Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9EwNMn7NoguP-KOT_fCfQYltk8M.roa
File:                     9EwNMn7NoguP-KOT_fCfQYltk8M.roa (raw, json)
Hash identifier:          mKwhfsJqSsmo4URnPXJs9dmUUxieumq54uaNXP9XZAY=
Subject key identifier:   F4:4C:0D:32:7E:CD:A2:0B:8F:F8:A3:93:FD:F0:9F:41:89:6D:93:C3
Certificate issuer:       /CN=f7e5647cd0b7f722bed4569f37b8bf8f92538cf5
Certificate serial:       018CF7D01EB2DDF6C885C3E244E660FBFEDA
Authority key identifier: F7:E5:64:7C:D0:B7:F7:22:BE:D4:56:9F:37:B8:BF:8F:92:53:8C:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9EwNMn7NoguP-KOT_fCfQYltk8M.roa
Signing time:             Thu 11 Jan 2024 09:17:40 +0000
ROA not before:           Thu 11 Jan 2024 09:17:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57033
IP address blocks:        193.106.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f7:d0:1e:b2:dd:f6:c8:85:c3:e2:44:e6:60:fb:fe:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7e5647cd0b7f722bed4569f37b8bf8f92538cf5
        Validity
            Not Before: Jan 11 09:17:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f44c0d327ecda20b8ff8a393fdf09f41896d93c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:24:dd:b7:ea:0d:83:22:15:de:ba:d1:67:91:
                    76:7b:60:e1:8e:61:45:b6:37:95:50:85:29:7f:23:
                    d4:76:c9:8f:64:85:c7:f7:b3:09:be:73:a7:04:99:
                    18:3a:e4:37:dc:ca:13:8c:d1:dd:3c:35:05:35:34:
                    90:c8:a8:dd:7d:be:92:8f:8e:66:0a:66:39:eb:5d:
                    00:26:22:d2:94:6f:f5:2d:58:c7:50:74:37:0e:9b:
                    a3:42:c9:f8:4a:87:ce:f9:44:08:31:36:79:07:2e:
                    ef:c3:0b:b3:ec:33:60:16:b4:75:a5:86:38:aa:ab:
                    11:17:78:69:18:ba:ff:09:ab:f4:78:c9:79:e8:77:
                    7f:cb:0f:ac:b3:d3:a0:29:c6:69:ab:ea:91:c6:12:
                    3c:d6:30:a6:96:9e:de:1b:80:37:65:72:38:e7:a0:
                    fa:bb:7a:54:ba:fc:73:8a:c9:3d:d9:aa:42:9f:5a:
                    67:ba:8d:cc:6e:6f:88:c8:b2:b0:b7:63:f4:db:26:
                    b3:63:37:ad:ec:56:c1:66:4f:c4:08:42:ce:76:fe:
                    14:a5:40:26:06:62:23:93:46:60:25:8d:4f:4e:c9:
                    a5:2c:08:e7:50:84:fd:ae:e6:6a:1a:1f:39:e6:15:
                    dd:5b:b1:17:fa:71:2e:35:a7:a5:2f:e2:20:ca:64:
                    c0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4C:0D:32:7E:CD:A2:0B:8F:F8:A3:93:FD:F0:9F:41:89:6D:93:C3
            X509v3 Authority Key Identifier:
                keyid:F7:E5:64:7C:D0:B7:F7:22:BE:D4:56:9F:37:B8:BF:8F:92:53:8C:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9-VkfNC39yK-1FafN7i_j5JTjPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9EwNMn7NoguP-KOT_fCfQYltk8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/f9082b-cba3-4fbc-ada2-df063767c3f6/1/9-VkfNC39yK-1FafN7i_j5JTjPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.106.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:eb:c9:f0:79:40:1c:8b:75:46:f2:09:c6:f1:88:d2:ea:9e:
         ad:36:34:a4:49:50:58:bc:e3:de:b3:a9:56:64:4f:38:73:1b:
         13:bf:17:f1:43:5a:4d:c6:02:6a:71:c8:86:24:cd:2f:30:a1:
         c4:93:f4:38:ce:38:82:0b:9b:62:5f:ad:21:d0:6b:3d:d3:a9:
         45:d8:e6:d1:3c:e7:19:b2:03:dc:2e:7b:71:e4:8a:73:5f:f5:
         9d:a5:f4:e3:55:06:77:30:86:6e:f8:bf:0d:fd:c1:7d:7a:03:
         c5:34:5d:5a:7f:52:a2:c4:92:5f:ca:41:bc:e6:7d:ec:52:1d:
         ac:71:d5:2f:64:18:f7:cd:0a:5c:76:38:b7:68:6b:4e:65:8b:
         6d:7e:2c:15:4c:e0:a0:79:58:f3:7d:73:e0:e3:8e:10:f7:68:
         a0:f3:8c:cf:0f:a4:f8:4a:f0:ce:e3:2b:62:37:19:db:80:64:
         d6:08:1a:e7:11:10:a9:58:7e:22:61:d3:d2:47:ae:61:e9:a7:
         27:4f:dc:20:3c:8c:4a:e6:8e:34:47:0a:aa:ee:a8:60:4e:87:
         4a:08:78:39:7c:30:21:40:1a:a2:88:cd:eb:d7:73:39:1b:75:
         7a:3b:2a:eb:fc:c7:f7:56:12:89:c3:fe:ec:e6:61:5c:44:b4:
         6a:e0:ab:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz30B6y3fbIhcPiROZg+/7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZTU2NDdjZDBiN2Y3MjJiZWQ0NTY5ZjM3YjhiZjhmOTI1
MzhjZjUwHhcNMjQwMTExMDkxNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRjMGQzMjdlY2RhMjBiOGZmOGEzOTNmZGYwOWY0MTg5NmQ5M2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyTdt+oNgyIV3rrRZ5F2e2DhjmFF
tjeVUIUpfyPUdsmPZIXH97MJvnOnBJkYOuQ33MoTjNHdPDUFNTSQyKjdfb6Sj45m
CmY5610AJiLSlG/1LVjHUHQ3DpujQsn4SofO+UQIMTZ5By7vwwuz7DNgFrR1pYY4
qqsRF3hpGLr/Cav0eMl56Hd/yw+ss9OgKcZpq+qRxhI81jCmlp7eG4A3ZXI456D6
u3pUuvxzisk92apCn1pnuo3Mbm+IyLKwt2P02yazYzet7FbBZk/ECELOdv4UpUAm
BmIjk0ZgJY1PTsmlLAjnUIT9ruZqGh855hXdW7EX+nEuNaelL+IgymTAcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRMDTJ+zaILj/ijk/3wn0GJbZPDMB8GA1UdIwQY
MBaAFPflZHzQt/civtRWnze4v4+SU4z1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOS1Wa2ZOQzM5eUstMUZhZk43aV9qNUpUalBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9mOTA4MmItY2JhMy00ZmJjLWFkYTIt
ZGYwNjM3NjdjM2Y2LzEvOUV3Tk1uN05vZ3VQLUtPVF9mQ2ZRWWx0azhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9mOTA4MmItY2JhMy00ZmJjLWFkYTItZGYwNjM3NjdjM2Y2
LzEvOS1Wa2ZOQzM5eUstMUZhZk43aV9qNUpUalBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWpCMA0G
CSqGSIb3DQEBCwUAA4IBAQCH68nweUAci3VG8gnG8YjS6p6tNjSkSVBYvOPes6lW
ZE84cxsTvxfxQ1pNxgJqcciGJM0vMKHEk/Q4zjiCC5tiX60h0Gs906lF2ObRPOcZ
sgPcLntx5IpzX/WdpfTjVQZ3MIZu+L8N/cF9egPFNF1af1KixJJfykG85n3sUh2s
cdUvZBj3zQpcdji3aGtOZYttfiwVTOCgeVjzfXPg444Q92ig84zPD6T4SvDO4yti
NxnbgGTWCBrnERCpWH4iYdPSR65h6acnT9wgPIxK5o40Rwqq7qhgTodKCHg5fDAh
QBqiiM3r13M5G3V6Oyrr/Mf3VhKJw/7s5mFcRLRq4KvM
-----END CERTIFICATE-----