Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/9_b_r8yUwYd4GGeZKd-c_UaSh-w.roa
File:                     9_b_r8yUwYd4GGeZKd-c_UaSh-w.roa (raw, json)
Hash identifier:          njPD/RrpUIDyoyt9tCP3WKv97I0fs0muUSblPZ88qqQ=
Subject key identifier:   F7:F6:FF:AF:CC:94:C1:87:78:18:67:99:29:DF:9C:FD:46:92:87:EC
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       018CC94DFD13BC56E01B362CDFC7E387DB43
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/9_b_r8yUwYd4GGeZKd-c_UaSh-w.roa
Signing time:             Tue 02 Jan 2024 08:33:00 +0000
ROA not before:           Tue 02 Jan 2024 08:33:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31017
IP address blocks:        86.104.128.0/22 maxlen: 22
                          89.43.136.0/22 maxlen: 22
                          2a05:b680:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 06:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:fd:13:bc:56:e0:1b:36:2c:df:c7:e3:87:db:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 08:33:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7f6ffafcc94c1877818679929df9cfd469287ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2a:64:ee:d2:64:46:39:0b:76:7d:77:79:55:
                    8d:16:49:0f:ad:e2:14:1f:41:9b:50:5f:ee:bd:4e:
                    31:d4:65:6a:33:b4:c8:eb:b5:f6:c7:7c:bc:4f:06:
                    17:0c:1e:58:5b:6f:47:f2:fa:89:ca:80:cb:c8:95:
                    5d:9f:e0:da:64:7f:a2:4b:dc:4e:e6:a0:25:2d:1e:
                    a6:0c:e8:a3:e0:6d:05:89:66:1d:a9:f5:25:cb:c6:
                    ae:4d:db:d1:06:1f:23:80:8b:63:1d:44:e8:fd:b4:
                    62:8e:21:8f:84:dc:fe:2f:0f:79:ad:ba:f1:21:39:
                    cf:ed:1c:72:a9:b1:e7:3b:3e:10:20:48:77:b3:53:
                    ca:58:51:ff:1f:10:f4:bd:14:b2:2e:44:b7:9a:da:
                    0e:9e:ad:1f:59:72:fc:d9:8c:7c:d2:1f:b5:ae:96:
                    5c:63:ac:cd:55:41:74:77:fc:47:92:40:2d:69:e6:
                    57:d9:bd:0a:f9:fb:61:c4:78:5d:07:53:a4:d1:76:
                    ab:8d:c9:6e:20:1d:b5:5e:c5:a1:bf:59:55:28:8f:
                    3a:fb:5c:72:f3:21:4c:9e:62:5f:6c:5e:50:67:22:
                    ba:23:d4:98:d1:79:6f:90:31:e4:a6:83:97:13:4e:
                    f0:fb:76:ca:95:d2:65:3d:cd:e0:33:e7:6c:af:a1:
                    ad:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F6:FF:AF:CC:94:C1:87:78:18:67:99:29:DF:9C:FD:46:92:87:EC
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/9_b_r8yUwYd4GGeZKd-c_UaSh-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.104.128.0/22
                  89.43.136.0/22
                IPv6:
                  2a05:b680:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:c0:79:5b:82:36:85:94:a9:91:d8:f8:1e:a6:0e:18:9d:2a:
         0c:91:2d:2d:61:ad:9b:78:82:23:6b:c2:ad:65:8c:46:3a:e0:
         f7:f6:13:f9:a7:14:4d:05:5a:31:3c:5b:4a:0d:da:99:1c:4d:
         65:d1:3b:ab:65:6f:d6:fe:80:f5:75:1e:46:86:c2:74:c6:fe:
         f7:77:72:61:cc:5c:ba:16:74:72:1e:5e:75:3d:bf:d9:d3:39:
         7f:a8:55:cf:6e:fe:35:2d:d3:6c:69:58:a2:7c:45:ff:43:d7:
         70:e8:f8:41:f7:9d:bd:2b:9f:ac:3a:be:c4:fa:3a:fa:2c:a6:
         97:be:f2:88:a1:e4:a7:07:35:5b:ba:d5:51:74:ca:d1:c5:4f:
         8c:e5:c4:63:2e:94:da:73:6e:11:0d:02:20:9d:02:2d:ad:6e:
         c5:a2:f0:f0:a4:e7:25:7d:ae:29:20:ab:a1:b4:f0:11:72:64:
         96:52:5f:01:b6:84:2c:12:f9:48:07:6b:dd:13:9f:de:f8:65:
         a3:ac:93:22:25:2d:09:5c:2e:8c:75:7e:15:68:84:02:57:3d:
         5b:d6:8d:73:40:46:89:30:4c:e0:ba:fc:15:a1:d4:24:3f:35:
         f5:81:06:e7:f0:b6:22:73:40:bc:76:0f:16:d7:3b:9c:57:72:
         ac:86:85:fd
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJTf0TvFbgGzYs38fjh9tDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjQwMTAyMDgzMzAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Y2ZmZhZmNjOTRjMTg3NzgxODY3OTkyOWRmOWNmZDQ2OTI4N2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSpk7tJkRjkLdn13eVWNFkkPreIU
H0GbUF/uvU4x1GVqM7TI67X2x3y8TwYXDB5YW29H8vqJyoDLyJVdn+DaZH+iS9xO
5qAlLR6mDOij4G0FiWYdqfUly8auTdvRBh8jgItjHUTo/bRijiGPhNz+Lw95rbrx
ITnP7RxyqbHnOz4QIEh3s1PKWFH/HxD0vRSyLkS3mtoOnq0fWXL82Yx80h+1rpZc
Y6zNVUF0d/xHkkAtaeZX2b0K+fthxHhdB1Ok0XarjcluIB21XsWhv1lVKI86+1xy
8yFMnmJfbF5QZyK6I9SY0XlvkDHkpoOXE07w+3bKldJlPc3gM+dsr6GtjQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFPf2/6/MlMGHeBhnmSnfnP1GkofsMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvOV9iX3I4eVV3WWQ0R0dlWktkLWNfVWFTaC13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCVmiAAwQC
WSuIMA8EAgACMAkDBwAqBbaAAAYwDQYJKoZIhvcNAQELBQADggEBAHDAeVuCNoWU
qZHY+B6mDhidKgyRLS1hrZt4giNrwq1ljEY64Pf2E/mnFE0FWjE8W0oN2pkcTWXR
O6tlb9b+gPV1HkaGwnTG/vd3cmHMXLoWdHIeXnU9v9nTOX+oVc9u/jUt02xpWKJ8
Rf9D13Do+EH3nb0rn6w6vsT6Ovosppe+8oih5KcHNVu61VF0ytHFT4zlxGMulNpz
bhENAiCdAi2tbsWi8PCk5yV9rikgq6G08BFyZJZSXwG2hCwS+UgHa90Tn974ZaOs
kyIlLQlcLox1fhVohAJXPVvWjXNARokwTOC6/BWh1CQ/NfWBBufwtiJzQLx2DxbX
O5xXcqyGhf0=
-----END CERTIFICATE-----