Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/al9Ouw2tf6gmEuNGkx0BGrX0-bc.roa
File:                     al9Ouw2tf6gmEuNGkx0BGrX0-bc.roa (raw, json)
Hash identifier:          OFbBnfHCUJOuBonXqI1c2uikU4G+plM81GVQbZs6+Yg=
Subject key identifier:   6A:5F:4E:BB:0D:AD:7F:A8:26:12:E3:46:93:1D:01:1A:B5:F4:F9:B7
Certificate issuer:       /CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
Certificate serial:       018CC9BBFB45E780C7C1B31F57977643B680
Authority key identifier: 01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/al9Ouw2tf6gmEuNGkx0BGrX0-bc.roa
Signing time:             Tue 02 Jan 2024 10:33:09 +0000
ROA not before:           Tue 02 Jan 2024 10:33:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        193.105.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 10:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:fb:45:e7:80:c7:c1:b3:1f:57:97:76:43:b6:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0146b429f8c49611fcfea1efa1a51b9c0eddb6e7
        Validity
            Not Before: Jan  2 10:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a5f4ebb0dad7fa82612e346931d011ab5f4f9b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6a:d6:da:8b:73:b2:35:7c:cc:0a:71:bf:f7:
                    2f:2d:3e:ae:8b:3e:7f:c4:15:cf:e7:33:28:b4:6e:
                    5a:99:bd:10:1d:1e:af:dc:2c:dc:8b:cc:1f:55:83:
                    79:c5:a6:84:5d:22:83:d1:10:26:a1:07:f4:7a:a8:
                    20:67:a6:ae:69:7b:6b:99:da:f4:aa:9e:ed:77:60:
                    86:5b:69:ef:22:4a:e6:a2:92:46:ee:ab:de:34:d2:
                    49:06:b2:b1:17:8c:9f:2c:ac:94:61:03:07:49:f4:
                    a7:b6:af:21:e3:7d:a8:1a:a1:b7:dd:0d:fe:af:bc:
                    a5:d0:42:b3:1c:8b:20:ac:97:81:5f:fe:4c:c7:2e:
                    98:d5:8d:d5:94:84:c3:8e:50:c1:1e:fa:68:45:14:
                    75:51:64:03:22:69:cf:93:45:9a:b2:b9:66:75:1f:
                    00:f3:5f:53:1f:c2:45:55:cc:06:91:fa:0f:e2:39:
                    1e:3d:29:bf:6a:ee:36:6a:72:fb:8d:4d:a2:42:69:
                    4e:51:9f:b6:44:fb:53:b3:b3:98:f1:5e:f7:43:36:
                    56:a4:d4:63:e8:17:a6:10:f0:ca:c9:af:69:ca:bf:
                    ae:79:91:be:da:87:ce:fd:04:46:17:e3:df:5f:88:
                    40:69:b8:df:f7:06:ab:f8:6e:5a:ce:05:95:08:eb:
                    03:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:5F:4E:BB:0D:AD:7F:A8:26:12:E3:46:93:1D:01:1A:B5:F4:F9:B7
            X509v3 Authority Key Identifier:
                keyid:01:46:B4:29:F8:C4:96:11:FC:FE:A1:EF:A1:A5:1B:9C:0E:DD:B6:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AUa0KfjElhH8_qHvoaUbnA7dtuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/al9Ouw2tf6gmEuNGkx0BGrX0-bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/e5e379-656d-4622-a7bc-ea26e746a0ad/1/AUa0KfjElhH8_qHvoaUbnA7dtuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:3a:86:96:9e:25:8f:b0:db:a6:1d:cf:38:62:c9:68:d7:25:
         d2:f2:43:b3:ec:66:2f:e4:d0:44:ae:1c:b0:f8:e6:a8:69:d9:
         39:4f:2f:03:62:a4:30:33:f7:69:9c:67:49:9e:90:f3:a8:e5:
         02:f8:2f:70:26:5b:09:aa:2e:2d:8c:14:46:5f:a2:b4:c4:7b:
         f8:d0:4d:98:de:19:22:f2:75:9f:4f:ba:69:91:cd:93:25:f4:
         aa:88:a1:3f:8e:a5:d8:b7:a5:cf:64:90:79:80:71:eb:f2:51:
         e9:d8:44:a7:63:98:5e:f3:05:a8:61:44:79:5f:0d:b2:bb:cb:
         b7:63:7b:0b:a2:05:3f:d0:e4:1f:96:08:78:7a:89:44:c8:71:
         28:e5:0e:ec:01:18:dd:66:69:26:d8:28:00:90:57:fe:43:6f:
         cb:12:cb:36:48:44:e7:57:91:52:c2:c1:af:60:11:6b:35:0b:
         ff:ed:91:a9:c8:a3:2e:56:cc:03:7f:67:0b:ce:17:e6:de:07:
         6c:79:9d:85:2f:6b:1c:a1:1b:8b:77:62:b6:c6:6b:28:58:e6:
         8b:48:bc:10:fb:93:6e:97:38:39:7e:0b:11:9d:eb:79:f4:91:
         f3:99:6d:89:d5:28:23:d6:8c:d0:8a:6e:52:f6:38:f8:56:0a:
         c8:e4:2f:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/tF54DHwbMfV5d2Q7aAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNDZiNDI5ZjhjNDk2MTFmY2ZlYTFlZmExYTUxYjljMGVk
ZGI2ZTcwHhcNMjQwMTAyMTAzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTVmNGViYjBkYWQ3ZmE4MjYxMmUzNDY5MzFkMDExYWI1ZjRmOWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGrW2otzsjV8zApxv/cvLT6uiz5/
xBXP5zMotG5amb0QHR6v3Czci8wfVYN5xaaEXSKD0RAmoQf0eqggZ6auaXtrmdr0
qp7td2CGW2nvIkrmopJG7qveNNJJBrKxF4yfLKyUYQMHSfSntq8h432oGqG33Q3+
r7yl0EKzHIsgrJeBX/5Mxy6Y1Y3VlITDjlDBHvpoRRR1UWQDImnPk0WasrlmdR8A
819TH8JFVcwGkfoP4jkePSm/au42anL7jU2iQmlOUZ+2RPtTs7OY8V73QzZWpNRj
6BemEPDKya9pyr+ueZG+2ofO/QRGF+PfX4hAabjf9war+G5azgWVCOsDeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpfTrsNrX+oJhLjRpMdARq19Pm3MB8GA1UdIwQY
MBaAFAFGtCn4xJYR/P6h76GlG5wO3bbnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMt
ZWEyNmU3NDZhMGFkLzEvYWw5T3V3MnRmNmdtRXVOR2t4MEJHclgwLWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9lNWUzNzktNjU2ZC00NjIyLWE3YmMtZWEyNmU3NDZhMGFk
LzEvQVVhMEtmakVsaEg4X3FIdm9hVWJuQTdkdHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWlHMA0G
CSqGSIb3DQEBCwUAA4IBAQBhOoaWniWPsNumHc84Yslo1yXS8kOz7GYv5NBErhyw
+Oaoadk5Ty8DYqQwM/dpnGdJnpDzqOUC+C9wJlsJqi4tjBRGX6K0xHv40E2Y3hki
8nWfT7ppkc2TJfSqiKE/jqXYt6XPZJB5gHHr8lHp2ESnY5he8wWoYUR5Xw2yu8u3
Y3sLogU/0OQflgh4eolEyHEo5Q7sARjdZmkm2CgAkFf+Q2/LEss2SETnV5FSwsGv
YBFrNQv/7ZGpyKMuVswDf2cLzhfm3gdseZ2FL2scoRuLd2K2xmsoWOaLSLwQ+5Nu
lzg5fgsRnet59JHzmW2J1Sgj1ozQim5S9jj4VgrI5C92
-----END CERTIFICATE-----