Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/bb23e1-46ca-464a-b3f2-f929e2551627/1/9tH5GOAQwRZgtrqRCw6E5l2rvEA.roa
File:                     9tH5GOAQwRZgtrqRCw6E5l2rvEA.roa (raw, json)
Hash identifier:          OyTG7wFkFaVBFOx69BwGknbkHGngj4fAcgjyuoj620Y=
Subject key identifier:   F6:D1:F9:18:E0:10:C1:16:60:B6:BA:91:0B:0E:84:E6:5D:AB:BC:40
Certificate issuer:       /CN=107a5af196b8a0ea960c28f6b3e75291c7e861cd
Certificate serial:       018CC9BC2AD00030F86D2C02C3E1DC30A71D
Authority key identifier: 10:7A:5A:F1:96:B8:A0:EA:96:0C:28:F6:B3:E7:52:91:C7:E8:61:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHpa8Za4oOqWDCj2s-dSkcfoYc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/bb23e1-46ca-464a-b3f2-f929e2551627/1/9tH5GOAQwRZgtrqRCw6E5l2rvEA.roa
Signing time:             Tue 02 Jan 2024 10:33:21 +0000
ROA not before:           Tue 02 Jan 2024 10:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49652
IP address blocks:        195.254.128.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/bb23e1-46ca-464a-b3f2-f929e2551627/1/EHpa8Za4oOqWDCj2s-dSkcfoYc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/bb23e1-46ca-464a-b3f2-f929e2551627/1/EHpa8Za4oOqWDCj2s-dSkcfoYc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHpa8Za4oOqWDCj2s-dSkcfoYc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2a:d0:00:30:f8:6d:2c:02:c3:e1:dc:30:a7:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=107a5af196b8a0ea960c28f6b3e75291c7e861cd
        Validity
            Not Before: Jan  2 10:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6d1f918e010c11660b6ba910b0e84e65dabbc40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e4:6c:22:49:1e:b7:1b:b4:86:88:f9:2c:d5:
                    2d:98:41:6c:5d:df:70:18:c5:6c:d7:16:a0:8a:71:
                    09:d0:58:37:98:f6:5a:e5:2d:5f:3c:dd:30:ed:0b:
                    0a:29:8f:bb:7a:5f:01:72:49:4f:03:e1:f2:0d:cf:
                    f4:90:f3:0f:06:db:3d:07:c8:6b:ad:d3:e4:75:47:
                    c5:3a:7d:e0:6d:f2:c2:b5:83:5c:8b:e7:7c:46:d1:
                    94:3e:7b:68:a6:9c:af:88:ed:c9:45:d7:b1:0e:22:
                    62:04:91:c5:0a:55:47:7c:1d:89:03:54:cc:69:02:
                    11:a8:1b:f0:cf:50:14:b2:67:f9:88:56:e6:5d:80:
                    83:1a:93:5a:87:4c:fe:81:1d:8a:c1:ec:91:d4:b1:
                    dd:48:12:e0:c7:49:48:cf:12:27:8f:c2:f4:57:ec:
                    dd:7f:2c:d5:c1:59:47:d7:00:3f:f7:e3:37:05:3a:
                    6e:45:9e:78:98:35:2c:84:2c:ca:3e:0b:53:c4:1e:
                    c5:05:f5:8b:1a:8b:28:76:ab:fd:95:11:76:3a:ad:
                    c5:71:7e:55:b2:4d:6e:20:eb:30:75:88:6b:cd:4d:
                    4f:e5:43:78:f2:91:a4:2d:9d:7f:43:29:b9:a3:61:
                    8e:63:96:5d:7b:05:b0:5e:8e:06:40:40:c0:02:7e:
                    a2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:D1:F9:18:E0:10:C1:16:60:B6:BA:91:0B:0E:84:E6:5D:AB:BC:40
            X509v3 Authority Key Identifier:
                keyid:10:7A:5A:F1:96:B8:A0:EA:96:0C:28:F6:B3:E7:52:91:C7:E8:61:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHpa8Za4oOqWDCj2s-dSkcfoYc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bb23e1-46ca-464a-b3f2-f929e2551627/1/9tH5GOAQwRZgtrqRCw6E5l2rvEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/bb23e1-46ca-464a-b3f2-f929e2551627/1/EHpa8Za4oOqWDCj2s-dSkcfoYc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:98:16:2f:91:bf:98:98:65:69:b4:68:d2:5b:0c:6f:30:79:
         f0:67:87:5b:6d:a5:5e:c3:ac:75:b4:d8:6f:c5:30:23:b1:e0:
         0f:52:e5:96:bf:8f:9c:27:9b:7a:2f:0f:ec:60:4b:83:2d:ab:
         77:ee:5e:5e:00:4a:d8:5b:54:7d:e7:51:eb:dd:8d:6d:85:75:
         7b:23:72:84:ec:0a:7b:7f:7a:4d:e0:fe:85:ab:2d:24:c1:f6:
         62:39:96:98:4a:c2:ac:c1:56:2e:7f:0d:0a:eb:c3:a2:2f:89:
         b5:d6:dd:19:bf:97:64:51:90:a4:12:c2:8d:49:ff:00:14:a0:
         9a:93:ce:8e:b4:a6:2a:9d:9b:86:df:c9:a8:47:61:a2:cc:e3:
         91:e4:8e:a8:68:e3:59:dd:a3:6c:47:53:f6:18:5f:62:46:44:
         57:58:8f:28:93:1e:5a:64:32:38:51:18:14:63:38:00:3e:00:
         d8:ea:38:dd:76:78:dc:e5:fe:bf:59:a0:fe:6b:b2:46:8f:4e:
         43:94:fe:98:15:1f:c0:37:50:ad:71:bb:31:cb:5c:c7:fc:e1:
         bb:47:ea:47:87:6d:eb:7b:01:55:b2:cf:c6:30:81:f9:b5:03:
         5b:a2:a7:22:ea:8a:37:80:69:35:ce:23:11:70:69:93:eb:c9:
         cf:ec:b7:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCrQADD4bSwCw+HcMKcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwN2E1YWYxOTZiOGEwZWE5NjBjMjhmNmIzZTc1MjkxYzdl
ODYxY2QwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmQxZjkxOGUwMTBjMTE2NjBiNmJhOTEwYjBlODRlNjVkYWJiYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArORsIkketxu0hoj5LNUtmEFsXd9w
GMVs1xaginEJ0Fg3mPZa5S1fPN0w7QsKKY+7el8BcklPA+HyDc/0kPMPBts9B8hr
rdPkdUfFOn3gbfLCtYNci+d8RtGUPntoppyviO3JRdexDiJiBJHFClVHfB2JA1TM
aQIRqBvwz1AUsmf5iFbmXYCDGpNah0z+gR2KweyR1LHdSBLgx0lIzxInj8L0V+zd
fyzVwVlH1wA/9+M3BTpuRZ54mDUshCzKPgtTxB7FBfWLGosodqv9lRF2Oq3FcX5V
sk1uIOswdYhrzU1P5UN48pGkLZ1/Qym5o2GOY5ZdewWwXo4GQEDAAn6ieQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbR+RjgEMEWYLa6kQsOhOZdq7xAMB8GA1UdIwQY
MBaAFBB6WvGWuKDqlgwo9rPnUpHH6GHNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhwYThaYTRvT3FXRENqMnMtZFNrY2ZvWWMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iYjIzZTEtNDZjYS00NjRhLWIzZjIt
ZjkyOWUyNTUxNjI3LzEvOXRINUdPQVF3UlpndHJxUkN3NkU1bDJydkVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iYjIzZTEtNDZjYS00NjRhLWIzZjItZjkyOWUyNTUxNjI3
LzEvRUhwYThaYTRvT3FXRENqMnMtZFNrY2ZvWWMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/6AMA0G
CSqGSIb3DQEBCwUAA4IBAQA3mBYvkb+YmGVptGjSWwxvMHnwZ4dbbaVew6x1tNhv
xTAjseAPUuWWv4+cJ5t6Lw/sYEuDLat37l5eAErYW1R951Hr3Y1thXV7I3KE7Ap7
f3pN4P6Fqy0kwfZiOZaYSsKswVYufw0K68OiL4m11t0Zv5dkUZCkEsKNSf8AFKCa
k86OtKYqnZuG38moR2GizOOR5I6oaONZ3aNsR1P2GF9iRkRXWI8okx5aZDI4URgU
YzgAPgDY6jjddnjc5f6/WaD+a7JGj05DlP6YFR/AN1Ctcbsxy1zH/OG7R+pHh23r
ewFVss/GMIH5tQNboqci6oo3gGk1ziMRcGmT68nP7Lcr
-----END CERTIFICATE-----