Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/B9IdnEavUOWqbg89LlBdOtqSME8.roa
File:                     B9IdnEavUOWqbg89LlBdOtqSME8.roa (raw, json)
Hash identifier:          1AofKW2xzq1yv8vFWS9X0apsqX21P2ljST1p14RXRko=
Subject key identifier:   07:D2:1D:9C:46:AF:50:E5:AA:6E:0F:3D:2E:50:5D:3A:DA:92:30:4F
Certificate issuer:       /CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
Certificate serial:       018CC5012CD56A5BB12B58E40C360C656960
Authority key identifier: 8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/B9IdnEavUOWqbg89LlBdOtqSME8.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199287
IP address blocks:        80.76.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2c:d5:6a:5b:b1:2b:58:e4:0c:36:0c:65:69:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07d21d9c46af50e5aa6e0f3d2e505d3ada92304f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0f:99:ee:31:8d:5b:24:10:49:99:bd:bf:51:
                    9b:81:d9:26:74:14:db:a3:31:c9:6f:02:39:2c:06:
                    c3:d3:71:5e:5a:18:82:f7:6e:2e:df:9c:bc:16:e9:
                    41:7b:8e:92:41:66:93:c1:1e:8a:00:74:c7:ec:ff:
                    02:be:a3:0f:fa:ed:53:d9:48:55:05:5f:d6:bb:dc:
                    b8:26:9b:05:22:ba:71:1c:54:22:c2:a5:e9:4a:ed:
                    8f:36:4f:cd:74:11:c1:6c:ed:48:73:e4:af:6c:5e:
                    4b:a3:84:1f:a7:9e:b7:17:44:87:e4:99:dc:db:f2:
                    16:f3:c4:2a:cf:60:71:af:fc:0d:4a:76:1e:a7:7f:
                    75:30:a3:da:25:e0:c6:11:3f:3f:d9:34:d4:c1:1c:
                    7e:33:4f:20:51:6c:f4:83:36:dd:34:6d:68:21:f5:
                    f7:de:ba:5c:cb:ba:d2:e4:f4:4a:ed:c5:87:62:5a:
                    ab:57:f0:99:0f:59:23:b5:f8:04:6f:a6:ae:11:bd:
                    7a:ec:1b:d8:ec:62:01:70:72:8d:3e:25:9c:42:9f:
                    4f:0c:6f:76:f5:77:5a:ab:45:be:43:1a:ca:c1:10:
                    f6:08:15:31:65:6e:d8:52:01:5d:34:17:31:ea:b7:
                    fb:3b:95:57:89:76:73:30:af:9c:bf:0e:85:7b:44:
                    83:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D2:1D:9C:46:AF:50:E5:AA:6E:0F:3D:2E:50:5D:3A:DA:92:30:4F
            X509v3 Authority Key Identifier:
                keyid:8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/B9IdnEavUOWqbg89LlBdOtqSME8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.76.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:ef:cf:60:96:45:91:71:5d:f8:ab:48:0f:02:5f:3a:c0:00:
         84:8a:ff:64:7a:ed:76:7e:6a:02:39:42:a4:18:b7:8f:ec:dd:
         40:55:8e:da:5d:b8:13:d7:09:e3:0a:32:0b:e7:73:95:57:11:
         0d:e5:68:21:a9:fb:00:8e:4d:76:7f:c0:61:8f:7b:f2:38:56:
         62:43:0b:37:60:3f:eb:08:09:b9:37:9e:db:48:8e:80:30:0c:
         ad:7a:c3:75:56:89:d8:88:07:42:a4:ff:5d:08:2c:fe:73:7b:
         1d:9b:0d:97:63:b6:c0:86:b3:b0:e4:70:e5:82:89:c9:9d:1a:
         0a:51:d7:1c:42:f2:4e:bd:a9:4d:51:a0:6d:88:8a:08:cb:72:
         fe:48:a4:b9:93:9a:ac:2b:95:05:f7:48:4b:09:e6:ee:9d:e7:
         a5:42:c2:b2:14:da:76:cd:80:51:66:07:0a:84:7a:0f:eb:0a:
         25:9e:bf:47:4d:71:ed:13:a0:74:64:8e:53:4b:0f:73:7b:b4:
         d4:58:8e:0e:eb:31:46:6e:a8:2e:59:d6:71:72:b7:34:11:96:
         90:cf:8e:83:10:c9:a9:dc:de:9c:0c:4a:b5:83:5a:72:54:70:
         dc:eb:47:8b:ad:97:68:ea:97:5b:b8:5e:ec:aa:de:a3:ba:32:
         3f:69:9a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASzValuxK1jkDDYMZWlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQyNjU2MTc3YjQyNjdhYjU1ZTRiYTE2NWE1ZWMwMGY1
MDg0YmMwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QyMWQ5YzQ2YWY1MGU1YWE2ZTBmM2QyZTUwNWQzYWRhOTIzMDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhA+Z7jGNWyQQSZm9v1GbgdkmdBTb
ozHJbwI5LAbD03FeWhiC924u35y8FulBe46SQWaTwR6KAHTH7P8CvqMP+u1T2UhV
BV/Wu9y4JpsFIrpxHFQiwqXpSu2PNk/NdBHBbO1Ic+SvbF5Lo4Qfp563F0SH5Jnc
2/IW88Qqz2Bxr/wNSnYep391MKPaJeDGET8/2TTUwRx+M08gUWz0gzbdNG1oIfX3
3rpcy7rS5PRK7cWHYlqrV/CZD1kjtfgEb6auEb167BvY7GIBcHKNPiWcQp9PDG92
9Xdaq0W+QxrKwRD2CBUxZW7YUgFdNBcx6rf7O5VXiXZzMK+cvw6Fe0SD2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfSHZxGr1Dlqm4PPS5QXTrakjBPMB8GA1UdIwQY
MBaAFI2EJlYXe0Jnq1XkuhZaXsAPUIS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2Njgt
OTRjMmY4MjY5ZTljLzEvQjlJZG5FYXZVT1dxYmc4OUxsQmRPdHFTTUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2NjgtOTRjMmY4MjY5ZTlj
LzEvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUEzkMA0G
CSqGSIb3DQEBCwUAA4IBAQCt789glkWRcV34q0gPAl86wACEiv9keu12fmoCOUKk
GLeP7N1AVY7aXbgT1wnjCjIL53OVVxEN5WghqfsAjk12f8Bhj3vyOFZiQws3YD/r
CAm5N57bSI6AMAytesN1VonYiAdCpP9dCCz+c3sdmw2XY7bAhrOw5HDlgonJnRoK
UdccQvJOvalNUaBtiIoIy3L+SKS5k5qsK5UF90hLCebuneelQsKyFNp2zYBRZgcK
hHoP6wolnr9HTXHtE6B0ZI5TSw9ze7TUWI4O6zFGbqguWdZxcrc0EZaQz46DEMmp
3N6cDEq1g1pyVHDc60eLrZdo6pdbuF7sqt6jujI/aZpL
-----END CERTIFICATE-----