Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/s9e96XW476aQ01aQ_MwjnlTOBPw.roa
File:                     s9e96XW476aQ01aQ_MwjnlTOBPw.roa (raw, json)
Hash identifier:          uvNpkvOgg0IVh7Vho8MMBRnTAr/HN6MF5xA5Xst29Q4=
Subject key identifier:   B3:D7:BD:E9:75:B8:EF:A6:90:D3:56:90:FC:CC:23:9E:54:CE:04:FC
Certificate issuer:       /CN=9bbc03f6c5a284fa00dbb5aa609c515b7c589969
Certificate serial:       018CC8DEA674181DA7B48D0BEC7DE9B66DF8
Authority key identifier: 9B:BC:03:F6:C5:A2:84:FA:00:DB:B5:AA:60:9C:51:5B:7C:58:99:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m7wD9sWihPoA27WqYJxRW3xYmWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/s9e96XW476aQ01aQ_MwjnlTOBPw.roa
Signing time:             Tue 02 Jan 2024 06:31:23 +0000
ROA not before:           Tue 02 Jan 2024 06:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.122.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/m7wD9sWihPoA27WqYJxRW3xYmWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/m7wD9sWihPoA27WqYJxRW3xYmWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m7wD9sWihPoA27WqYJxRW3xYmWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:a6:74:18:1d:a7:b4:8d:0b:ec:7d:e9:b6:6d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bbc03f6c5a284fa00dbb5aa609c515b7c589969
        Validity
            Not Before: Jan  2 06:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3d7bde975b8efa690d35690fccc239e54ce04fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:63:56:36:70:11:d2:12:64:ed:61:2d:0a:cd:
                    7a:92:6f:e5:e9:38:2b:8e:81:73:92:9d:a6:b5:b2:
                    89:53:e3:9b:c1:8a:62:95:a0:ab:a3:a6:d0:3d:8f:
                    31:c5:d0:b4:0f:2d:57:a2:7a:4a:1b:23:1c:0f:d5:
                    68:26:f2:83:a5:48:27:55:25:3f:26:01:b9:81:4a:
                    12:ba:5b:8b:52:08:11:6f:fa:e2:2e:70:53:cf:a5:
                    a4:07:0d:e6:6a:1b:b2:39:3a:36:ee:a6:58:8d:93:
                    b6:3d:1e:26:3f:1e:8c:e0:dc:31:d6:64:f9:f0:27:
                    2b:54:11:df:48:54:25:4b:fc:46:11:71:2c:b0:06:
                    8a:08:6d:dd:bc:9c:48:22:1c:6c:12:d6:1c:71:3e:
                    2d:41:a9:63:9d:57:0b:47:c0:12:5e:ca:81:f6:ff:
                    70:eb:79:c6:6d:c2:f5:e4:bf:4e:38:ab:48:52:22:
                    90:ac:97:e2:f2:38:fc:64:71:5d:2f:e9:cc:e8:48:
                    f9:90:78:2f:c8:af:37:80:42:e7:91:90:c0:c1:13:
                    17:ae:26:5e:92:9f:63:4f:6f:19:34:83:b8:54:df:
                    4a:2e:8c:b9:89:d6:b6:97:2a:86:52:a7:48:e6:75:
                    00:9c:37:34:1f:84:75:b6:f6:da:73:ed:72:8e:ac:
                    2c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D7:BD:E9:75:B8:EF:A6:90:D3:56:90:FC:CC:23:9E:54:CE:04:FC
            X509v3 Authority Key Identifier:
                keyid:9B:BC:03:F6:C5:A2:84:FA:00:DB:B5:AA:60:9C:51:5B:7C:58:99:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m7wD9sWihPoA27WqYJxRW3xYmWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/s9e96XW476aQ01aQ_MwjnlTOBPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/m7wD9sWihPoA27WqYJxRW3xYmWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:6d:0b:24:4d:5e:c5:dc:9b:8b:5f:65:70:1d:8e:63:8f:e2:
         c0:ae:fd:d4:ad:3d:bb:5b:61:18:42:79:9b:2d:5f:bb:c6:b8:
         4a:cf:70:e5:87:b3:73:22:cd:74:6e:81:4c:1b:61:91:42:23:
         87:b8:86:ec:77:b2:2b:5b:ea:a4:d0:a3:bf:74:7e:77:0c:cd:
         1d:11:02:23:7e:8f:e0:2f:8c:ef:e7:a6:56:b9:9b:5c:1c:3a:
         fc:1b:d6:06:96:1b:76:a2:11:55:d3:90:c7:c5:8b:e2:ba:10:
         43:7c:c4:1c:ea:59:64:f6:ca:60:e7:c0:59:aa:bb:67:ad:28:
         d3:ef:48:41:c2:c6:dd:1c:61:0a:85:4b:64:7e:8f:3e:0c:38:
         fc:25:61:56:c4:5d:ea:35:84:1e:a5:cf:19:f5:9e:46:fe:e9:
         9f:a8:7c:fc:b7:81:cd:65:09:93:5b:75:a6:c3:fb:0b:b4:68:
         34:11:d5:85:be:4e:dd:da:b2:55:97:21:65:33:51:7a:2d:1f:
         a6:1a:ff:bd:14:f5:2f:f8:49:6f:32:ab:d8:c4:11:95:a1:df:
         48:a5:66:6a:34:2c:a7:2d:29:3e:08:d5:1d:3b:12:24:c6:0f:
         b5:67:f5:3e:a3:8f:19:d6:2b:79:6c:b3:93:41:0f:c3:2c:0e:
         c1:c3:8f:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3qZ0GB2ntI0L7H3ptm34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYmMwM2Y2YzVhMjg0ZmEwMGRiYjVhYTYwOWM1MTViN2M1
ODk5NjkwHhcNMjQwMTAyMDYzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Q3YmRlOTc1YjhlZmE2OTBkMzU2OTBmY2NjMjM5ZTU0Y2UwNGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWNWNnAR0hJk7WEtCs16km/l6Tgr
joFzkp2mtbKJU+ObwYpilaCro6bQPY8xxdC0Dy1XonpKGyMcD9VoJvKDpUgnVSU/
JgG5gUoSuluLUggRb/riLnBTz6WkBw3mahuyOTo27qZYjZO2PR4mPx6M4Nwx1mT5
8CcrVBHfSFQlS/xGEXEssAaKCG3dvJxIIhxsEtYccT4tQaljnVcLR8ASXsqB9v9w
63nGbcL15L9OOKtIUiKQrJfi8jj8ZHFdL+nM6Ej5kHgvyK83gELnkZDAwRMXriZe
kp9jT28ZNIO4VN9KLoy5ida2lyqGUqdI5nUAnDc0H4R1tvbac+1yjqwseQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPXvel1uO+mkNNWkPzMI55UzgT8MB8GA1UdIwQY
MBaAFJu8A/bFooT6ANu1qmCcUVt8WJlpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTd3RDlzV2loUG9BMjdXcVlKeFJXM3hZbVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS84OTQ0ZjQtZjM0Mi00MjU0LWI1YTct
OWQ3ZTVhZjRkZmM1LzEvczllOTZYVzQ3NmFRMDFhUV9Nd2pubFRPQlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS84OTQ0ZjQtZjM0Mi00MjU0LWI1YTctOWQ3ZTVhZjRkZmM1
LzEvbTd3RDlzV2loUG9BMjdXcVlKeFJXM3hZbVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXrWMA0G
CSqGSIb3DQEBCwUAA4IBAQCQbQskTV7F3JuLX2VwHY5jj+LArv3UrT27W2EYQnmb
LV+7xrhKz3Dlh7NzIs10boFMG2GRQiOHuIbsd7IrW+qk0KO/dH53DM0dEQIjfo/g
L4zv56ZWuZtcHDr8G9YGlht2ohFV05DHxYviuhBDfMQc6llk9spg58BZqrtnrSjT
70hBwsbdHGEKhUtkfo8+DDj8JWFWxF3qNYQepc8Z9Z5G/umfqHz8t4HNZQmTW3Wm
w/sLtGg0EdWFvk7d2rJVlyFlM1F6LR+mGv+9FPUv+ElvMqvYxBGVod9IpWZqNCyn
LSk+CNUdOxIkxg+1Z/U+o48Z1it5bLOTQQ/DLA7Bw4+V
-----END CERTIFICATE-----