Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/hjrSltlWrEXXklnE9g2-jIdWO7I.roa
File:                     hjrSltlWrEXXklnE9g2-jIdWO7I.roa (raw, json)
Hash identifier:          Wv9OP7B4BptS6ifPYDBIaO02YV3o6jIUQBm/6a1sOIM=
Subject key identifier:   86:3A:D2:96:D9:56:AC:45:D7:92:59:C4:F6:0D:BE:8C:87:56:3B:B2
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       018CC86F67C2034F94311663482D8CEC3AF2
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/hjrSltlWrEXXklnE9g2-jIdWO7I.roa
Signing time:             Tue 02 Jan 2024 04:29:53 +0000
ROA not before:           Tue 02 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25178
IP address blocks:        212.9.96.0/19 maxlen: 24
                          2a02:2b90::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:67:c2:03:4f:94:31:16:63:48:2d:8c:ec:3a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jan  2 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=863ad296d956ac45d79259c4f60dbe8c87563bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:28:48:09:5e:ed:84:2b:52:80:9d:a1:70:7c:
                    64:20:66:71:04:4a:76:b7:06:e6:56:9a:6a:e5:01:
                    09:55:ac:f4:82:a1:cb:0d:69:88:38:f6:a3:f3:56:
                    d5:3d:5c:f9:e0:00:a8:0b:03:da:a9:ef:ca:01:22:
                    05:83:54:9a:b1:e7:3d:44:cf:24:ca:57:58:26:97:
                    64:eb:a3:52:f8:18:2b:cb:25:26:18:ad:9b:41:89:
                    6f:21:56:81:89:78:81:e3:4a:f8:d3:10:c1:c4:76:
                    83:9b:02:63:f0:6b:a3:da:e2:05:6d:17:c8:d5:1f:
                    96:84:a4:d2:6f:bc:f9:e9:56:54:56:aa:98:8e:af:
                    57:fb:25:db:17:ae:46:94:67:5e:38:c2:a8:60:ce:
                    27:e6:e8:c5:4e:25:55:38:1e:73:91:b0:81:5a:54:
                    6f:fd:8d:fa:36:da:99:d0:3f:37:48:d5:84:44:57:
                    25:cf:98:41:9c:b6:c8:10:dc:3c:19:ae:64:56:22:
                    92:2a:00:a8:af:a4:a3:b8:39:85:59:c9:30:0f:d3:
                    93:21:c3:ac:cb:d2:ea:d1:98:11:42:59:78:fa:c8:
                    3b:d6:e1:df:82:e3:7b:86:4e:88:d5:20:ae:49:d7:
                    55:72:5f:df:b2:fa:9e:37:54:a6:28:35:d2:68:4d:
                    30:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:3A:D2:96:D9:56:AC:45:D7:92:59:C4:F6:0D:BE:8C:87:56:3B:B2
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/hjrSltlWrEXXklnE9g2-jIdWO7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.9.96.0/19
                IPv6:
                  2a02:2b90::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:c4:d5:1c:9f:d1:27:b3:d0:da:9c:42:0e:9f:fa:11:5f:22:
         a5:9b:28:cd:8d:82:67:83:ac:c4:02:a1:fb:58:ec:a3:43:31:
         63:88:69:fb:91:5a:a6:ba:86:49:46:d7:8e:c0:97:ac:69:93:
         32:3f:37:e0:c8:b3:ac:f3:e4:7a:be:3f:e4:b8:04:61:9f:8f:
         d6:e9:07:93:9e:c7:68:12:c7:3d:ef:e1:66:5f:07:71:1d:1d:
         fe:95:f9:ba:e6:a3:56:2d:bb:d1:e5:0c:cf:b6:67:79:3f:24:
         3d:b4:5e:fc:79:cd:ee:11:54:16:d8:0a:1d:3d:b6:6c:03:b1:
         1c:a9:e3:41:34:fc:4b:6b:3c:88:09:3b:29:d2:f2:a8:97:19:
         a4:1f:1b:a7:3b:b6:9d:06:49:b4:3d:3b:1e:b4:46:bc:1a:da:
         ee:57:02:c6:7b:5b:1b:8d:68:82:d5:f6:54:8d:73:80:e7:aa:
         38:f2:1b:d9:dd:13:b6:90:25:42:a6:c1:01:7d:82:58:4b:86:
         42:00:d7:9f:89:92:a7:b8:c5:25:79:ff:c9:66:e7:9d:81:c1:
         7d:28:92:e5:ba:f3:c6:19:40:12:75:ef:45:2b:ec:2a:a8:60:
         92:1c:44:f3:45:4e:1a:cf:4e:ac:af:98:1e:72:60:85:66:ca:
         54:86:c1:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb2fCA0+UMRZjSC2M7DryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjQwMTAyMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjNhZDI5NmQ5NTZhYzQ1ZDc5MjU5YzRmNjBkYmU4Yzg3NTYzYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvChICV7thCtSgJ2hcHxkIGZxBEp2
twbmVppq5QEJVaz0gqHLDWmIOPaj81bVPVz54ACoCwPaqe/KASIFg1Sasec9RM8k
yldYJpdk66NS+BgryyUmGK2bQYlvIVaBiXiB40r40xDBxHaDmwJj8Guj2uIFbRfI
1R+WhKTSb7z56VZUVqqYjq9X+yXbF65GlGdeOMKoYM4n5ujFTiVVOB5zkbCBWlRv
/Y36NtqZ0D83SNWERFclz5hBnLbIENw8Ga5kViKSKgCor6SjuDmFWckwD9OTIcOs
y9Lq0ZgRQll4+sg71uHfguN7hk6I1SCuSddVcl/fsvqeN1SmKDXSaE0wkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIY60pbZVqxF15JZxPYNvoyHVjuyMB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvaGpyU2x0bFdyRVhYa2xuRTlnMi1qSWRXTzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1AlgMA0E
AgACMAcDBQMqAiuQMA0GCSqGSIb3DQEBCwUAA4IBAQANxNUcn9Ens9DanEIOn/oR
XyKlmyjNjYJng6zEAqH7WOyjQzFjiGn7kVqmuoZJRteOwJesaZMyPzfgyLOs8+R6
vj/kuARhn4/W6QeTnsdoEsc97+FmXwdxHR3+lfm65qNWLbvR5QzPtmd5PyQ9tF78
ec3uEVQW2AodPbZsA7EcqeNBNPxLazyICTsp0vKolxmkHxunO7adBkm0PTsetEa8
GtruVwLGe1sbjWiC1fZUjXOA56o48hvZ3RO2kCVCpsEBfYJYS4ZCANefiZKnuMUl
ef/JZuedgcF9KJLluvPGGUASde9FK+wqqGCSHETzRU4az06sr5gecmCFZspUhsGL
-----END CERTIFICATE-----