Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Qy1qD0ZlMKv8w29CO7u2go1xRng.roa
File:                     Qy1qD0ZlMKv8w29CO7u2go1xRng.roa (raw, json)
Hash identifier:          98lOCdIWdvmyh0ofx4tBkWZ5+8JiSjrXsCx/f7jn7eU=
Subject key identifier:   43:2D:6A:0F:46:65:30:AB:FC:C3:6F:42:3B:BB:B6:82:8D:71:46:78
Certificate issuer:       /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial:       018CC3B6D1CEC0963712810CB508A8494CA5
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Qy1qD0ZlMKv8w29CO7u2go1xRng.roa
Signing time:             Mon 01 Jan 2024 06:29:47 +0000
ROA not before:           Mon 01 Jan 2024 06:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13068
IP address blocks:        213.164.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:03:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d1:ce:c0:96:37:12:81:0c:b5:08:a8:49:4c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=432d6a0f466530abfcc36f423bbbb6828d714678
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3d:b3:07:22:9b:08:ec:c8:70:6d:38:8a:0c:
                    6e:d0:ab:cc:ad:31:b3:66:32:7f:2e:e9:c0:bc:e1:
                    df:36:d5:b1:cd:0b:a1:42:40:4c:50:b1:6b:82:ce:
                    68:a7:e1:ec:f6:9a:8b:61:90:fa:4e:b0:b0:ac:f9:
                    02:90:69:84:14:16:16:91:4b:ee:e1:98:f6:e7:e8:
                    20:cc:41:8f:8a:48:90:4f:20:54:c2:71:24:55:28:
                    42:74:2c:e2:ff:78:8e:7b:42:ba:07:a5:8d:a5:50:
                    fb:12:58:44:b2:7d:37:b0:65:c4:6c:0a:18:6a:b2:
                    31:50:06:37:65:0b:ad:73:fa:b4:5b:0a:24:15:79:
                    b8:24:52:9d:57:65:24:79:9d:13:ff:80:4e:6a:86:
                    24:36:28:dc:02:5a:39:40:e4:77:1a:bf:63:70:75:
                    c4:c2:ff:21:d8:8b:f8:ce:ac:8e:b4:7d:5c:0e:1a:
                    40:8d:7f:56:2b:ce:0b:e9:e7:ec:d0:e8:a9:7c:35:
                    cd:97:3c:19:f5:5b:9d:ce:27:65:8d:d8:8e:7c:21:
                    95:33:43:ba:9a:84:66:67:0e:00:01:c1:98:57:c1:
                    dc:17:94:54:44:cf:63:b6:80:5b:f2:32:c2:45:df:
                    8c:2b:b8:a9:65:9e:e6:3a:ef:b3:ed:49:47:ad:55:
                    b6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:2D:6A:0F:46:65:30:AB:FC:C3:6F:42:3B:BB:B6:82:8D:71:46:78
            X509v3 Authority Key Identifier:
                keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/Qy1qD0ZlMKv8w29CO7u2go1xRng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.164.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:15:ce:3a:9a:7f:1a:c3:31:42:09:b8:80:af:eb:23:87:5e:
         64:c4:83:d2:4b:ac:6d:f3:0a:52:81:75:4b:e3:bb:95:f8:3a:
         9c:4f:50:c7:3b:4b:4d:45:32:39:7f:d1:b5:4d:4f:ab:e0:cb:
         03:b6:63:24:1e:52:ff:84:ff:34:3d:84:a8:ef:e5:ef:63:b2:
         61:1a:94:b3:48:46:5c:16:43:c7:c0:a3:25:99:fc:be:f8:d3:
         11:58:cc:0b:21:85:7a:01:d8:ec:40:b5:58:ce:80:c6:87:7d:
         f3:c4:8e:30:11:8d:55:2e:89:41:fa:0b:82:87:c7:a9:0f:16:
         28:2b:0f:01:e0:a2:b3:a1:20:69:6a:2f:21:79:d7:58:96:12:
         15:46:a3:e4:dd:14:cd:50:cf:2c:06:81:d0:2f:b5:7d:78:e1:
         f6:e3:fa:fc:b0:d3:08:cb:29:97:57:bf:ae:46:30:8f:e8:3d:
         20:53:e1:c1:00:c1:5c:59:d3:d9:5e:13:2f:35:49:5c:69:12:
         9a:93:c8:8d:0c:c8:a1:ee:26:ef:f8:2c:f7:28:5a:10:93:ff:
         45:95:7e:48:be:22:49:c8:92:31:b4:de:b0:75:38:df:cd:22:
         a5:80:55:e6:32:42:71:f2:60:99:dc:2e:1b:29:84:32:7e:b1:
         c9:32:07:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttHOwJY3EoEMtQioSUylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzJkNmEwZjQ2NjUzMGFiZmNjMzZmNDIzYmJiYjY4MjhkNzE0Njc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAij2zByKbCOzIcG04igxu0KvMrTGz
ZjJ/LunAvOHfNtWxzQuhQkBMULFrgs5op+Hs9pqLYZD6TrCwrPkCkGmEFBYWkUvu
4Zj25+ggzEGPikiQTyBUwnEkVShCdCzi/3iOe0K6B6WNpVD7ElhEsn03sGXEbAoY
arIxUAY3ZQutc/q0WwokFXm4JFKdV2UkeZ0T/4BOaoYkNijcAlo5QOR3Gr9jcHXE
wv8h2Iv4zqyOtH1cDhpAjX9WK84L6efs0OipfDXNlzwZ9VudzidljdiOfCGVM0O6
moRmZw4AAcGYV8HcF5RURM9jtoBb8jLCRd+MK7ipZZ7mOu+z7UlHrVW2SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMtag9GZTCr/MNvQju7toKNcUZ4MB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvUXkxcUQwWmxNS3Y4dzI5Q083dTJnbzF4Um5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1aQJMA0G
CSqGSIb3DQEBCwUAA4IBAQCnFc46mn8awzFCCbiAr+sjh15kxIPSS6xt8wpSgXVL
47uV+DqcT1DHO0tNRTI5f9G1TU+r4MsDtmMkHlL/hP80PYSo7+XvY7JhGpSzSEZc
FkPHwKMlmfy++NMRWMwLIYV6AdjsQLVYzoDGh33zxI4wEY1VLolB+guCh8epDxYo
Kw8B4KKzoSBpai8heddYlhIVRqPk3RTNUM8sBoHQL7V9eOH24/r8sNMIyymXV7+u
RjCP6D0gU+HBAMFcWdPZXhMvNUlcaRKak8iNDMih7ibv+Cz3KFoQk/9FlX5IviJJ
yJIxtN6wdTjfzSKlgFXmMkJx8mCZ3C4bKYQyfrHJMgdq
-----END CERTIFICATE-----