Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/s9ux3PVbaXJO1emFzFEeQi-h4u0.roa
File:                     s9ux3PVbaXJO1emFzFEeQi-h4u0.roa (raw, json)
Hash identifier:          fNgfUDYYgOyoHRInFEjEYsUJ/GSkfxzDHi5M1471sao=
Subject key identifier:   B3:DB:B1:DC:F5:5B:69:72:4E:D5:E9:85:CC:51:1E:42:2F:A1:E2:ED
Certificate issuer:       /CN=7bab6c11d41162db0306858f83e5e65121132a6b
Certificate serial:       018CC2DB5C56740188876FC55F8FF0ADDD92
Authority key identifier: 7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/s9ux3PVbaXJO1emFzFEeQi-h4u0.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64473
IP address blocks:        107.150.174.0/24 maxlen: 24
                          2a07:22c0:c100::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5c:56:74:01:88:87:6f:c5:5f:8f:f0:ad:dd:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bab6c11d41162db0306858f83e5e65121132a6b
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3dbb1dcf55b69724ed5e985cc511e422fa1e2ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:96:0a:c2:88:84:70:e5:15:fd:84:fc:20:d2:
                    fe:68:d1:a3:19:48:23:0d:41:22:ab:77:96:c3:c1:
                    dd:71:0f:4c:63:7f:6d:a3:bd:19:35:78:89:12:ce:
                    6d:a7:46:69:77:ac:21:ee:56:9e:47:80:4e:f0:18:
                    b9:c0:3b:80:61:93:45:00:25:39:7e:56:11:d2:7e:
                    04:6f:d1:d9:59:f5:b0:3d:2a:c3:b7:56:94:da:01:
                    dc:78:28:c3:99:b6:8a:d2:2e:42:68:d2:2a:83:81:
                    33:ea:e7:7d:3a:56:7d:40:cd:fa:9a:78:50:5e:04:
                    8e:8b:fb:a5:47:d3:40:97:0b:d8:0c:e8:f7:e9:7f:
                    4b:d8:0d:17:8a:0d:d6:f0:69:d1:41:25:1c:0c:d4:
                    fa:51:4a:e2:58:a6:64:a7:44:a3:68:7a:10:99:ff:
                    9b:af:b7:1d:2a:8f:61:c8:4a:e9:ab:4d:a3:9a:c7:
                    38:f1:c5:ac:70:3a:56:13:8b:78:bf:90:86:40:9c:
                    ca:4f:99:b1:da:76:10:43:72:0f:f5:30:d4:fe:6a:
                    4f:7b:13:4d:32:b0:ee:f9:19:64:ea:84:ad:de:41:
                    bd:1d:c3:83:a4:76:22:e4:ea:87:6a:2a:97:d0:29:
                    b6:6c:83:ea:cc:4e:34:4b:5c:6e:da:80:6b:12:32:
                    12:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:DB:B1:DC:F5:5B:69:72:4E:D5:E9:85:CC:51:1E:42:2F:A1:E2:ED
            X509v3 Authority Key Identifier:
                keyid:7B:AB:6C:11:D4:11:62:DB:03:06:85:8F:83:E5:E6:51:21:13:2A:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6tsEdQRYtsDBoWPg-XmUSETKms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/s9ux3PVbaXJO1emFzFEeQi-h4u0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/d334ad-5240-4daa-a050-9f5bf736720e/1/e6tsEdQRYtsDBoWPg-XmUSETKms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.174.0/24
                IPv6:
                  2a07:22c0:c100::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:13:e2:44:a2:02:10:eb:f5:1c:3e:7e:80:7f:48:23:66:71:
         53:e5:6b:2c:df:ad:de:e0:d1:b3:ee:ab:49:67:97:6b:9c:c2:
         d6:cc:07:d2:bc:8b:91:4b:aa:f9:fd:1f:51:71:15:d7:78:6f:
         f3:ea:8d:08:3b:b3:ef:e0:d5:a5:ee:9a:ff:4e:db:78:6e:b6:
         16:c9:84:3e:f7:62:5f:b4:9d:9f:d8:61:51:0d:b5:85:bc:05:
         ce:1f:93:64:1d:36:e9:6a:29:65:74:8b:1e:2d:53:20:a8:83:
         34:cf:6b:e3:f0:0b:7a:a9:d9:ac:4b:ea:80:13:c7:05:77:ef:
         a2:ef:db:52:8e:20:dd:25:0c:26:fb:94:6e:c3:ae:21:21:29:
         8b:12:aa:a2:81:ca:14:48:2a:0e:e4:1d:ba:32:c2:e4:7d:93:
         b9:6f:dd:ed:e0:33:dc:ae:95:2a:54:a8:ef:e1:92:6d:06:e7:
         ce:02:63:b6:62:81:2e:99:9b:40:66:71:71:b6:f3:a4:4d:d9:
         2b:b6:bd:57:62:44:a5:55:31:0d:d6:eb:22:82:0c:1a:b4:9e:
         0a:37:dd:58:c7:d7:ba:68:09:5d:84:0e:0a:3e:33:b0:94:b3:
         eb:d6:49:71:77:db:4d:a1:f1:1e:71:84:62:01:e8:c7:bc:ad:
         e7:c3:d8:26
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC21xWdAGIh2/FX4/wrd2SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYWI2YzExZDQxMTYyZGIwMzA2ODU4ZjgzZTVlNjUxMjEx
MzJhNmIwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2RiYjFkY2Y1NWI2OTcyNGVkNWU5ODVjYzUxMWU0MjJmYTFlMmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5YKwoiEcOUV/YT8INL+aNGjGUgj
DUEiq3eWw8HdcQ9MY39to70ZNXiJEs5tp0Zpd6wh7laeR4BO8Bi5wDuAYZNFACU5
flYR0n4Eb9HZWfWwPSrDt1aU2gHceCjDmbaK0i5CaNIqg4Ez6ud9OlZ9QM36mnhQ
XgSOi/ulR9NAlwvYDOj36X9L2A0Xig3W8GnRQSUcDNT6UUriWKZkp0SjaHoQmf+b
r7cdKo9hyErpq02jmsc48cWscDpWE4t4v5CGQJzKT5mx2nYQQ3IP9TDU/mpPexNN
MrDu+Rlk6oSt3kG9HcODpHYi5OqHaiqX0Cm2bIPqzE40S1xu2oBrEjISvQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLPbsdz1W2lyTtXphcxRHkIvoeLtMB8GA1UdIwQY
MBaAFHurbBHUEWLbAwaFj4Pl5lEhEyprMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAt
OWY1YmY3MzY3MjBlLzEvczl1eDNQVmJhWEpPMWVtRnpGRWVRaS1oNHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9kMzM0YWQtNTI0MC00ZGFhLWEwNTAtOWY1YmY3MzY3MjBl
LzEvZTZ0c0VkUVJZdHNEQm9XUGctWG1VU0VUS21zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAa5auMA4E
AgACMAgDBgAqByLAwTANBgkqhkiG9w0BAQsFAAOCAQEAURPiRKICEOv1HD5+gH9I
I2ZxU+VrLN+t3uDRs+6rSWeXa5zC1swH0ryLkUuq+f0fUXEV13hv8+qNCDuz7+DV
pe6a/07beG62FsmEPvdiX7Sdn9hhUQ21hbwFzh+TZB026WopZXSLHi1TIKiDNM9r
4/ALeqnZrEvqgBPHBXfvou/bUo4g3SUMJvuUbsOuISEpixKqooHKFEgqDuQdujLC
5H2TuW/d7eAz3K6VKlSo7+GSbQbnzgJjtmKBLpmbQGZxcbbzpE3ZK7a9V2JEpVUx
DdbrIoIMGrSeCjfdWMfXumgJXYQOCj4zsJSz69ZJcXfbTaHxHnGEYgHox7yt58PY
Jg==
-----END CERTIFICATE-----