Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/T9NUsBtqcRgjwfHEl2b1-qeJ8wI.roa
File:                     T9NUsBtqcRgjwfHEl2b1-qeJ8wI.roa (raw, json)
Hash identifier:          xOYm3cO8EzU/tOIvtH60slf46yISug1tZ2mR4RZnnfs=
Subject key identifier:   4F:D3:54:B0:1B:6A:71:18:23:C1:F1:C4:97:66:F5:FA:A7:89:F3:02
Certificate issuer:       /CN=5ee004befa553ddb35564fb7762b05eb222ecf93
Certificate serial:       018CC2DB49A5665EA6D78104E951C385B3FE
Authority key identifier: 5E:E0:04:BE:FA:55:3D:DB:35:56:4F:B7:76:2B:05:EB:22:2E:CF:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuAEvvpVPds1Vk-3disF6yIuz5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/T9NUsBtqcRgjwfHEl2b1-qeJ8wI.roa
Signing time:             Mon 01 Jan 2024 02:30:00 +0000
ROA not before:           Mon 01 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29014
IP address blocks:        81.28.224.0/20 maxlen: 24
                          2a00:1c39::/32 maxlen: 48
                          2a00:1c38::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/XuAEvvpVPds1Vk-3disF6yIuz5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/XuAEvvpVPds1Vk-3disF6yIuz5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuAEvvpVPds1Vk-3disF6yIuz5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:49:a5:66:5e:a6:d7:81:04:e9:51:c3:85:b3:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee004befa553ddb35564fb7762b05eb222ecf93
        Validity
            Not Before: Jan  1 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fd354b01b6a711823c1f1c49766f5faa789f302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:30:12:d7:a1:f2:1e:3f:53:cb:11:de:34:af:
                    68:65:99:be:2f:4b:e9:2b:e3:57:e6:cd:72:88:99:
                    95:e5:95:eb:e7:37:00:51:36:9e:a3:42:2b:51:f9:
                    5e:29:79:4c:87:a1:97:c5:ea:ae:62:e4:e1:ac:06:
                    1d:78:99:70:80:8b:4a:ba:d2:9f:c3:7d:87:1b:bd:
                    a1:4e:20:03:56:91:c3:c1:a0:cb:fe:18:64:24:8c:
                    d1:88:ad:7a:03:9b:e2:81:80:e8:d8:ef:28:95:36:
                    4a:a6:0e:51:cb:9c:9d:ba:ba:dc:11:85:02:8b:7e:
                    19:fe:f5:9a:c5:89:83:6e:cc:f0:5c:fa:5d:48:dd:
                    7e:bf:10:aa:b5:78:4e:7e:93:a0:03:0d:6a:bb:94:
                    c1:cd:f8:74:23:4f:bd:6f:73:a7:75:51:ff:0e:46:
                    39:c7:b4:50:61:14:99:02:2b:4a:c7:34:50:22:47:
                    b4:aa:a2:05:b3:c3:36:f3:e0:7b:6a:04:7d:0c:c3:
                    22:02:ec:4e:c1:8e:67:79:67:bd:1b:a4:84:9f:de:
                    18:04:72:cc:9e:d7:7d:e4:bf:ff:fe:b9:92:06:ad:
                    7b:b3:9f:2b:08:22:44:df:6a:d3:e9:a1:27:b4:f1:
                    fb:01:26:06:0d:1f:74:fc:4f:9f:ba:29:c7:e1:dc:
                    c6:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D3:54:B0:1B:6A:71:18:23:C1:F1:C4:97:66:F5:FA:A7:89:F3:02
            X509v3 Authority Key Identifier:
                keyid:5E:E0:04:BE:FA:55:3D:DB:35:56:4F:B7:76:2B:05:EB:22:2E:CF:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuAEvvpVPds1Vk-3disF6yIuz5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/T9NUsBtqcRgjwfHEl2b1-qeJ8wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3c35ea-7c9a-48e2-b3b2-e228aab45014/1/XuAEvvpVPds1Vk-3disF6yIuz5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.28.224.0/20
                IPv6:
                  2a00:1c38::/31

    Signature Algorithm: sha256WithRSAEncryption
         05:37:d6:c1:38:34:e7:6d:4f:23:1a:89:96:3f:66:26:2f:0c:
         99:f9:ad:4e:0d:26:20:31:60:82:01:10:ee:03:fc:f5:db:e0:
         43:13:85:ba:bd:d5:d2:3a:e8:44:30:7d:3d:05:f4:a1:1e:49:
         d1:38:9f:90:26:24:ab:a4:68:c0:c5:62:57:96:33:fb:19:77:
         b7:bd:c0:79:2b:db:f4:d8:78:77:93:f6:31:a8:d8:29:14:5a:
         d9:e0:b8:63:e7:e4:92:9f:48:46:b4:1d:c3:cb:37:b1:3d:2e:
         37:68:10:f9:8f:11:83:b2:aa:f7:fa:bb:7b:35:94:1d:30:06:
         06:46:af:7a:cd:33:4b:07:80:bc:9b:b1:a1:6e:bd:64:f5:42:
         2f:4d:47:ba:ef:42:98:de:1a:f2:3a:24:ca:3a:f2:98:69:b1:
         70:43:2d:4e:28:a0:21:1b:f7:09:1c:39:f9:f6:94:7a:14:0c:
         9d:07:96:2b:e2:2f:dd:14:3c:91:2e:dd:6f:2f:89:fe:b1:f0:
         07:06:87:48:be:c3:15:08:74:cd:dd:ef:60:03:98:bd:91:69:
         27:f5:10:02:90:13:e6:e1:46:36:52:8f:18:3f:5a:47:90:97:
         6a:dd:22:23:c1:7f:b4:43:95:15:5d:ed:12:93:dc:09:2c:b4:
         7d:6f:7b:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC20mlZl6m14EE6VHDhbP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTAwNGJlZmE1NTNkZGIzNTU2NGZiNzc2MmIwNWViMjIy
ZWNmOTMwHhcNMjQwMTAxMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQzNTRiMDFiNmE3MTE4MjNjMWYxYzQ5NzY2ZjVmYWE3ODlmMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDAS16HyHj9TyxHeNK9oZZm+L0vp
K+NX5s1yiJmV5ZXr5zcAUTaeo0IrUfleKXlMh6GXxequYuThrAYdeJlwgItKutKf
w32HG72hTiADVpHDwaDL/hhkJIzRiK16A5vigYDo2O8olTZKpg5Ry5ydurrcEYUC
i34Z/vWaxYmDbszwXPpdSN1+vxCqtXhOfpOgAw1qu5TBzfh0I0+9b3OndVH/DkY5
x7RQYRSZAitKxzRQIke0qqIFs8M28+B7agR9DMMiAuxOwY5neWe9G6SEn94YBHLM
ntd95L///rmSBq17s58rCCJE32rT6aEntPH7ASYGDR90/E+fuinH4dzGJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE/TVLAbanEYI8HxxJdm9fqnifMCMB8GA1UdIwQY
MBaAFF7gBL76VT3bNVZPt3YrBesiLs+TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVBRXZ2cFZQZHMxVmstM2Rpc0Y2eUl1ejVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zYzM1ZWEtN2M5YS00OGUyLWIzYjIt
ZTIyOGFhYjQ1MDE0LzEvVDlOVXNCdHFjUmdqd2ZIRWwyYjEtcWVKOHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zYzM1ZWEtN2M5YS00OGUyLWIzYjItZTIyOGFhYjQ1MDE0
LzEvWHVBRXZ2cFZQZHMxVmstM2Rpc0Y2eUl1ejVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEURzgMA0E
AgACMAcDBQEqABw4MA0GCSqGSIb3DQEBCwUAA4IBAQAFN9bBODTnbU8jGomWP2Ym
LwyZ+a1ODSYgMWCCARDuA/z12+BDE4W6vdXSOuhEMH09BfShHknROJ+QJiSrpGjA
xWJXljP7GXe3vcB5K9v02Hh3k/YxqNgpFFrZ4Lhj5+SSn0hGtB3DyzexPS43aBD5
jxGDsqr3+rt7NZQdMAYGRq96zTNLB4C8m7Ghbr1k9UIvTUe670KY3hryOiTKOvKY
abFwQy1OKKAhG/cJHDn59pR6FAydB5Yr4i/dFDyRLt1vL4n+sfAHBodIvsMVCHTN
3e9gA5i9kWkn9RACkBPm4UY2Uo8YP1pHkJdq3SIjwX+0Q5UVXe0Sk9wJLLR9b3sG
-----END CERTIFICATE-----