Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/a9Ba-i10t5io9MgqL-b_JDQo61Y.roa
File:                     a9Ba-i10t5io9MgqL-b_JDQo61Y.roa (raw, json)
Hash identifier:          nPry5JCcTEBDgZH/F5rHlMNOxDsIZpAQJzQyOXRD0vk=
Subject key identifier:   6B:D0:5A:FA:2D:74:B7:98:A8:F4:C8:2A:2F:E6:FF:24:34:28:EB:56
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC7943FBC863380413E70C9D746272387
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/a9Ba-i10t5io9MgqL-b_JDQo61Y.roa
Signing time:             Tue 02 Jan 2024 00:30:30 +0000
ROA not before:           Tue 02 Jan 2024 00:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9033
IP address blocks:        194.122.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:3f:bc:86:33:80:41:3e:70:c9:d7:46:27:23:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bd05afa2d74b798a8f4c82a2fe6ff243428eb56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:59:0a:ac:e4:f4:31:8a:75:70:21:31:bb:27:
                    ca:1d:d8:37:56:93:10:ef:dd:2b:28:ff:4e:42:00:
                    59:15:84:3f:9b:5c:62:11:21:3b:fe:0d:16:1b:1c:
                    3a:8e:10:9d:6c:a9:89:66:b4:f8:78:ff:e5:d2:b2:
                    7e:94:35:0c:45:0e:40:68:04:26:f8:aa:e1:a1:8b:
                    14:02:f5:1f:ce:3b:a7:f8:bd:ca:f7:2b:cd:b1:8c:
                    cf:27:e3:e7:3e:ce:ad:00:62:8e:f1:11:18:89:55:
                    55:a2:fe:31:23:42:39:3a:56:ee:8f:34:8f:cd:8e:
                    8b:2a:c3:77:40:6a:19:93:2e:a1:de:07:3e:92:06:
                    7a:24:85:d6:51:4b:43:46:0d:27:39:58:66:d6:fe:
                    19:50:d5:d2:b1:cc:58:36:66:14:ea:a8:9f:c2:13:
                    d6:d3:60:1e:67:e2:7c:96:bb:e3:4f:85:74:ba:80:
                    59:a3:66:51:c2:d2:e0:5c:ea:d3:8d:b9:b9:4b:a7:
                    2e:05:43:e6:9b:e9:a8:3e:87:eb:e2:6b:32:7c:00:
                    1e:2c:55:89:84:78:5d:0a:17:a9:ab:f0:2a:4d:56:
                    ae:e9:79:cb:b9:0f:fd:e7:80:dc:91:95:1c:cf:49:
                    7a:86:52:27:62:6a:25:36:bf:6e:8a:db:b6:1b:05:
                    04:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D0:5A:FA:2D:74:B7:98:A8:F4:C8:2A:2F:E6:FF:24:34:28:EB:56
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/a9Ba-i10t5io9MgqL-b_JDQo61Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.122.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:4b:21:d9:53:be:6e:97:6c:18:57:cf:be:8e:74:41:32:71:
         62:d4:5c:13:bc:03:58:0c:d7:79:e0:36:5f:ec:03:c6:19:7b:
         da:4b:e3:6f:78:e4:b6:7c:96:7c:eb:c9:35:bc:1b:08:a8:79:
         a2:ff:3a:10:e4:a4:f3:45:4d:ac:89:b8:90:e4:64:21:c2:ba:
         66:b0:b2:66:9a:a5:b6:b0:26:b8:38:1e:4f:6e:c5:6e:98:7d:
         57:eb:e7:6f:0c:13:2c:14:27:39:b2:9e:56:0d:0c:42:cf:3b:
         5e:8e:8e:0f:3c:91:d5:06:ec:fd:fe:91:d3:74:75:7e:7a:d5:
         9c:85:e7:b0:a2:f1:c4:ec:d7:7b:6d:20:7c:b0:10:d9:0e:fa:
         c4:a6:a0:96:43:fe:19:ea:85:e3:8f:69:ec:b5:c3:0b:cf:34:
         15:ce:f9:27:b4:56:a4:64:b1:9e:7f:f2:fd:47:9c:90:35:fa:
         2e:d8:d3:28:dc:ed:47:8c:f8:1e:fc:46:bb:97:0e:ac:52:4a:
         f5:9f:89:53:d4:d4:de:1a:39:67:69:33:8c:37:c6:10:24:7c:
         d7:c8:e8:41:8a:54:72:e4:9c:56:7a:76:52:57:22:a0:ee:da:
         9b:3f:ab:b8:2c:d0:a9:99:7e:64:38:92:a6:ea:6e:5a:a0:af:
         2a:51:30:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlD+8hjOAQT5wyddGJyOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQwNWFmYTJkNzRiNzk4YThmNGM4MmEyZmU2ZmYyNDM0MjhlYjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lkKrOT0MYp1cCExuyfKHdg3VpMQ
790rKP9OQgBZFYQ/m1xiESE7/g0WGxw6jhCdbKmJZrT4eP/l0rJ+lDUMRQ5AaAQm
+KrhoYsUAvUfzjun+L3K9yvNsYzPJ+PnPs6tAGKO8REYiVVVov4xI0I5OlbujzSP
zY6LKsN3QGoZky6h3gc+kgZ6JIXWUUtDRg0nOVhm1v4ZUNXSscxYNmYU6qifwhPW
02AeZ+J8lrvjT4V0uoBZo2ZRwtLgXOrTjbm5S6cuBUPmm+moPofr4msyfAAeLFWJ
hHhdChepq/AqTVau6XnLuQ/954DckZUcz0l6hlInYmolNr9uitu2GwUEzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvQWvotdLeYqPTIKi/m/yQ0KOtWMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYTlCYS1pMTB0NWlvOU1ncUwtYl9KRFFvNjFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwnpQMA0G
CSqGSIb3DQEBCwUAA4IBAQADSyHZU75ul2wYV8++jnRBMnFi1FwTvANYDNd54DZf
7APGGXvaS+NveOS2fJZ868k1vBsIqHmi/zoQ5KTzRU2sibiQ5GQhwrpmsLJmmqW2
sCa4OB5PbsVumH1X6+dvDBMsFCc5sp5WDQxCzztejo4PPJHVBuz9/pHTdHV+etWc
heewovHE7Nd7bSB8sBDZDvrEpqCWQ/4Z6oXjj2nstcMLzzQVzvkntFakZLGef/L9
R5yQNfou2NMo3O1HjPge/Ea7lw6sUkr1n4lT1NTeGjlnaTOMN8YQJHzXyOhBilRy
5JxWenZSVyKg7tqbP6u4LNCpmX5kOJKm6m5aoK8qUTAg
-----END CERTIFICATE-----