Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/340dcd-3aee-4012-9233-c15532baff7d/1/9w0lb0aBCmFgzvHTLGlLpELlq2E.roa
File:                     9w0lb0aBCmFgzvHTLGlLpELlq2E.roa (raw, json)
Hash identifier:          mLVc7MJqUTf9FrGNMZltDbI10/XzPYG7fYmqDtWG2rg=
Subject key identifier:   F7:0D:25:6F:46:81:0A:61:60:CE:F1:D3:2C:69:4B:A4:42:E5:AB:61
Certificate issuer:       /CN=be550b8eff90cccee9f8d3134b6438996b7d27cd
Certificate serial:       018E2847FC58919AA9326060DF111C3CC829
Authority key identifier: BE:55:0B:8E:FF:90:CC:CE:E9:F8:D3:13:4B:64:38:99:6B:7D:27:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vlULjv-QzM7p-NMTS2Q4mWt9J80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/340dcd-3aee-4012-9233-c15532baff7d/1/9w0lb0aBCmFgzvHTLGlLpELlq2E.roa
Signing time:             Sun 10 Mar 2024 12:13:10 +0000
ROA not before:           Sun 10 Mar 2024 12:13:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211521
IP address blocks:        96.9.145.0/24 maxlen: 24
                          2a0a:c743:1::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/340dcd-3aee-4012-9233-c15532baff7d/1/vlULjv-QzM7p-NMTS2Q4mWt9J80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/340dcd-3aee-4012-9233-c15532baff7d/1/vlULjv-QzM7p-NMTS2Q4mWt9J80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vlULjv-QzM7p-NMTS2Q4mWt9J80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 03:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:28:47:fc:58:91:9a:a9:32:60:60:df:11:1c:3c:c8:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be550b8eff90cccee9f8d3134b6438996b7d27cd
        Validity
            Not Before: Mar 10 12:13:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f70d256f46810a6160cef1d32c694ba442e5ab61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:de:74:cb:ba:ee:e0:40:0d:7d:bc:d2:4a:b8:
                    80:22:e0:b8:67:29:e5:3b:7d:94:91:3f:ed:67:43:
                    b7:47:8b:ff:33:19:8b:be:b7:ea:08:c6:43:da:f4:
                    fa:52:73:1d:d1:7e:9f:68:a6:6d:b2:aa:f7:de:1d:
                    f5:95:c2:45:78:c4:45:02:7b:15:db:34:c3:c7:47:
                    44:15:f6:f2:e9:70:fc:ff:04:29:3d:3d:f8:1c:e0:
                    9f:60:5a:9e:a2:fa:44:b5:2b:e4:4a:5d:fd:f4:35:
                    0e:53:8c:63:9f:1e:9f:1b:02:5e:9f:0b:b3:f5:6c:
                    02:02:2e:9e:32:2f:44:7a:67:b7:2e:39:d7:7a:b1:
                    40:b6:c4:4c:07:1a:89:a1:e6:51:72:65:94:56:7e:
                    c8:0b:6d:c3:90:fb:bb:41:ad:f2:de:75:27:92:b9:
                    8f:f1:5c:84:85:e7:9d:d7:86:a6:89:47:f1:48:a9:
                    98:23:16:bb:74:68:7c:88:af:8b:b4:28:17:b0:ac:
                    6f:c7:44:70:ad:7e:35:4c:de:c0:8d:40:e0:b5:58:
                    cb:67:e7:ab:76:fd:f5:5e:2c:bc:db:9b:0c:01:31:
                    b0:67:f9:33:b4:b0:8d:fa:ef:af:cf:16:14:50:c1:
                    fa:70:4e:b7:0a:46:6c:69:b4:e6:31:d1:cf:af:05:
                    c5:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:0D:25:6F:46:81:0A:61:60:CE:F1:D3:2C:69:4B:A4:42:E5:AB:61
            X509v3 Authority Key Identifier:
                keyid:BE:55:0B:8E:FF:90:CC:CE:E9:F8:D3:13:4B:64:38:99:6B:7D:27:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vlULjv-QzM7p-NMTS2Q4mWt9J80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/340dcd-3aee-4012-9233-c15532baff7d/1/9w0lb0aBCmFgzvHTLGlLpELlq2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/340dcd-3aee-4012-9233-c15532baff7d/1/vlULjv-QzM7p-NMTS2Q4mWt9J80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.9.145.0/24
                IPv6:
                  2a0a:c743:1::/64

    Signature Algorithm: sha256WithRSAEncryption
         86:1d:a8:d4:ca:e8:5a:68:41:a3:a8:32:fc:5c:1c:20:96:34:
         b6:53:76:eb:fc:8e:57:67:64:b4:54:3c:2c:83:4a:c7:39:71:
         3e:7e:4c:ef:d2:bb:35:58:23:82:44:ad:7f:98:f6:0a:9e:c5:
         f0:c6:91:bb:77:92:0b:20:12:42:82:c9:e0:c9:d4:b0:e6:93:
         4b:92:bf:b0:0a:87:a5:0e:8c:75:7b:4c:99:2e:7a:50:2f:0e:
         99:04:a6:eb:31:8c:f9:69:d8:91:7f:5a:b9:06:15:91:26:df:
         fa:51:25:48:48:1c:63:aa:99:58:7a:db:79:90:16:fd:bb:de:
         5f:d3:11:46:e1:8e:73:3a:d1:d1:76:1b:f2:77:0d:6c:49:f2:
         41:a0:29:a2:db:4c:6d:08:80:5b:0e:fe:cc:39:db:ce:0e:9e:
         61:38:85:8b:56:14:08:5a:01:be:a6:01:48:2e:87:3e:57:b9:
         cc:f1:0d:fb:2b:84:2d:ea:b4:c2:b8:cf:92:6d:87:b0:14:53:
         80:e2:e1:61:dc:e5:90:cf:93:7a:6a:78:4e:af:dc:f9:18:2b:
         74:a0:f1:f4:b5:46:0f:4f:53:4c:5a:9d:4d:61:b8:24:3d:54:
         bf:53:34:00:d7:d6:c0:7e:1d:bb:ef:6d:4d:06:54:d5:88:7a:
         2e:cc:d9:fe
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAY4oR/xYkZqpMmBg3xEcPMgpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlNTUwYjhlZmY5MGNjY2VlOWY4ZDMxMzRiNjQzODk5NmI3
ZDI3Y2QwHhcNMjQwMzEwMTIxMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzBkMjU2ZjQ2ODEwYTYxNjBjZWYxZDMyYzY5NGJhNDQyZTVhYjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhd50y7ru4EANfbzSSriAIuC4Zynl
O32UkT/tZ0O3R4v/MxmLvrfqCMZD2vT6UnMd0X6faKZtsqr33h31lcJFeMRFAnsV
2zTDx0dEFfby6XD8/wQpPT34HOCfYFqeovpEtSvkSl399DUOU4xjnx6fGwJenwuz
9WwCAi6eMi9Eeme3LjnXerFAtsRMBxqJoeZRcmWUVn7IC23DkPu7Qa3y3nUnkrmP
8VyEheed14amiUfxSKmYIxa7dGh8iK+LtCgXsKxvx0RwrX41TN7AjUDgtVjLZ+er
dv31Xiy825sMATGwZ/kztLCN+u+vzxYUUMH6cE63CkZsabTmMdHPrwXFhQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPcNJW9GgQphYM7x0yxpS6RC5athMB8GA1UdIwQY
MBaAFL5VC47/kMzO6fjTE0tkOJlrfSfNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmxVTGp2LVF6TTdwLU5NVFMyUTRtV3Q5SjgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8zNDBkY2QtM2FlZS00MDEyLTkyMzMt
YzE1NTMyYmFmZjdkLzEvOXcwbGIwYUJDbUZnenZIVExHbExwRUxscTJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8zNDBkY2QtM2FlZS00MDEyLTkyMzMtYzE1NTMyYmFmZjdk
LzEvdmxVTGp2LVF6TTdwLU5NVFMyUTRtV3Q5SjgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAMBAIAATAGAwQAYAmRMBEE
AgACMAsDCQAqCsdDAAEAADANBgkqhkiG9w0BAQsFAAOCAQEAhh2o1MroWmhBo6gy
/FwcIJY0tlN26/yOV2dktFQ8LINKxzlxPn5M79K7NVgjgkStf5j2Cp7F8MaRu3eS
CyASQoLJ4MnUsOaTS5K/sAqHpQ6MdXtMmS56UC8OmQSm6zGM+WnYkX9auQYVkSbf
+lElSEgcY6qZWHrbeZAW/bveX9MRRuGOczrR0XYb8ncNbEnyQaApottMbQiAWw7+
zDnbzg6eYTiFi1YUCFoBvqYBSC6HPle5zPEN+yuELeq0wrjPkm2HsBRTgOLhYdzl
kM+Temp4Tq/c+RgrdKDx9LVGD09TTFqdTWG4JD1Uv1M0ANfWwH4du+9tTQZU1Yh6
LszZ/g==
-----END CERTIFICATE-----