Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/9uJbc60XGfJ7XnrVCT8LXar-HnQ.roa
File:                     9uJbc60XGfJ7XnrVCT8LXar-HnQ.roa (raw, json)
Hash identifier:          +tMvDDMCEyX+j0Fpxz5IxWgpRz9oSWHkEHXYhk399uc=
Subject key identifier:   F6:E2:5B:73:AD:17:19:F2:7B:5E:7A:D5:09:3F:0B:5D:AA:FE:1E:74
Certificate issuer:       /CN=f374f734c3695e67906a7032eb2e59fb3eb41b22
Certificate serial:       018CC56E5D6A6D0149B90392A296569B53C5
Authority key identifier: F3:74:F7:34:C3:69:5E:67:90:6A:70:32:EB:2E:59:FB:3E:B4:1B:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/9uJbc60XGfJ7XnrVCT8LXar-HnQ.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        192.162.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5d:6a:6d:01:49:b9:03:92:a2:96:56:9b:53:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f374f734c3695e67906a7032eb2e59fb3eb41b22
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6e25b73ad1719f27b5e7ad5093f0b5daafe1e74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a6:76:37:b5:54:6d:b2:52:9c:47:50:01:51:
                    99:c4:3b:35:41:77:06:a1:dd:42:a7:96:57:c0:a9:
                    ab:a4:2a:36:50:7c:30:67:b2:09:16:27:09:f5:f3:
                    5f:77:6a:a7:f9:8a:ab:ed:a1:06:80:64:47:2e:ab:
                    d2:1c:89:ff:fd:de:22:d4:f2:41:05:29:34:fc:b5:
                    c8:c6:18:2e:8a:a4:a2:d6:2a:56:31:4e:6c:a9:ca:
                    f2:1d:02:06:9d:19:d2:f5:52:de:94:02:4e:72:a3:
                    f2:b9:d8:b9:d5:b9:fd:65:44:cb:c9:68:ed:ff:18:
                    23:26:c5:05:1c:97:2c:b1:f1:be:20:47:04:ce:da:
                    a3:60:7d:f8:c1:14:9e:a8:43:3e:7a:7e:a5:a0:a2:
                    18:9d:e7:cf:90:2a:0e:28:52:f8:ce:5d:49:c4:29:
                    38:7c:84:54:5a:51:6e:8f:eb:16:af:23:a8:bb:35:
                    00:58:6c:cd:3e:ce:c0:59:ca:8d:e2:e0:24:9c:88:
                    84:13:8b:ff:d5:0e:1e:7e:38:10:c4:23:85:c9:28:
                    34:fd:87:b0:31:78:55:9f:69:cd:1a:84:da:23:a7:
                    1d:53:d1:4f:ba:b4:74:a0:4e:eb:fa:35:58:9e:1e:
                    b4:1b:db:8e:b5:fe:6c:9e:80:56:15:ba:5f:66:7e:
                    d1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E2:5B:73:AD:17:19:F2:7B:5E:7A:D5:09:3F:0B:5D:AA:FE:1E:74
            X509v3 Authority Key Identifier:
                keyid:F3:74:F7:34:C3:69:5E:67:90:6A:70:32:EB:2E:59:FB:3E:B4:1B:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83T3NMNpXmeQanAy6y5Z-z60GyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/9uJbc60XGfJ7XnrVCT8LXar-HnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/f74914-dda8-4d45-9992-4bef8328aaab/1/83T3NMNpXmeQanAy6y5Z-z60GyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.162.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:1b:d9:cc:c4:49:72:21:83:54:51:9c:f3:e1:53:3f:a0:fa:
         6a:85:bb:8f:02:3c:7d:98:20:1d:79:a6:fe:71:ed:b2:70:68:
         ed:e4:f7:c6:50:f2:22:3d:d1:49:63:fe:06:e9:3d:e6:82:a5:
         e0:ab:28:18:0f:ce:bb:54:d7:b2:bc:9c:bd:5e:75:d8:35:19:
         10:d4:6c:23:93:0b:14:be:6a:4a:c0:cd:c7:88:1c:72:9d:c5:
         c2:78:cb:ec:bc:30:21:46:2f:fd:62:13:cc:b3:74:b7:8b:17:
         80:ec:9f:ef:f7:88:39:c4:e0:1f:46:a6:3c:db:a0:91:fc:88:
         84:89:3c:82:9e:ba:16:0c:73:ec:17:2d:e0:e5:57:a5:f0:04:
         5f:f1:e1:90:ac:cd:5d:5b:16:22:f2:33:4f:c8:1f:e0:03:c6:
         86:d9:31:d3:0f:12:1f:ac:ad:b1:26:35:7f:4a:fa:1a:c1:34:
         79:89:12:ea:15:c9:88:c7:99:44:d7:a4:26:06:4c:cd:18:3f:
         ad:40:99:98:8e:1b:03:f7:df:b2:8e:b7:d0:49:8f:f4:cd:98:
         94:5a:aa:69:25:cc:dd:f7:72:60:b5:7c:65:93:ca:53:31:9d:
         f7:3e:ba:60:6b:27:7a:c8:02:df:35:16:8e:6a:85:75:d5:52:
         4b:ea:32:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbl1qbQFJuQOSopZWm1PFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzRmNzM0YzM2OTVlNjc5MDZhNzAzMmViMmU1OWZiM2Vi
NDFiMjIwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmUyNWI3M2FkMTcxOWYyN2I1ZTdhZDUwOTNmMGI1ZGFhZmUxZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqZ2N7VUbbJSnEdQAVGZxDs1QXcG
od1Cp5ZXwKmrpCo2UHwwZ7IJFicJ9fNfd2qn+Yqr7aEGgGRHLqvSHIn//d4i1PJB
BSk0/LXIxhguiqSi1ipWMU5sqcryHQIGnRnS9VLelAJOcqPyudi51bn9ZUTLyWjt
/xgjJsUFHJcssfG+IEcEztqjYH34wRSeqEM+en6loKIYnefPkCoOKFL4zl1JxCk4
fIRUWlFuj+sWryOouzUAWGzNPs7AWcqN4uAknIiEE4v/1Q4efjgQxCOFySg0/Yew
MXhVn2nNGoTaI6cdU9FPurR0oE7r+jVYnh60G9uOtf5snoBWFbpfZn7RWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbiW3OtFxnye1561Qk/C12q/h50MB8GA1UdIwQY
MBaAFPN09zTDaV5nkGpwMusuWfs+tBsiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNUM05NTnBYbWVRYW5BeTZ5NVotejYwR3lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9mNzQ5MTQtZGRhOC00ZDQ1LTk5OTIt
NGJlZjgzMjhhYWFiLzEvOXVKYmM2MFhHZko3WG5yVkNUOExYYXItSG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9mNzQ5MTQtZGRhOC00ZDQ1LTk5OTItNGJlZjgzMjhhYWFi
LzEvODNUM05NTnBYbWVRYW5BeTZ5NVotejYwR3lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKLbMA0G
CSqGSIb3DQEBCwUAA4IBAQAKG9nMxElyIYNUUZzz4VM/oPpqhbuPAjx9mCAdeab+
ce2ycGjt5PfGUPIiPdFJY/4G6T3mgqXgqygYD867VNeyvJy9XnXYNRkQ1GwjkwsU
vmpKwM3HiBxyncXCeMvsvDAhRi/9YhPMs3S3ixeA7J/v94g5xOAfRqY826CR/IiE
iTyCnroWDHPsFy3g5Vel8ARf8eGQrM1dWxYi8jNPyB/gA8aG2THTDxIfrK2xJjV/
SvoawTR5iRLqFcmIx5lE16QmBkzNGD+tQJmYjhsD99+yjrfQSY/0zZiUWqppJczd
93JgtXxlk8pTMZ33Prpgayd6yALfNRaOaoV11VJL6jIk
-----END CERTIFICATE-----