Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3c524e-12b8-4dcc-8f10-30df62429df0/1/9-oJA5jHTaTF0H_iRZLSkPKOMzc.roa
File:                     9-oJA5jHTaTF0H_iRZLSkPKOMzc.roa (raw, json)
Hash identifier:          xIgfjDynyH3yFaKNE+xvycxCA8piVXFmX9uqULX4htA=
Subject key identifier:   F7:EA:09:03:98:C7:4D:A4:C5:D0:7F:E2:45:92:D2:90:F2:8E:33:37
Certificate issuer:       /CN=5fbab0d39fb6979fe4d3d2483a01bdd3c93becef
Certificate serial:       018CC9BBDEE6F77B86A38ED6870323704158
Authority key identifier: 5F:BA:B0:D3:9F:B6:97:9F:E4:D3:D2:48:3A:01:BD:D3:C9:3B:EC:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X7qw05-2l5_k09JIOgG908k77O8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/3c524e-12b8-4dcc-8f10-30df62429df0/1/9-oJA5jHTaTF0H_iRZLSkPKOMzc.roa
Signing time:             Tue 02 Jan 2024 10:33:01 +0000
ROA not before:           Tue 02 Jan 2024 10:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        185.197.197.0/24 maxlen: 24
                          185.197.196.0/24 maxlen: 24
                          185.197.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/3c524e-12b8-4dcc-8f10-30df62429df0/1/X7qw05-2l5_k09JIOgG908k77O8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/3c524e-12b8-4dcc-8f10-30df62429df0/1/X7qw05-2l5_k09JIOgG908k77O8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X7qw05-2l5_k09JIOgG908k77O8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:de:e6:f7:7b:86:a3:8e:d6:87:03:23:70:41:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fbab0d39fb6979fe4d3d2483a01bdd3c93becef
        Validity
            Not Before: Jan  2 10:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7ea090398c74da4c5d07fe24592d290f28e3337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4a:bb:ad:1a:5c:5a:28:99:6d:41:1f:ab:59:
                    d4:6f:c3:d6:a9:19:53:0f:d3:f8:d3:53:21:b4:9d:
                    0d:00:42:67:af:ff:da:db:b3:81:f4:26:03:74:5e:
                    cb:cf:d5:7e:24:ed:e1:36:7a:40:6d:32:83:9a:ad:
                    60:55:75:37:9e:10:71:1a:4e:97:48:65:80:ff:01:
                    f9:6b:14:86:d4:18:e1:f7:ec:1d:ae:a6:96:3c:b5:
                    17:ed:76:74:a3:9c:be:87:4e:68:07:44:13:3f:1f:
                    9e:d8:eb:7b:d8:0e:2d:32:e0:25:39:86:7b:41:05:
                    4d:a6:18:21:16:5a:60:56:62:82:33:32:5b:3f:66:
                    ad:64:21:f8:3a:74:86:67:17:a5:bf:93:b6:2a:e8:
                    a9:53:21:e6:53:50:9f:58:20:48:15:b1:63:8e:1b:
                    6a:64:93:20:28:8f:58:cd:38:ca:c9:2a:c7:a0:ef:
                    90:17:94:46:04:12:5a:fb:1b:f8:c1:8b:ee:e3:92:
                    07:0f:33:45:97:fd:55:4d:fe:62:21:85:5f:cf:0d:
                    0f:29:8d:9b:fd:fd:c9:fd:99:53:da:dc:8a:c3:d9:
                    d5:a9:43:c4:61:e7:d4:59:d5:6d:be:b6:8f:50:b8:
                    77:7a:bb:10:78:f4:ad:c2:34:6a:c0:7d:95:af:85:
                    32:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:EA:09:03:98:C7:4D:A4:C5:D0:7F:E2:45:92:D2:90:F2:8E:33:37
            X509v3 Authority Key Identifier:
                keyid:5F:BA:B0:D3:9F:B6:97:9F:E4:D3:D2:48:3A:01:BD:D3:C9:3B:EC:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X7qw05-2l5_k09JIOgG908k77O8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3c524e-12b8-4dcc-8f10-30df62429df0/1/9-oJA5jHTaTF0H_iRZLSkPKOMzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3c524e-12b8-4dcc-8f10-30df62429df0/1/X7qw05-2l5_k09JIOgG908k77O8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.196.0-185.197.198.255

    Signature Algorithm: sha256WithRSAEncryption
         5d:12:d4:df:0e:37:55:2f:bc:81:e0:14:9c:e7:31:ab:f9:54:
         b7:ad:64:ed:d0:44:88:55:8e:b9:ed:58:b8:dd:6e:6b:ae:4a:
         c3:50:80:8f:f5:94:14:37:51:5d:c4:1b:54:21:d2:25:08:f5:
         5a:71:c7:5b:31:e0:e4:4a:c9:44:57:c5:e6:53:11:4f:1c:ad:
         3d:6f:6d:99:12:c4:81:30:76:c9:6f:50:64:83:b6:63:2b:10:
         38:40:4e:98:96:83:b0:ce:b2:20:7d:29:54:cf:fb:2e:b4:b2:
         4d:8a:e8:ee:2d:3f:58:71:86:ba:98:07:22:d2:ce:55:0d:77:
         ba:38:19:aa:ca:1e:5b:40:ab:d0:47:a8:52:1f:81:57:5f:ca:
         d3:62:8c:35:35:f5:3c:c2:d0:2d:f1:06:fa:b2:b4:13:e9:52:
         c1:8e:7a:de:82:6f:5b:7d:ec:72:fc:a2:71:95:41:5e:13:c5:
         92:0d:d3:9e:8a:bf:e0:37:e3:e7:aa:32:44:43:a0:cc:6b:b0:
         68:6c:e6:52:09:90:78:b8:6e:45:d6:0e:b5:63:e2:15:4b:2f:
         61:72:98:73:1b:c5:b1:cf:7a:8e:fb:bf:b0:a1:3e:4b:73:6d:
         0f:94:e4:5f:66:c9:d4:a7:ca:5d:96:c7:cc:f2:dc:2c:bb:d3:
         a4:54:3a:a3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJu97m93uGo47WhwMjcEFYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmFiMGQzOWZiNjk3OWZlNGQzZDI0ODNhMDFiZGQzYzkz
YmVjZWYwHhcNMjQwMTAyMTAzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2VhMDkwMzk4Yzc0ZGE0YzVkMDdmZTI0NTkyZDI5MGYyOGUzMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUq7rRpcWiiZbUEfq1nUb8PWqRlT
D9P401MhtJ0NAEJnr//a27OB9CYDdF7Lz9V+JO3hNnpAbTKDmq1gVXU3nhBxGk6X
SGWA/wH5axSG1Bjh9+wdrqaWPLUX7XZ0o5y+h05oB0QTPx+e2Ot72A4tMuAlOYZ7
QQVNphghFlpgVmKCMzJbP2atZCH4OnSGZxelv5O2KuipUyHmU1CfWCBIFbFjjhtq
ZJMgKI9YzTjKySrHoO+QF5RGBBJa+xv4wYvu45IHDzNFl/1VTf5iIYVfzw0PKY2b
/f3J/ZlT2tyKw9nVqUPEYefUWdVtvraPULh3ersQePStwjRqwH2Vr4UyHQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPfqCQOYx02kxdB/4kWS0pDyjjM3MB8GA1UdIwQY
MBaAFF+6sNOftpef5NPSSDoBvdPJO+zvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDdxdzA1LTJsNV9rMDlKSU9nRzkwOGs3N084LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zYzUyNGUtMTJiOC00ZGNjLThmMTAt
MzBkZjYyNDI5ZGYwLzEvOS1vSkE1akhUYVRGMEhfaVJaTFNrUEtPTXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zYzUyNGUtMTJiOC00ZGNjLThmMTAtMzBkZjYyNDI5ZGYw
LzEvWDdxdzA1LTJsNV9rMDlKSU9nRzkwOGs3N084LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5xcQD
BAC5xcYwDQYJKoZIhvcNAQELBQADggEBAF0S1N8ON1UvvIHgFJznMav5VLetZO3Q
RIhVjrntWLjdbmuuSsNQgI/1lBQ3UV3EG1Qh0iUI9Vpxx1sx4ORKyURXxeZTEU8c
rT1vbZkSxIEwdslvUGSDtmMrEDhATpiWg7DOsiB9KVTP+y60sk2K6O4tP1hxhrqY
ByLSzlUNd7o4GarKHltAq9BHqFIfgVdfytNijDU19TzC0C3xBvqytBPpUsGOet6C
b1t97HL8onGVQV4TxZIN056Kv+A34+eqMkRDoMxrsGhs5lIJkHi4bkXWDrVj4hVL
L2FymHMbxbHPeo77v7ChPktzbQ+U5F9mydSnyl2Wx8zy3Cy706RUOqM=
-----END CERTIFICATE-----