Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/9IusOY8kPeTOO9nRg88BTqmgusk.roa
File:                     9IusOY8kPeTOO9nRg88BTqmgusk.roa (raw, json)
Hash identifier:          SnaGL6Yc3xj1ZmWd76hWuZXKHQg1nLzFd6T9IoAZRzY=
Subject key identifier:   F4:8B:AC:39:8F:24:3D:E4:CE:3B:D9:D1:83:CF:01:4E:A9:A0:BA:C9
Certificate issuer:       /CN=25a553794223e6b4c632779b51371dc4e7d70705
Certificate serial:       018CC4247A2003C6D431A57BC34051AE5D1F
Authority key identifier: 25:A5:53:79:42:23:E6:B4:C6:32:77:9B:51:37:1D:C4:E7:D7:07:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JaVTeUIj5rTGMnebUTcdxOfXBwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/9IusOY8kPeTOO9nRg88BTqmgusk.roa
Signing time:             Mon 01 Jan 2024 08:29:34 +0000
ROA not before:           Mon 01 Jan 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3064
IP address blocks:        84.40.16.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/JaVTeUIj5rTGMnebUTcdxOfXBwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/JaVTeUIj5rTGMnebUTcdxOfXBwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JaVTeUIj5rTGMnebUTcdxOfXBwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 10:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7a:20:03:c6:d4:31:a5:7b:c3:40:51:ae:5d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a553794223e6b4c632779b51371dc4e7d70705
        Validity
            Not Before: Jan  1 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f48bac398f243de4ce3bd9d183cf014ea9a0bac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7f:e5:5d:74:89:ea:64:a2:a2:49:a4:c3:df:
                    b6:42:42:38:69:fe:e1:09:dc:77:c4:8c:8e:64:af:
                    de:de:d5:b1:3c:85:ed:fc:32:a6:9a:56:e9:a5:27:
                    b6:6e:50:5f:3b:2a:33:a5:a8:c6:1a:c6:b9:ba:4f:
                    d5:a7:74:46:b7:ae:57:e4:25:d5:8a:a1:7c:15:26:
                    cb:43:d5:3f:88:1e:a5:4e:4e:d9:44:3f:2e:46:42:
                    2e:37:b2:b9:1f:e9:30:85:db:b1:c3:bc:53:26:b1:
                    b0:83:63:8f:8a:4a:4d:10:2f:ee:d0:5e:21:83:f0:
                    7c:d9:45:58:ce:b4:a0:6f:b6:7c:55:38:ea:6e:c5:
                    76:43:15:b4:ab:93:23:9a:ff:3d:4a:59:81:09:cf:
                    17:48:7a:f5:7c:fe:55:4a:e5:b1:95:08:12:ca:12:
                    5c:83:e4:29:c5:84:74:fe:4a:94:57:ea:2b:ca:35:
                    d0:04:6d:ac:05:47:0a:56:86:de:11:3d:b1:1c:ef:
                    25:62:94:e1:c9:5c:67:8c:f8:ca:80:02:b4:0b:6a:
                    b4:a6:57:f4:0f:29:3a:4a:6a:f1:ee:17:df:0a:ed:
                    f3:f6:6d:3c:d0:b2:c7:1d:8e:c9:29:91:b0:63:c7:
                    5b:73:25:e9:f6:25:a5:33:4e:d6:a9:40:91:57:5e:
                    3c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8B:AC:39:8F:24:3D:E4:CE:3B:D9:D1:83:CF:01:4E:A9:A0:BA:C9
            X509v3 Authority Key Identifier:
                keyid:25:A5:53:79:42:23:E6:B4:C6:32:77:9B:51:37:1D:C4:E7:D7:07:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JaVTeUIj5rTGMnebUTcdxOfXBwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/9IusOY8kPeTOO9nRg88BTqmgusk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1f96cc-5ea6-49e3-8f5f-30e929ed1063/1/JaVTeUIj5rTGMnebUTcdxOfXBwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.40.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         40:08:49:f7:2b:f0:4c:02:45:47:05:95:fc:3c:dc:e0:8c:61:
         17:b0:fb:a9:75:11:68:0b:91:bf:ca:61:72:6b:3e:bb:53:e5:
         42:89:bf:40:1a:7e:92:f5:5c:35:a6:89:7e:c4:9a:24:cb:00:
         92:c9:7c:6d:21:6e:bf:28:59:5b:c9:f4:41:98:4a:d8:2c:c9:
         b9:f8:a8:d3:8b:9f:19:d9:1e:bc:87:d1:92:ff:d6:31:e8:ec:
         b1:28:6e:1f:c4:ff:3c:36:f0:4a:18:c1:13:f9:3d:37:ae:b8:
         20:ff:a7:73:57:df:22:4b:46:0c:5c:e2:c2:5f:8d:e1:b6:a6:
         e6:94:c8:84:8f:7a:a8:46:d9:de:db:4e:8f:59:e3:6a:64:99:
         f2:05:6a:f7:e0:33:b5:25:1c:bc:17:a4:54:4b:44:d2:dc:b4:
         f7:4e:2a:6a:75:86:60:2e:b9:a1:ab:3a:28:a6:64:7a:67:ff:
         f1:ca:a3:e1:eb:9d:7d:15:68:d2:56:00:db:b6:bc:2e:0c:06:
         71:aa:22:c4:8b:3b:0e:b9:60:d1:f3:93:05:62:f0:31:b5:52:
         38:29:cf:f5:13:cc:cc:47:29:57:4a:19:fd:81:f0:5a:06:45:
         e2:91:54:0e:12:6c:4a:b6:cd:36:cf:66:c7:bc:be:ad:83:0e:
         d1:63:4b:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJHogA8bUMaV7w0BRrl0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTU1Mzc5NDIyM2U2YjRjNjMyNzc5YjUxMzcxZGM0ZTdk
NzA3MDUwHhcNMjQwMTAxMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDhiYWMzOThmMjQzZGU0Y2UzYmQ5ZDE4M2NmMDE0ZWE5YTBiYWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1X/lXXSJ6mSiokmkw9+2QkI4af7h
Cdx3xIyOZK/e3tWxPIXt/DKmmlbppSe2blBfOyozpajGGsa5uk/Vp3RGt65X5CXV
iqF8FSbLQ9U/iB6lTk7ZRD8uRkIuN7K5H+kwhduxw7xTJrGwg2OPikpNEC/u0F4h
g/B82UVYzrSgb7Z8VTjqbsV2QxW0q5Mjmv89SlmBCc8XSHr1fP5VSuWxlQgSyhJc
g+QpxYR0/kqUV+oryjXQBG2sBUcKVobeET2xHO8lYpThyVxnjPjKgAK0C2q0plf0
Dyk6Smrx7hffCu3z9m080LLHHY7JKZGwY8dbcyXp9iWlM07WqUCRV148JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPSLrDmPJD3kzjvZ0YPPAU6poLrJMB8GA1UdIwQY
MBaAFCWlU3lCI+a0xjJ3m1E3HcTn1wcFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFWVGVVSWo1clRHTW5lYlVUY2R4T2ZYQndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8xZjk2Y2MtNWVhNi00OWUzLThmNWYt
MzBlOTI5ZWQxMDYzLzEvOUl1c09ZOGtQZVRPTzluUmc4OEJUcW1ndXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8xZjk2Y2MtNWVhNi00OWUzLThmNWYtMzBlOTI5ZWQxMDYz
LzEvSmFWVGVVSWo1clRHTW5lYlVUY2R4T2ZYQndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVCgQMA0G
CSqGSIb3DQEBCwUAA4IBAQBACEn3K/BMAkVHBZX8PNzgjGEXsPupdRFoC5G/ymFy
az67U+VCib9AGn6S9Vw1pol+xJokywCSyXxtIW6/KFlbyfRBmErYLMm5+KjTi58Z
2R68h9GS/9Yx6OyxKG4fxP88NvBKGMET+T03rrgg/6dzV98iS0YMXOLCX43htqbm
lMiEj3qoRtne206PWeNqZJnyBWr34DO1JRy8F6RUS0TS3LT3TipqdYZgLrmhqzoo
pmR6Z//xyqPh6519FWjSVgDbtrwuDAZxqiLEizsOuWDR85MFYvAxtVI4Kc/1E8zM
RylXShn9gfBaBkXikVQOEmxKts02z2bHvL6tgw7RY0v7
-----END CERTIFICATE-----