Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/9lvVr_nmMUFJKBHBjMaLPFri7B4.roa
File:                     9lvVr_nmMUFJKBHBjMaLPFri7B4.roa (raw, json)
Hash identifier:          jCRXouCbY5x9IrqVogeXLf1Bt92lfjjdq5O095PAstc=
Subject key identifier:   F6:5B:D5:AF:F9:E6:31:41:49:28:11:C1:8C:C6:8B:3C:5A:E2:EC:1E
Certificate issuer:       /CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
Certificate serial:       01905996E31C22B784A1D682343FE13427AB
Authority key identifier: 64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/9lvVr_nmMUFJKBHBjMaLPFri7B4.roa
Signing time:             Thu 27 Jun 2024 12:06:18 +0000
ROA not before:           Thu 27 Jun 2024 12:06:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8648
IP address blocks:        194.34.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:59:96:e3:1c:22:b7:84:a1:d6:82:34:3f:e1:34:27:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
        Validity
            Not Before: Jun 27 12:06:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f65bd5aff9e63141492811c18cc68b3c5ae2ec1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c8:b2:a2:ce:d8:fc:5d:90:cd:93:f8:c6:71:
                    2e:b9:90:35:ed:9e:04:4d:17:01:9e:c9:92:c1:b9:
                    a5:77:73:c8:bb:e0:43:8f:48:af:a2:c4:7c:8d:9d:
                    6a:61:68:fd:47:85:20:bf:eb:84:6c:97:9d:da:13:
                    3e:74:99:53:07:66:d3:1b:e3:be:db:b2:db:c0:24:
                    8b:c9:95:53:d8:14:fd:8e:08:e6:5e:a5:e9:ec:d5:
                    d3:f8:c1:b7:d8:46:1a:e8:c4:ed:6b:c0:70:90:d3:
                    3f:20:63:27:c3:6c:68:9e:08:42:d8:a2:4d:60:7f:
                    84:43:0b:3f:bf:5f:ac:61:1b:92:5b:ca:2d:cf:77:
                    bc:17:b6:87:25:45:3a:18:7b:94:e6:e5:ae:17:a6:
                    ef:43:d8:79:26:0b:22:57:d5:34:60:73:15:33:cd:
                    9b:7d:1f:6a:e1:0b:ce:b6:83:90:3d:1d:13:c7:ca:
                    5d:db:75:a7:af:04:61:2d:f9:fe:b8:04:f1:8e:e4:
                    03:99:27:bc:b6:33:2f:e1:c3:18:56:c2:a9:eb:00:
                    80:4b:0f:fb:2f:79:81:5d:f1:95:5b:da:43:00:7b:
                    a3:d2:01:01:c4:7b:9e:f1:fd:04:67:ca:84:ec:13:
                    d8:a2:67:61:cd:33:66:c0:44:2b:c3:63:f0:1e:18:
                    4f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:5B:D5:AF:F9:E6:31:41:49:28:11:C1:8C:C6:8B:3C:5A:E2:EC:1E
            X509v3 Authority Key Identifier:
                keyid:64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/9lvVr_nmMUFJKBHBjMaLPFri7B4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:59:c8:a7:eb:94:15:ec:93:6d:f7:3a:52:9a:1f:61:79:73:
         d2:bc:5b:53:ce:37:c4:9f:cd:f2:27:a8:64:9b:d2:71:d6:60:
         62:ea:b6:dc:c3:e0:d7:31:d6:76:0f:2f:78:6a:f2:ad:9e:49:
         35:de:1a:de:c4:09:c1:dd:db:37:d7:1c:0e:70:4b:e8:dc:ba:
         52:fe:da:e9:cb:69:5d:81:d2:44:3b:97:65:fe:1e:63:7f:29:
         16:6c:a6:eb:09:6c:2b:15:76:56:82:ca:ab:23:13:7f:4d:9d:
         c6:26:e3:1f:b8:7b:cd:86:1e:d5:46:9f:e2:43:ab:8e:99:af:
         35:46:1d:f4:39:03:7a:06:83:f2:20:dc:be:dc:80:7a:3a:3a:
         44:4e:6e:ba:c7:8c:a1:7c:3a:79:c3:a8:64:13:7d:77:b8:4a:
         6b:73:3f:04:9f:6e:a4:57:4c:7f:d2:6a:f2:91:00:c3:35:c9:
         eb:b6:ec:4c:55:b7:ac:ca:1b:8a:49:35:29:8a:2d:12:03:00:
         d5:be:38:28:a0:4e:48:b4:6b:85:b4:0a:20:18:93:e1:c4:f8:
         10:b3:5e:db:d9:7a:f4:c7:72:ad:90:b5:13:1b:2c:1c:9c:94:
         6b:57:15:3c:40:5a:b4:af:f4:ca:6d:e0:d1:b8:d7:76:8d:5a:
         8a:c4:1b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBZluMcIreEodaCND/hNCerMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0M2UxYmE5MWM1NjlhOGIyMWE2ZDJkNjdmNWRiYmQ2YzA0
ZTQzZWEwHhcNMjQwNjI3MTIwNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjViZDVhZmY5ZTYzMTQxNDkyODExYzE4Y2M2OGIzYzVhZTJlYzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqciyos7Y/F2QzZP4xnEuuZA17Z4E
TRcBnsmSwbmld3PIu+BDj0ivosR8jZ1qYWj9R4Ugv+uEbJed2hM+dJlTB2bTG+O+
27LbwCSLyZVT2BT9jgjmXqXp7NXT+MG32EYa6MTta8BwkNM/IGMnw2xonghC2KJN
YH+EQws/v1+sYRuSW8otz3e8F7aHJUU6GHuU5uWuF6bvQ9h5JgsiV9U0YHMVM82b
fR9q4QvOtoOQPR0Tx8pd23WnrwRhLfn+uATxjuQDmSe8tjMv4cMYVsKp6wCASw/7
L3mBXfGVW9pDAHuj0gEBxHue8f0EZ8qE7BPYomdhzTNmwEQrw2PwHhhPAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZb1a/55jFBSSgRwYzGizxa4uweMB8GA1UdIwQY
MBaAFGQ+G6kcVpqLIabS1n9du9bATkPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAt
ZmVhMGFmZjM1OWY1LzEvOWx2VnJfbm1NVUZKS0JIQmpNYUxQRnJpN0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAtZmVhMGFmZjM1OWY1
LzEvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiLhMA0G
CSqGSIb3DQEBCwUAA4IBAQBTWcin65QV7JNt9zpSmh9heXPSvFtTzjfEn83yJ6hk
m9Jx1mBi6rbcw+DXMdZ2Dy94avKtnkk13hrexAnB3ds31xwOcEvo3LpS/trpy2ld
gdJEO5dl/h5jfykWbKbrCWwrFXZWgsqrIxN/TZ3GJuMfuHvNhh7VRp/iQ6uOma81
Rh30OQN6BoPyINy+3IB6OjpETm66x4yhfDp5w6hkE313uEprcz8En26kV0x/0mry
kQDDNcnrtuxMVbesyhuKSTUpii0SAwDVvjgooE5ItGuFtAogGJPhxPgQs17b2Xr0
x3KtkLUTGywcnJRrVxU8QFq0r/TKbeDRuNd2jVqKxBv6
-----END CERTIFICATE-----