Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/42b3bb-1935-478b-a302-cb7a5fd1ac47/1/9maIrwOXceiTm0YJeCALyXkjYHA.roa
File:                     9maIrwOXceiTm0YJeCALyXkjYHA.roa (raw, json)
Hash identifier:          L2LhFbRyQjgejqWIpJNG2jDOaGAasCF4P0jFmqZg05s=
Subject key identifier:   F6:66:88:AF:03:97:71:E8:93:9B:46:09:78:20:0B:C9:79:23:60:70
Certificate issuer:       /CN=a92db9b80dfb9c95678b07ef2c953d63107f5f62
Certificate serial:       018CC87024A3D25A1A1F7D486F409821B780
Authority key identifier: A9:2D:B9:B8:0D:FB:9C:95:67:8B:07:EF:2C:95:3D:63:10:7F:5F:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qS25uA37nJVniwfvLJU9YxB_X2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/42b3bb-1935-478b-a302-cb7a5fd1ac47/1/9maIrwOXceiTm0YJeCALyXkjYHA.roa
Signing time:             Tue 02 Jan 2024 04:30:41 +0000
ROA not before:           Tue 02 Jan 2024 04:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6079
IP address blocks:        130.180.224.0/19 maxlen: 19
                          130.180.224.0/22 maxlen: 22
                          130.180.240.0/21 maxlen: 21
                          130.180.248.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/42b3bb-1935-478b-a302-cb7a5fd1ac47/1/qS25uA37nJVniwfvLJU9YxB_X2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/42b3bb-1935-478b-a302-cb7a5fd1ac47/1/qS25uA37nJVniwfvLJU9YxB_X2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qS25uA37nJVniwfvLJU9YxB_X2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 10:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:24:a3:d2:5a:1a:1f:7d:48:6f:40:98:21:b7:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a92db9b80dfb9c95678b07ef2c953d63107f5f62
        Validity
            Not Before: Jan  2 04:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f66688af039771e8939b460978200bc979236070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:8e:57:83:ba:46:5d:ca:c0:66:88:f1:f0:10:
                    12:3e:40:3e:5e:c2:66:5f:c0:8e:eb:a9:67:a9:4f:
                    1b:0e:71:71:ff:93:fe:c8:d8:5a:81:8e:6c:63:90:
                    cc:10:52:3c:5c:95:ca:c5:77:fa:4f:a4:3b:de:8e:
                    5b:0d:1e:fa:17:4e:e4:5b:7b:8f:fd:9f:f4:60:7f:
                    23:4d:73:8a:84:6c:7e:07:17:82:d9:e9:e0:3a:38:
                    c1:f1:e9:f4:6d:90:82:ba:c2:83:5c:91:82:10:52:
                    ca:bc:fd:42:3a:eb:f3:df:05:e8:1f:33:30:52:ec:
                    87:ad:29:e4:bc:64:a7:c9:f8:b0:5e:b3:ab:25:34:
                    5f:10:b0:72:c4:6b:6d:42:55:ec:5a:a0:f3:11:81:
                    5f:35:37:9a:eb:5e:11:e7:8c:9b:6e:98:c7:f8:b8:
                    05:2a:67:8e:1c:b8:d0:c6:62:9f:b5:a1:35:73:88:
                    34:05:60:f8:6f:cb:a7:0c:41:91:bf:e8:38:67:ca:
                    1b:29:78:f9:11:30:f5:e5:db:a9:43:95:5b:3b:23:
                    9f:95:be:b9:ec:5d:a8:7f:2a:04:9a:4a:58:d0:dd:
                    8b:f5:2d:c2:7a:82:ed:67:66:72:8b:f5:ce:73:05:
                    e3:7e:82:58:73:d3:44:e9:bf:ae:39:17:13:36:21:
                    36:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:66:88:AF:03:97:71:E8:93:9B:46:09:78:20:0B:C9:79:23:60:70
            X509v3 Authority Key Identifier:
                keyid:A9:2D:B9:B8:0D:FB:9C:95:67:8B:07:EF:2C:95:3D:63:10:7F:5F:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qS25uA37nJVniwfvLJU9YxB_X2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/42b3bb-1935-478b-a302-cb7a5fd1ac47/1/9maIrwOXceiTm0YJeCALyXkjYHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/42b3bb-1935-478b-a302-cb7a5fd1ac47/1/qS25uA37nJVniwfvLJU9YxB_X2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.180.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         92:1d:b8:f3:65:8c:01:88:1e:5a:8b:a3:c1:da:9b:c3:f8:d9:
         8f:e3:ac:1a:6c:5d:e4:b8:a7:a1:e8:0f:8e:a7:c6:8e:c0:cd:
         89:c3:8a:9d:11:af:15:ff:7f:e2:5f:29:21:75:37:07:ff:c3:
         1f:f0:5e:a9:c5:32:49:f6:21:b9:bd:54:83:69:bd:14:57:78:
         91:31:48:3f:8a:27:66:30:b3:5c:0a:83:76:e4:49:f7:8b:ab:
         20:7c:82:f5:9c:e0:af:c6:49:b0:e5:f3:9d:ff:bf:b7:f9:79:
         9e:9c:0b:74:11:16:ea:1a:46:79:6a:f2:06:ad:a5:0d:ef:09:
         a5:0a:75:2c:3c:61:4f:b0:09:3a:5e:84:ee:f3:1f:bd:4f:4f:
         34:6a:09:52:28:e5:68:17:3a:c2:14:f9:4c:b5:55:e3:7a:0b:
         33:c8:51:75:ca:28:3a:a3:4e:56:5d:7a:d8:b5:83:32:f6:f1:
         0a:c1:68:e4:f5:fd:72:a7:7c:f0:23:81:3e:3e:fb:83:70:bc:
         b2:ce:44:5e:0a:0f:29:0b:7f:e2:57:48:51:ab:36:d8:74:70:
         4c:d4:90:4b:e8:9c:8e:60:eb:e6:bd:3c:85:bd:c6:45:53:af:
         42:34:32:87:07:0c:2b:d3:b4:35:23:34:0a:95:66:53:e5:be:
         ea:42:29:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcCSj0loaH31Ib0CYIbeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MmRiOWI4MGRmYjljOTU2NzhiMDdlZjJjOTUzZDYzMTA3
ZjVmNjIwHhcNMjQwMTAyMDQzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjY2ODhhZjAzOTc3MWU4OTM5YjQ2MDk3ODIwMGJjOTc5MjM2MDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkY5Xg7pGXcrAZojx8BASPkA+XsJm
X8CO66lnqU8bDnFx/5P+yNhagY5sY5DMEFI8XJXKxXf6T6Q73o5bDR76F07kW3uP
/Z/0YH8jTXOKhGx+BxeC2engOjjB8en0bZCCusKDXJGCEFLKvP1COuvz3wXoHzMw
UuyHrSnkvGSnyfiwXrOrJTRfELByxGttQlXsWqDzEYFfNTea614R54ybbpjH+LgF
KmeOHLjQxmKftaE1c4g0BWD4b8unDEGRv+g4Z8obKXj5ETD15dupQ5VbOyOflb65
7F2ofyoEmkpY0N2L9S3CeoLtZ2Zyi/XOcwXjfoJYc9NE6b+uORcTNiE2mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZmiK8Dl3Hok5tGCXggC8l5I2BwMB8GA1UdIwQY
MBaAFKktubgN+5yVZ4sH7yyVPWMQf19iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVMyNXVBMzduSlZuaXdmdkxKVTlZeEJfWDJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC80MmIzYmItMTkzNS00NzhiLWEzMDIt
Y2I3YTVmZDFhYzQ3LzEvOW1hSXJ3T1hjZWlUbTBZSmVDQUx5WGtqWUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC80MmIzYmItMTkzNS00NzhiLWEzMDItY2I3YTVmZDFhYzQ3
LzEvcVMyNXVBMzduSlZuaXdmdkxKVTlZeEJfWDJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFgrTgMA0G
CSqGSIb3DQEBCwUAA4IBAQCSHbjzZYwBiB5ai6PB2pvD+NmP46wabF3kuKeh6A+O
p8aOwM2Jw4qdEa8V/3/iXykhdTcH/8Mf8F6pxTJJ9iG5vVSDab0UV3iRMUg/iidm
MLNcCoN25En3i6sgfIL1nOCvxkmw5fOd/7+3+XmenAt0ERbqGkZ5avIGraUN7wml
CnUsPGFPsAk6XoTu8x+9T080aglSKOVoFzrCFPlMtVXjegszyFF1yig6o05WXXrY
tYMy9vEKwWjk9f1yp3zwI4E+PvuDcLyyzkReCg8pC3/iV0hRqzbYdHBM1JBL6JyO
YOvmvTyFvcZFU69CNDKHBwwr07Q1IzQKlWZT5b7qQinc
-----END CERTIFICATE-----