Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/0Er9s7Bc0J2DOZ574fhWA1fzlps.roa
File:                     0Er9s7Bc0J2DOZ574fhWA1fzlps.roa (raw, json)
Hash identifier:          pdxoUCoNsa/F/XwA9k3cCx2kQcSUVaXtRAbN0Jx9wHs=
Subject key identifier:   D0:4A:FD:B3:B0:5C:D0:9D:83:39:9E:7B:E1:F8:56:03:57:F3:96:9B
Certificate issuer:       /CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
Certificate serial:       018CC727326D63D534EC75015428A50D1835
Authority key identifier: 9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/0Er9s7Bc0J2DOZ574fhWA1fzlps.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        194.115.212.0/22 maxlen: 22
                          193.98.156.0/24 maxlen: 24
                          193.102.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:32:6d:63:d5:34:ec:75:01:54:28:a5:0d:18:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d04afdb3b05cd09d83399e7be1f8560357f3969b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:db:21:16:aa:7b:9a:1c:66:23:de:25:5f:54:
                    aa:a3:01:47:f6:cf:fc:6d:ac:e1:38:46:57:9b:18:
                    ce:7e:ed:6f:fc:1c:38:84:74:87:c1:5d:7c:55:f2:
                    8f:8e:66:29:64:16:7f:e6:0a:b4:ea:6e:5b:b2:40:
                    c9:cb:a7:ec:2c:3a:eb:d1:f7:53:5b:3b:5d:c5:4f:
                    28:3a:32:7c:69:7d:a6:87:19:48:29:d8:69:2e:61:
                    ed:41:48:b0:9e:3a:f0:66:64:12:b3:0c:87:8b:0f:
                    5c:d9:ee:c5:27:4d:6a:83:ce:6c:db:29:1e:f7:a0:
                    91:30:1a:35:f0:e2:54:5b:dc:52:52:d7:7c:6d:da:
                    46:1a:72:26:27:d1:71:cd:cb:14:05:20:83:0e:4f:
                    0d:42:ab:75:cb:04:9c:59:bf:f2:eb:ab:b6:cf:56:
                    ea:89:5e:18:23:7d:50:a5:7b:e9:e5:62:05:0b:e1:
                    dc:b7:c3:2a:de:7a:9d:8e:95:3a:77:53:dc:89:bb:
                    00:c4:e6:e8:fb:5f:80:48:4f:1b:d6:e4:6f:22:55:
                    2a:d4:9c:39:32:a2:90:29:06:87:e4:9d:c4:49:00:
                    1d:52:4b:b1:08:65:53:15:2f:ab:fc:35:d1:f4:5a:
                    82:4e:e3:8f:6d:b7:ee:ea:22:c5:a2:2c:28:fb:d2:
                    f1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:4A:FD:B3:B0:5C:D0:9D:83:39:9E:7B:E1:F8:56:03:57:F3:96:9B
            X509v3 Authority Key Identifier:
                keyid:9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/0Er9s7Bc0J2DOZ574fhWA1fzlps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.98.156.0/24
                  193.102.132.0/24
                  194.115.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:cc:14:d7:dc:9a:2c:27:ac:1f:13:5c:9f:e4:0b:d6:fb:d7:
         f9:62:9a:f2:8f:43:9f:ce:62:fe:34:68:f6:9a:9e:49:18:28:
         70:dd:48:28:46:65:77:ca:61:83:ec:19:bb:6c:01:c4:d9:5a:
         37:de:92:c6:89:11:97:3f:fb:d0:b4:1f:70:18:3d:d7:20:6e:
         0e:5e:ea:6a:1b:1b:e6:11:67:01:78:c2:b0:ad:6a:90:20:ef:
         21:7d:39:14:d8:e6:91:1a:ed:91:19:5e:8c:e8:a4:74:9e:9f:
         f9:95:a2:a2:da:f5:2d:aa:f3:70:5c:26:3b:77:3b:93:35:e8:
         86:3e:05:9f:16:e9:c3:06:d2:ae:54:03:ab:b8:61:51:e3:7a:
         0b:b4:23:c9:81:ce:cf:a8:90:33:f8:e9:ca:1f:b2:94:43:f9:
         0e:73:7f:bd:bd:ea:7c:00:ed:77:cc:33:c0:82:78:38:42:cc:
         47:1a:4e:6d:6b:72:83:ed:e0:b7:b0:e4:ea:41:27:a8:36:17:
         23:d0:83:b1:2f:aa:e7:c7:2f:ca:c4:ea:b4:52:01:8e:66:b9:
         4b:0a:7d:48:aa:0c:f7:2a:09:88:7b:e9:23:79:37:cc:9b:89:
         7e:44:0a:18:73:48:99:38:c9:b5:68:ab:e7:bd:50:99:57:df:
         b0:8f:8a:d1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJzJtY9U07HUBVCilDRg1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYzZmZDNmMzJjYTQ1OTRjOTYwNzU2NTlhNzA4OWIyN2Fl
M2ZlZjMwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDRhZmRiM2IwNWNkMDlkODMzOTllN2JlMWY4NTYwMzU3ZjM5NjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNshFqp7mhxmI94lX1SqowFH9s/8
bazhOEZXmxjOfu1v/Bw4hHSHwV18VfKPjmYpZBZ/5gq06m5bskDJy6fsLDrr0fdT
WztdxU8oOjJ8aX2mhxlIKdhpLmHtQUiwnjrwZmQSswyHiw9c2e7FJ01qg85s2yke
96CRMBo18OJUW9xSUtd8bdpGGnImJ9FxzcsUBSCDDk8NQqt1ywScWb/y66u2z1bq
iV4YI31QpXvp5WIFC+Hct8Mq3nqdjpU6d1PcibsAxObo+1+ASE8b1uRvIlUq1Jw5
MqKQKQaH5J3ESQAdUkuxCGVTFS+r/DXR9FqCTuOPbbfu6iLFoiwo+9Lx7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNBK/bOwXNCdgzmee+H4VgNX85abMB8GA1UdIwQY
MBaAFJvG/T8yykWUyWB1ZZpwibJ64/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYt
ZGNiZTUzZGE3ODYwLzEvMEVyOXM3QmMwSjJET1o1NzRmaFdBMWZ6bHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYtZGNiZTUzZGE3ODYw
LzEvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwWKcAwQA
wWaEAwQCwnPUMA0GCSqGSIb3DQEBCwUAA4IBAQBIzBTX3JosJ6wfE1yf5AvW+9f5
Ypryj0OfzmL+NGj2mp5JGChw3UgoRmV3ymGD7Bm7bAHE2Vo33pLGiRGXP/vQtB9w
GD3XIG4OXupqGxvmEWcBeMKwrWqQIO8hfTkU2OaRGu2RGV6M6KR0np/5laKi2vUt
qvNwXCY7dzuTNeiGPgWfFunDBtKuVAOruGFR43oLtCPJgc7PqJAz+OnKH7KUQ/kO
c3+9vep8AO13zDPAgng4QsxHGk5ta3KD7eC3sOTqQSeoNhcj0IOxL6rnxy/KxOq0
UgGOZrlLCn1Iqgz3KgmIe+kjeTfMm4l+RAoYc0iZOMm1aKvnvVCZV9+wj4rR
-----END CERTIFICATE-----