Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/e9Y6pdWiu-cMUdxiiiF2QXMMGNM.roa
File:                     e9Y6pdWiu-cMUdxiiiF2QXMMGNM.roa (raw, json)
Hash identifier:          wJZeE1VEmoX6EJYP5YZuMBWF6OA1M/y9voZX0F1/Y4A=
Subject key identifier:   7B:D6:3A:A5:D5:A2:BB:E7:0C:51:DC:62:8A:21:76:41:73:0C:18:D3
Certificate issuer:       /CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
Certificate serial:       018CC7277142A58B413291BBCE972935CD85
Authority key identifier: FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/e9Y6pdWiu-cMUdxiiiF2QXMMGNM.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2871
IP address blocks:        92.42.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:71:42:a5:8b:41:32:91:bb:ce:97:29:35:cd:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd3a1e8465bfc4df700894372d0b9808e8b629ea
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7bd63aa5d5a2bbe70c51dc628a217641730c18d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:1c:42:cf:d8:69:04:10:3c:ef:9e:c4:b5:8c:
                    68:79:37:8c:d4:e3:75:25:66:41:ef:f3:52:14:c0:
                    25:ee:14:8b:17:2b:7a:75:c0:d5:9d:76:5d:58:43:
                    ef:39:f2:32:ac:75:a0:da:40:bc:e1:2f:3a:1a:3e:
                    ac:1f:26:30:56:5d:65:83:9d:a7:d2:76:1b:0c:dd:
                    bc:47:1c:05:37:c5:d3:d8:17:a2:64:f8:da:78:2f:
                    5f:70:3f:30:7e:b1:e5:06:c8:8d:93:5f:8c:75:15:
                    06:27:c3:26:b9:8f:cc:93:40:bf:a8:cf:5b:b5:02:
                    f3:a6:bd:c9:48:44:df:5b:37:b5:72:3a:b9:6a:ab:
                    94:26:ea:e1:e9:78:7b:d4:f8:ec:b3:25:7c:34:81:
                    31:b3:20:b2:9a:1f:49:2c:20:c5:ca:17:f9:6e:18:
                    22:e8:88:d3:79:7c:04:92:0e:6a:b8:7f:e9:ad:b2:
                    b2:b3:a1:84:ba:c7:ce:67:30:98:8f:83:b0:dd:f9:
                    0d:4c:00:45:7b:f1:86:48:e5:d2:88:81:fc:17:b4:
                    3e:ff:52:59:8b:36:5b:b9:61:de:d9:cd:f0:d3:1d:
                    6b:5a:6e:7c:b9:01:91:43:de:1f:40:fd:b7:8d:ab:
                    74:f8:5a:67:d5:9f:c3:dd:48:15:de:51:b0:67:44:
                    57:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D6:3A:A5:D5:A2:BB:E7:0C:51:DC:62:8A:21:76:41:73:0C:18:D3
            X509v3 Authority Key Identifier:
                keyid:FD:3A:1E:84:65:BF:C4:DF:70:08:94:37:2D:0B:98:08:E8:B6:29:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ToehGW_xN9wCJQ3LQuYCOi2Keo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/e9Y6pdWiu-cMUdxiiiF2QXMMGNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/513734-a485-4c28-8aa6-9555d30f6f8f/1/_ToehGW_xN9wCJQ3LQuYCOi2Keo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:c6:1a:9c:e9:f6:a4:d2:b7:cc:93:57:4c:28:29:88:d4:02:
         7f:1f:a8:1b:b8:01:cb:27:4f:99:da:83:ba:23:c4:86:de:07:
         89:3e:50:5a:d3:89:b9:d4:ac:c2:9f:8c:e3:22:39:e2:f5:66:
         e9:fe:8e:e5:fb:a2:3b:4b:70:85:c2:e2:57:b7:09:13:c0:ac:
         36:dc:8b:14:d4:ba:fb:b3:54:d1:56:45:62:ff:59:c8:e9:3c:
         39:d8:bb:bc:b9:69:d6:e7:92:9a:bb:c0:f7:f3:fa:04:c3:dc:
         ab:21:7a:d3:39:60:43:eb:1a:ef:07:77:19:f9:3d:1b:5d:63:
         4d:78:30:35:cd:c5:5f:ce:fe:29:5b:66:31:5f:ca:5a:d7:ca:
         3e:3b:6f:b7:c7:24:b7:35:ae:45:20:82:61:04:93:97:2e:b4:
         0e:10:95:7b:92:1b:17:d3:12:05:0a:e8:39:eb:a1:bf:74:71:
         31:40:68:11:ba:94:bc:ec:7e:a1:07:89:de:ff:cc:32:5c:76:
         fb:33:73:e9:77:fa:a1:8e:c8:e6:13:09:50:fc:d8:f0:ee:48:
         68:65:e7:bd:7a:d1:c4:9c:49:96:52:c0:1a:00:c7:ee:28:c7:
         c4:84:3f:84:e8:14:52:fa:4f:0c:53:2a:30:5e:5e:15:04:21:
         50:76:20:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3FCpYtBMpG7zpcpNc2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkM2ExZTg0NjViZmM0ZGY3MDA4OTQzNzJkMGI5ODA4ZThi
NjI5ZWEwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQ2M2FhNWQ1YTJiYmU3MGM1MWRjNjI4YTIxNzY0MTczMGMxOGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBxCz9hpBBA8757EtYxoeTeM1ON1
JWZB7/NSFMAl7hSLFyt6dcDVnXZdWEPvOfIyrHWg2kC84S86Gj6sHyYwVl1lg52n
0nYbDN28RxwFN8XT2BeiZPjaeC9fcD8wfrHlBsiNk1+MdRUGJ8MmuY/Mk0C/qM9b
tQLzpr3JSETfWze1cjq5aquUJurh6Xh71PjssyV8NIExsyCymh9JLCDFyhf5bhgi
6IjTeXwEkg5quH/prbKys6GEusfOZzCYj4Ow3fkNTABFe/GGSOXSiIH8F7Q+/1JZ
izZbuWHe2c3w0x1rWm58uQGRQ94fQP23jat0+Fpn1Z/D3UgV3lGwZ0RXHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvWOqXVorvnDFHcYoohdkFzDBjTMB8GA1UdIwQY
MBaAFP06HoRlv8TfcAiUNy0LmAjotinqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYt
OTU1NWQzMGY2ZjhmLzEvZTlZNnBkV2l1LWNNVWR4aWlpRjJRWE1NR05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS81MTM3MzQtYTQ4NS00YzI4LThhYTYtOTU1NWQzMGY2Zjhm
LzEvX1RvZWhHV194Tjl3Q0pRM0xRdVlDT2kyS2VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCqNMA0G
CSqGSIb3DQEBCwUAA4IBAQAWxhqc6fak0rfMk1dMKCmI1AJ/H6gbuAHLJ0+Z2oO6
I8SG3geJPlBa04m51KzCn4zjIjni9Wbp/o7l+6I7S3CFwuJXtwkTwKw23IsU1Lr7
s1TRVkVi/1nI6Tw52Lu8uWnW55Kau8D38/oEw9yrIXrTOWBD6xrvB3cZ+T0bXWNN
eDA1zcVfzv4pW2YxX8pa18o+O2+3xyS3Na5FIIJhBJOXLrQOEJV7khsX0xIFCug5
66G/dHExQGgRupS87H6hB4ne/8wyXHb7M3Ppd/qhjsjmEwlQ/Njw7khoZee9etHE
nEmWUsAaAMfuKMfEhD+E6BRS+k8MUyowXl4VBCFQdiBW
-----END CERTIFICATE-----