Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/69f655-6879-426f-9bfb-3aed4cc7d5b8/1/V9JEQJdWhtmbVc7Q4MCMRl40LDE.roa
File:                     V9JEQJdWhtmbVc7Q4MCMRl40LDE.roa (raw, json)
Hash identifier:          Nln4tY5YLGIT7llhpOgqpH7f8/Nsd5dDFbf87hAdJeU=
Subject key identifier:   57:D2:44:40:97:56:86:D9:9B:55:CE:D0:E0:C0:8C:46:5E:34:2C:31
Certificate issuer:       /CN=a93da86b4af60e7d29a587d01fcc98b5996c46da
Certificate serial:       018CC94E5F9CD0F8E6BCE804A62DABD25B09
Authority key identifier: A9:3D:A8:6B:4A:F6:0E:7D:29:A5:87:D0:1F:CC:98:B5:99:6C:46:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qT2oa0r2Dn0ppYfQH8yYtZlsRto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/69f655-6879-426f-9bfb-3aed4cc7d5b8/1/V9JEQJdWhtmbVc7Q4MCMRl40LDE.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200436
IP address blocks:        5.42.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/69f655-6879-426f-9bfb-3aed4cc7d5b8/1/qT2oa0r2Dn0ppYfQH8yYtZlsRto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/69f655-6879-426f-9bfb-3aed4cc7d5b8/1/qT2oa0r2Dn0ppYfQH8yYtZlsRto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qT2oa0r2Dn0ppYfQH8yYtZlsRto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5f:9c:d0:f8:e6:bc:e8:04:a6:2d:ab:d2:5b:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a93da86b4af60e7d29a587d01fcc98b5996c46da
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57d24440975686d99b55ced0e0c08c465e342c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5c:42:98:92:1b:eb:b2:e5:39:4b:0f:c5:48:
                    2d:55:3b:92:21:96:ab:a7:4b:7b:b8:65:89:c8:95:
                    c1:da:9c:a8:2b:00:77:28:04:34:ca:74:82:57:c5:
                    f6:29:98:be:a5:da:59:28:c6:4a:4c:14:5d:43:b2:
                    d9:43:e9:d7:23:0d:13:c6:6b:13:67:3e:65:b2:ea:
                    ed:fe:ae:2a:e5:ee:83:2e:22:ec:43:06:1e:f8:c0:
                    b6:6f:05:f4:88:52:b0:af:b9:28:b1:c3:0f:43:c4:
                    24:11:78:c6:1a:d8:f2:47:f0:8a:0c:cc:78:3e:d4:
                    94:ba:cb:4b:f2:1e:67:f0:90:1b:e4:71:c6:f4:e2:
                    17:71:08:13:93:89:d0:62:d8:9f:52:55:a0:6e:48:
                    04:f8:78:66:06:f9:98:4e:ef:36:c4:6e:d6:74:9c:
                    7f:29:9b:20:a5:9e:f8:b2:64:28:02:64:29:05:94:
                    f4:77:50:de:5c:c2:89:ea:78:66:6b:34:33:c7:69:
                    a1:ba:24:01:33:c6:f8:ed:69:5e:e4:67:af:2a:9a:
                    81:db:09:bc:a2:af:ad:78:e0:8d:62:8e:94:9d:21:
                    36:50:50:d1:c3:e8:47:23:59:1c:4f:fc:03:f6:56:
                    ac:7a:a5:41:91:02:b4:3e:c3:bf:5f:ff:b8:91:91:
                    36:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D2:44:40:97:56:86:D9:9B:55:CE:D0:E0:C0:8C:46:5E:34:2C:31
            X509v3 Authority Key Identifier:
                keyid:A9:3D:A8:6B:4A:F6:0E:7D:29:A5:87:D0:1F:CC:98:B5:99:6C:46:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qT2oa0r2Dn0ppYfQH8yYtZlsRto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/69f655-6879-426f-9bfb-3aed4cc7d5b8/1/V9JEQJdWhtmbVc7Q4MCMRl40LDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/69f655-6879-426f-9bfb-3aed4cc7d5b8/1/qT2oa0r2Dn0ppYfQH8yYtZlsRto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.42.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:7e:a2:d3:96:42:b6:0d:d7:28:38:98:dc:6e:a9:28:66:54:
         df:37:84:87:a3:83:b4:78:cd:2a:57:68:2f:b4:f8:ee:d8:89:
         57:73:d6:5d:bf:55:df:3d:28:b8:1b:15:32:01:54:4f:fd:31:
         66:17:20:04:3f:b0:a7:f6:92:8e:2d:d1:8c:af:65:92:8a:5b:
         25:05:a0:ae:cb:49:25:5b:b4:bd:5a:36:75:f8:b0:70:d6:16:
         96:10:0e:78:80:a3:32:0f:d8:dd:67:25:c1:92:15:6b:06:f4:
         ad:8a:84:a0:d3:5a:92:f1:a4:1f:dd:cc:2b:f4:0a:81:4d:e4:
         ab:72:57:41:7f:c5:40:29:ef:ac:e5:68:70:d8:83:78:e5:b9:
         35:93:70:f4:fb:bc:d7:b7:6a:bb:f2:68:8f:c6:b9:81:c7:f7:
         c3:c2:55:2d:0e:b2:b9:29:07:74:bd:1b:41:76:ae:67:07:c4:
         bf:6d:f3:29:5f:a4:e0:1d:28:34:db:63:a3:8a:23:40:cb:11:
         d6:ec:21:ea:9e:15:60:e5:bf:3a:29:65:f3:c9:38:0d:f6:81:
         51:24:d7:c6:b6:a0:0e:ee:1e:e6:1c:2f:cf:4d:c0:a3:de:95:
         32:85:d1:d8:9c:92:52:5e:46:b7:c8:fb:36:c2:39:3f:6e:a8:
         8e:17:9c:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTl+c0PjmvOgEpi2r0lsJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5M2RhODZiNGFmNjBlN2QyOWE1ODdkMDFmY2M5OGI1OTk2
YzQ2ZGEwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2QyNDQ0MDk3NTY4NmQ5OWI1NWNlZDBlMGMwOGM0NjVlMzQyYzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlxCmJIb67LlOUsPxUgtVTuSIZar
p0t7uGWJyJXB2pyoKwB3KAQ0ynSCV8X2KZi+pdpZKMZKTBRdQ7LZQ+nXIw0TxmsT
Zz5lsurt/q4q5e6DLiLsQwYe+MC2bwX0iFKwr7koscMPQ8QkEXjGGtjyR/CKDMx4
PtSUustL8h5n8JAb5HHG9OIXcQgTk4nQYtifUlWgbkgE+HhmBvmYTu82xG7WdJx/
KZsgpZ74smQoAmQpBZT0d1DeXMKJ6nhmazQzx2mhuiQBM8b47Wle5GevKpqB2wm8
oq+teOCNYo6UnSE2UFDRw+hHI1kcT/wD9laseqVBkQK0PsO/X/+4kZE2NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfSRECXVobZm1XO0ODAjEZeNCwxMB8GA1UdIwQY
MBaAFKk9qGtK9g59KaWH0B/MmLWZbEbaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVQyb2EwcjJEbjBwcFlmUUg4eVl0WmxzUnRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi82OWY2NTUtNjg3OS00MjZmLTliZmIt
M2FlZDRjYzdkNWI4LzEvVjlKRVFKZFdodG1iVmM3UTRNQ01SbDQwTERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi82OWY2NTUtNjg3OS00MjZmLTliZmItM2FlZDRjYzdkNWI4
LzEvcVQyb2EwcjJEbjBwcFlmUUg4eVl0WmxzUnRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSrZMA0G
CSqGSIb3DQEBCwUAA4IBAQCTfqLTlkK2DdcoOJjcbqkoZlTfN4SHo4O0eM0qV2gv
tPju2IlXc9Zdv1XfPSi4GxUyAVRP/TFmFyAEP7Cn9pKOLdGMr2WSilslBaCuy0kl
W7S9WjZ1+LBw1haWEA54gKMyD9jdZyXBkhVrBvStioSg01qS8aQf3cwr9AqBTeSr
cldBf8VAKe+s5Whw2IN45bk1k3D0+7zXt2q78miPxrmBx/fDwlUtDrK5KQd0vRtB
dq5nB8S/bfMpX6TgHSg022OjiiNAyxHW7CHqnhVg5b86KWXzyTgN9oFRJNfGtqAO
7h7mHC/PTcCj3pUyhdHYnJJSXka3yPs2wjk/bqiOF5zL
-----END CERTIFICATE-----