Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9FeLhda8LBFKSi69YvPF1tjHhGc.roa
File:                     9FeLhda8LBFKSi69YvPF1tjHhGc.roa (raw, json)
Hash identifier:          c5Gp3n52KLdSD5QGRj7LCCCVirEpT2JzeZu5r1Nno4g=
Subject key identifier:   F4:57:8B:85:D6:BC:2C:11:4A:4A:2E:BD:62:F3:C5:D6:D8:C7:84:67
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018ED1BE34509AFF8090C0683AA15A2438B5
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9FeLhda8LBFKSi69YvPF1tjHhGc.roa
Signing time:             Fri 12 Apr 2024 09:58:07 +0000
ROA not before:           Fri 12 Apr 2024 09:58:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60081
IP address blocks:        176.100.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:be:34:50:9a:ff:80:90:c0:68:3a:a1:5a:24:38:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 12 09:58:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4578b85d6bc2c114a4a2ebd62f3c5d6d8c78467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:45:7c:7e:98:1d:62:23:45:e9:a6:b6:1e:8b:
                    39:2b:f7:67:72:c6:26:2b:fb:7f:12:af:41:4d:ff:
                    dd:13:44:a2:de:eb:8d:ae:92:71:9c:cf:58:98:0a:
                    24:82:bf:46:77:be:90:92:9b:61:f2:c0:bc:e3:09:
                    01:42:9c:14:91:34:86:4e:29:c5:a5:a0:8e:bb:e1:
                    12:52:d4:33:0a:e1:4c:17:6a:9c:38:33:35:24:3d:
                    1b:79:63:22:31:eb:ed:04:ab:1b:28:b0:4b:39:d7:
                    40:e2:ec:0f:07:4e:1d:5a:ed:63:35:17:fd:9f:a1:
                    99:86:46:dd:20:a4:84:cd:49:fb:03:09:26:91:e5:
                    6e:aa:a4:f4:6c:13:37:a7:ee:f3:04:a1:11:d0:5d:
                    02:cf:12:40:73:fe:ee:d1:71:ed:c4:23:17:fd:40:
                    24:fa:7f:20:22:96:4a:49:ee:b3:f5:2e:5b:f2:22:
                    e1:ef:ae:d4:02:f7:5b:38:a8:fc:1e:aa:ae:31:18:
                    84:55:4d:81:2c:66:f6:73:f5:89:96:51:6d:89:5b:
                    fd:7b:7f:7c:d2:d7:9e:9d:f9:28:19:a9:0e:df:d2:
                    eb:22:30:fc:1c:26:4e:1e:a6:64:ef:ea:5c:ca:a6:
                    c6:93:d9:90:8e:47:74:a2:72:08:d0:81:e3:7c:7e:
                    6f:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:57:8B:85:D6:BC:2C:11:4A:4A:2E:BD:62:F3:C5:D6:D8:C7:84:67
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/9FeLhda8LBFKSi69YvPF1tjHhGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:11:1a:ed:30:75:a9:ba:26:f3:d9:8f:24:43:2e:15:8c:da:
         ad:9c:eb:c0:a1:a1:33:31:82:69:67:97:9c:f3:48:0f:b0:8d:
         ab:0a:fa:86:5c:76:c8:3d:4d:35:8b:13:ac:b8:c6:12:13:86:
         29:08:aa:00:1e:b2:bb:43:35:c8:05:8d:41:74:27:ca:71:ca:
         ec:f8:24:08:58:30:dc:24:64:f5:11:51:6c:7c:d2:3e:be:f3:
         ef:ce:11:24:70:29:04:c2:64:e1:1c:06:f0:44:67:0e:e3:78:
         ca:2a:a7:62:7f:58:5e:66:f1:51:89:7b:13:19:6d:43:7b:0d:
         9e:e6:04:60:dd:e0:54:2f:af:e2:d7:e3:12:38:4d:3f:29:44:
         6f:3a:bd:4a:98:ad:92:7c:f8:85:c1:7a:fe:dd:1e:97:d4:13:
         98:9f:76:9f:a6:6b:29:33:42:df:ce:d7:31:e4:a8:74:3f:ef:
         80:5a:84:e0:cd:f6:d8:b8:02:e2:d7:d1:26:c0:aa:4d:55:df:
         df:54:50:56:4d:0f:f2:66:3d:e2:db:75:d0:62:1b:91:cf:64:
         25:e3:42:cb:47:cb:91:42:d6:55:0c:ba:ab:ae:50:ba:19:d8:
         a7:f3:6c:fc:31:e8:21:85:21:41:1f:b9:0a:80:9e:16:b9:8b:
         49:7d:41:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7RvjRQmv+AkMBoOqFaJDi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDEyMDk1ODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDU3OGI4NWQ2YmMyYzExNGE0YTJlYmQ2MmYzYzVkNmQ4Yzc4NDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkV8fpgdYiNF6aa2Hos5K/dncsYm
K/t/Eq9BTf/dE0Si3uuNrpJxnM9YmAokgr9Gd76Qkpth8sC84wkBQpwUkTSGTinF
paCOu+ESUtQzCuFMF2qcODM1JD0beWMiMevtBKsbKLBLOddA4uwPB04dWu1jNRf9
n6GZhkbdIKSEzUn7AwkmkeVuqqT0bBM3p+7zBKER0F0CzxJAc/7u0XHtxCMX/UAk
+n8gIpZKSe6z9S5b8iLh767UAvdbOKj8HqquMRiEVU2BLGb2c/WJllFtiVv9e398
0teenfkoGakO39LrIjD8HCZOHqZk7+pcyqbGk9mQjkd0onII0IHjfH5vewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRXi4XWvCwRSkouvWLzxdbYx4RnMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvOUZlTGhkYThMQkZLU2k2OVl2UEYxdGpIaEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGQoMA0G
CSqGSIb3DQEBCwUAA4IBAQADERrtMHWpuibz2Y8kQy4VjNqtnOvAoaEzMYJpZ5ec
80gPsI2rCvqGXHbIPU01ixOsuMYSE4YpCKoAHrK7QzXIBY1BdCfKccrs+CQIWDDc
JGT1EVFsfNI+vvPvzhEkcCkEwmThHAbwRGcO43jKKqdif1heZvFRiXsTGW1Dew2e
5gRg3eBUL6/i1+MSOE0/KURvOr1KmK2SfPiFwXr+3R6X1BOYn3afpmspM0Lfztcx
5Kh0P++AWoTgzfbYuALi19EmwKpNVd/fVFBWTQ/yZj3i23XQYhuRz2Ql40LLR8uR
QtZVDLqrrlC6Gdin82z8MeghhSFBH7kKgJ4WuYtJfUH4
-----END CERTIFICATE-----