:1a:86:18:82:
                    66:a4:47:72:a2:16:d3:b6:69:ec:4a:9c:72:4c:db:
                    41:b0:67:9f:75:2c:45:0f:04:55:c6:e5:7a:d6:f8:
                    a4:72:8e:c0:fd:95:9f:92:9f:f9:1e:df:a6:74:e7:
                    66:1a:a7:05:9c:b6:90:3f:52:ca:4d:b3:4d:fe:9a:
                    f0:be:27:e1:67:ed:6b:3f:80:52:fb:2b:10:22:18:
                    21:11:58:cb:ba:ce:40:cb:c1:8e:37:ad:55:7f:fd:
                    62:b7:d4:37:0c:9a:be:aa:35:d6:8d:09:bf:f2:d2:
                    7b:9d:0c:db:91:f0:49:bf:00:7e:7a:21:41:48:bb:
                    dc:e0:4d:69:f5:99:55:85:5d:7e:54:ce:82:cb:87:
                    6a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:E6:EC:9E:FE:F9:30:22:41:36:D9:50:39:FA:66:09:7C:32:63:A7
            X509v3 Authority Key Identifier:
                keyid:27:86:17:74:0E:CD:95:B7:04:DA:97:A5:F9:E5:3C:03:11:44:42:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J4YXdA7NlbcE2pel-eU8AxFEQms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/n-bsnv75MCJBNtlQOfpmCXwyY6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/b78ab4-3490-400b-9019-9edd01d0723c/1/J4YXdA7NlbcE2pel-eU8AxFEQms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:1c:98:03:fb:5a:82:f7:5d:52:47:f1:8b:90:f3:95:5f:a6:
         ee:ad:71:cb:ad:f0:86:3e:80:4f:06:92:79:92:a9:64:86:13:
         1b:a2:c4:ed:05:f4:e5:53:47:d8:c5:75:d7:6d:33:e7:8f:34:
         53:5c:72:d2:a6:b1:f9:cc:c4:40:c0:6c:db:eb:ac:20:ca:cf:
         98:63:ab:23:f2:d5:41:18:78:17:92:7a:49:f8:57:98:21:f9:
         89:94:46:a1:28:eb:0f:5c:de:18:c3:e7:6d:c7:b9:d3:93:56:
         5c:17:49:02:8a:88:3a:e2:d4:f9:41:99:a0:33:ea:20:a6:87:
         7f:3f:bb:3b:8b:c3:2b:3a:00:40:9d:fc:9d:69:0f:64:12:1e:
         eb:b8:7d:b0:55:ef:98:8e:7d:1a:01:4d:b4:ca:2d:c6:cd:f3:
         ba:bd:8d:22:c0:cf:9d:3f:fd:15:ba:f7:1c:26:54:d6:15:f4:
         2c:08:48:09:7c:c9:0c:8c:d9:7e:91:40:a8:eb:72:1e:a9:82:
         aa:a6:86:91:2e:5d:e9:2a:4f:d1:94:bd:45:fd:e9:a7:fa:bb:
         b6:e7:5b:1a:53:af:b4:21:68:23:16:cb:28:15:43:d0:fa:f5:
         e8:c8:66:10:94:11:18:80:2a:90:56:b7:24:f8:a2:b0:8a:a6:
         94:66:a2:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvs14W25mUWbl/s/CU7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ODYxNzc0MGVjZDk1YjcwNGRhOTdhNWY5ZTUzYzAzMTE0
NDQyNmIwHhcNMjQwMTAxMDYyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmU2ZWM5ZWZlZjkzMDIyNDEzNmQ5NTAzOWZhNjYwOTdjMzI2M2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaYsNV7NUCII3Vbgxh14m0QnGFmn
wgYgsXdqxduTX4V6xew4OMOEM1bRHB/xrfGzavfA/InSm639B/HD9sPRxL/X45l1
WK7iWt1VJM0VAih+hWvqlEBEaZCXh8TEr/qzm6W0PcS+KZ9e1m5zy9ER0tvUkRqG
GIJmpEdyohbTtmnsSpxyTNtBsGefdSxFDwRVxuV61vikco7A/ZWfkp/5Ht+mdOdm
GqcFnLaQP1LKTbNN/prwvifhZ+1rP4BS+ysQIhghEVjLus5Ay8GON61Vf/1it9Q3
DJq+qjXWjQm/8tJ7nQzbkfBJvwB+eiFBSLvc4E1p9ZlVhV1+VM6Cy4dqvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/m7J7++TAiQTbZUDn6Zgl8MmOnMB8GA1UdIwQY
MBaAFCeGF3QOzZW3BNqXpfnlPAMRREJrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjRZWGRBN05sYmNFMnBlbC1lVThBeEZFUW1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iNzhhYjQtMzQ5MC00MDBiLTkwMTkt
OWVkZDAxZDA3MjNjLzEvbi1ic252NzVNQ0pCTnRsUU9mcG1DWHd5WTZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iNzhhYjQtMzQ5MC00MDBiLTkwMTktOWVkZDAxZDA3MjNj
LzEvSjRZWGRBN05sYmNFMnBlbC1lVThBeEZFUW1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueyAMA0G
CSqGSIb3DQEBCwUAA4IBAQAGHJgD+1qC911SR/GLkPOVX6burXHLrfCGPoBPBpJ5
kqlkhhMbosTtBfTlU0fYxXXXbTPnjzRTXHLSprH5zMRAwGzb66wgys+YY6sj8tVB
GHgXknpJ+FeYIfmJlEahKOsPXN4Yw+dtx7nTk1ZcF0kCiog64tT5QZmgM+ogpod/
P7s7i8MrOgBAnfydaQ9kEh7ruH2wVe+Yjn0aAU20yi3GzfO6vY0iwM+dP/0Vuvcc
JlTWFfQsCEgJfMkMjNl+kUCo63IeqYKqpoaRLl3pKk/RlL1F/emn+ru251saU6+0
IWgjFssoFUPQ+vXoyGYQlBEYgCqQVrck+KKwiqaUZqKZ
-----END CERTIFICATE-----