Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/l9pKJY6stuukmOs2_QmAQEOFyQU.roa
File:                     l9pKJY6stuukmOs2_QmAQEOFyQU.roa (raw, json)
Hash identifier:          uMhs27OLoICjKDNvb/g/qeYz9mqwc+vC6QUvArEvbfY=
Subject key identifier:   97:DA:4A:25:8E:AC:B6:EB:A4:98:EB:36:FD:09:80:40:43:85:C9:05
Certificate issuer:       /CN=a98cfb9b5f445fd2f6ccfa179c37c53449b2af06
Certificate serial:       018EBDA295B4EDF0CE56CB698AD264D3C440
Authority key identifier: A9:8C:FB:9B:5F:44:5F:D2:F6:CC:FA:17:9C:37:C5:34:49:B2:AF:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qYz7m19EX9L2zPoXnDfFNEmyrwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/l9pKJY6stuukmOs2_QmAQEOFyQU.roa
Signing time:             Mon 08 Apr 2024 12:15:32 +0000
ROA not before:           Mon 08 Apr 2024 12:15:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210498
IP address blocks:        185.140.239.0/24 maxlen: 24
                          2a05:37c7::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/qYz7m19EX9L2zPoXnDfFNEmyrwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/qYz7m19EX9L2zPoXnDfFNEmyrwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qYz7m19EX9L2zPoXnDfFNEmyrwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 21:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:a2:95:b4:ed:f0:ce:56:cb:69:8a:d2:64:d3:c4:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a98cfb9b5f445fd2f6ccfa179c37c53449b2af06
        Validity
            Not Before: Apr  8 12:15:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97da4a258eacb6eba498eb36fd0980404385c905
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:99:d9:09:51:ae:f9:19:b8:b6:42:b4:a9:da:
                    27:8e:60:5c:39:20:e7:0f:fe:d0:c6:a3:11:61:10:
                    3a:73:d7:0d:de:c0:bb:7a:71:09:9c:ef:f1:de:7b:
                    c9:32:b0:b3:36:2a:37:82:52:44:57:53:7c:e0:48:
                    2b:3e:a8:f1:55:2a:a6:f5:73:30:b3:49:b0:d2:8c:
                    33:bb:ca:70:15:7b:fb:a9:58:ea:68:ea:85:29:ff:
                    a7:b3:a9:2d:61:55:1e:0b:42:e2:c9:4a:38:53:64:
                    a0:f4:d8:1b:30:ed:05:53:bb:f3:ec:07:22:c5:c7:
                    2a:52:85:6c:bc:02:b9:5c:dc:03:be:0b:5f:f9:84:
                    76:69:62:d3:0d:51:3e:d2:2c:be:40:cb:31:52:d0:
                    55:64:f2:05:e1:1d:16:9b:25:ba:66:e8:f5:9d:73:
                    ff:3f:55:46:99:51:3f:f2:d5:06:e7:79:b7:66:84:
                    f1:0d:51:8f:54:52:5f:d7:88:5d:3f:08:68:40:0d:
                    4c:dd:f4:00:d2:5d:89:6d:a9:48:3d:df:01:8e:85:
                    e9:45:9b:cb:ce:62:a5:97:f9:c3:7f:63:e5:44:6b:
                    e6:1e:0d:db:11:2f:be:d3:2b:35:17:5f:97:10:5c:
                    94:92:34:ca:8a:09:4e:3d:a2:f6:4d:14:25:b1:45:
                    13:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:DA:4A:25:8E:AC:B6:EB:A4:98:EB:36:FD:09:80:40:43:85:C9:05
            X509v3 Authority Key Identifier:
                keyid:A9:8C:FB:9B:5F:44:5F:D2:F6:CC:FA:17:9C:37:C5:34:49:B2:AF:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYz7m19EX9L2zPoXnDfFNEmyrwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/l9pKJY6stuukmOs2_QmAQEOFyQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/df8551-3f9f-44b2-b7e4-886593f7dce0/1/qYz7m19EX9L2zPoXnDfFNEmyrwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.239.0/24
                IPv6:
                  2a05:37c7::/40

    Signature Algorithm: sha256WithRSAEncryption
         77:07:b9:30:d6:80:61:88:0f:67:3f:f4:c4:9d:eb:a6:79:f2:
         fa:68:1d:da:ac:f8:cb:8e:13:ee:03:d9:0d:30:5a:34:a6:4c:
         b1:8a:05:4e:97:ed:30:18:5a:39:24:28:e7:1c:44:4d:90:65:
         2b:df:cd:40:67:0c:29:d2:3f:79:32:2f:74:d4:34:bf:de:6c:
         70:e2:11:a4:02:04:54:66:ab:e6:d0:25:d0:35:38:ef:6a:d0:
         53:fa:94:68:6c:7e:20:18:c1:04:d5:50:34:d3:c2:e4:26:f6:
         e7:4b:62:ea:db:ea:fa:af:63:ea:de:d6:e3:6a:99:7c:95:3d:
         56:f0:93:6f:15:7e:6d:2f:b9:af:f7:37:d8:97:59:1b:85:91:
         0b:9f:e2:28:22:b9:ee:39:a1:c0:5e:86:26:7f:60:80:a8:5e:
         7a:8a:69:05:3c:17:09:89:35:9b:f6:5a:bb:ce:ba:56:47:49:
         44:38:51:e0:58:96:cb:1c:39:ef:25:0a:78:fe:0b:4d:80:28:
         0d:0d:05:5f:81:a3:ec:68:b5:f0:50:67:2f:d7:b1:80:5a:ff:
         a6:f5:e2:47:b3:01:3d:c4:ee:0e:b9:31:f6:b1:e8:99:bc:c8:
         31:04:d7:e4:f6:e9:81:6e:23:f9:49:79:16:1e:b5:ac:e2:77:
         4d:aa:e8:87
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAY69opW07fDOVstpitJk08RAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5OGNmYjliNWY0NDVmZDJmNmNjZmExNzljMzdjNTM0NDli
MmFmMDYwHhcNMjQwNDA4MTIxNTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2RhNGEyNThlYWNiNmViYTQ5OGViMzZmZDA5ODA0MDQzODVjOTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8pnZCVGu+Rm4tkK0qdonjmBcOSDn
D/7QxqMRYRA6c9cN3sC7enEJnO/x3nvJMrCzNio3glJEV1N84EgrPqjxVSqm9XMw
s0mw0owzu8pwFXv7qVjqaOqFKf+ns6ktYVUeC0LiyUo4U2Sg9NgbMO0FU7vz7Aci
xccqUoVsvAK5XNwDvgtf+YR2aWLTDVE+0iy+QMsxUtBVZPIF4R0WmyW6Zuj1nXP/
P1VGmVE/8tUG53m3ZoTxDVGPVFJf14hdPwhoQA1M3fQA0l2JbalIPd8BjoXpRZvL
zmKll/nDf2PlRGvmHg3bES++0ys1F1+XEFyUkjTKiglOPaL2TRQlsUUT7wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFJfaSiWOrLbrpJjrNv0JgEBDhckFMB8GA1UdIwQY
MBaAFKmM+5tfRF/S9sz6F5w3xTRJsq8GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVl6N20xOUVYOUwyelBvWG5EZkZORW15cndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi9kZjg1NTEtM2Y5Zi00NGIyLWI3ZTQt
ODg2NTkzZjdkY2UwLzEvbDlwS0pZNnN0dXVrbU9zMl9RbUFRRU9GeVFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi9kZjg1NTEtM2Y5Zi00NGIyLWI3ZTQtODg2NTkzZjdkY2Uw
LzEvcVl6N20xOUVYOUwyelBvWG5EZkZORW15cndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuYzvMA4E
AgACMAgDBgAqBTfHADANBgkqhkiG9w0BAQsFAAOCAQEAdwe5MNaAYYgPZz/0xJ3r
pnny+mgd2qz4y44T7gPZDTBaNKZMsYoFTpftMBhaOSQo5xxETZBlK9/NQGcMKdI/
eTIvdNQ0v95scOIRpAIEVGar5tAl0DU472rQU/qUaGx+IBjBBNVQNNPC5Cb250ti
6tvq+q9j6t7W42qZfJU9VvCTbxV+bS+5r/c32JdZG4WRC5/iKCK57jmhwF6GJn9g
gKheeoppBTwXCYk1m/Zau866VkdJRDhR4FiWyxw57yUKeP4LTYAoDQ0FX4Gj7Gi1
8FBnL9exgFr/pvXiR7MBPcTuDrkx9rHombzIMQTX5PbpgW4j+Ul5Fh61rOJ3Taro
hw==
-----END CERTIFICATE-----