Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/u4Zf9cp7cfKMWx0Cu-DkLv5lNrY.roa
File:                     u4Zf9cp7cfKMWx0Cu-DkLv5lNrY.roa (raw, json)
Hash identifier:          8rW7Nujpm25Y+eZl5rchRihG6lq0GyrhKuzsOyHzS1I=
Subject key identifier:   BB:86:5F:F5:CA:7B:71:F2:8C:5B:1D:02:BB:E0:E4:2E:FE:65:36:B6
Certificate issuer:       /CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
Certificate serial:       018CC72731FA56F5858B85B7C22B7317EA26
Authority key identifier: 9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/u4Zf9cp7cfKMWx0Cu-DkLv5lNrY.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3209
IP address blocks:        192.109.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:fa:56:f5:85:8b:85:b7:c2:2b:73:17:ea:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bc6fd3f32ca4594c96075659a7089b27ae3fef3
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb865ff5ca7b71f28c5b1d02bbe0e42efe6536b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:93:bd:46:69:0c:cb:ef:88:4d:d9:ec:c0:dc:
                    9f:f3:c8:36:86:bf:32:5f:8f:fc:4e:38:d8:1f:ce:
                    d2:23:8c:25:22:d1:4c:9c:73:e5:6d:6d:9b:d9:fe:
                    d6:2a:18:3e:70:7a:63:fb:28:42:1d:63:fd:84:1a:
                    1e:cd:b8:07:d1:4d:52:cb:4a:14:4c:a7:7d:39:3d:
                    d1:86:3c:21:34:8e:92:32:f2:1a:a1:15:71:fe:b9:
                    34:df:3a:13:4f:64:4f:75:4d:0f:42:1a:70:5c:5f:
                    3e:4b:78:d9:0e:a8:b8:21:2e:7f:cc:50:e4:7e:2a:
                    61:33:2a:aa:c2:db:04:74:ec:63:57:37:fb:78:14:
                    ed:e3:66:f5:92:5d:3a:1e:7e:7d:eb:d3:5b:fe:fd:
                    cf:e0:84:cf:f5:d4:a3:a4:02:2a:8a:39:8a:db:9d:
                    c8:4e:81:70:81:0a:c9:3d:50:17:7d:ae:20:7b:37:
                    17:32:de:b5:5c:f7:d9:9d:1f:22:f9:88:62:ec:e6:
                    66:48:07:d6:a3:b4:91:fe:57:3b:42:af:65:76:d1:
                    9f:f2:a3:dd:87:87:40:4e:fa:6d:e5:53:58:bc:9d:
                    21:fb:8d:b0:33:dd:b6:1b:16:66:29:56:36:c6:e2:
                    c3:c8:21:d6:c0:fe:c0:6c:01:99:c1:02:51:15:94:
                    e7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:86:5F:F5:CA:7B:71:F2:8C:5B:1D:02:BB:E0:E4:2E:FE:65:36:B6
            X509v3 Authority Key Identifier:
                keyid:9B:C6:FD:3F:32:CA:45:94:C9:60:75:65:9A:70:89:B2:7A:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m8b9PzLKRZTJYHVlmnCJsnrj_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/u4Zf9cp7cfKMWx0Cu-DkLv5lNrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/da2447-b252-4b6a-a82f-dcbe53da7860/1/m8b9PzLKRZTJYHVlmnCJsnrj_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:32:f9:e3:63:53:91:80:9e:3e:49:22:8a:9e:09:4a:35:5d:
         32:cb:4d:c6:3d:09:19:de:ac:f2:7f:e0:55:7b:31:71:35:dc:
         16:62:34:89:fb:c4:a5:76:39:31:d0:f4:ef:cf:90:59:3c:e6:
         8a:7e:33:58:ee:32:7d:ea:e7:49:5b:e5:21:5c:43:fb:b1:7e:
         58:04:95:2b:d6:91:29:c3:8b:65:5d:b0:74:f0:a0:6c:46:12:
         75:7a:6c:73:8f:ca:be:f4:6d:4d:c6:2e:5d:ba:ad:b8:2f:27:
         3e:21:70:4d:7f:91:9f:fa:b2:31:c9:a2:9e:55:41:e2:8d:39:
         09:3f:81:96:62:d5:6b:59:3f:2e:03:46:1d:b0:fb:67:f2:1f:
         3e:2f:62:2c:3e:71:ec:6b:6b:d1:8b:09:e5:c4:05:28:f6:95:
         41:d8:be:f2:85:f9:d4:1c:a8:de:41:d1:15:e3:56:1c:12:10:
         f2:10:4d:aa:6f:fa:47:05:05:93:f2:6b:b2:a6:36:bb:00:d1:
         12:3b:e1:ea:6d:1d:02:e2:73:19:15:27:48:90:c4:0b:cb:2c:
         e8:6b:ed:b7:d0:0e:30:85:6a:6e:e2:3e:f4:a8:be:13:bd:4e:
         f3:49:b7:3c:a4:fd:80:88:02:56:3a:99:8a:7b:56:e6:a1:80:
         57:58:cb:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzH6VvWFi4W3witzF+omMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYzZmZDNmMzJjYTQ1OTRjOTYwNzU2NTlhNzA4OWIyN2Fl
M2ZlZjMwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjg2NWZmNWNhN2I3MWYyOGM1YjFkMDJiYmUwZTQyZWZlNjUzNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJO9RmkMy++ITdnswNyf88g2hr8y
X4/8TjjYH87SI4wlItFMnHPlbW2b2f7WKhg+cHpj+yhCHWP9hBoezbgH0U1Sy0oU
TKd9OT3RhjwhNI6SMvIaoRVx/rk03zoTT2RPdU0PQhpwXF8+S3jZDqi4IS5/zFDk
fiphMyqqwtsEdOxjVzf7eBTt42b1kl06Hn5969Nb/v3P4ITP9dSjpAIqijmK253I
ToFwgQrJPVAXfa4gezcXMt61XPfZnR8i+Yhi7OZmSAfWo7SR/lc7Qq9ldtGf8qPd
h4dATvpt5VNYvJ0h+42wM922GxZmKVY2xuLDyCHWwP7AbAGZwQJRFZTnywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuGX/XKe3HyjFsdArvg5C7+ZTa2MB8GA1UdIwQY
MBaAFJvG/T8yykWUyWB1ZZpwibJ64/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYt
ZGNiZTUzZGE3ODYwLzEvdTRaZjljcDdjZktNV3gwQ3UtRGtMdjVsTnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9kYTI0NDctYjI1Mi00YjZhLWE4MmYtZGNiZTUzZGE3ODYw
LzEvbThiOVB6TEtSWlRKWUhWbG1uQ0pzbnJqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG1vMA0G
CSqGSIb3DQEBCwUAA4IBAQAuMvnjY1ORgJ4+SSKKnglKNV0yy03GPQkZ3qzyf+BV
ezFxNdwWYjSJ+8Sldjkx0PTvz5BZPOaKfjNY7jJ96udJW+UhXEP7sX5YBJUr1pEp
w4tlXbB08KBsRhJ1emxzj8q+9G1Nxi5duq24Lyc+IXBNf5Gf+rIxyaKeVUHijTkJ
P4GWYtVrWT8uA0YdsPtn8h8+L2IsPnHsa2vRiwnlxAUo9pVB2L7yhfnUHKjeQdEV
41YcEhDyEE2qb/pHBQWT8muypja7ANESO+HqbR0C4nMZFSdIkMQLyyzoa+230A4w
hWpu4j70qL4TvU7zSbc8pP2AiAJWOpmKe1bmoYBXWMsB
-----END CERTIFICATE-----