Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/9xrfw3EbndtYvWmKb0wfEeCOR8M.roa
File:                     9xrfw3EbndtYvWmKb0wfEeCOR8M.roa (raw, json)
Hash identifier:          LXuUqPpO4xWplhNJWf6lBUUkGZx8kD7tq9JKvanrhbM=
Subject key identifier:   F7:1A:DF:C3:71:1B:9D:DB:58:BD:69:8A:6F:4C:1F:11:E0:8E:47:C3
Certificate issuer:       /CN=e783b62ab8aea520770c57404be7771f679ec0b5
Certificate serial:       018CC5DD0888791AC288F7EEFC99C5AB84EB
Authority key identifier: E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/9xrfw3EbndtYvWmKb0wfEeCOR8M.roa
Signing time:             Mon 01 Jan 2024 16:30:46 +0000
ROA not before:           Mon 01 Jan 2024 16:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        109.95.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dd:08:88:79:1a:c2:88:f7:ee:fc:99:c5:ab:84:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e783b62ab8aea520770c57404be7771f679ec0b5
        Validity
            Not Before: Jan  1 16:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f71adfc3711b9ddb58bd698a6f4c1f11e08e47c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ab:db:6e:f3:e8:b9:b0:77:72:31:69:af:87:
                    2b:ba:66:12:10:1b:2e:58:0c:61:41:6e:dc:df:8e:
                    75:e7:7b:a9:9f:e1:3c:26:84:d3:06:86:4c:c4:30:
                    9f:71:bb:93:c2:98:c7:7b:68:f7:12:8c:3d:bb:7f:
                    0b:e4:b4:2d:f5:1e:51:1d:23:72:45:df:04:a7:4c:
                    04:ae:91:fa:77:c2:a7:1e:0b:9b:e0:bf:93:08:6b:
                    96:b0:22:5f:5c:28:7b:9c:05:80:44:67:c4:e7:f1:
                    ac:a0:80:7f:1b:62:64:5a:e8:fc:14:ef:75:61:61:
                    ca:29:ce:d2:75:51:28:0b:f7:a3:ed:a3:09:9e:0b:
                    48:da:f1:da:25:c7:7d:4d:ec:57:85:46:1f:7f:72:
                    3e:4d:a7:40:1c:f7:56:fe:66:6b:9d:e9:a3:6f:23:
                    cc:84:ae:66:7d:0d:5a:2e:17:29:90:44:6f:01:12:
                    3a:a4:7c:3d:88:96:91:8d:1b:95:c0:29:b4:d2:92:
                    27:1a:cc:ae:79:df:45:4a:01:9a:cc:2c:0b:45:98:
                    8d:0b:de:5d:27:d6:ab:c7:b7:47:59:eb:26:8c:ca:
                    57:16:30:ac:72:04:de:04:dd:04:b5:01:7c:f4:1f:
                    d0:2b:81:6a:13:22:fa:b8:c3:a5:7f:46:56:bf:6d:
                    7d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:1A:DF:C3:71:1B:9D:DB:58:BD:69:8A:6F:4C:1F:11:E0:8E:47:C3
            X509v3 Authority Key Identifier:
                keyid:E7:83:B6:2A:B8:AE:A5:20:77:0C:57:40:4B:E7:77:1F:67:9E:C0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54O2KriupSB3DFdAS-d3H2eewLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/9xrfw3EbndtYvWmKb0wfEeCOR8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/fadb3f-dc96-4902-86eb-19df5b4d1014/1/54O2KriupSB3DFdAS-d3H2eewLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ba:0a:6d:55:bc:4a:d7:15:40:88:76:b6:a1:5a:12:94:b6:
         ad:59:ab:f2:f6:e8:d9:03:9d:26:cf:13:b6:2d:6d:40:77:e2:
         a8:9c:fc:34:f4:a1:52:72:9c:02:93:0d:a1:cc:8d:07:bc:3d:
         2d:10:58:e4:c0:31:5f:02:03:90:34:2a:5b:f1:cf:1e:d6:39:
         d5:ea:00:99:24:23:14:7d:75:74:03:8a:9d:0c:cf:eb:55:f3:
         a9:52:60:71:39:e7:8e:72:49:0e:22:91:bd:ee:a2:92:63:a7:
         06:dc:b3:9e:a8:a3:8d:af:54:0c:87:e1:03:45:45:60:5b:98:
         d1:b1:23:a4:e7:5b:b7:5e:87:58:e5:9f:5f:a2:2c:24:9b:30:
         1b:be:dd:62:1a:53:ab:f3:d5:4b:0e:92:e6:a8:e0:f4:69:18:
         fe:0e:01:e0:6b:d4:01:b6:e3:7e:c5:60:d9:02:40:bd:10:1e:
         a7:7f:ca:84:d6:6e:30:a5:dd:83:99:27:59:93:33:8e:1a:33:
         0b:f9:f3:c4:2b:90:a4:08:07:45:25:cd:a2:84:d4:22:4f:a0:
         fc:65:56:ad:f2:3a:d1:90:21:b9:d6:a8:fc:cf:0a:75:d9:7f:
         db:e2:15:35:83:74:18:da:78:d8:1d:8b:80:37:29:c8:5e:f0:
         22:b0:5d:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3QiIeRrCiPfu/JnFq4TrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ODNiNjJhYjhhZWE1MjA3NzBjNTc0MDRiZTc3NzFmNjc5
ZWMwYjUwHhcNMjQwMTAxMTYzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzFhZGZjMzcxMWI5ZGRiNThiZDY5OGE2ZjRjMWYxMWUwOGU0N2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKvbbvPoubB3cjFpr4crumYSEBsu
WAxhQW7c345153upn+E8JoTTBoZMxDCfcbuTwpjHe2j3Eow9u38L5LQt9R5RHSNy
Rd8Ep0wErpH6d8KnHgub4L+TCGuWsCJfXCh7nAWARGfE5/GsoIB/G2JkWuj8FO91
YWHKKc7SdVEoC/ej7aMJngtI2vHaJcd9TexXhUYff3I+TadAHPdW/mZrnemjbyPM
hK5mfQ1aLhcpkERvARI6pHw9iJaRjRuVwCm00pInGsyued9FSgGazCwLRZiNC95d
J9arx7dHWesmjMpXFjCscgTeBN0EtQF89B/QK4FqEyL6uMOlf0ZWv219QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPca38NxG53bWL1pim9MHxHgjkfDMB8GA1UdIwQY
MBaAFOeDtiq4rqUgdwxXQEvndx9nnsC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWIt
MTlkZjViNGQxMDE0LzEvOXhyZnczRWJuZHRZdldtS2Iwd2ZFZUNPUjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mYWRiM2YtZGM5Ni00OTAyLTg2ZWItMTlkZjViNGQxMDE0
LzEvNTRPMktyaXVwU0IzREZkQVMtZDNIMmVld0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV+/MA0G
CSqGSIb3DQEBCwUAA4IBAQBzugptVbxK1xVAiHa2oVoSlLatWavy9ujZA50mzxO2
LW1Ad+KonPw09KFScpwCkw2hzI0HvD0tEFjkwDFfAgOQNCpb8c8e1jnV6gCZJCMU
fXV0A4qdDM/rVfOpUmBxOeeOckkOIpG97qKSY6cG3LOeqKONr1QMh+EDRUVgW5jR
sSOk51u3XodY5Z9foiwkmzAbvt1iGlOr89VLDpLmqOD0aRj+DgHga9QBtuN+xWDZ
AkC9EB6nf8qE1m4wpd2DmSdZkzOOGjML+fPEK5CkCAdFJc2ihNQiT6D8ZVat8jrR
kCG51qj8zwp12X/b4hU1g3QY2njYHYuANynIXvAisF00
-----END CERTIFICATE-----