Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/0e5aa2-8409-47a0-b479-f48aa2e754e5/1/9ndbFwNA9GEsei_Fs84w5vZNkA0.roa
File:                     9ndbFwNA9GEsei_Fs84w5vZNkA0.roa (raw, json)
Hash identifier:          NYQN7O4R5UrOhSZvKtONavR0VbYZqifRIoIDb4kywgs=
Subject key identifier:   F6:77:5B:17:03:40:F4:61:2C:7A:2F:C5:B3:CE:30:E6:F6:4D:90:0D
Certificate issuer:       /CN=b5160326be7e5cdc35b5c036441163cd25a4974d
Certificate serial:       018CC7269928323439BD5877846016D11D22
Authority key identifier: B5:16:03:26:BE:7E:5C:DC:35:B5:C0:36:44:11:63:CD:25:A4:97:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tRYDJr5-XNw1tcA2RBFjzSWkl00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/0e5aa2-8409-47a0-b479-f48aa2e754e5/1/9ndbFwNA9GEsei_Fs84w5vZNkA0.roa
Signing time:             Mon 01 Jan 2024 22:30:44 +0000
ROA not before:           Mon 01 Jan 2024 22:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206374
IP address blocks:        185.188.132.0/24 maxlen: 24
                          185.188.133.0/24 maxlen: 24
                          2a0b:c480::/32 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/0e5aa2-8409-47a0-b479-f48aa2e754e5/1/tRYDJr5-XNw1tcA2RBFjzSWkl00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/0e5aa2-8409-47a0-b479-f48aa2e754e5/1/tRYDJr5-XNw1tcA2RBFjzSWkl00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tRYDJr5-XNw1tcA2RBFjzSWkl00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:99:28:32:34:39:bd:58:77:84:60:16:d1:1d:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5160326be7e5cdc35b5c036441163cd25a4974d
        Validity
            Not Before: Jan  1 22:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6775b170340f4612c7a2fc5b3ce30e6f64d900d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:53:86:ce:b9:ad:00:07:6c:20:87:d0:35:44:
                    d7:f6:3d:5d:5e:42:0a:bd:72:a7:b0:9c:a3:71:a8:
                    27:39:1d:d5:ee:9f:48:4a:09:92:3e:b6:de:a6:08:
                    b7:61:77:e3:12:80:96:04:ea:4d:48:b7:0a:6c:8c:
                    11:f1:33:85:14:0f:69:a9:47:84:94:0e:f6:a2:c0:
                    b1:5a:6a:d1:87:1a:5a:3a:0b:b8:25:85:41:43:66:
                    34:ae:6a:43:9f:79:01:c2:02:b1:ec:a4:53:8c:46:
                    25:0b:72:b3:e6:2d:f3:d8:c3:53:a2:d8:2d:fe:c1:
                    76:d6:a8:17:1d:21:e3:5e:7c:3b:e6:ec:6c:6e:b7:
                    84:3e:19:ff:21:c7:6c:83:58:75:53:47:05:0c:0e:
                    8d:e4:f8:84:06:50:bc:7a:ec:39:b5:3d:b4:e9:af:
                    9f:ac:75:37:de:22:44:e3:20:ce:2f:57:73:f8:ed:
                    ae:60:f2:a6:e4:24:fe:7a:5a:4b:10:e9:a8:1f:d7:
                    51:b5:3e:29:14:b8:3d:df:7c:d3:64:45:dc:09:3a:
                    9a:d0:c3:2d:34:08:d3:43:d8:a5:98:de:a6:82:ef:
                    7c:07:82:bd:e0:8b:fb:01:1a:2e:7b:b8:17:4b:05:
                    79:14:82:5b:63:6b:2b:cf:f3:9c:94:7a:68:f1:64:
                    df:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:77:5B:17:03:40:F4:61:2C:7A:2F:C5:B3:CE:30:E6:F6:4D:90:0D
            X509v3 Authority Key Identifier:
                keyid:B5:16:03:26:BE:7E:5C:DC:35:B5:C0:36:44:11:63:CD:25:A4:97:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tRYDJr5-XNw1tcA2RBFjzSWkl00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e5aa2-8409-47a0-b479-f48aa2e754e5/1/9ndbFwNA9GEsei_Fs84w5vZNkA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/0e5aa2-8409-47a0-b479-f48aa2e754e5/1/tRYDJr5-XNw1tcA2RBFjzSWkl00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.132.0/23
                IPv6:
                  2a0b:c480::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:c7:98:2a:67:c7:40:6a:37:b0:d8:24:8c:d2:35:46:08:c8:
         6b:4a:b1:be:2b:98:de:ee:98:cd:d7:fa:d1:74:c4:f9:f4:dd:
         e7:c2:f4:3f:3a:46:ce:80:3f:5c:f8:d4:83:11:38:63:96:6b:
         99:14:80:2e:e2:c4:bf:1e:b5:3f:dc:4c:b9:06:d4:31:0a:08:
         3c:72:5f:a2:6a:32:e9:d3:d5:9e:2a:ca:90:29:1f:ad:ab:82:
         f6:1b:b8:ec:b1:19:ab:8b:91:85:6a:dd:c8:59:db:7e:4d:51:
         66:60:3a:a0:0b:5e:ae:24:34:2b:f3:80:32:18:03:26:c8:64:
         82:a3:22:f5:6b:16:fc:8d:c6:2e:bc:d1:97:2c:cd:ca:31:92:
         ca:34:31:ac:36:e2:f5:06:5a:52:cb:c4:8b:c8:73:7e:22:41:
         48:a9:01:b2:e3:9f:20:ad:aa:df:b3:f1:66:c3:54:04:d3:49:
         50:e9:f7:d4:f2:51:6b:4a:27:13:8e:31:7e:0d:10:48:ae:85:
         8c:87:b8:5d:ce:c0:5c:d8:c5:c4:33:ad:7b:66:c8:d3:8b:f1:
         9c:b3:e9:7c:d0:d6:d0:d3:ae:d9:5d:3c:9b:f9:0b:5a:d1:af:
         ec:4d:20:50:20:30:b5:26:55:cf:cc:b6:d3:41:29:d4:43:57:
         b8:57:a6:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJpkoMjQ5vVh3hGAW0R0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MTYwMzI2YmU3ZTVjZGMzNWI1YzAzNjQ0MTE2M2NkMjVh
NDk3NGQwHhcNMjQwMTAxMjIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjc3NWIxNzAzNDBmNDYxMmM3YTJmYzViM2NlMzBlNmY2NGQ5MDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFOGzrmtAAdsIIfQNUTX9j1dXkIK
vXKnsJyjcagnOR3V7p9ISgmSPrbepgi3YXfjEoCWBOpNSLcKbIwR8TOFFA9pqUeE
lA72osCxWmrRhxpaOgu4JYVBQ2Y0rmpDn3kBwgKx7KRTjEYlC3Kz5i3z2MNTotgt
/sF21qgXHSHjXnw75uxsbreEPhn/Icdsg1h1U0cFDA6N5PiEBlC8euw5tT206a+f
rHU33iJE4yDOL1dz+O2uYPKm5CT+elpLEOmoH9dRtT4pFLg933zTZEXcCTqa0MMt
NAjTQ9ilmN6mgu98B4K94Iv7ARoue7gXSwV5FIJbY2srz/OclHpo8WTfWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPZ3WxcDQPRhLHovxbPOMOb2TZANMB8GA1UdIwQY
MBaAFLUWAya+flzcNbXANkQRY80lpJdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFJZREpyNS1YTncxdGNBMlJCRmp6U1drbDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8wZTVhYTItODQwOS00N2EwLWI0Nzkt
ZjQ4YWEyZTc1NGU1LzEvOW5kYkZ3TkE5R0VzZWlfRnM4NHc1dlpOa0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8wZTVhYTItODQwOS00N2EwLWI0NzktZjQ4YWEyZTc1NGU1
LzEvdFJZREpyNS1YTncxdGNBMlJCRmp6U1drbDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBubyEMA0E
AgACMAcDBQAqC8SAMA0GCSqGSIb3DQEBCwUAA4IBAQCgx5gqZ8dAajew2CSM0jVG
CMhrSrG+K5je7pjN1/rRdMT59N3nwvQ/OkbOgD9c+NSDEThjlmuZFIAu4sS/HrU/
3Ey5BtQxCgg8cl+iajLp09WeKsqQKR+tq4L2G7jssRmri5GFat3IWdt+TVFmYDqg
C16uJDQr84AyGAMmyGSCoyL1axb8jcYuvNGXLM3KMZLKNDGsNuL1BlpSy8SLyHN+
IkFIqQGy458grarfs/Fmw1QE00lQ6ffU8lFrSicTjjF+DRBIroWMh7hdzsBc2MXE
M617ZsjTi/Gcs+l80NbQ067ZXTyb+Qta0a/sTSBQIDC1JlXPzLbTQSnUQ1e4V6Zt
-----END CERTIFICATE-----