Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/09sLsVVB7CxSU3zRMbha3zsyhF8.roa
File:                     09sLsVVB7CxSU3zRMbha3zsyhF8.roa (raw, json)
Hash identifier:          tTAYoFfoEPVf4pJlvL5DbYsyWvbF6BeodnMVrKS3ULM=
Subject key identifier:   D3:DB:0B:B1:55:41:EC:2C:52:53:7C:D1:31:B8:5A:DF:3B:32:84:5F
Certificate issuer:       /CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
Certificate serial:       018CCA9A02B73AF18A598743F16D230FA2D5
Authority key identifier: B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/09sLsVVB7CxSU3zRMbha3zsyhF8.roa
Signing time:             Tue 02 Jan 2024 14:35:40 +0000
ROA not before:           Tue 02 Jan 2024 14:35:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.144.16.0/22 maxlen: 24
                          2a04:2f81::/42 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:9a:02:b7:3a:f1:8a:59:87:43:f1:6d:23:0f:a2:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1ffee7dbf7f4566ea9e30546b2c2a2e7336f2f4
        Validity
            Not Before: Jan  2 14:35:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3db0bb15541ec2c52537cd131b85adf3b32845f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b9:c6:c5:8d:bd:19:07:bf:77:28:3c:4d:59:
                    94:7f:85:2d:ec:17:50:37:2e:50:7c:93:52:a7:ba:
                    9d:d6:79:cf:ca:e4:ee:25:a3:80:11:62:b0:d7:3d:
                    17:5b:39:fb:a1:70:0f:6e:82:22:bf:ef:e3:b3:2d:
                    3d:3f:a1:fa:ef:f8:b3:4c:c0:df:a2:2c:2b:ed:01:
                    7e:37:04:a0:16:19:b1:7e:76:04:ba:8a:fa:04:14:
                    7e:8c:09:ba:45:9c:78:be:5a:ce:ad:17:69:03:af:
                    98:ea:a8:d2:0b:b8:bf:1e:d2:ad:c2:12:0a:08:bc:
                    df:3e:78:52:ef:f9:c4:9a:39:87:e1:ff:1a:b3:a0:
                    f2:07:84:a6:aa:b9:e6:25:4c:56:c1:67:b8:ac:4b:
                    34:96:91:b2:03:44:a7:3f:0b:a4:cc:3d:15:30:32:
                    68:ed:20:3f:a8:45:31:36:ca:5a:23:9e:14:09:16:
                    e3:ef:4c:bf:79:88:fb:6a:a6:1e:7c:38:f7:8e:0e:
                    f2:c6:b7:37:a6:29:dc:ed:39:4f:fb:02:3f:3a:97:
                    e9:2a:f3:04:17:1e:fc:3d:ef:23:bf:7f:61:c0:05:
                    a4:3c:a9:a6:b4:7c:dd:3f:8b:4f:7b:da:dd:48:5a:
                    e7:10:98:36:d3:69:b4:ea:e5:74:61:3b:47:86:6f:
                    d9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DB:0B:B1:55:41:EC:2C:52:53:7C:D1:31:B8:5A:DF:3B:32:84:5F
            X509v3 Authority Key Identifier:
                keyid:B1:FF:EE:7D:BF:7F:45:66:EA:9E:30:54:6B:2C:2A:2E:73:36:F2:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sf_ufb9_RWbqnjBUaywqLnM28vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/09sLsVVB7CxSU3zRMbha3zsyhF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/2fcbb2-c3c0-4b1e-8ad5-7f5f78346d6f/1/sf_ufb9_RWbqnjBUaywqLnM28vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.16.0/22
                IPv6:
                  2a04:2f81::/42

    Signature Algorithm: sha256WithRSAEncryption
         64:39:4b:f1:56:09:a3:7c:59:73:28:f2:c2:9d:37:86:fb:bc:
         fe:c6:1f:32:fa:42:6d:0d:29:20:a0:48:bd:98:5f:2d:7e:5c:
         18:59:ee:6d:b1:fa:c6:52:58:b4:c2:97:37:a1:ec:1d:62:d7:
         e1:b6:c0:51:69:d4:7b:96:c6:b6:8d:cb:73:59:04:f3:27:e6:
         15:a0:52:f5:74:22:b6:20:75:97:33:ba:f1:41:e4:9c:74:20:
         90:73:b8:38:a5:43:12:a4:79:25:a2:f8:6a:22:fd:40:03:55:
         31:69:81:78:8f:18:e7:3b:cd:f2:04:2c:2d:10:55:1c:84:73:
         9b:de:ad:36:fb:d0:3a:9b:63:5a:35:69:2d:e4:a2:37:17:ac:
         2a:17:bc:74:2b:0f:5b:62:72:8f:8f:b2:55:2b:c4:81:e3:47:
         3f:27:c2:e1:44:a9:9b:0f:56:ee:3f:ad:44:d0:83:cc:ea:81:
         55:d9:3e:7c:6e:fc:01:a0:91:18:1f:d2:e0:e0:32:df:22:05:
         f1:7f:14:f9:58:2f:64:6a:cc:36:66:90:30:11:c5:61:75:78:
         ed:f0:7b:75:11:d1:e8:4d:66:67:a0:f0:7c:df:f3:e8:94:c1:
         cf:2b:22:65:f8:ac:e0:b1:a4:60:c9:76:55:7c:d3:17:c3:47:
         05:a6:f7:fd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKmgK3OvGKWYdD8W0jD6LVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxZmZlZTdkYmY3ZjQ1NjZlYTllMzA1NDZiMmMyYTJlNzMz
NmYyZjQwHhcNMjQwMTAyMTQzNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RiMGJiMTU1NDFlYzJjNTI1MzdjZDEzMWI4NWFkZjNiMzI4NDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7nGxY29GQe/dyg8TVmUf4Ut7BdQ
Ny5QfJNSp7qd1nnPyuTuJaOAEWKw1z0XWzn7oXAPboIiv+/jsy09P6H67/izTMDf
oiwr7QF+NwSgFhmxfnYEuor6BBR+jAm6RZx4vlrOrRdpA6+Y6qjSC7i/HtKtwhIK
CLzfPnhS7/nEmjmH4f8as6DyB4SmqrnmJUxWwWe4rEs0lpGyA0SnPwukzD0VMDJo
7SA/qEUxNspaI54UCRbj70y/eYj7aqYefDj3jg7yxrc3pinc7TlP+wI/OpfpKvME
Fx78Pe8jv39hwAWkPKmmtHzdP4tPe9rdSFrnEJg202m06uV0YTtHhm/ZVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNPbC7FVQewsUlN80TG4Wt87MoRfMB8GA1UdIwQY
MBaAFLH/7n2/f0Vm6p4wVGssKi5zNvL0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUt
N2Y1Zjc4MzQ2ZDZmLzEvMDlzTHNWVkI3Q3hTVTN6Uk1iaGEzenN5aEY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8yZmNiYjItYzNjMC00YjFlLThhZDUtN2Y1Zjc4MzQ2ZDZm
LzEvc2ZfdWZiOV9SV2JxbmpCVWF5d3FMbk0yOHZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuZAQMA8E
AgACMAkDBwYqBC+BAAAwDQYJKoZIhvcNAQELBQADggEBAGQ5S/FWCaN8WXMo8sKd
N4b7vP7GHzL6Qm0NKSCgSL2YXy1+XBhZ7m2x+sZSWLTClzeh7B1i1+G2wFFp1HuW
xraNy3NZBPMn5hWgUvV0IrYgdZczuvFB5Jx0IJBzuDilQxKkeSWi+Goi/UADVTFp
gXiPGOc7zfIELC0QVRyEc5verTb70DqbY1o1aS3kojcXrCoXvHQrD1tico+PslUr
xIHjRz8nwuFEqZsPVu4/rUTQg8zqgVXZPnxu/AGgkRgf0uDgMt8iBfF/FPlYL2Rq
zDZmkDARxWF1eO3we3UR0ehNZmeg8Hzf8+iUwc8rImX4rOCxpGDJdlV80xfDRwWm
9/0=
-----END CERTIFICATE-----