Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/n9AnmrQ7evWcqQ2ZMTmhDn_X2No.roa
File:                     n9AnmrQ7evWcqQ2ZMTmhDn_X2No.roa (raw, json)
Hash identifier:          bimFSECY1QvucuLYpGpONpIUIe8Hf95v9zWL3eLEr/I=
Subject key identifier:   9F:D0:27:9A:B4:3B:7A:F5:9C:A9:0D:99:31:39:A1:0E:7F:D7:D8:DA
Certificate issuer:       /CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
Certificate serial:       018D59BA52B092BB576B53A523289D702E8E
Authority key identifier: 7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/n9AnmrQ7evWcqQ2ZMTmhDn_X2No.roa
Signing time:             Tue 30 Jan 2024 09:36:39 +0000
ROA not before:           Tue 30 Jan 2024 09:36:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215621
IP address blocks:        116.199.224.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:ba:52:b0:92:bb:57:6b:53:a5:23:28:9d:70:2e:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7afb5441d8ef8e41aa28dd51cdde925943aef7fa
        Validity
            Not Before: Jan 30 09:36:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fd0279ab43b7af59ca90d993139a10e7fd7d8da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f1:8e:df:3c:26:b3:05:5b:22:3e:86:95:ef:
                    38:fc:3e:0b:35:e2:cf:de:4c:48:a1:59:2a:33:c9:
                    8b:a5:c9:4e:a2:d8:2e:c0:2d:b8:96:8c:9d:f5:a6:
                    35:12:35:c1:f4:4a:bd:dd:da:dd:18:c1:6d:a0:5d:
                    a5:13:0c:ba:77:2e:3f:19:63:6c:e7:65:77:d2:78:
                    a7:89:3f:43:88:f7:32:07:50:9f:66:e2:e8:5d:b6:
                    41:49:de:ac:3c:3c:a3:3a:d2:8b:73:29:e1:82:5f:
                    1c:09:f0:0f:b2:ab:3d:e7:10:f0:d3:f4:9b:8d:64:
                    a1:7e:1c:ed:c1:55:61:45:fd:05:94:f3:aa:69:83:
                    95:6b:47:e3:0a:1f:d6:23:2e:32:c6:d9:af:9d:41:
                    94:e6:e7:24:7e:68:26:2a:a3:f4:d4:c4:b9:77:1b:
                    59:80:f2:c2:04:54:49:67:46:e2:d8:a5:3c:ee:51:
                    df:81:9c:96:6d:b5:a1:92:dc:ce:30:fb:8f:b8:76:
                    c9:cc:fe:b0:f9:da:1c:13:a7:32:30:18:3a:c3:8d:
                    18:18:d6:52:4c:d2:16:7c:ff:51:fb:04:07:4d:b9:
                    0d:11:1c:f4:dd:8e:e1:fc:31:4c:32:c8:e4:67:43:
                    db:9c:7c:7c:c4:2f:5a:92:61:28:97:2d:22:ed:81:
                    90:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D0:27:9A:B4:3B:7A:F5:9C:A9:0D:99:31:39:A1:0E:7F:D7:D8:DA
            X509v3 Authority Key Identifier:
                keyid:7A:FB:54:41:D8:EF:8E:41:AA:28:DD:51:CD:DE:92:59:43:AE:F7:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evtUQdjvjkGqKN1Rzd6SWUOu9_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/n9AnmrQ7evWcqQ2ZMTmhDn_X2No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4d76f5-42ec-453e-8992-d8973acaf41d/1/evtUQdjvjkGqKN1Rzd6SWUOu9_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.199.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         84:7e:af:10:4a:79:dd:9e:84:b9:40:12:cc:72:50:ff:76:54:
         23:6d:e0:fa:b4:55:9d:24:bb:ae:f2:16:34:9d:48:35:c1:9a:
         c0:c5:de:8a:16:77:1e:5b:c8:c2:70:a2:82:e3:9e:dc:68:c0:
         99:d1:ac:e7:74:24:80:27:ce:a0:d1:d4:39:b7:2f:6c:ca:5c:
         22:97:37:1e:47:03:04:bb:01:c9:6d:24:74:83:1a:c3:d1:c1:
         64:74:25:c4:5a:36:71:3d:d8:f2:df:42:f2:b3:0a:31:b5:cf:
         26:e8:e3:4d:f5:ee:c6:c6:1c:84:63:b6:14:48:19:14:a0:6b:
         18:f7:c0:b6:04:2c:56:c2:13:ad:fe:f1:d0:ed:23:e8:62:70:
         51:86:c3:a2:9b:4a:c3:68:f9:f3:11:eb:1a:e5:9e:06:61:0e:
         c0:4e:05:a5:6b:dc:bb:6c:cb:11:fa:61:9b:c2:4f:20:88:08:
         5e:b3:e7:62:7e:9e:a1:49:a8:e6:c7:7b:b9:79:c2:20:06:79:
         01:44:2e:4c:81:35:85:51:f6:fa:1b:03:f2:d4:1f:ad:66:e4:
         22:51:e3:ac:17:b6:29:10:96:60:c2:04:dc:5f:6d:12:a4:ac:
         86:98:3c:06:fb:88:b8:d3:dd:ba:c0:b0:c6:03:3d:c0:11:a0:
         bc:9f:3e:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ZulKwkrtXa1OlIyidcC6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZmI1NDQxZDhlZjhlNDFhYTI4ZGQ1MWNkZGU5MjU5NDNh
ZWY3ZmEwHhcNMjQwMTMwMDkzNjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmQwMjc5YWI0M2I3YWY1OWNhOTBkOTkzMTM5YTEwZTdmZDdkOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/GO3zwmswVbIj6Gle84/D4LNeLP
3kxIoVkqM8mLpclOotguwC24loyd9aY1EjXB9Eq93drdGMFtoF2lEwy6dy4/GWNs
52V30niniT9DiPcyB1CfZuLoXbZBSd6sPDyjOtKLcynhgl8cCfAPsqs95xDw0/Sb
jWShfhztwVVhRf0FlPOqaYOVa0fjCh/WIy4yxtmvnUGU5uckfmgmKqP01MS5dxtZ
gPLCBFRJZ0bi2KU87lHfgZyWbbWhktzOMPuPuHbJzP6w+docE6cyMBg6w40YGNZS
TNIWfP9R+wQHTbkNERz03Y7h/DFMMsjkZ0PbnHx8xC9akmEoly0i7YGQEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/QJ5q0O3r1nKkNmTE5oQ5/19jaMB8GA1UdIwQY
MBaAFHr7VEHY745BqijdUc3ekllDrvf6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTIt
ZDg5NzNhY2FmNDFkLzEvbjlBbm1yUTdldldjcVEyWk1UbWhEbl9YMk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZDc2ZjUtNDJlYy00NTNlLTg5OTItZDg5NzNhY2FmNDFk
LzEvZXZ0VVFkanZqa0dxS04xUnpkNlNXVU91OV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEdMfgMA0G
CSqGSIb3DQEBCwUAA4IBAQCEfq8QSnndnoS5QBLMclD/dlQjbeD6tFWdJLuu8hY0
nUg1wZrAxd6KFnceW8jCcKKC457caMCZ0azndCSAJ86g0dQ5ty9sylwilzceRwME
uwHJbSR0gxrD0cFkdCXEWjZxPdjy30Lyswoxtc8m6ONN9e7GxhyEY7YUSBkUoGsY
98C2BCxWwhOt/vHQ7SPoYnBRhsOim0rDaPnzEesa5Z4GYQ7ATgWla9y7bMsR+mGb
wk8giAhes+difp6hSajmx3u5ecIgBnkBRC5MgTWFUfb6GwPy1B+tZuQiUeOsF7Yp
EJZgwgTcX20SpKyGmDwG+4i40926wLDGAz3AEaC8nz7F
-----END CERTIFICATE-----