Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/57d30a-0552-45f6-9ebc-c2bd5fc04424/1/l9RNtoPiSjZVFcX0Z_8roCHK8Cc.roa
File:                     l9RNtoPiSjZVFcX0Z_8roCHK8Cc.roa (raw, json)
Hash identifier:          e9Z7GBrF/tV3cQphyXIxuDJomhc1eu9VV+sZnmcqyA4=
Subject key identifier:   97:D4:4D:B6:83:E2:4A:36:55:15:C5:F4:67:FF:2B:A0:21:CA:F0:27
Certificate issuer:       /CN=b795582c73302eb0a974477603049850833bd210
Certificate serial:       018CC9BCFD6F98408B12D9266F50868686C7
Authority key identifier: B7:95:58:2C:73:30:2E:B0:A9:74:47:76:03:04:98:50:83:3B:D2:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5VYLHMwLrCpdEd2AwSYUIM70hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/57d30a-0552-45f6-9ebc-c2bd5fc04424/1/l9RNtoPiSjZVFcX0Z_8roCHK8Cc.roa
Signing time:             Tue 02 Jan 2024 10:34:15 +0000
ROA not before:           Tue 02 Jan 2024 10:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206640
IP address blocks:        185.180.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/57d30a-0552-45f6-9ebc-c2bd5fc04424/1/t5VYLHMwLrCpdEd2AwSYUIM70hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/57d30a-0552-45f6-9ebc-c2bd5fc04424/1/t5VYLHMwLrCpdEd2AwSYUIM70hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5VYLHMwLrCpdEd2AwSYUIM70hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fd:6f:98:40:8b:12:d9:26:6f:50:86:86:86:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b795582c73302eb0a974477603049850833bd210
        Validity
            Not Before: Jan  2 10:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97d44db683e24a365515c5f467ff2ba021caf027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e2:6e:e3:c6:bb:a7:8e:a8:c0:0a:b2:b8:0f:
                    4e:8a:97:8e:f0:3d:d7:4b:70:3f:71:2c:94:78:4c:
                    5a:80:37:cd:fe:cb:eb:a5:fb:9b:48:61:64:1d:76:
                    ee:76:c6:a2:f5:4d:86:0c:59:a3:89:98:fd:e0:b9:
                    ea:c0:ed:fd:8c:3b:84:04:45:61:72:59:0a:8b:7b:
                    5d:65:9b:9d:e3:7c:01:5e:53:e1:08:18:44:4f:83:
                    f4:33:2b:66:20:41:dd:e3:6f:19:96:70:61:ea:80:
                    cd:70:57:c2:1f:c4:4b:e7:0a:c0:e6:d7:27:45:de:
                    56:4f:24:79:31:26:69:09:f4:2b:89:f8:89:23:5e:
                    e4:e1:18:45:f9:e9:4b:f2:fd:81:82:19:f3:6d:0a:
                    29:8f:1f:bb:05:8b:0a:f0:e5:3e:4c:28:ed:92:a7:
                    56:45:4c:44:fe:e1:5d:40:d2:db:fd:95:54:81:d4:
                    80:62:a2:b9:6d:06:e4:72:c1:d8:58:08:8e:64:82:
                    ff:38:56:85:ae:c1:58:f1:1e:b3:67:c8:b2:05:1b:
                    94:55:2b:5b:94:f5:1e:51:e8:f3:c6:79:40:84:85:
                    e8:47:c7:3c:41:dc:58:48:36:2c:d9:8e:af:67:5a:
                    44:be:c9:4c:b8:e8:e1:11:d3:c9:9f:f7:0e:a3:e5:
                    3a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D4:4D:B6:83:E2:4A:36:55:15:C5:F4:67:FF:2B:A0:21:CA:F0:27
            X509v3 Authority Key Identifier:
                keyid:B7:95:58:2C:73:30:2E:B0:A9:74:47:76:03:04:98:50:83:3B:D2:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5VYLHMwLrCpdEd2AwSYUIM70hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57d30a-0552-45f6-9ebc-c2bd5fc04424/1/l9RNtoPiSjZVFcX0Z_8roCHK8Cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/57d30a-0552-45f6-9ebc-c2bd5fc04424/1/t5VYLHMwLrCpdEd2AwSYUIM70hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:95:b3:65:fa:b3:65:75:96:fd:76:81:86:4c:49:0c:2b:47:
         10:53:85:93:21:16:d6:48:5d:e6:aa:ed:d8:a0:4a:2b:75:d3:
         f6:71:2e:c0:ad:18:5e:71:0b:bd:73:63:16:ef:3e:25:f2:f6:
         c9:f7:94:29:05:b5:09:19:50:00:7a:2f:bf:dd:70:a9:22:fe:
         cf:a9:a1:39:ee:b4:03:84:d6:ff:f9:68:fd:6d:27:5f:f1:b9:
         ce:8f:8b:d7:b8:1f:3d:e7:f5:e3:bb:8a:bd:95:98:68:98:7f:
         4b:1d:ac:ee:da:56:1b:e2:91:48:1a:ac:c6:a5:d7:08:36:3f:
         2e:94:5d:5a:08:98:f0:23:05:cf:1d:fb:ce:7d:f3:8e:37:1f:
         74:6a:59:7d:5b:ed:83:cb:b2:37:76:cf:c8:c4:bd:d0:17:de:
         1d:cd:99:a2:01:96:bb:f6:26:a7:2e:64:5e:72:34:92:9b:97:
         07:ed:12:b8:2e:66:12:5f:0c:da:d3:1f:88:1f:4a:41:23:c3:
         11:27:4e:37:f0:3c:f7:b9:f7:c6:c3:f5:a6:d7:65:ab:b3:20:
         cf:4c:62:2b:73:65:28:97:15:e5:28:6c:e2:58:ae:9b:7a:10:
         11:f1:1d:d3:3c:d9:d6:d8:fc:43:cf:79:23:07:e4:57:35:b0:
         75:f6:22:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvP1vmECLEtkmb1CGhobHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTU1ODJjNzMzMDJlYjBhOTc0NDc3NjAzMDQ5ODUwODMz
YmQyMTAwHhcNMjQwMTAyMTAzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2Q0NGRiNjgzZTI0YTM2NTUxNWM1ZjQ2N2ZmMmJhMDIxY2FmMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOJu48a7p46owAqyuA9OipeO8D3X
S3A/cSyUeExagDfN/svrpfubSGFkHXbudsai9U2GDFmjiZj94LnqwO39jDuEBEVh
clkKi3tdZZud43wBXlPhCBhET4P0MytmIEHd428ZlnBh6oDNcFfCH8RL5wrA5tcn
Rd5WTyR5MSZpCfQrifiJI17k4RhF+elL8v2BghnzbQopjx+7BYsK8OU+TCjtkqdW
RUxE/uFdQNLb/ZVUgdSAYqK5bQbkcsHYWAiOZIL/OFaFrsFY8R6zZ8iyBRuUVStb
lPUeUejzxnlAhIXoR8c8QdxYSDYs2Y6vZ1pEvslMuOjhEdPJn/cOo+U6EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfUTbaD4ko2VRXF9Gf/K6AhyvAnMB8GA1UdIwQY
MBaAFLeVWCxzMC6wqXRHdgMEmFCDO9IQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVWWUxITXdMckNwZEVkMkF3U1lVSU03MGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81N2QzMGEtMDU1Mi00NWY2LTllYmMt
YzJiZDVmYzA0NDI0LzEvbDlSTnRvUGlTalpWRmNYMFpfOHJvQ0hLOENjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81N2QzMGEtMDU1Mi00NWY2LTllYmMtYzJiZDVmYzA0NDI0
LzEvdDVWWUxITXdMckNwZEVkMkF3U1lVSU03MGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubRwMA0G
CSqGSIb3DQEBCwUAA4IBAQBtlbNl+rNldZb9doGGTEkMK0cQU4WTIRbWSF3mqu3Y
oEorddP2cS7ArRhecQu9c2MW7z4l8vbJ95QpBbUJGVAAei+/3XCpIv7PqaE57rQD
hNb/+Wj9bSdf8bnOj4vXuB895/Xju4q9lZhomH9LHazu2lYb4pFIGqzGpdcINj8u
lF1aCJjwIwXPHfvOffOONx90all9W+2Dy7I3ds/IxL3QF94dzZmiAZa79ianLmRe
cjSSm5cH7RK4LmYSXwza0x+IH0pBI8MRJ0438Dz3uffGw/Wm12WrsyDPTGIrc2Uo
lxXlKGziWK6behAR8R3TPNnW2PxDz3kjB+RXNbB19iIb
-----END CERTIFICATE-----