Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/l9GgAqlHfx7gpa_DkY4McnmS8p8.roa
File:                     l9GgAqlHfx7gpa_DkY4McnmS8p8.roa (raw, json)
Hash identifier:          1VTOSBtRowBjeUwFVLUeU8haTuSDVW5lIX656zjJHco=
Subject key identifier:   97:D1:A0:02:A9:47:7F:1E:E0:A5:AF:C3:91:8E:0C:72:79:92:F2:9F
Certificate issuer:       /CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
Certificate serial:       0192D9ECF07C07426F66EEBC320A59586687
Authority key identifier: 58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/l9GgAqlHfx7gpa_DkY4McnmS8p8.roa
Signing time:             Tue 29 Oct 2024 20:17:16 +0000
ROA not before:           Tue 29 Oct 2024 20:17:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        185.230.160.0/24 maxlen: 24
                          185.240.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:ec:f0:7c:07:42:6f:66:ee:bc:32:0a:59:58:66:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=588b1024ea056e5ed498f6e9ddc20632bdf6c9c5
        Validity
            Not Before: Oct 29 20:17:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97d1a002a9477f1ee0a5afc3918e0c727992f29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fd:10:d3:3e:29:70:da:d9:56:8e:6c:ec:83:
                    b1:09:24:4e:fc:34:fd:10:78:fc:74:1d:b3:bc:37:
                    ac:9a:d1:7c:f1:1c:f4:11:ab:50:bd:ca:a2:6b:cc:
                    37:3d:00:53:93:bf:a4:6e:d1:78:1a:c0:1b:ef:98:
                    ba:29:de:bc:31:cb:43:a6:b3:ca:47:c1:02:83:30:
                    c2:93:8e:64:5b:0a:ba:d0:f9:e2:0b:44:11:3c:b9:
                    0f:f6:17:b3:73:35:45:5a:d6:19:37:b1:bb:37:f7:
                    b7:e3:bc:b6:fc:14:84:95:3b:01:20:9f:97:74:ca:
                    2a:c0:76:00:0d:b3:3e:ff:4c:5f:ec:b5:64:fd:46:
                    d2:24:dd:d5:f2:aa:73:5c:3a:79:32:6f:8b:8e:b1:
                    c2:0f:c4:81:5d:a3:0f:a6:bc:36:71:50:cc:0b:c0:
                    1a:0e:22:c8:b6:8d:a7:5b:d0:58:c4:81:b2:67:b5:
                    27:fd:87:90:9d:b4:76:4c:bd:90:db:51:aa:9a:b5:
                    33:af:7d:04:17:ec:91:65:0c:9d:8f:6b:af:83:0f:
                    8f:69:e9:50:d1:13:4f:89:2f:a8:e1:2b:02:45:7e:
                    99:db:13:98:b7:c5:8a:e5:75:22:3b:73:a7:1f:fa:
                    d5:52:71:1a:67:7b:be:3e:fb:dd:39:84:c4:2a:3a:
                    e7:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D1:A0:02:A9:47:7F:1E:E0:A5:AF:C3:91:8E:0C:72:79:92:F2:9F
            X509v3 Authority Key Identifier:
                keyid:58:8B:10:24:EA:05:6E:5E:D4:98:F6:E9:DD:C2:06:32:BD:F6:C9:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIsQJOoFbl7UmPbp3cIGMr32ycU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/l9GgAqlHfx7gpa_DkY4McnmS8p8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/d34a74-d7cd-4f99-84cd-56628a46df40/1/WIsQJOoFbl7UmPbp3cIGMr32ycU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.160.0/24
                  185.240.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:b7:e0:55:42:8a:42:e2:73:04:a3:7f:6b:05:a6:d4:31:ea:
         23:50:24:1f:a7:eb:16:cd:96:fb:ba:3e:77:2e:d0:86:15:f3:
         5a:61:78:2a:53:67:7d:b0:49:27:ff:3d:33:0c:30:a2:d0:33:
         61:e2:b0:1f:60:28:ea:94:76:f9:74:73:1c:58:b4:e4:64:10:
         6b:d5:78:e9:ff:cc:dd:1e:c3:86:4f:f2:77:7d:67:57:04:3b:
         d8:54:21:78:96:1e:b0:e3:a3:0d:05:1f:9a:ee:89:27:fa:3c:
         49:1f:b7:c4:36:b6:25:bc:5c:0f:47:db:0a:a5:c9:1d:b7:ba:
         9a:a5:19:13:a8:21:2f:9a:f2:cf:b5:7e:54:f4:36:34:00:11:
         30:ed:33:9c:c0:cb:04:76:eb:97:cc:e5:70:c6:d3:54:a2:09:
         f8:7a:12:18:c3:78:e1:a8:13:be:3f:55:71:1b:65:4a:b1:31:
         7b:b9:dc:6c:d0:e8:88:dc:7b:8a:f4:89:36:b0:78:a6:a1:42:
         0a:6a:52:bd:5b:80:d7:ff:ba:00:c9:d8:7f:ad:ad:7d:bd:32:
         fd:e3:9a:d2:e9:9c:1f:ab:b6:43:13:23:b1:8f:74:98:e6:f3:
         10:61:a0:47:d4:35:a9:38:04:55:f7:ff:e5:6f:4d:a5:f4:bc:
         58:c9:f9:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLZ7PB8B0JvZu68MgpZWGaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4OGIxMDI0ZWEwNTZlNWVkNDk4ZjZlOWRkYzIwNjMyYmRm
NmM5YzUwHhcNMjQxMDI5MjAxNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2QxYTAwMmE5NDc3ZjFlZTBhNWFmYzM5MThlMGM3Mjc5OTJmMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv0Q0z4pcNrZVo5s7IOxCSRO/DT9
EHj8dB2zvDesmtF88Rz0EatQvcqia8w3PQBTk7+kbtF4GsAb75i6Kd68MctDprPK
R8ECgzDCk45kWwq60PniC0QRPLkP9hezczVFWtYZN7G7N/e347y2/BSElTsBIJ+X
dMoqwHYADbM+/0xf7LVk/UbSJN3V8qpzXDp5Mm+LjrHCD8SBXaMPprw2cVDMC8Aa
DiLIto2nW9BYxIGyZ7Un/YeQnbR2TL2Q21GqmrUzr30EF+yRZQydj2uvgw+PaelQ
0RNPiS+o4SsCRX6Z2xOYt8WK5XUiO3OnH/rVUnEaZ3u+PvvdOYTEKjrnbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJfRoAKpR38e4KWvw5GODHJ5kvKfMB8GA1UdIwQY
MBaAFFiLECTqBW5e1Jj26d3CBjK99snFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2Qt
NTY2MjhhNDZkZjQwLzEvbDlHZ0FxbEhmeDdncGFfRGtZNE1jbm1TOHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9kMzRhNzQtZDdjZC00Zjk5LTg0Y2QtNTY2MjhhNDZkZjQw
LzEvV0lzUUpPb0ZibDdVbVBicDNjSUdNcjMyeWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueagAwQA
ufDyMA0GCSqGSIb3DQEBCwUAA4IBAQA8t+BVQopC4nMEo39rBabUMeojUCQfp+sW
zZb7uj53LtCGFfNaYXgqU2d9sEkn/z0zDDCi0DNh4rAfYCjqlHb5dHMcWLTkZBBr
1Xjp/8zdHsOGT/J3fWdXBDvYVCF4lh6w46MNBR+a7okn+jxJH7fENrYlvFwPR9sK
pckdt7qapRkTqCEvmvLPtX5U9DY0ABEw7TOcwMsEduuXzOVwxtNUogn4ehIYw3jh
qBO+P1VxG2VKsTF7udxs0OiI3HuK9Ik2sHimoUIKalK9W4DX/7oAydh/ra19vTL9
45rS6Zwfq7ZDEyOxj3SY5vMQYaBH1DWpOARV9//lb02l9LxYyflA
-----END CERTIFICATE-----