Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/9ZRo9Bsm39MwVvQDeJ_hqaVSNwU.roa
File:                     9ZRo9Bsm39MwVvQDeJ_hqaVSNwU.roa (raw, json)
Hash identifier:          99WQr0ZnQwNSMoivleeDPw9mrGaIdZ8LYMmSOMjgjsg=
Subject key identifier:   F5:94:68:F4:1B:26:DF:D3:30:56:F4:03:78:9F:E1:A9:A5:52:37:05
Certificate issuer:       /CN=9d4ef20bb6a867eccd87fa0acae22c5bf634d51b
Certificate serial:       018CC94E2D0AA659E5C5D6FD50D6075BFC43
Authority key identifier: 9D:4E:F2:0B:B6:A8:67:EC:CD:87:FA:0A:CA:E2:2C:5B:F6:34:D5:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/9ZRo9Bsm39MwVvQDeJ_hqaVSNwU.roa
Signing time:             Tue 02 Jan 2024 08:33:12 +0000
ROA not before:           Tue 02 Jan 2024 08:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198349
IP address blocks:        185.19.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2d:0a:a6:59:e5:c5:d6:fd:50:d6:07:5b:fc:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d4ef20bb6a867eccd87fa0acae22c5bf634d51b
        Validity
            Not Before: Jan  2 08:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f59468f41b26dfd33056f403789fe1a9a5523705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e8:71:92:b2:05:e5:3d:9f:9f:93:9c:b7:fb:
                    94:c6:05:52:a9:84:f4:ff:03:69:9d:8e:8e:63:f5:
                    2a:d3:5d:dd:6c:f0:c3:93:5e:ae:b3:5a:91:a1:0c:
                    e5:6e:8a:db:42:8c:2b:1d:f2:03:35:9e:03:d7:0c:
                    ce:86:36:0b:ca:9e:93:76:21:11:1e:14:c6:e0:ad:
                    f9:1d:3a:5b:83:e8:21:04:5a:b5:88:e5:73:ca:d6:
                    fa:dc:ff:fc:8b:5e:7e:69:25:94:97:c5:8e:3e:2c:
                    e2:54:af:8c:bb:a3:3b:2f:21:2e:c6:87:10:d8:de:
                    96:62:82:fc:92:61:fe:de:8b:79:82:09:cd:77:cc:
                    af:3d:44:09:d5:a0:de:88:9b:e0:15:19:90:42:c2:
                    8c:19:a2:6b:5f:1b:a5:6a:ed:ff:87:fc:d6:d8:a3:
                    e3:4d:bc:a3:3a:4b:82:03:c0:e8:58:57:83:b0:94:
                    f2:a2:d0:f2:41:a3:b5:1a:4f:a1:80:de:f2:b2:93:
                    55:f1:85:a8:7a:43:27:69:31:9d:7e:eb:d7:fa:ce:
                    73:86:ab:16:dc:f2:1f:96:db:7b:c2:aa:d7:a4:2e:
                    6a:69:f0:6f:0b:a3:a4:7a:f3:5b:af:ee:4c:ee:f8:
                    26:64:9e:83:ef:d9:c9:5c:cf:90:23:a6:e9:89:69:
                    1b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:94:68:F4:1B:26:DF:D3:30:56:F4:03:78:9F:E1:A9:A5:52:37:05
            X509v3 Authority Key Identifier:
                keyid:9D:4E:F2:0B:B6:A8:67:EC:CD:87:FA:0A:CA:E2:2C:5B:F6:34:D5:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/9ZRo9Bsm39MwVvQDeJ_hqaVSNwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/7181a6-7ff4-40ba-93df-7885b7b8371c/1/nU7yC7aoZ-zNh_oKyuIsW_Y01Rs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:56:5d:30:61:c2:9f:67:9d:c4:90:a9:19:66:b9:67:1c:e5:
         80:aa:8a:f4:b2:79:d4:75:e6:85:4b:97:f9:57:b1:1b:b4:aa:
         53:2d:9a:8e:1c:e2:19:75:a2:dd:7f:de:73:1e:9b:29:ad:17:
         17:a0:68:01:6a:0b:af:3c:0a:f0:f5:c5:46:13:19:78:cb:74:
         6d:e9:ea:b5:f9:44:75:96:10:8a:0f:02:c8:a5:cc:b5:12:cc:
         59:b5:53:85:a6:de:2d:bd:4e:60:7b:00:b4:f5:11:7d:38:71:
         ad:b3:d0:56:3f:f2:a2:b5:f9:14:e9:a7:02:7e:55:64:da:23:
         91:6c:fc:b3:4d:a5:9c:86:41:32:63:9a:ce:eb:2b:6d:78:81:
         38:72:78:22:96:e5:93:ef:4e:d4:12:1a:9d:1d:69:36:b8:6f:
         ce:e0:cf:2d:20:de:21:4a:8e:f4:1e:9b:c9:6c:28:01:0c:06:
         7d:8c:fd:68:5b:dd:69:4e:4e:1f:33:05:76:0a:e5:a2:78:04:
         b0:8c:24:1f:a8:ae:2c:7a:c7:cc:eb:8c:1b:bd:af:9f:4e:83:
         82:30:a4:45:37:f6:7f:84:de:56:e7:a3:2f:4a:74:11:38:a9:
         ef:60:18:1d:1f:92:24:1f:d8:9a:cf:6b:12:bb:bf:f9:64:6f:
         f3:21:fd:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTi0Kplnlxdb9UNYHW/xDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNGVmMjBiYjZhODY3ZWNjZDg3ZmEwYWNhZTIyYzViZjYz
NGQ1MWIwHhcNMjQwMTAyMDgzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTk0NjhmNDFiMjZkZmQzMzA1NmY0MDM3ODlmZTFhOWE1NTIzNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+hxkrIF5T2fn5Oct/uUxgVSqYT0
/wNpnY6OY/Uq013dbPDDk16us1qRoQzlborbQowrHfIDNZ4D1wzOhjYLyp6TdiER
HhTG4K35HTpbg+ghBFq1iOVzytb63P/8i15+aSWUl8WOPiziVK+Mu6M7LyEuxocQ
2N6WYoL8kmH+3ot5ggnNd8yvPUQJ1aDeiJvgFRmQQsKMGaJrXxulau3/h/zW2KPj
TbyjOkuCA8DoWFeDsJTyotDyQaO1Gk+hgN7yspNV8YWoekMnaTGdfuvX+s5zhqsW
3PIfltt7wqrXpC5qafBvC6OkevNbr+5M7vgmZJ6D79nJXM+QI6bpiWkbnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWUaPQbJt/TMFb0A3if4amlUjcFMB8GA1UdIwQY
MBaAFJ1O8gu2qGfszYf6CsriLFv2NNUbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblU3eUM3YW9aLXpOaF9vS3l1SXNXX1kwMVJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83MTgxYTYtN2ZmNC00MGJhLTkzZGYt
Nzg4NWI3YjgzNzFjLzEvOVpSbzlCc20zOU13VnZRRGVKX2hxYVZTTndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83MTgxYTYtN2ZmNC00MGJhLTkzZGYtNzg4NWI3YjgzNzFj
LzEvblU3eUM3YW9aLXpOaF9vS3l1SXNXX1kwMVJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuROMMA0G
CSqGSIb3DQEBCwUAA4IBAQACVl0wYcKfZ53EkKkZZrlnHOWAqor0snnUdeaFS5f5
V7EbtKpTLZqOHOIZdaLdf95zHpsprRcXoGgBaguvPArw9cVGExl4y3Rt6eq1+UR1
lhCKDwLIpcy1EsxZtVOFpt4tvU5gewC09RF9OHGts9BWP/KitfkU6acCflVk2iOR
bPyzTaWchkEyY5rO6ytteIE4cngiluWT707UEhqdHWk2uG/O4M8tIN4hSo70HpvJ
bCgBDAZ9jP1oW91pTk4fMwV2CuWieASwjCQfqK4sesfM64wbva+fToOCMKRFN/Z/
hN5W56MvSnQROKnvYBgdH5IkH9iaz2sSu7/5ZG/zIf0H
-----END CERTIFICATE-----