Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/9bMqxKU5wO5nHPT7mzLrQaSmI_c.roa
File:                     9bMqxKU5wO5nHPT7mzLrQaSmI_c.roa (raw, json)
Hash identifier:          ZLzA5rIlkIZh4X93WyiHXeUFyTJ2vsdMQaj9oyHH3e0=
Subject key identifier:   F5:B3:2A:C4:A5:39:C0:EE:67:1C:F4:FB:9B:32:EB:41:A4:A6:23:F7
Certificate issuer:       /CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Certificate serial:       01901182AB74B308D793AAA0E5B6F4D38024
Authority key identifier: DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/9bMqxKU5wO5nHPT7mzLrQaSmI_c.roa
Signing time:             Thu 13 Jun 2024 12:11:34 +0000
ROA not before:           Thu 13 Jun 2024 12:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56851
IP address blocks:        217.28.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:82:ab:74:b3:08:d7:93:aa:a0:e5:b6:f4:d3:80:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
        Validity
            Not Before: Jun 13 12:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5b32ac4a539c0ee671cf4fb9b32eb41a4a623f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d2:0d:0f:c8:3f:c2:e9:23:6d:bc:55:40:bc:
                    91:f4:18:1a:39:85:aa:21:2f:4d:44:e8:62:8e:e6:
                    24:d6:c7:4c:d5:6b:f0:4b:85:67:f5:61:a5:38:c8:
                    94:13:07:1f:38:71:54:8a:49:73:eb:94:ea:8a:55:
                    d0:11:02:2b:34:13:c7:ba:dc:e0:60:d8:86:6e:97:
                    03:ec:12:7d:f6:13:f5:ff:3b:ac:07:1a:1c:7b:dd:
                    87:fd:1c:7f:d9:50:58:f3:ff:d7:ad:b1:dd:6b:41:
                    4c:fb:89:5b:51:40:d4:fa:7b:1c:eb:cf:45:f1:f9:
                    af:0b:5e:c9:7b:b3:9b:2a:12:07:66:70:eb:12:87:
                    18:54:81:e8:24:83:1e:fe:31:c7:dc:f1:56:7f:d1:
                    39:14:22:12:20:76:d0:67:41:1d:92:be:3d:01:93:
                    c1:fa:da:79:a1:54:f2:e2:bf:db:cc:32:ed:60:6c:
                    b5:c4:c9:64:b0:05:43:0a:c5:8a:9f:48:4d:54:7c:
                    af:36:65:5a:3e:23:dc:a1:6e:de:52:21:d2:6d:11:
                    c4:b9:61:a2:ef:c8:b5:32:fc:12:29:f2:9b:26:d7:
                    41:4d:ee:53:af:6d:0c:20:33:05:e0:2e:d5:c8:a0:
                    07:4e:d3:2e:83:87:b8:a2:6d:88:56:b1:26:b9:32:
                    d3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B3:2A:C4:A5:39:C0:EE:67:1C:F4:FB:9B:32:EB:41:A4:A6:23:F7
            X509v3 Authority Key Identifier:
                keyid:DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/9bMqxKU5wO5nHPT7mzLrQaSmI_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:97:a8:b4:74:bf:97:1b:0a:5b:19:f9:d8:a0:70:db:9b:6c:
         c3:29:99:a6:f0:bc:1a:c1:18:ab:2c:35:68:96:07:66:0c:2c:
         d9:26:6a:1d:45:25:2f:97:f8:21:f0:65:46:be:54:26:db:f4:
         34:72:f4:7a:fd:5f:8a:d3:32:cd:bf:ee:0f:03:9a:b5:51:14:
         90:15:43:86:e5:28:6b:ea:9a:b3:5e:90:78:4a:34:fa:f0:04:
         3c:17:dc:5a:fe:f7:f9:46:5f:75:8b:25:9d:b1:dc:de:bd:bd:
         d9:ab:a7:4d:2c:81:81:5f:45:a7:c6:db:ea:84:06:e1:d1:00:
         6b:1b:52:ac:16:3a:fa:d6:91:5c:c1:04:84:08:f5:8e:26:bf:
         86:f4:f7:0c:09:11:40:e0:5a:b1:02:6d:a0:cc:0e:3d:28:dd:
         1d:8d:64:f3:bb:8b:f3:eb:02:b0:fc:32:ac:65:2d:4b:44:a6:
         06:24:c3:66:a7:a1:34:13:30:b3:7d:41:c9:f1:f6:f7:60:10:
         ce:d4:0b:6e:28:53:0b:a7:63:cd:4f:8a:c0:1e:fe:67:70:35:
         00:16:44:78:a5:e5:ba:4b:6f:d1:eb:99:99:58:2d:dc:85:71:
         63:c0:83:b8:02:cb:cf:20:cc:49:d1:34:fd:7b:7b:ea:de:4e:
         6b:99:c9:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZARgqt0swjXk6qg5bb004AkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjFmNmUwMDE1M2E0OTE4NjExYjE0YjZiMDNmNjgxMmVk
ODhhNDMwHhcNMjQwNjEzMTIxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWIzMmFjNGE1MzljMGVlNjcxY2Y0ZmI5YjMyZWI0MWE0YTYyM2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNIND8g/wukjbbxVQLyR9BgaOYWq
IS9NROhijuYk1sdM1WvwS4Vn9WGlOMiUEwcfOHFUiklz65TqilXQEQIrNBPHutzg
YNiGbpcD7BJ99hP1/zusBxoce92H/Rx/2VBY8//XrbHda0FM+4lbUUDU+nsc689F
8fmvC17Je7ObKhIHZnDrEocYVIHoJIMe/jHH3PFWf9E5FCISIHbQZ0Edkr49AZPB
+tp5oVTy4r/bzDLtYGy1xMlksAVDCsWKn0hNVHyvNmVaPiPcoW7eUiHSbRHEuWGi
78i1MvwSKfKbJtdBTe5Tr20MIDMF4C7VyKAHTtMug4e4om2IVrEmuTLTQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWzKsSlOcDuZxz0+5sy60GkpiP3MB8GA1UdIwQY
MBaAFN+x9uABU6SRhhGxS2sD9oEu2IpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEt
ODEwNjI3ZmIyNjcxLzEvOWJNcXhLVTV3TzVuSFBUN216THJRYVNtSV9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEtODEwNjI3ZmIyNjcx
LzEvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyMMA0G
CSqGSIb3DQEBCwUAA4IBAQCrl6i0dL+XGwpbGfnYoHDbm2zDKZmm8LwawRirLDVo
lgdmDCzZJmodRSUvl/gh8GVGvlQm2/Q0cvR6/V+K0zLNv+4PA5q1URSQFUOG5Shr
6pqzXpB4SjT68AQ8F9xa/vf5Rl91iyWdsdzevb3Zq6dNLIGBX0WnxtvqhAbh0QBr
G1KsFjr61pFcwQSECPWOJr+G9PcMCRFA4FqxAm2gzA49KN0djWTzu4vz6wKw/DKs
ZS1LRKYGJMNmp6E0EzCzfUHJ8fb3YBDO1AtuKFMLp2PNT4rAHv5ncDUAFkR4peW6
S2/R65mZWC3chXFjwIO4AsvPIMxJ0TT9e3vq3k5rmclz
-----END CERTIFICATE-----