Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/S9S9G71K_jFhT5G8CwKnck4qkAA.roa
File:                     S9S9G71K_jFhT5G8CwKnck4qkAA.roa (raw, json)
Hash identifier:          a03lOJk4CVyJjguzol4A5V3glgBn2NbEZxQCvlp9ytU=
Subject key identifier:   4B:D4:BD:1B:BD:4A:FE:31:61:4F:91:BC:0B:02:A7:72:4E:2A:90:00
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01936AEBFA8817CF7CED0541CE33717016BD
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/S9S9G71K_jFhT5G8CwKnck4qkAA.roa
Signing time:             Wed 27 Nov 2024 00:01:10 +0000
ROA not before:           Wed 27 Nov 2024 00:01:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        5.175.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Dec 2024 00:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:6a:eb:fa:88:17:cf:7c:ed:05:41:ce:33:71:70:16:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 27 00:01:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bd4bd1bbd4afe31614f91bc0b02a7724e2a9000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:60:29:d9:4a:53:b0:8f:d1:5d:f9:0d:b5:a0:
                    b8:48:1c:4d:58:f0:a0:5e:ac:b4:31:8b:3e:cb:6c:
                    cf:30:50:57:47:71:20:51:3a:63:eb:e7:3f:88:bc:
                    a0:7f:9a:84:00:ed:51:56:7c:bd:57:ab:bf:0c:1c:
                    95:bf:c4:37:a2:cb:50:c1:49:bb:54:6b:b3:19:cc:
                    cd:cd:e0:96:0a:52:cd:a7:74:57:d4:27:a0:e7:f5:
                    7b:fb:89:c3:48:64:82:aa:35:fa:94:74:8a:fc:29:
                    26:2c:57:05:17:3c:b8:5e:e9:46:28:8d:3c:98:8a:
                    3e:8e:ba:df:5f:4b:bf:7d:7c:7c:c1:bc:35:65:6a:
                    22:ca:e4:a3:2e:de:37:b3:ef:15:c1:84:d1:a7:54:
                    1e:82:4a:a4:9c:97:79:fc:58:55:a4:cf:b4:d6:dd:
                    ab:40:03:d3:40:3c:98:6b:c6:4b:5d:4c:d4:85:ca:
                    cb:c4:1b:90:14:20:26:5c:68:86:cd:58:c3:0e:d7:
                    e6:29:ce:7f:53:61:98:67:96:31:f6:8d:43:83:34:
                    e6:a6:d5:01:af:3b:40:9b:2b:49:63:6e:f6:23:29:
                    7d:e9:89:88:7a:f2:00:14:8d:e4:fc:81:58:56:32:
                    bf:f4:98:92:5f:6d:22:50:9a:8c:76:10:e7:2a:ed:
                    6f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D4:BD:1B:BD:4A:FE:31:61:4F:91:BC:0B:02:A7:72:4E:2A:90:00
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/S9S9G71K_jFhT5G8CwKnck4qkAA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:46:c0:b2:0d:d0:d5:19:cb:fb:09:a1:4e:47:dd:20:74:91:
         73:d8:26:42:eb:54:96:fe:ba:57:79:e3:02:47:0a:2c:4d:94:
         00:1d:1c:d1:68:73:8a:30:d9:37:d9:88:94:d1:04:9e:03:19:
         b2:24:1c:d1:55:e8:c4:f0:41:33:71:28:ba:25:df:10:8c:d8:
         ab:89:e6:d9:44:15:e8:ca:7d:71:7f:4e:1d:cc:82:86:f9:dd:
         fd:73:67:72:16:a7:67:ed:3a:82:11:ac:ed:90:f1:c8:a8:d4:
         bd:6d:48:71:be:5c:c2:f6:b8:7b:c5:ef:88:7e:e0:37:03:ec:
         0f:88:44:d6:db:0b:4b:8a:3c:86:89:a7:7f:34:ce:61:46:a0:
         19:09:3b:7f:9a:ec:99:48:58:6e:bd:e3:c9:e8:dc:bb:2d:fc:
         13:49:e9:00:0f:4b:b1:c7:01:d1:07:23:bf:4f:59:fb:39:4f:
         95:45:59:3f:bf:79:c9:02:19:4d:51:b2:7e:70:a2:f6:14:d6:
         d8:4e:f8:9e:9c:fa:ce:30:8a:27:e8:43:e1:f0:d7:c6:27:77:
         1c:af:55:2c:99:72:7e:ef:22:19:b8:a1:f5:b1:58:d6:5c:01:
         ce:40:09:7a:5a:7e:e7:30:f5:5b:a0:e1:9f:c7:c4:01:5b:83:
         13:f2:84:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNq6/qIF8987QVBzjNxcBa9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjQxMTI3MDAwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQ0YmQxYmJkNGFmZTMxNjE0ZjkxYmMwYjAyYTc3MjRlMmE5MDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmAp2UpTsI/RXfkNtaC4SBxNWPCg
Xqy0MYs+y2zPMFBXR3EgUTpj6+c/iLygf5qEAO1RVny9V6u/DByVv8Q3ostQwUm7
VGuzGczNzeCWClLNp3RX1Ceg5/V7+4nDSGSCqjX6lHSK/CkmLFcFFzy4XulGKI08
mIo+jrrfX0u/fXx8wbw1ZWoiyuSjLt43s+8VwYTRp1QegkqknJd5/FhVpM+01t2r
QAPTQDyYa8ZLXUzUhcrLxBuQFCAmXGiGzVjDDtfmKc5/U2GYZ5Yx9o1DgzTmptUB
rztAmytJY272Iyl96YmIevIAFI3k/IFYVjK/9JiSX20iUJqMdhDnKu1vawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvUvRu9Sv4xYU+RvAsCp3JOKpAAMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvUzlTOUc3MUtfakZoVDVHOEN3S25jazRxa0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABa+NMA0G
CSqGSIb3DQEBCwUAA4IBAQBrRsCyDdDVGcv7CaFOR90gdJFz2CZC61SW/rpXeeMC
RwosTZQAHRzRaHOKMNk32YiU0QSeAxmyJBzRVejE8EEzcSi6Jd8QjNiriebZRBXo
yn1xf04dzIKG+d39c2dyFqdn7TqCEaztkPHIqNS9bUhxvlzC9rh7xe+IfuA3A+wP
iETW2wtLijyGiad/NM5hRqAZCTt/muyZSFhuvePJ6Ny7LfwTSekAD0uxxwHRByO/
T1n7OU+VRVk/v3nJAhlNUbJ+cKL2FNbYTvienPrOMIon6EPh8NfGJ3ccr1UsmXJ+
7yIZuKH1sVjWXAHOQAl6Wn7nMPVboOGfx8QBW4MT8oQ6
-----END CERTIFICATE-----