Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/b9f0zkk-RWOA3-9UnGMWDP3htV0.roa
File:                     b9f0zkk-RWOA3-9UnGMWDP3htV0.roa (raw, json)
Hash identifier:          M5cFGv3GOtbeRdFt1vMXGmu+F01bi3chg/abLon/IHI=
Subject key identifier:   6F:D7:F4:CE:49:3E:45:63:80:DF:EF:54:9C:63:16:0C:FD:E1:B5:5D
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018E9EEC3DE8ACA256E19B7AA10A2E7771CF
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/b9f0zkk-RWOA3-9UnGMWDP3htV0.roa
Signing time:             Tue 02 Apr 2024 13:07:46 +0000
ROA not before:           Tue 02 Apr 2024 13:07:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61276
IP address blocks:        46.149.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9e:ec:3d:e8:ac:a2:56:e1:9b:7a:a1:0a:2e:77:71:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  2 13:07:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fd7f4ce493e456380dfef549c63160cfde1b55d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:05:b3:5a:69:68:a1:53:e3:62:bf:b9:8a:c7:
                    e7:df:52:92:c9:ae:f7:be:0e:16:08:76:9c:6b:bb:
                    1b:72:b0:ac:a0:8f:cf:64:d2:50:30:b4:1e:70:fa:
                    c5:6b:ad:05:40:74:7e:6f:9b:ce:2d:e7:0f:08:a7:
                    9b:09:5d:66:53:a0:a7:2d:8f:e2:ab:aa:da:e1:bf:
                    f0:0f:53:13:ac:fa:fa:fb:be:b8:e9:43:d1:5c:a7:
                    0b:fd:e9:15:86:6e:ab:db:5b:72:70:43:06:cf:00:
                    e9:02:0e:d1:e3:f8:27:60:60:6d:a1:d9:67:ef:08:
                    ab:1d:19:59:41:d5:1e:f3:f5:12:ed:5e:59:9e:77:
                    30:0c:16:3c:e1:2d:65:4f:5d:75:d5:da:75:6b:08:
                    b3:b0:0f:3f:83:1e:51:07:40:2d:57:9a:2f:ed:65:
                    46:bf:10:43:0f:2c:78:50:fa:59:3f:be:bf:c4:84:
                    6a:bf:8d:25:37:35:cc:36:fa:5c:4f:a9:d3:d4:28:
                    fd:b2:07:c7:db:7a:eb:06:a4:21:a0:b5:36:6d:83:
                    22:37:2e:a3:63:fc:88:ad:62:48:a2:d3:ca:17:d0:
                    e0:8f:43:f3:ac:2e:76:2e:47:92:08:13:b3:be:9d:
                    18:9a:e9:90:85:55:44:26:a6:c5:92:03:1b:4b:97:
                    87:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D7:F4:CE:49:3E:45:63:80:DF:EF:54:9C:63:16:0C:FD:E1:B5:5D
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/b9f0zkk-RWOA3-9UnGMWDP3htV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:92:18:a3:19:a2:5b:2b:52:d8:ad:46:fe:6f:f2:e1:82:94:
         06:df:9e:43:90:2e:06:c4:7f:4f:3d:db:fe:15:29:7e:cd:91:
         09:c4:15:b6:65:d1:c2:46:46:2a:e0:40:e7:f6:b2:15:d8:ad:
         e7:33:0a:b0:2d:bf:3b:49:8b:81:2c:8c:4d:cf:1c:9e:3f:e3:
         fa:23:9d:e6:e9:2e:49:4a:de:e9:df:df:6b:e0:6e:0c:b5:3d:
         2c:80:56:d6:92:7b:1e:97:87:bd:52:ef:ce:77:44:ee:13:c5:
         59:fd:2b:50:ae:eb:e9:82:02:36:85:bb:df:7c:03:11:93:be:
         e8:04:a3:0b:6d:17:72:12:08:99:1f:fb:aa:d5:f3:bb:94:d3:
         70:82:34:0c:75:b1:19:5f:46:39:4d:b6:b3:78:f3:fd:4f:68:
         86:5e:8d:63:dc:80:bb:ff:d7:8f:30:7b:e0:b3:fc:68:bd:ed:
         f5:74:e7:51:ff:ed:b9:88:c5:bf:67:8e:6b:82:df:1b:f3:b7:
         58:11:37:0c:4e:15:23:98:ef:65:31:37:aa:6a:80:65:30:f6:
         87:0b:53:99:f4:7f:40:a3:79:96:54:ff:97:6a:30:72:3c:21:
         d5:9f:9c:06:d5:6e:24:51:67:4b:d0:c3:57:22:6a:57:40:e3:
         fc:0a:4e:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6e7D3orKJW4Zt6oQoud3HPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDAyMTMwNzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmQ3ZjRjZTQ5M2U0NTYzODBkZmVmNTQ5YzYzMTYwY2ZkZTFiNTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQWzWmlooVPjYr+5isfn31KSya73
vg4WCHaca7sbcrCsoI/PZNJQMLQecPrFa60FQHR+b5vOLecPCKebCV1mU6CnLY/i
q6ra4b/wD1MTrPr6+7646UPRXKcL/ekVhm6r21tycEMGzwDpAg7R4/gnYGBtodln
7wirHRlZQdUe8/US7V5ZnncwDBY84S1lT1111dp1awizsA8/gx5RB0AtV5ov7WVG
vxBDDyx4UPpZP76/xIRqv40lNzXMNvpcT6nT1Cj9sgfH23rrBqQhoLU2bYMiNy6j
Y/yIrWJIotPKF9Dgj0PzrC52LkeSCBOzvp0YmumQhVVEJqbFkgMbS5eHFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/X9M5JPkVjgN/vVJxjFgz94bVdMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvYjlmMHpray1SV09BMy05VW5HTVdEUDNodFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpWsMA0G
CSqGSIb3DQEBCwUAA4IBAQCLkhijGaJbK1LYrUb+b/LhgpQG355DkC4GxH9PPdv+
FSl+zZEJxBW2ZdHCRkYq4EDn9rIV2K3nMwqwLb87SYuBLIxNzxyeP+P6I53m6S5J
St7p399r4G4MtT0sgFbWknsel4e9Uu/Od0TuE8VZ/StQruvpggI2hbvffAMRk77o
BKMLbRdyEgiZH/uq1fO7lNNwgjQMdbEZX0Y5TbazePP9T2iGXo1j3IC7/9ePMHvg
s/xove31dOdR/+25iMW/Z45rgt8b87dYETcMThUjmO9lMTeqaoBlMPaHC1OZ9H9A
o3mWVP+XajByPCHVn5wG1W4kUWdL0MNXImpXQOP8Ck6c
-----END CERTIFICATE-----