Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/S9bOk96L6teI42opDIKUFBu2aD4.roa
File:                     S9bOk96L6teI42opDIKUFBu2aD4.roa (raw, json)
Hash identifier:          63KvPOxiO7yWZUZS58GErT64+4QT+CCOrDP4Cj77oqM=
Subject key identifier:   4B:D6:CE:93:DE:8B:EA:D7:88:E3:6A:29:0C:82:94:14:1B:B6:68:3E
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E7BAAF4DF1E93EBDE512D32737149E0B1
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/S9bOk96L6teI42opDIKUFBu2aD4.roa
Signing time:             Tue 26 Mar 2024 16:49:45 +0000
ROA not before:           Tue 26 Mar 2024 16:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        195.177.92.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:aa:f4:df:1e:93:eb:de:51:2d:32:73:71:49:e0:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 26 16:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bd6ce93de8bead788e36a290c8294141bb6683e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ea:81:ab:a1:61:ca:50:30:53:72:dc:9b:c8:
                    a2:e2:86:79:20:5e:9d:30:0c:87:b1:db:e8:d4:25:
                    27:e6:dc:04:9c:1c:d5:cd:39:7f:d0:69:cb:17:3a:
                    56:25:26:15:ae:13:6e:0f:74:2a:18:32:23:75:5b:
                    47:9b:9d:d0:76:2a:e2:5c:94:15:3d:b3:49:f5:47:
                    4a:ab:6b:d4:92:c4:9d:cc:31:a2:42:fd:22:b6:72:
                    55:c6:6f:dc:da:5a:ae:8d:b1:4a:dd:9d:ab:ba:86:
                    c8:c6:67:f6:f3:8d:9f:c1:30:50:77:65:39:b6:28:
                    fa:85:e0:a6:fc:ef:f6:8c:4d:35:3c:f3:89:2a:9d:
                    c7:c7:03:14:46:1a:d1:14:28:7f:e5:d3:fe:08:6f:
                    ef:9a:1a:4b:c2:5b:ee:ee:92:33:f1:4e:1d:eb:49:
                    03:a0:48:6a:df:8c:e9:ae:ab:7e:c6:28:12:fd:ff:
                    94:9b:f0:5f:ca:62:7d:23:02:ef:1a:8a:cf:ea:1f:
                    32:47:73:70:af:78:20:d2:79:b0:be:9c:3a:e8:ec:
                    c5:81:9d:7d:d5:69:42:1a:4f:34:e7:9e:4b:f1:1c:
                    2b:3e:19:cb:a8:b8:c9:2b:e8:56:3d:00:fe:9f:09:
                    ef:13:a1:4e:dd:cf:70:fe:4c:6f:db:7c:e1:07:7a:
                    f3:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D6:CE:93:DE:8B:EA:D7:88:E3:6A:29:0C:82:94:14:1B:B6:68:3E
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/S9bOk96L6teI42opDIKUFBu2aD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:3d:d2:88:2a:cb:8e:d6:ec:4b:46:5e:0e:33:0b:37:e1:5b:
         fa:54:a7:8c:95:f4:ec:ad:32:ba:ec:83:86:b0:ba:99:75:b9:
         be:07:51:cf:e2:da:21:08:05:5e:51:f4:d1:da:33:33:c4:00:
         59:49:f4:64:da:2d:f5:9a:33:96:15:cd:81:b2:c2:db:17:de:
         ff:f5:08:9b:49:00:ab:d8:ad:f9:42:ef:85:d5:83:d1:8a:59:
         9c:5a:0b:7a:b1:e8:65:db:ad:42:9e:eb:d3:51:78:53:97:4b:
         3a:13:9c:3a:ef:4a:ff:89:d9:2e:fb:01:ea:07:58:18:5a:ad:
         a4:41:29:77:74:aa:92:61:98:62:7c:cf:83:9f:4e:36:05:af:
         4b:5c:db:cd:66:67:f4:97:4a:7a:7d:ea:77:2f:79:18:98:f6:
         2c:f0:09:5b:fc:83:52:0e:1e:ea:b3:65:d5:90:73:eb:cf:aa:
         cc:26:8b:a8:9c:b2:6f:44:f5:57:c4:50:a7:d0:2f:d2:35:ed:
         a9:fe:b0:54:81:08:bc:65:85:24:e6:7d:8f:cf:0b:b3:a7:54:
         66:9e:b3:ab:e2:11:44:af:41:d2:8c:d6:98:40:e0:53:69:5c:
         39:c9:11:13:fc:70:72:28:3e:46:99:3f:12:9f:a4:48:31:f1:
         2e:c5:3c:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY57qvTfHpPr3lEtMnNxSeCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzI2MTY0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQ2Y2U5M2RlOGJlYWQ3ODhlMzZhMjkwYzgyOTQxNDFiYjY2ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uqBq6FhylAwU3Lcm8ii4oZ5IF6d
MAyHsdvo1CUn5twEnBzVzTl/0GnLFzpWJSYVrhNuD3QqGDIjdVtHm53QdiriXJQV
PbNJ9UdKq2vUksSdzDGiQv0itnJVxm/c2lqujbFK3Z2ruobIxmf2842fwTBQd2U5
tij6heCm/O/2jE01PPOJKp3HxwMURhrRFCh/5dP+CG/vmhpLwlvu7pIz8U4d60kD
oEhq34zprqt+xigS/f+Um/BfymJ9IwLvGorP6h8yR3Nwr3gg0nmwvpw66OzFgZ19
1WlCGk80555L8RwrPhnLqLjJK+hWPQD+nwnvE6FO3c9w/kxv23zhB3rzXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvWzpPei+rXiONqKQyClBQbtmg+MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvUzliT2s5Nkw2dGVJNDJvcERJS1VGQnUyYUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7FcMA0G
CSqGSIb3DQEBCwUAA4IBAQCYPdKIKsuO1uxLRl4OMws34Vv6VKeMlfTsrTK67IOG
sLqZdbm+B1HP4tohCAVeUfTR2jMzxABZSfRk2i31mjOWFc2BssLbF97/9QibSQCr
2K35Qu+F1YPRilmcWgt6sehl261CnuvTUXhTl0s6E5w670r/idku+wHqB1gYWq2k
QSl3dKqSYZhifM+Dn042Ba9LXNvNZmf0l0p6fep3L3kYmPYs8Alb/INSDh7qs2XV
kHPrz6rMJouonLJvRPVXxFCn0C/SNe2p/rBUgQi8ZYUk5n2Pzwuzp1RmnrOr4hFE
r0HSjNaYQOBTaVw5yRET/HByKD5GmT8Sn6RIMfEuxTx9
-----END CERTIFICATE-----