Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/jwL0ngc9xWKTxoNLEm28qxl4_QY.roa
File:                     jwL0ngc9xWKTxoNLEm28qxl4_QY.roa (raw, json)
Hash identifier:          cBzsDnojkJVujliTi9yaJb/vDVGe6iY6ke9pCHiVALo=
Subject key identifier:   8F:02:F4:9E:07:3D:C5:62:93:C6:83:4B:12:6D:BC:AB:19:78:FD:06
Certificate issuer:       /CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
Certificate serial:       018CC4245DDBA5C32E790FCBF5116EBE7993
Authority key identifier: 09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/jwL0ngc9xWKTxoNLEm28qxl4_QY.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        216.245.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5d:db:a5:c3:2e:79:0f:cb:f5:11:6e:be:79:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09ee7ee0f75b7164ac7596197c7f121d6fca1576
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f02f49e073dc56293c6834b126dbcab1978fd06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a8:74:cc:7e:5a:15:8e:5a:0b:6f:b8:52:9c:
                    f9:d7:fd:3a:29:a0:11:09:84:82:ba:dc:ce:8d:23:
                    f6:88:c2:bc:a9:e9:9b:a9:98:d0:17:5b:b4:22:db:
                    7f:d1:7c:78:47:32:32:3a:a9:0f:85:a2:ce:90:5b:
                    33:01:94:7e:d7:08:40:d6:be:02:19:34:72:a6:d9:
                    25:b7:6a:04:20:2d:b8:91:05:fc:32:66:00:94:64:
                    69:9b:89:fd:28:db:81:ba:e0:d0:15:22:d8:ab:45:
                    47:e7:44:10:c0:6f:6d:2e:26:d1:dc:e7:e5:15:e5:
                    74:e2:87:3e:de:b2:bd:bb:4a:c8:9a:67:d3:7a:27:
                    96:41:64:25:64:1c:09:5c:46:f8:0d:8a:1a:f1:9a:
                    e0:58:c6:72:d7:b0:a1:ed:e8:17:36:af:a2:4c:51:
                    41:3c:e5:f2:ea:c4:eb:27:6c:48:f7:72:a4:ad:6a:
                    25:07:bd:91:56:ab:c8:f9:3a:e6:a5:24:8a:c9:bb:
                    63:b2:74:75:f4:bc:bf:02:72:2a:08:a2:a0:b5:17:
                    31:9d:7e:29:cc:cb:a2:c9:47:a4:2f:1f:9b:08:96:
                    44:26:0e:25:a0:39:d1:09:6e:4d:de:b6:07:0d:42:
                    2b:dd:96:29:95:43:48:83:af:cb:3b:f0:8a:4d:2c:
                    48:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:02:F4:9E:07:3D:C5:62:93:C6:83:4B:12:6D:BC:AB:19:78:FD:06
            X509v3 Authority Key Identifier:
                keyid:09:EE:7E:E0:F7:5B:71:64:AC:75:96:19:7C:7F:12:1D:6F:CA:15:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/jwL0ngc9xWKTxoNLEm28qxl4_QY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/dbe50a-2ca1-4362-b5e7-6683c8fc9e5b/1/Ce5-4PdbcWSsdZYZfH8SHW_KFXY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.245.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:ac:aa:7f:51:a0:a1:02:fe:4e:67:57:66:3a:ff:75:c8:ff:
         b7:b0:8a:43:1a:5e:08:e9:99:d5:44:77:c8:ae:cf:2f:0f:1c:
         5d:df:19:29:55:93:2b:dc:f9:6f:d5:77:51:a0:55:f8:6b:4c:
         84:06:d0:4b:ac:ac:0a:95:b8:58:c4:a6:c8:4b:31:13:92:19:
         f2:0f:a5:bb:7f:1d:db:ed:0a:18:eb:e4:18:bc:e6:e5:52:96:
         37:ca:06:e7:08:87:c7:55:e6:f2:1e:04:15:3d:ac:af:e3:8a:
         63:82:38:01:9c:52:a6:70:c5:0a:f6:84:80:b3:49:52:bf:50:
         41:80:84:91:e8:8f:72:fa:2b:3e:75:24:e1:59:f6:17:64:a3:
         96:8d:12:d7:fe:e0:ef:5f:b9:18:a8:a0:18:f2:1d:ae:8d:98:
         99:10:09:bb:5d:72:cb:4e:55:9b:3d:b1:55:b1:95:36:99:e0:
         d3:d2:6d:62:42:ed:2a:79:9d:e5:92:d4:ee:aa:48:93:0a:da:
         30:06:0e:5d:79:5e:c0:f5:21:08:bd:4a:da:4e:3f:28:3e:c5:
         24:79:bd:c7:21:51:6d:df:6b:fa:49:59:d5:89:65:5c:17:ad:
         b6:18:a7:b4:d5:94:01:f8:86:55:00:1a:21:a2:9a:01:aa:42:
         ca:96:47:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJF3bpcMueQ/L9RFuvnmTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZWU3ZWUwZjc1YjcxNjRhYzc1OTYxOTdjN2YxMjFkNmZj
YTE1NzYwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjAyZjQ5ZTA3M2RjNTYyOTNjNjgzNGIxMjZkYmNhYjE5NzhmZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqah0zH5aFY5aC2+4Upz51/06KaAR
CYSCutzOjSP2iMK8qembqZjQF1u0Itt/0Xx4RzIyOqkPhaLOkFszAZR+1whA1r4C
GTRyptklt2oEIC24kQX8MmYAlGRpm4n9KNuBuuDQFSLYq0VH50QQwG9tLibR3Ofl
FeV04oc+3rK9u0rImmfTeieWQWQlZBwJXEb4DYoa8ZrgWMZy17Ch7egXNq+iTFFB
POXy6sTrJ2xI93KkrWolB72RVqvI+TrmpSSKybtjsnR19Ly/AnIqCKKgtRcxnX4p
zMuiyUekLx+bCJZEJg4loDnRCW5N3rYHDUIr3ZYplUNIg6/LO/CKTSxIcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8C9J4HPcVik8aDSxJtvKsZeP0GMB8GA1UdIwQY
MBaAFAnufuD3W3FkrHWWGXx/Eh1vyhV2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTct
NjY4M2M4ZmM5ZTViLzEvandMMG5nYzl4V0tUeG9OTEVtMjhxeGw0X1FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9kYmU1MGEtMmNhMS00MzYyLWI1ZTctNjY4M2M4ZmM5ZTVi
LzEvQ2U1LTRQZGJjV1NzZFpZWmZIOFNIV19LRlhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2PVQMA0G
CSqGSIb3DQEBCwUAA4IBAQASrKp/UaChAv5OZ1dmOv91yP+3sIpDGl4I6ZnVRHfI
rs8vDxxd3xkpVZMr3Plv1XdRoFX4a0yEBtBLrKwKlbhYxKbISzETkhnyD6W7fx3b
7QoY6+QYvOblUpY3ygbnCIfHVebyHgQVPayv44pjgjgBnFKmcMUK9oSAs0lSv1BB
gISR6I9y+is+dSThWfYXZKOWjRLX/uDvX7kYqKAY8h2ujZiZEAm7XXLLTlWbPbFV
sZU2meDT0m1iQu0qeZ3lktTuqkiTCtowBg5deV7A9SEIvUraTj8oPsUkeb3HIVFt
32v6SVnViWVcF622GKe01ZQB+IZVABohopoBqkLKlkdE
-----END CERTIFICATE-----