Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/9vGgjVyaes1Wn73cREWb8JK4gQc.roa
File:                     9vGgjVyaes1Wn73cREWb8JK4gQc.roa (raw, json)
Hash identifier:          c9ovAnT4dgp60+Lo0OOwddSaRbXYaY00lF312rsbn4M=
Subject key identifier:   F6:F1:A0:8D:5C:9A:7A:CD:56:9F:BD:DC:44:45:9B:F0:92:B8:81:07
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC5004862CDFCE71C92ED7E1F0F9EDB29
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/9vGgjVyaes1Wn73cREWb8JK4gQc.roa
Signing time:             Mon 01 Jan 2024 12:29:39 +0000
ROA not before:           Mon 01 Jan 2024 12:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50635
IP address blocks:        217.113.10.0/24 maxlen: 24
                          217.113.10.0/23 maxlen: 23
                          217.113.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 19:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:48:62:cd:fc:e7:1c:92:ed:7e:1f:0f:9e:db:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6f1a08d5c9a7acd569fbddc44459bf092b88107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:55:58:d3:0a:c4:98:44:2c:7e:c8:a6:e3:7f:
                    59:21:37:9f:8a:15:86:d9:d1:3f:01:d0:72:b8:07:
                    2a:cb:77:aa:16:e0:07:31:a0:5c:bf:1d:06:59:bc:
                    47:fa:16:0f:85:5c:c4:8d:3e:8d:d2:23:5b:29:75:
                    b4:e5:14:66:9c:2b:45:0a:1a:29:d0:a4:2f:c6:bd:
                    b0:e6:d8:c7:ca:e7:69:94:91:2c:04:18:b7:e0:f6:
                    cc:3b:c4:01:55:22:61:48:09:b2:e9:30:8d:9b:9f:
                    5f:3e:fd:a0:6f:e3:c4:d5:d6:65:30:6b:6e:b6:9b:
                    8f:75:8c:ac:d2:26:b5:d4:27:1d:bb:ff:79:7e:ef:
                    a6:03:4b:8c:f4:dc:f9:7c:63:29:44:5e:92:a5:29:
                    6f:f8:2e:0b:68:33:6a:93:c1:b9:6d:20:cf:52:71:
                    78:aa:34:db:a5:10:fb:56:43:cf:57:32:ea:83:57:
                    ba:c8:22:75:5a:fb:f7:4f:83:f2:13:c9:b3:23:09:
                    a2:37:f8:b9:b3:00:9f:63:1d:95:90:bf:6d:a8:25:
                    fd:45:ec:08:eb:f2:d2:d7:6e:d0:d9:35:56:d1:b6:
                    3a:4e:e2:d4:a0:c3:ed:9a:b3:97:48:86:d5:b1:b4:
                    6c:29:91:c1:2a:f4:58:36:42:48:43:a6:46:36:d2:
                    70:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:F1:A0:8D:5C:9A:7A:CD:56:9F:BD:DC:44:45:9B:F0:92:B8:81:07
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/9vGgjVyaes1Wn73cREWb8JK4gQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:7f:c2:99:e1:b5:51:c1:8e:b3:2b:52:3b:91:64:60:49:b6:
         5b:45:65:6b:aa:e2:86:b0:c9:c5:bf:7f:36:f2:8c:95:31:ee:
         22:8d:f1:53:9d:63:da:b5:19:4a:39:f7:04:2c:5b:5c:38:e9:
         db:ef:d7:73:7f:0f:46:54:55:46:66:00:d2:65:9e:2d:83:63:
         02:39:e7:0c:6f:fb:07:4a:ca:9a:59:88:7e:9a:16:82:c1:61:
         ee:b8:98:c3:33:3b:ea:1d:df:7f:14:16:ff:f9:e7:66:7d:06:
         82:82:2c:69:89:58:e6:ef:22:4e:85:8b:ac:72:7b:75:9d:fd:
         36:3c:7b:b4:e5:f4:d0:2d:b1:f6:92:97:e0:20:c0:d4:b4:0c:
         b2:61:0e:54:08:18:09:24:54:95:5b:60:b4:70:27:a4:21:12:
         d3:ab:e2:ff:83:6c:36:2c:01:8c:65:ba:fa:34:db:38:e5:a2:
         f3:01:00:b0:ab:97:33:6f:b0:b2:df:66:ad:61:7e:fd:10:c1:
         f4:b3:1b:65:bd:e3:73:18:44:2a:78:59:cd:f4:0d:fd:8d:31:
         61:e4:92:0c:c0:af:69:c1:74:0e:28:99:c7:12:cd:aa:0f:21:
         c8:4e:f8:64:a1:00:18:8b:eb:a6:f2:e1:1c:53:d3:5f:a1:14:
         88:17:2a:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEhizfznHJLtfh8PntspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmYxYTA4ZDVjOWE3YWNkNTY5ZmJkZGM0NDQ1OWJmMDkyYjg4MTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFVY0wrEmEQsfsim439ZITefihWG
2dE/AdByuAcqy3eqFuAHMaBcvx0GWbxH+hYPhVzEjT6N0iNbKXW05RRmnCtFChop
0KQvxr2w5tjHyudplJEsBBi34PbMO8QBVSJhSAmy6TCNm59fPv2gb+PE1dZlMGtu
tpuPdYys0ia11Ccdu/95fu+mA0uM9Nz5fGMpRF6SpSlv+C4LaDNqk8G5bSDPUnF4
qjTbpRD7VkPPVzLqg1e6yCJ1Wvv3T4PyE8mzIwmiN/i5swCfYx2VkL9tqCX9RewI
6/LS127Q2TVW0bY6TuLUoMPtmrOXSIbVsbRsKZHBKvRYNkJIQ6ZGNtJwWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbxoI1cmnrNVp+93ERFm/CSuIEHMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvOXZHZ2pWeWFlczFXbjczY1JFV2I4Sks0Z1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2XEKMA0G
CSqGSIb3DQEBCwUAA4IBAQAif8KZ4bVRwY6zK1I7kWRgSbZbRWVrquKGsMnFv382
8oyVMe4ijfFTnWPatRlKOfcELFtcOOnb79dzfw9GVFVGZgDSZZ4tg2MCOecMb/sH
SsqaWYh+mhaCwWHuuJjDMzvqHd9/FBb/+edmfQaCgixpiVjm7yJOhYuscnt1nf02
PHu05fTQLbH2kpfgIMDUtAyyYQ5UCBgJJFSVW2C0cCekIRLTq+L/g2w2LAGMZbr6
NNs45aLzAQCwq5czb7Cy32atYX79EMH0sxtlveNzGEQqeFnN9A39jTFh5JIMwK9p
wXQOKJnHEs2qDyHITvhkoQAYi+um8uEcU9NfoRSIFypM
-----END CERTIFICATE-----