Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a9beb0-cbe7-465e-8008-d54722cca849/1/n9evG8EQgqx8aSuNwNInfGBRG7g.roa
File:                     n9evG8EQgqx8aSuNwNInfGBRG7g.roa (raw, json)
Hash identifier:          ur7qpjl24Ji66X5mV71cnQcDIRvirlweFHKvsCKn1Ew=
Subject key identifier:   9F:D7:AF:1B:C1:10:82:AC:7C:69:2B:8D:C0:D2:27:7C:60:51:1B:B8
Certificate issuer:       /CN=044fa3808c2d28c577f9976c61cd226e188695d8
Certificate serial:       018CC5DC13DF7289A442F09D540A0072AA73
Authority key identifier: 04:4F:A3:80:8C:2D:28:C5:77:F9:97:6C:61:CD:22:6E:18:86:95:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BE-jgIwtKMV3-ZdsYc0ibhiGldg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a9beb0-cbe7-465e-8008-d54722cca849/1/n9evG8EQgqx8aSuNwNInfGBRG7g.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57458
IP address blocks:        130.255.177.0/24 maxlen: 24
                          2a03:c080::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a9beb0-cbe7-465e-8008-d54722cca849/1/BE-jgIwtKMV3-ZdsYc0ibhiGldg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a9beb0-cbe7-465e-8008-d54722cca849/1/BE-jgIwtKMV3-ZdsYc0ibhiGldg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BE-jgIwtKMV3-ZdsYc0ibhiGldg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:13:df:72:89:a4:42:f0:9d:54:0a:00:72:aa:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=044fa3808c2d28c577f9976c61cd226e188695d8
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fd7af1bc11082ac7c692b8dc0d2277c60511bb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2f:75:f4:cf:f9:0a:31:57:34:a4:23:48:c2:
                    28:08:2b:91:65:65:e4:00:42:54:6d:a7:5c:c5:4e:
                    cf:d1:b0:09:a0:a1:65:89:42:68:20:0c:b5:80:f3:
                    62:09:f2:da:e9:9b:33:68:14:44:61:b8:26:8b:b2:
                    1c:36:69:cf:58:04:f6:45:5c:bd:2a:f5:68:68:40:
                    94:63:15:fb:f5:f7:61:9d:3a:e6:db:51:3d:30:4d:
                    bb:4f:29:a3:d2:c3:b5:71:10:59:36:73:6a:66:4e:
                    ae:00:de:dd:ed:e9:df:df:0a:8a:8d:f4:ef:ce:c4:
                    40:45:e7:31:39:15:d7:af:f0:bb:ad:fc:e3:60:77:
                    45:e5:01:8a:79:13:72:1e:c8:96:a7:48:bb:23:8b:
                    4f:09:c4:87:6b:f3:3a:d5:38:78:5d:8c:2e:9b:46:
                    63:fe:04:27:d5:74:84:42:4d:0e:fc:cc:a7:66:28:
                    7b:2e:6c:b4:e8:e6:0c:43:49:1e:c2:f2:ec:a7:82:
                    e0:c0:df:a2:49:d1:c8:63:b8:8e:1b:0c:3d:53:40:
                    97:f9:ea:87:70:eb:a7:c7:97:35:f6:3d:32:a9:4e:
                    06:18:08:9f:86:fd:6e:22:4c:d4:a1:d8:75:e4:c4:
                    00:02:ab:87:bd:bd:13:da:c4:01:02:0b:28:f6:e3:
                    96:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D7:AF:1B:C1:10:82:AC:7C:69:2B:8D:C0:D2:27:7C:60:51:1B:B8
            X509v3 Authority Key Identifier:
                keyid:04:4F:A3:80:8C:2D:28:C5:77:F9:97:6C:61:CD:22:6E:18:86:95:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BE-jgIwtKMV3-ZdsYc0ibhiGldg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a9beb0-cbe7-465e-8008-d54722cca849/1/n9evG8EQgqx8aSuNwNInfGBRG7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a9beb0-cbe7-465e-8008-d54722cca849/1/BE-jgIwtKMV3-ZdsYc0ibhiGldg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.177.0/24
                IPv6:
                  2a03:c080::/32

    Signature Algorithm: sha256WithRSAEncryption
         3e:0f:e7:24:db:64:cb:47:64:25:eb:85:5d:ea:5a:1b:8c:a5:
         6e:f6:f5:11:3f:37:2b:74:5d:7f:ad:20:20:ae:e5:f4:58:35:
         f0:67:d5:eb:77:68:36:c5:8e:76:20:0a:a2:73:66:be:21:c6:
         ef:63:fd:a5:0f:b8:ac:19:68:db:b1:76:c4:82:ad:59:62:64:
         ac:27:5d:08:fe:f7:c7:d9:01:33:f0:eb:21:15:2f:16:a0:ff:
         53:31:e4:d8:63:81:f9:d3:57:ed:b4:eb:ff:73:2c:f0:c5:9c:
         1e:bc:70:b0:26:76:40:ac:7e:ae:e1:55:0a:8c:88:4c:d7:1b:
         80:c2:15:8d:23:4f:95:29:e6:4a:ee:e7:dd:db:3e:31:8d:88:
         34:08:2a:bf:c4:f0:a8:ee:8a:38:a7:ab:2c:8b:80:d1:49:28:
         28:82:83:c4:e9:bd:75:f0:21:d9:16:b6:27:3e:28:70:70:d4:
         7c:b3:95:76:d1:28:7f:ef:3b:48:7a:9c:82:86:da:0c:98:3a:
         52:56:a1:0d:ed:67:a7:fa:fc:ba:97:87:f4:f1:fb:10:b5:5a:
         30:95:b8:21:54:cb:26:cf:f1:5d:69:98:a3:6a:04:12:26:a4:
         81:b9:d3:c0:b2:c7:4b:18:a0:af:c8:40:aa:a4:d6:d7:4c:e3:
         65:93:fb:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3BPfcomkQvCdVAoAcqpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NGZhMzgwOGMyZDI4YzU3N2Y5OTc2YzYxY2QyMjZlMTg4
Njk1ZDgwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmQ3YWYxYmMxMTA4MmFjN2M2OTJiOGRjMGQyMjc3YzYwNTExYmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC919M/5CjFXNKQjSMIoCCuRZWXk
AEJUbadcxU7P0bAJoKFliUJoIAy1gPNiCfLa6ZszaBREYbgmi7IcNmnPWAT2RVy9
KvVoaECUYxX79fdhnTrm21E9ME27Tymj0sO1cRBZNnNqZk6uAN7d7enf3wqKjfTv
zsRARecxORXXr/C7rfzjYHdF5QGKeRNyHsiWp0i7I4tPCcSHa/M61Th4XYwum0Zj
/gQn1XSEQk0O/MynZih7Lmy06OYMQ0kewvLsp4LgwN+iSdHIY7iOGww9U0CX+eqH
cOunx5c19j0yqU4GGAifhv1uIkzUodh15MQAAquHvb0T2sQBAgso9uOWSwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ/XrxvBEIKsfGkrjcDSJ3xgURu4MB8GA1UdIwQY
MBaAFARPo4CMLSjFd/mXbGHNIm4YhpXYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkUtamdJd3RLTVYzLVpkc1ljMGliaGlHbGRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hOWJlYjAtY2JlNy00NjVlLTgwMDgt
ZDU0NzIyY2NhODQ5LzEvbjlldkc4RVFncXg4YVN1TndOSW5mR0JSRzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hOWJlYjAtY2JlNy00NjVlLTgwMDgtZDU0NzIyY2NhODQ5
LzEvQkUtamdJd3RLTVYzLVpkc1ljMGliaGlHbGRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAgv+xMA0E
AgACMAcDBQAqA8CAMA0GCSqGSIb3DQEBCwUAA4IBAQA+D+ck22TLR2Ql64Vd6lob
jKVu9vURPzcrdF1/rSAgruX0WDXwZ9Xrd2g2xY52IAqic2a+IcbvY/2lD7isGWjb
sXbEgq1ZYmSsJ10I/vfH2QEz8OshFS8WoP9TMeTYY4H501fttOv/cyzwxZwevHCw
JnZArH6u4VUKjIhM1xuAwhWNI0+VKeZK7ufd2z4xjYg0CCq/xPCo7oo4p6ssi4DR
SSgogoPE6b118CHZFrYnPihwcNR8s5V20Sh/7ztIepyChtoMmDpSVqEN7Wen+vy6
l4f08fsQtVowlbghVMsmz/FdaZijagQSJqSBudPAssdLGKCvyECqpNbXTONlk/s5
-----END CERTIFICATE-----