Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/6c3741-cf8c-4d5d-bb8e-4598689d551e/1/r9pXrvk8Afc4V1LjmW5MzefRXew.roa
File:                     r9pXrvk8Afc4V1LjmW5MzefRXew.roa (raw, json)
Hash identifier:          bgxz9D8PRnmORAmblFuZZPJZwsWx9kkC4EEfLeOu+6o=
Subject key identifier:   AF:DA:57:AE:F9:3C:01:F7:38:57:52:E3:99:6E:4C:CD:E7:D1:5D:EC
Certificate issuer:       /CN=da6099e7ff3a171bce3b6fe99ebb4d24cb85e461
Certificate serial:       018CC8DE99537EB4B855A84F712317C3D5F0
Authority key identifier: DA:60:99:E7:FF:3A:17:1B:CE:3B:6F:E9:9E:BB:4D:24:CB:85:E4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2mCZ5_86FxvOO2_pnrtNJMuF5GE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/6c3741-cf8c-4d5d-bb8e-4598689d551e/1/r9pXrvk8Afc4V1LjmW5MzefRXew.roa
Signing time:             Tue 02 Jan 2024 06:31:20 +0000
ROA not before:           Tue 02 Jan 2024 06:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8787
IP address blocks:        212.9.128.0/19 maxlen: 19
                          2a03:1f60::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/6c3741-cf8c-4d5d-bb8e-4598689d551e/1/2mCZ5_86FxvOO2_pnrtNJMuF5GE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/6c3741-cf8c-4d5d-bb8e-4598689d551e/1/2mCZ5_86FxvOO2_pnrtNJMuF5GE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2mCZ5_86FxvOO2_pnrtNJMuF5GE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:99:53:7e:b4:b8:55:a8:4f:71:23:17:c3:d5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da6099e7ff3a171bce3b6fe99ebb4d24cb85e461
        Validity
            Not Before: Jan  2 06:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afda57aef93c01f7385752e3996e4ccde7d15dec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ec:a7:a0:56:25:66:92:38:8b:8f:c4:68:7f:
                    72:3b:c5:d0:50:cb:db:0d:14:63:77:06:b6:86:93:
                    67:d2:7b:52:a8:1c:ba:b7:90:05:bf:29:9f:a8:11:
                    41:d2:5e:d8:88:bc:7c:3a:16:3b:d9:5a:1e:de:2c:
                    17:c0:53:5b:ff:49:62:22:5e:25:cf:e7:96:81:c7:
                    c4:56:e5:1c:b7:98:1e:85:64:bd:07:c7:d4:ca:ee:
                    72:ef:08:9c:33:d9:c4:12:0e:7f:30:50:8d:e5:df:
                    0e:36:d6:70:52:fb:6b:07:c1:74:4a:f4:b5:16:22:
                    ee:76:af:e1:6c:f6:ed:b1:5a:7a:93:50:4d:20:44:
                    67:6f:95:10:c4:75:1e:61:6e:68:bc:ec:73:7d:98:
                    44:bf:8b:6f:9c:71:32:c8:e0:b7:0f:f3:e7:82:75:
                    30:45:88:b1:f5:42:0c:c1:f2:52:0e:69:2e:be:33:
                    e4:87:65:57:b8:d8:2e:1d:1f:ab:12:5d:f6:f1:d1:
                    0f:ac:8d:0c:38:81:db:9a:80:fc:2a:b6:22:6a:03:
                    07:6a:6b:73:6b:75:70:29:5d:16:7e:b4:97:ec:3c:
                    e7:a8:42:47:96:97:9b:33:4f:2e:2c:de:c8:4d:c6:
                    6a:8b:2e:1a:cf:57:96:b7:98:9c:4d:82:aa:64:4d:
                    fa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:DA:57:AE:F9:3C:01:F7:38:57:52:E3:99:6E:4C:CD:E7:D1:5D:EC
            X509v3 Authority Key Identifier:
                keyid:DA:60:99:E7:FF:3A:17:1B:CE:3B:6F:E9:9E:BB:4D:24:CB:85:E4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2mCZ5_86FxvOO2_pnrtNJMuF5GE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/6c3741-cf8c-4d5d-bb8e-4598689d551e/1/r9pXrvk8Afc4V1LjmW5MzefRXew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/6c3741-cf8c-4d5d-bb8e-4598689d551e/1/2mCZ5_86FxvOO2_pnrtNJMuF5GE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.9.128.0/19
                IPv6:
                  2a03:1f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:38:bb:4a:ce:81:cb:8a:76:58:30:fa:6b:01:ab:9e:9a:e5:
         0c:a5:26:04:2c:d4:b1:da:ac:67:91:44:6b:ff:f6:90:94:34:
         18:29:6b:cd:1f:a3:b2:9d:0e:7e:31:af:54:ba:91:cf:02:a8:
         6c:c9:3c:11:aa:be:80:9b:e8:f5:12:a3:2e:43:81:0d:16:86:
         36:e5:75:e2:de:5b:7c:9b:48:f2:3a:ef:8a:80:18:55:5b:97:
         f6:cd:aa:c0:c6:d8:9f:36:b8:d9:97:c9:fa:5c:ad:c8:34:19:
         4f:9d:51:41:9d:40:09:9d:2f:57:58:39:24:81:c6:63:91:23:
         40:6a:87:8c:b9:ed:af:e7:7e:5e:e6:2c:53:2f:40:5e:30:9e:
         39:52:57:bc:cd:e2:19:70:aa:c3:86:fe:dd:dd:f7:b8:ff:eb:
         81:cb:63:e3:4b:ef:c7:a1:12:87:73:bd:8d:ca:6d:ac:9d:43:
         4d:91:56:be:db:62:77:f5:e3:62:40:e1:f6:c7:09:69:2b:d6:
         1c:e2:6d:42:fa:5d:18:aa:5d:64:35:13:c6:47:38:dc:4f:95:
         35:68:2c:34:c6:02:ac:ab:a6:3b:f9:03:c0:74:cf:ff:b5:45:
         e4:c3:98:70:0a:96:63:e3:a3:84:ac:b6:c0:f0:72:1e:0c:7a:
         1a:83:dd:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3plTfrS4VahPcSMXw9XwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNjA5OWU3ZmYzYTE3MWJjZTNiNmZlOTllYmI0ZDI0Y2I4
NWU0NjEwHhcNMjQwMTAyMDYzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmRhNTdhZWY5M2MwMWY3Mzg1NzUyZTM5OTZlNGNjZGU3ZDE1ZGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+ynoFYlZpI4i4/EaH9yO8XQUMvb
DRRjdwa2hpNn0ntSqBy6t5AFvymfqBFB0l7YiLx8OhY72Voe3iwXwFNb/0liIl4l
z+eWgcfEVuUct5gehWS9B8fUyu5y7wicM9nEEg5/MFCN5d8ONtZwUvtrB8F0SvS1
FiLudq/hbPbtsVp6k1BNIERnb5UQxHUeYW5ovOxzfZhEv4tvnHEyyOC3D/PngnUw
RYix9UIMwfJSDmkuvjPkh2VXuNguHR+rEl328dEPrI0MOIHbmoD8KrYiagMHamtz
a3VwKV0WfrSX7DznqEJHlpebM08uLN7ITcZqiy4az1eWt5icTYKqZE36GwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK/aV675PAH3OFdS45luTM3n0V3sMB8GA1UdIwQY
MBaAFNpgmef/Ohcbzjtv6Z67TSTLheRhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm1DWjVfODZGeHZPTzJfcG5ydE5KTXVGNUdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy82YzM3NDEtY2Y4Yy00ZDVkLWJiOGUt
NDU5ODY4OWQ1NTFlLzEvcjlwWHJ2azhBZmM0VjFMam1XNU16ZWZSWGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy82YzM3NDEtY2Y4Yy00ZDVkLWJiOGUtNDU5ODY4OWQ1NTFl
LzEvMm1DWjVfODZGeHZPTzJfcG5ydE5KTXVGNUdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1AmAMA0E
AgACMAcDBQAqAx9gMA0GCSqGSIb3DQEBCwUAA4IBAQBOOLtKzoHLinZYMPprAaue
muUMpSYELNSx2qxnkURr//aQlDQYKWvNH6OynQ5+Ma9UupHPAqhsyTwRqr6Am+j1
EqMuQ4ENFoY25XXi3lt8m0jyOu+KgBhVW5f2zarAxtifNrjZl8n6XK3INBlPnVFB
nUAJnS9XWDkkgcZjkSNAaoeMue2v535e5ixTL0BeMJ45Ule8zeIZcKrDhv7d3fe4
/+uBy2PjS+/HoRKHc72Nym2snUNNkVa+22J39eNiQOH2xwlpK9Yc4m1C+l0Yql1k
NRPGRzjcT5U1aCw0xgKsq6Y7+QPAdM//tUXkw5hwCpZj46OErLbA8HIeDHoag90e
-----END CERTIFICATE-----