Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/96d14f-18c2-43a8-bc58-647289ad5a22/1/kYa3Wbvy2PiYTHJwRUQP3lE-Xcw.roa
File:                     kYa3Wbvy2PiYTHJwRUQP3lE-Xcw.roa (raw, json)
Hash identifier:          MaZsE7u4ZEM9dZ0yt0CAydRSgs3KbwTEwUZcxA4MpHg=
Subject key identifier:   91:86:B7:59:BB:F2:D8:F8:98:4C:72:70:45:44:0F:DE:51:3E:5D:CC
Certificate issuer:       /CN=722f0b33650b7d6498b9f58aac5a297e92614822
Certificate serial:       018CC3B69B309025D0CCEECE7EFED2DA7678
Authority key identifier: 72:2F:0B:33:65:0B:7D:64:98:B9:F5:8A:AC:5A:29:7E:92:61:48:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ci8LM2ULfWSYufWKrFopfpJhSCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/96d14f-18c2-43a8-bc58-647289ad5a22/1/kYa3Wbvy2PiYTHJwRUQP3lE-Xcw.roa
Signing time:             Mon 01 Jan 2024 06:29:33 +0000
ROA not before:           Mon 01 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56438
IP address blocks:        185.216.9.0/24 maxlen: 24
                          2a00:d700::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/96d14f-18c2-43a8-bc58-647289ad5a22/1/ci8LM2ULfWSYufWKrFopfpJhSCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/96d14f-18c2-43a8-bc58-647289ad5a22/1/ci8LM2ULfWSYufWKrFopfpJhSCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ci8LM2ULfWSYufWKrFopfpJhSCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9b:30:90:25:d0:cc:ee:ce:7e:fe:d2:da:76:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722f0b33650b7d6498b9f58aac5a297e92614822
        Validity
            Not Before: Jan  1 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9186b759bbf2d8f8984c727045440fde513e5dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6f:3a:ba:0d:fa:7f:88:51:63:a5:9f:14:d5:
                    b2:31:1e:23:f5:ba:f1:44:73:c1:fe:e7:6a:ac:96:
                    b9:c9:a2:c6:04:38:4f:c6:e0:54:92:20:41:33:eb:
                    e1:09:1d:ac:da:04:60:a5:47:1b:40:09:bd:73:22:
                    96:3d:fe:35:9a:06:19:7a:c5:df:e8:f4:a6:e2:7b:
                    c3:17:19:e8:bb:02:6d:fb:e5:f5:75:06:51:35:0c:
                    bc:b2:8c:87:72:80:33:09:b0:24:ff:1d:8e:84:37:
                    24:71:5a:51:3c:01:1b:46:73:54:a0:6d:ab:24:5a:
                    e5:cc:45:df:8e:dd:9e:53:16:1f:dd:f9:9f:92:f3:
                    e1:a5:58:1f:89:83:09:49:16:ee:69:b2:7f:62:44:
                    8f:5a:3e:77:e2:39:be:8e:24:fd:4a:83:6c:69:67:
                    89:57:1b:6f:84:2b:79:32:fb:87:7a:32:6d:d5:d0:
                    2a:d8:1a:41:59:3c:e3:14:ef:cf:32:3f:1a:7f:07:
                    02:3d:b9:b0:29:2e:9b:71:f4:5a:cd:e8:d8:fd:fa:
                    45:85:51:b8:d1:f2:ba:82:b7:b7:63:db:fb:46:2c:
                    ee:97:21:13:e4:a1:73:28:fd:97:be:40:1f:ba:82:
                    c7:85:40:d5:4e:b8:c1:ef:bf:82:5e:ab:26:99:c6:
                    f4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:86:B7:59:BB:F2:D8:F8:98:4C:72:70:45:44:0F:DE:51:3E:5D:CC
            X509v3 Authority Key Identifier:
                keyid:72:2F:0B:33:65:0B:7D:64:98:B9:F5:8A:AC:5A:29:7E:92:61:48:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ci8LM2ULfWSYufWKrFopfpJhSCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/96d14f-18c2-43a8-bc58-647289ad5a22/1/kYa3Wbvy2PiYTHJwRUQP3lE-Xcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/96d14f-18c2-43a8-bc58-647289ad5a22/1/ci8LM2ULfWSYufWKrFopfpJhSCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.9.0/24
                IPv6:
                  2a00:d700::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:f7:38:ab:23:5a:44:b8:57:c7:c7:58:24:5d:0d:70:8f:07:
         c2:c9:ed:c6:27:53:f5:db:55:f4:e1:c9:96:b5:af:12:98:b0:
         86:63:22:c1:b2:bb:73:01:b9:e3:d4:ce:7d:dd:26:92:9e:88:
         68:6f:5a:a9:55:99:b8:1f:b0:0b:ff:72:cb:4d:74:fa:02:80:
         14:4b:16:b8:16:96:09:07:93:b3:37:03:35:07:47:57:a4:2e:
         07:2e:5b:c0:54:c8:21:92:a0:03:64:bd:9d:4f:35:99:ff:10:
         4a:f0:7b:3c:7b:6c:a5:aa:ee:5a:34:0b:d4:b8:a9:26:11:d9:
         f0:3b:26:9e:0d:d1:1f:9e:d8:ff:28:5a:32:d2:50:32:24:59:
         62:9d:3a:c9:f2:ef:f6:d8:ad:2f:41:91:c5:2a:0f:62:af:0d:
         ba:36:35:21:56:de:3a:76:6b:7e:76:c9:7d:ec:b5:d6:65:f0:
         67:37:4f:e1:a0:51:0b:26:b6:43:4a:52:31:1a:e3:26:cf:e1:
         f4:e1:d1:b6:ce:49:b0:b4:03:a2:3e:e1:ee:d7:2c:d0:61:85:
         8f:a3:9c:4e:31:62:97:9b:20:09:4b:93:59:0b:4c:80:9a:31:
         0d:e6:0a:a1:c0:a9:04:97:b9:60:5e:bf:c6:24:28:9a:9f:bd:
         79:41:10:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtpswkCXQzO7Ofv7S2nZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmYwYjMzNjUwYjdkNjQ5OGI5ZjU4YWFjNWEyOTdlOTI2
MTQ4MjIwHhcNMjQwMTAxMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTg2Yjc1OWJiZjJkOGY4OTg0YzcyNzA0NTQ0MGZkZTUxM2U1ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhG86ug36f4hRY6WfFNWyMR4j9brx
RHPB/udqrJa5yaLGBDhPxuBUkiBBM+vhCR2s2gRgpUcbQAm9cyKWPf41mgYZesXf
6PSm4nvDFxnouwJt++X1dQZRNQy8soyHcoAzCbAk/x2OhDckcVpRPAEbRnNUoG2r
JFrlzEXfjt2eUxYf3fmfkvPhpVgfiYMJSRbuabJ/YkSPWj534jm+jiT9SoNsaWeJ
VxtvhCt5MvuHejJt1dAq2BpBWTzjFO/PMj8afwcCPbmwKS6bcfRazejY/fpFhVG4
0fK6gre3Y9v7RizulyET5KFzKP2XvkAfuoLHhUDVTrjB77+CXqsmmcb0JQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJGGt1m78tj4mExycEVED95RPl3MMB8GA1UdIwQY
MBaAFHIvCzNlC31kmLn1iqxaKX6SYUgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2k4TE0yVUxmV1NZdWZXS3JGb3BmcEpoU0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85NmQxNGYtMThjMi00M2E4LWJjNTgt
NjQ3Mjg5YWQ1YTIyLzEva1lhM1didnkyUGlZVEhKd1JVUVAzbEUtWGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85NmQxNGYtMThjMi00M2E4LWJjNTgtNjQ3Mjg5YWQ1YTIy
LzEvY2k4TE0yVUxmV1NZdWZXS3JGb3BmcEpoU0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudgJMA0E
AgACMAcDBQAqANcAMA0GCSqGSIb3DQEBCwUAA4IBAQBr9zirI1pEuFfHx1gkXQ1w
jwfCye3GJ1P121X04cmWta8SmLCGYyLBsrtzAbnj1M593SaSnohob1qpVZm4H7AL
/3LLTXT6AoAUSxa4FpYJB5OzNwM1B0dXpC4HLlvAVMghkqADZL2dTzWZ/xBK8Hs8
e2ylqu5aNAvUuKkmEdnwOyaeDdEfntj/KFoy0lAyJFlinTrJ8u/22K0vQZHFKg9i
rw26NjUhVt46dmt+dsl97LXWZfBnN0/hoFELJrZDSlIxGuMmz+H04dG2zkmwtAOi
PuHu1yzQYYWPo5xOMWKXmyAJS5NZC0yAmjEN5gqhwKkEl7lgXr/GJCian715QRA2
-----END CERTIFICATE-----