Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/9V15KokMRLOv3d2QGM6kxqPMjAk.roa
File:                     9V15KokMRLOv3d2QGM6kxqPMjAk.roa (raw, json)
Hash identifier:          29UWw21kDH7u2g5Xu4dD7QQgFCTeRuEYahZhzOMMtuQ=
Subject key identifier:   F5:5D:79:2A:89:0C:44:B3:AF:DD:DD:90:18:CE:A4:C6:A3:CC:8C:09
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94E05D148C82BB1FAC9DC0EDB6EA00C
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/9V15KokMRLOv3d2QGM6kxqPMjAk.roa
Signing time:             Tue 02 Jan 2024 08:33:02 +0000
ROA not before:           Tue 02 Jan 2024 08:33:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137409
IP address blocks:        86.106.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:05:d1:48:c8:2b:b1:fa:c9:dc:0e:db:6e:a0:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f55d792a890c44b3afdddd9018cea4c6a3cc8c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ef:2d:35:b6:13:21:06:1a:b2:fb:ac:fd:2a:
                    ac:eb:5b:c2:f3:8e:50:aa:eb:6f:f4:a1:20:1d:84:
                    31:24:f0:53:48:16:dc:aa:bc:54:bb:a6:4d:db:db:
                    4e:54:7c:14:2f:b1:be:6c:db:32:bf:4e:02:9d:24:
                    75:31:32:fa:46:c7:cd:35:ad:38:55:78:d6:d1:ab:
                    54:55:92:ba:ad:11:f8:d6:a2:ca:b7:ef:27:d2:7b:
                    6d:de:26:64:a8:a2:40:e7:e4:cb:58:7b:32:44:be:
                    be:44:37:de:4f:c3:fd:4f:f2:f2:ca:e7:2c:4c:1e:
                    94:31:a6:ac:09:49:69:fa:f0:85:60:9f:f1:dd:91:
                    51:8f:17:e8:e7:5f:12:0e:33:72:1d:9e:00:0b:92:
                    63:0d:6b:91:31:cc:b9:95:34:52:29:2e:32:d7:13:
                    47:70:af:59:9c:97:33:a6:16:95:51:ef:76:64:7c:
                    5a:00:fd:c3:d3:fc:c5:5f:7e:01:c2:de:74:24:5e:
                    44:02:8b:ef:8d:e3:ef:25:7c:32:58:21:8a:89:21:
                    61:3c:40:22:9e:ba:57:a4:f3:a9:8c:6d:ee:3a:56:
                    69:3e:4a:03:6e:7c:e2:5d:58:2c:15:f0:25:ed:4a:
                    16:3a:83:01:7f:98:6a:33:4f:5f:cb:5b:28:39:37:
                    dc:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:5D:79:2A:89:0C:44:B3:AF:DD:DD:90:18:CE:A4:C6:A3:CC:8C:09
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/9V15KokMRLOv3d2QGM6kxqPMjAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:5f:ef:e6:54:56:28:45:80:60:3d:db:5d:54:37:be:5f:9a:
         52:91:49:c9:1c:bd:ea:56:f4:49:d1:f8:88:9e:33:58:59:5b:
         1b:43:e8:7b:3d:53:be:ec:53:8a:6a:6c:27:8e:7c:ee:86:57:
         e9:cf:05:22:77:4b:9a:aa:37:8d:11:e0:3a:f1:00:27:72:17:
         cf:6b:0b:5e:5a:50:e8:92:a9:d1:2e:82:86:8e:e6:98:c5:cd:
         ed:de:be:ba:cb:18:23:e6:89:d9:9a:a4:d6:8b:7c:14:95:ab:
         ed:25:96:39:dd:a2:c7:75:70:4d:1b:5c:e2:80:ad:7f:e2:0e:
         47:5f:95:6a:89:c8:78:46:71:8a:74:10:d4:c3:aa:f7:23:ae:
         4e:f0:0e:f1:a8:a4:a8:ea:60:47:59:55:90:7b:4c:02:99:46:
         4a:da:dd:63:b5:ae:3f:b2:a9:00:29:f1:b6:e8:81:08:ac:ec:
         ab:a2:01:37:46:ff:4a:3a:45:59:ce:50:13:86:17:b9:4c:4b:
         ee:c8:97:16:5d:8e:f5:6d:24:75:9f:da:5a:e2:a2:7e:5e:29:
         5f:ab:78:0b:16:2a:e9:48:2f:12:cc:c9:b1:26:05:2f:46:6b:
         e7:8c:45:6a:8e:b8:d8:1b:c6:db:b0:ae:dc:09:82:0a:49:a6:
         79:ea:56:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTgXRSMgrsfrJ3A7bbqAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTVkNzkyYTg5MGM0NGIzYWZkZGRkOTAxOGNlYTRjNmEzY2M4YzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+8tNbYTIQYasvus/Sqs61vC845Q
qutv9KEgHYQxJPBTSBbcqrxUu6ZN29tOVHwUL7G+bNsyv04CnSR1MTL6RsfNNa04
VXjW0atUVZK6rRH41qLKt+8n0ntt3iZkqKJA5+TLWHsyRL6+RDfeT8P9T/Lyyucs
TB6UMaasCUlp+vCFYJ/x3ZFRjxfo518SDjNyHZ4AC5JjDWuRMcy5lTRSKS4y1xNH
cK9ZnJczphaVUe92ZHxaAP3D0/zFX34Bwt50JF5EAovvjePvJXwyWCGKiSFhPEAi
nrpXpPOpjG3uOlZpPkoDbnziXVgsFfAl7UoWOoMBf5hqM09fy1soOTfcCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVdeSqJDESzr93dkBjOpMajzIwJMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvOVYxNUtva01STE92M2QyUUdNNmt4cVBNakFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmphMA0G
CSqGSIb3DQEBCwUAA4IBAQCPX+/mVFYoRYBgPdtdVDe+X5pSkUnJHL3qVvRJ0fiI
njNYWVsbQ+h7PVO+7FOKamwnjnzuhlfpzwUid0uaqjeNEeA68QAnchfPawteWlDo
kqnRLoKGjuaYxc3t3r66yxgj5onZmqTWi3wUlavtJZY53aLHdXBNG1zigK1/4g5H
X5Vqich4RnGKdBDUw6r3I65O8A7xqKSo6mBHWVWQe0wCmUZK2t1jta4/sqkAKfG2
6IEIrOyrogE3Rv9KOkVZzlAThhe5TEvuyJcWXY71bSR1n9pa4qJ+Xilfq3gLFirp
SC8SzMmxJgUvRmvnjEVqjrjYG8bbsK7cCYIKSaZ56lau
-----END CERTIFICATE-----