Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/9ImbuWG5AV0ZAVRYcrsfy_lZBGA.roa
File:                     9ImbuWG5AV0ZAVRYcrsfy_lZBGA.roa (raw, json)
Hash identifier:          Gca1/74QDdo9tQQyAMH1rwYjP70pf+gtj0XhDUYhuwc=
Subject key identifier:   F4:89:9B:B9:61:B9:01:5D:19:01:54:58:72:BB:1F:CB:F9:59:04:60
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424FA3B8D987C77F92B001C0EEC3272
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/9ImbuWG5AV0ZAVRYcrsfy_lZBGA.roa
Signing time:             Mon 01 Jan 2024 08:30:06 +0000
ROA not before:           Mon 01 Jan 2024 08:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211585
IP address blocks:        109.236.51.0/24 maxlen: 24
                          193.160.141.0/24 maxlen: 24
                          193.160.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fa:3b:8d:98:7c:77:f9:2b:00:1c:0e:ec:32:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4899bb961b9015d1901545872bb1fcbf9590460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a7:2f:bd:dc:2c:3c:97:4f:2a:0a:04:90:3c:
                    c3:1b:88:bb:21:cf:1f:03:a5:ad:fe:b9:fa:90:09:
                    fb:59:1e:b8:8f:d6:4b:e8:f0:da:76:9c:30:d6:0b:
                    bc:cc:92:30:3f:a2:6d:75:7e:11:12:8f:2d:9a:85:
                    d3:17:f3:06:b4:ec:9e:19:14:56:22:80:ce:2d:40:
                    2f:89:ed:5c:b4:ed:2e:66:87:51:ee:06:ae:18:f0:
                    9f:b2:05:50:6f:a0:83:15:43:75:f8:67:02:6f:5f:
                    02:53:35:32:eb:af:12:85:af:f9:77:eb:bb:b9:43:
                    51:4c:66:d6:5d:c6:84:6c:88:7d:1d:27:70:51:bd:
                    da:13:70:cd:46:9f:f1:9d:73:5b:26:70:28:2d:68:
                    28:a1:20:fb:22:90:3b:2d:f1:04:75:97:fc:ee:f4:
                    6a:d7:90:22:6c:70:f1:5c:26:fa:98:e2:e7:13:54:
                    ca:75:cf:be:84:3c:d1:90:ba:a6:64:42:7a:e3:34:
                    7b:e7:4f:0e:ad:dc:ab:44:2a:d2:09:07:9d:bb:87:
                    f6:09:25:6f:74:25:04:22:f0:ed:89:d7:7f:71:03:
                    c2:16:42:e1:47:62:0c:06:c1:fc:45:a1:a7:92:b6:
                    0b:90:41:58:81:9f:b9:0e:f6:7a:94:9a:d4:18:a7:
                    88:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:89:9B:B9:61:B9:01:5D:19:01:54:58:72:BB:1F:CB:F9:59:04:60
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/9ImbuWG5AV0ZAVRYcrsfy_lZBGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.236.51.0/24
                  193.160.141.0/24
                  193.160.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:ea:b9:d2:b9:a2:84:91:57:3c:09:fa:21:7f:ff:dc:23:4c:
         ce:e3:9a:ec:7a:61:0f:3c:67:c3:b1:89:a8:ae:e8:38:9d:5c:
         22:f1:33:43:35:fd:f8:a6:20:62:cc:8c:c0:cf:93:c2:b6:f7:
         0d:93:d6:ec:45:a4:1f:ca:dc:99:25:68:a9:86:e8:d7:eb:7f:
         3a:ac:32:1d:c0:6d:f9:f0:6d:f6:a0:0c:64:37:65:dd:87:e7:
         3f:55:20:b7:16:b8:28:ce:ac:65:b6:20:66:cb:4e:34:a6:f6:
         f1:59:7e:ac:38:57:bf:78:70:ef:ac:b0:c5:b9:d4:55:d4:7b:
         65:c9:ca:b9:ab:1d:de:ca:17:8a:3f:dc:98:e0:4b:c1:46:86:
         32:bd:9f:53:07:9a:6b:da:ea:0e:47:46:7d:47:b0:9b:05:61:
         2c:47:fb:5b:6d:b7:9f:a0:4f:6d:4f:a1:51:e8:86:2b:89:68:
         6b:46:05:4c:2b:91:48:c1:b9:9b:18:2f:16:9e:bd:03:02:4b:
         ee:9b:47:14:a7:54:d4:78:70:73:c1:8e:4c:a5:fd:9c:81:a1:
         32:fb:4f:ad:75:31:b8:da:c3:bb:8a:53:b5:63:42:8d:29:4e:
         1f:19:2b:49:d4:c0:fd:66:6d:f8:cb:07:a8:e6:fe:f6:ee:ea:
         99:62:1f:63
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJPo7jZh8d/krABwO7DJyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDg5OWJiOTYxYjkwMTVkMTkwMTU0NTg3MmJiMWZjYmY5NTkwNDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKcvvdwsPJdPKgoEkDzDG4i7Ic8f
A6Wt/rn6kAn7WR64j9ZL6PDadpww1gu8zJIwP6JtdX4REo8tmoXTF/MGtOyeGRRW
IoDOLUAvie1ctO0uZodR7gauGPCfsgVQb6CDFUN1+GcCb18CUzUy668Sha/5d+u7
uUNRTGbWXcaEbIh9HSdwUb3aE3DNRp/xnXNbJnAoLWgooSD7IpA7LfEEdZf87vRq
15AibHDxXCb6mOLnE1TKdc++hDzRkLqmZEJ64zR7508OrdyrRCrSCQedu4f2CSVv
dCUEIvDtidd/cQPCFkLhR2IMBsH8RaGnkrYLkEFYgZ+5DvZ6lJrUGKeI0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPSJm7lhuQFdGQFUWHK7H8v5WQRgMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvOUltYnVXRzVBVjBaQVZSWWNyc2Z5X2xaQkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbewzAwQA
waCNAwQAwaCPMA0GCSqGSIb3DQEBCwUAA4IBAQBB6rnSuaKEkVc8Cfohf//cI0zO
45rsemEPPGfDsYmorug4nVwi8TNDNf34piBizIzAz5PCtvcNk9bsRaQfytyZJWip
hujX6386rDIdwG358G32oAxkN2Xdh+c/VSC3FrgozqxltiBmy040pvbxWX6sOFe/
eHDvrLDFudRV1Htlycq5qx3eyheKP9yY4EvBRoYyvZ9TB5pr2uoOR0Z9R7CbBWEs
R/tbbbefoE9tT6FR6IYriWhrRgVMK5FIwbmbGC8Wnr0DAkvum0cUp1TUeHBzwY5M
pf2cgaEy+0+tdTG42sO7ilO1Y0KNKU4fGStJ1MD9Zm34yweo5v727uqZYh9j
-----END CERTIFICATE-----