Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/9_UKX4lOo-CXfA2JgW3vgVl0gZY.roa
File:                     9_UKX4lOo-CXfA2JgW3vgVl0gZY.roa (raw, json)
Hash identifier:          99ZWVdSAipT0LYxf8vQfgmBLJY4it7/vmtXMJ0G7N+A=
Subject key identifier:   F7:F5:0A:5F:89:4E:A3:E0:97:7C:0D:89:81:6D:EF:81:59:74:81:96
Certificate issuer:       /CN=10953e607670ff738eee6a6b577d8c8b2804e1e1
Certificate serial:       018CC7955A590D7F9CEB5067B7400BF8B98E
Authority key identifier: 10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/9_UKX4lOo-CXfA2JgW3vgVl0gZY.roa
Signing time:             Tue 02 Jan 2024 00:31:43 +0000
ROA not before:           Tue 02 Jan 2024 00:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        176.124.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:5a:59:0d:7f:9c:eb:50:67:b7:40:0b:f8:b9:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10953e607670ff738eee6a6b577d8c8b2804e1e1
        Validity
            Not Before: Jan  2 00:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7f50a5f894ea3e0977c0d89816def8159748196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:41:c2:88:17:e5:68:68:ea:10:28:43:0b:89:
                    25:71:9a:03:6a:d7:07:f3:9c:af:4a:40:bd:c4:ab:
                    c5:e2:5b:63:15:d5:29:31:ee:b3:32:8f:43:86:c2:
                    fc:e0:96:f1:2a:ee:30:56:62:f3:e7:9d:eb:02:24:
                    eb:10:e3:5f:70:26:9f:7d:7f:fa:a7:b5:0e:c6:da:
                    d3:60:a1:e1:df:d0:0b:15:76:37:8d:ec:df:74:d4:
                    c7:50:06:54:7f:7f:6e:34:81:02:31:8a:a6:89:26:
                    c2:2f:12:c5:25:20:58:a6:eb:59:10:23:ba:33:af:
                    9d:0e:94:3f:7c:43:75:f0:f2:4e:12:30:1b:a8:6c:
                    4d:e5:28:05:94:82:df:30:79:de:7c:6f:30:cd:35:
                    95:1c:c2:80:b3:a8:52:af:ef:e0:9e:f3:b6:37:23:
                    8a:19:e8:a3:ac:8b:96:ae:4f:a7:3c:68:e0:7a:1f:
                    3b:83:41:cc:5e:74:81:c3:4d:5e:22:9f:06:c9:84:
                    d6:92:17:41:ec:2e:13:43:38:0b:38:5d:fc:9e:bd:
                    d1:43:2b:dd:e9:f7:e8:90:5c:78:bc:93:c0:9e:69:
                    48:03:7b:fa:af:43:78:cc:58:6b:fb:7a:a3:b9:eb:
                    b5:19:9a:15:f2:e8:58:3c:2a:ce:18:a4:3b:84:7c:
                    3e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F5:0A:5F:89:4E:A3:E0:97:7C:0D:89:81:6D:EF:81:59:74:81:96
            X509v3 Authority Key Identifier:
                keyid:10:95:3E:60:76:70:FF:73:8E:EE:6A:6B:57:7D:8C:8B:28:04:E1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EJU-YHZw_3OO7mprV32MiygE4eE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/9_UKX4lOo-CXfA2JgW3vgVl0gZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/a99355-2d01-4da5-8e73-1bc552c00dd7/1/EJU-YHZw_3OO7mprV32MiygE4eE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.124.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:62:cb:0a:78:37:9e:d6:e0:ee:50:e4:4a:f3:da:f2:94:44:
         73:09:b7:bc:87:1f:fc:84:44:f4:39:52:e2:2d:1f:83:ee:22:
         1b:e1:08:36:c3:02:0b:92:6c:5d:79:48:b2:b2:73:2f:8e:17:
         22:d0:b4:58:3e:e4:dd:eb:89:06:32:86:06:41:33:ae:b6:bf:
         50:a6:32:fc:10:f2:b6:ca:8d:b1:54:c0:1d:58:01:7f:13:f4:
         42:2a:f1:ed:c6:9f:7d:01:21:cf:e6:35:eb:ed:5f:77:6a:1a:
         c6:35:f8:1f:77:6e:05:05:eb:8c:d1:3b:4c:ad:e2:8c:86:e9:
         ef:4a:6f:8f:0c:97:9a:dc:ca:ec:46:c2:5b:fc:2e:85:3e:bd:
         95:b3:90:03:a3:3c:21:06:1d:d1:0e:99:2a:b1:98:88:e0:e2:
         29:31:dc:1e:e0:f8:a7:3b:18:76:fb:74:b4:67:a5:7e:97:76:
         2b:93:75:ae:4b:f3:11:8e:af:d1:a6:ce:17:11:b4:fb:81:6d:
         6d:9a:0b:30:92:e9:b6:9e:e0:1a:73:cc:32:81:c4:f3:4e:c5:
         86:71:b7:c7:e5:de:b0:69:b2:d2:0d:5f:02:1e:48:02:1b:18:
         93:ac:d2:25:b6:87:5d:7b:3d:b8:63:7e:11:ea:8d:2d:bc:87:
         bf:d0:88:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlVpZDX+c61Bnt0AL+LmOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwOTUzZTYwNzY3MGZmNzM4ZWVlNmE2YjU3N2Q4YzhiMjgw
NGUxZTEwHhcNMjQwMTAyMDAzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2Y1MGE1Zjg5NGVhM2UwOTc3YzBkODk4MTZkZWY4MTU5NzQ4MTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEHCiBflaGjqEChDC4klcZoDatcH
85yvSkC9xKvF4ltjFdUpMe6zMo9DhsL84JbxKu4wVmLz553rAiTrEONfcCaffX/6
p7UOxtrTYKHh39ALFXY3jezfdNTHUAZUf39uNIECMYqmiSbCLxLFJSBYputZECO6
M6+dDpQ/fEN18PJOEjAbqGxN5SgFlILfMHnefG8wzTWVHMKAs6hSr+/gnvO2NyOK
GeijrIuWrk+nPGjgeh87g0HMXnSBw01eIp8GyYTWkhdB7C4TQzgLOF38nr3RQyvd
6ffokFx4vJPAnmlIA3v6r0N4zFhr+3qjueu1GZoV8uhYPCrOGKQ7hHw+1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPf1Cl+JTqPgl3wNiYFt74FZdIGWMB8GA1UdIwQY
MBaAFBCVPmB2cP9zju5qa1d9jIsoBOHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUpVLVlIWndfM09PN21wclYzMk1peWdFNGVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9hOTkzNTUtMmQwMS00ZGE1LThlNzMt
MWJjNTUyYzAwZGQ3LzEvOV9VS1g0bE9vLUNYZkEySmdXM3ZnVmwwZ1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9hOTkzNTUtMmQwMS00ZGE1LThlNzMtMWJjNTUyYzAwZGQ3
LzEvRUpVLVlIWndfM09PN21wclYzMk1peWdFNGVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHzgMA0G
CSqGSIb3DQEBCwUAA4IBAQBFYssKeDee1uDuUORK89rylERzCbe8hx/8hET0OVLi
LR+D7iIb4Qg2wwILkmxdeUiysnMvjhci0LRYPuTd64kGMoYGQTOutr9QpjL8EPK2
yo2xVMAdWAF/E/RCKvHtxp99ASHP5jXr7V93ahrGNfgfd24FBeuM0TtMreKMhunv
Sm+PDJea3MrsRsJb/C6FPr2Vs5ADozwhBh3RDpkqsZiI4OIpMdwe4PinOxh2+3S0
Z6V+l3Yrk3WuS/MRjq/Rps4XEbT7gW1tmgswkum2nuAac8wygcTzTsWGcbfH5d6w
abLSDV8CHkgCGxiTrNIltoddez24Y34R6o0tvIe/0Ij2
-----END CERTIFICATE-----