Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/P9RyAxSqJeJLKIGhk9mKmhEAdQE.roa
File:                     P9RyAxSqJeJLKIGhk9mKmhEAdQE.roa (raw, json)
Hash identifier:          6XoQ5v+TuHWm66YOecvI0KukaDphFCqC7Ob0F/h90ec=
Subject key identifier:   3F:D4:72:03:14:AA:25:E2:4B:28:81:A1:93:D9:8A:9A:11:00:75:01
Certificate issuer:       /CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
Certificate serial:       018F28F826B652ED7B52807B1B5AFB23D034
Authority key identifier: D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/P9RyAxSqJeJLKIGhk9mKmhEAdQE.roa
Signing time:             Mon 29 Apr 2024 08:28:22 +0000
ROA not before:           Mon 29 Apr 2024 08:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        176.117.88.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:f8:26:b6:52:ed:7b:52:80:7b:1b:5a:fb:23:d0:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0299cf12b38ff12d95ffc0d13ac12c69fe2c1ca
        Validity
            Not Before: Apr 29 08:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fd4720314aa25e24b2881a193d98a9a11007501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b6:3e:31:e4:71:48:85:9d:1f:bc:7a:8e:0c:
                    a9:13:a6:6b:61:de:7c:c3:b8:4d:84:ff:5b:f0:f7:
                    c2:16:e2:c6:bf:92:c8:b4:6a:40:7d:ba:f9:54:82:
                    2f:7a:29:33:72:56:cb:37:ff:d8:2d:91:e9:53:bd:
                    91:59:c9:26:be:fe:0b:26:2e:5e:eb:23:52:1c:9d:
                    69:ef:ba:bf:8a:9a:51:01:0a:8d:61:47:e1:02:68:
                    4c:af:d1:53:6f:50:49:36:bb:0e:11:34:14:be:07:
                    19:e1:d2:d3:ec:87:26:95:89:52:9e:9d:05:b8:91:
                    6d:09:cf:e8:88:be:26:bd:8e:16:bb:5b:cf:5f:c8:
                    88:bf:67:81:52:89:c6:56:f2:55:66:0d:2f:0a:f4:
                    ee:f1:34:49:50:6a:78:8c:fe:aa:92:e6:54:5b:67:
                    08:ff:4f:1d:93:25:a8:15:91:f5:64:8b:91:41:d8:
                    da:16:bc:38:0b:30:28:09:11:f2:3d:98:26:39:b2:
                    77:15:1b:b0:d1:1b:82:df:12:64:d2:db:ed:2a:ef:
                    e0:90:43:bf:a2:a2:9e:6c:fc:ad:6d:28:af:a1:3d:
                    2c:22:1f:12:5c:d5:62:ca:15:23:8f:7f:60:dc:6d:
                    16:94:6f:95:5b:06:9d:12:cb:98:4e:91:e4:89:c5:
                    0e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D4:72:03:14:AA:25:E2:4B:28:81:A1:93:D9:8A:9A:11:00:75:01
            X509v3 Authority Key Identifier:
                keyid:D0:29:9C:F1:2B:38:FF:12:D9:5F:FC:0D:13:AC:12:C6:9F:E2:C1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/P9RyAxSqJeJLKIGhk9mKmhEAdQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/d582c4-36e3-4a57-8752-e641e713d1fa/1/0Cmc8Ss4_xLZX_wNE6wSxp_iwco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.117.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:5e:82:87:79:4d:52:ad:ec:8a:8a:fb:53:b2:f8:59:d7:64:
         5d:25:59:da:67:79:58:9f:f3:c1:e1:df:74:fd:b2:55:24:ef:
         35:86:31:15:1e:12:a3:d3:1d:18:d5:b0:25:7b:07:71:02:80:
         da:78:ce:a0:53:30:88:cd:9a:d4:be:23:6e:11:c3:20:45:42:
         de:5d:e2:3c:52:6e:5a:10:40:c2:0e:2f:9a:bd:55:09:f8:90:
         24:dd:a0:81:24:0c:c7:b4:42:2a:69:0d:b7:27:01:d2:9e:03:
         cb:fb:4f:e8:4b:d0:1a:d3:da:b6:c4:0a:89:e8:c3:fb:cc:85:
         7c:bb:a1:fd:5f:68:d3:bc:32:6f:54:25:c2:96:09:13:ac:dd:
         34:8e:45:e7:e8:ec:61:1c:77:10:80:4e:25:26:71:89:a3:13:
         bd:df:bd:64:80:83:b1:5a:33:cd:48:33:84:5e:93:e1:8b:88:
         b8:20:d3:84:68:8c:c0:0b:d0:15:aa:52:92:a3:4a:87:de:08:
         51:f8:9a:55:4f:92:24:3a:41:72:f8:08:e7:3e:ec:7a:9f:8a:
         94:a3:a1:57:48:e7:b6:3e:4c:5c:4b:5d:9a:4a:da:a0:a8:ec:
         99:96:b4:57:41:01:82:0f:48:8e:a8:91:be:23:78:2d:9d:c6:
         51:62:3c:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8o+Ca2Uu17UoB7G1r7I9A0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjk5Y2YxMmIzOGZmMTJkOTVmZmMwZDEzYWMxMmM2OWZl
MmMxY2EwHhcNMjQwNDI5MDgyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ0NzIwMzE0YWEyNWUyNGIyODgxYTE5M2Q5OGE5YTExMDA3NTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibY+MeRxSIWdH7x6jgypE6ZrYd58
w7hNhP9b8PfCFuLGv5LItGpAfbr5VIIveikzclbLN//YLZHpU72RWckmvv4LJi5e
6yNSHJ1p77q/ippRAQqNYUfhAmhMr9FTb1BJNrsOETQUvgcZ4dLT7IcmlYlSnp0F
uJFtCc/oiL4mvY4Wu1vPX8iIv2eBUonGVvJVZg0vCvTu8TRJUGp4jP6qkuZUW2cI
/08dkyWoFZH1ZIuRQdjaFrw4CzAoCRHyPZgmObJ3FRuw0RuC3xJk0tvtKu/gkEO/
oqKebPytbSivoT0sIh8SXNViyhUjj39g3G0WlG+VWwadEsuYTpHkicUO+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/UcgMUqiXiSyiBoZPZipoRAHUBMB8GA1UdIwQY
MBaAFNApnPErOP8S2V/8DROsEsaf4sHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTIt
ZTY0MWU3MTNkMWZhLzEvUDlSeUF4U3FKZUpMS0lHaGs5bUttaEVBZFFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9kNTgyYzQtMzZlMy00YTU3LTg3NTItZTY0MWU3MTNkMWZh
LzEvMENtYzhTczRfeExaWF93TkU2d1N4cF9pd2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsHVYMA0G
CSqGSIb3DQEBCwUAA4IBAQASXoKHeU1SreyKivtTsvhZ12RdJVnaZ3lYn/PB4d90
/bJVJO81hjEVHhKj0x0Y1bAlewdxAoDaeM6gUzCIzZrUviNuEcMgRULeXeI8Um5a
EEDCDi+avVUJ+JAk3aCBJAzHtEIqaQ23JwHSngPL+0/oS9Aa09q2xAqJ6MP7zIV8
u6H9X2jTvDJvVCXClgkTrN00jkXn6OxhHHcQgE4lJnGJoxO9371kgIOxWjPNSDOE
XpPhi4i4INOEaIzAC9AVqlKSo0qH3ghR+JpVT5IkOkFy+AjnPux6n4qUo6FXSOe2
PkxcS12aStqgqOyZlrRXQQGCD0iOqJG+I3gtncZRYjzm
-----END CERTIFICATE-----