Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/9VOfVF6r91-71eLLX1KhTatnveM.roa
File:                     9VOfVF6r91-71eLLX1KhTatnveM.roa (raw, json)
Hash identifier:          1He4b7tlWXPfxqcJCvwEyYkYqwVuKUDDiDYCaeNvnjE=
Subject key identifier:   F5:53:9F:54:5E:AB:F7:5F:BB:D5:E2:CB:5F:52:A1:4D:AB:67:BD:E3
Certificate issuer:       /CN=363f09508fdf256448219b284bb09b23b2b51396
Certificate serial:       01934A74D0ED88E05C232A1C068144C32E06
Authority key identifier: 36:3F:09:50:8F:DF:25:64:48:21:9B:28:4B:B0:9B:23:B2:B5:13:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/9VOfVF6r91-71eLLX1KhTatnveM.roa
Signing time:             Wed 20 Nov 2024 16:43:09 +0000
ROA not before:           Wed 20 Nov 2024 16:43:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        212.104.140.0/24 maxlen: 24
                          212.104.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4a:74:d0:ed:88:e0:5c:23:2a:1c:06:81:44:c3:2e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=363f09508fdf256448219b284bb09b23b2b51396
        Validity
            Not Before: Nov 20 16:43:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5539f545eabf75fbbd5e2cb5f52a14dab67bde3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:69:cb:14:ac:0a:59:c6:dd:c7:1e:d4:0f:c1:
                    8e:47:e5:88:1d:f2:61:85:63:a4:a9:f5:13:12:d4:
                    0d:da:09:06:50:ea:24:94:d1:cf:4c:fa:67:71:1c:
                    5e:a1:b9:1a:da:15:04:2f:54:c4:f5:27:15:3b:66:
                    9f:11:82:01:47:1e:1e:8b:87:1d:37:08:fa:af:9e:
                    0b:c2:27:b1:ce:e0:88:0e:b5:18:2f:88:50:46:89:
                    f5:23:b0:3b:dd:85:d2:69:67:0b:73:29:29:4f:f7:
                    02:51:df:73:39:9d:02:a9:aa:1c:1d:f1:be:7b:9f:
                    c2:30:ad:19:9e:5e:5f:ed:fc:b5:df:d1:0e:1b:c6:
                    a5:db:55:5f:57:97:97:df:5e:86:dc:d2:80:ec:23:
                    8c:be:5f:8a:ec:7b:2e:fa:a6:8f:c7:c4:2c:d9:9f:
                    54:b9:e1:39:b5:8b:20:5e:14:5c:78:15:52:59:b0:
                    8e:19:28:b0:d8:7e:a1:c4:62:0c:36:35:9c:52:07:
                    7d:07:ac:e3:2a:2d:60:b8:37:a4:2e:81:27:13:5b:
                    3d:c2:08:c4:0d:19:0f:cd:e7:2b:2f:ba:f3:2b:34:
                    35:40:30:eb:43:e0:80:66:ae:1c:31:a9:60:67:a6:
                    e2:9d:04:85:5d:bb:df:76:78:f1:9a:11:34:8f:33:
                    6f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:53:9F:54:5E:AB:F7:5F:BB:D5:E2:CB:5F:52:A1:4D:AB:67:BD:E3
            X509v3 Authority Key Identifier:
                keyid:36:3F:09:50:8F:DF:25:64:48:21:9B:28:4B:B0:9B:23:B2:B5:13:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/9VOfVF6r91-71eLLX1KhTatnveM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ad05f2-ab39-4132-8492-fd814455a868/1/Nj8JUI_fJWRIIZsoS7CbI7K1E5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:38:5b:01:61:b0:d5:b4:68:e1:39:95:dc:66:2e:9c:6e:ce:
         e8:3f:58:34:2a:a8:7a:79:f5:d0:78:ba:eb:ab:88:df:13:7d:
         27:76:81:46:35:92:0f:b4:8d:b3:ba:bb:d1:15:d7:4c:0b:87:
         02:63:22:05:9e:39:64:1f:33:a6:bf:ee:1a:eb:63:51:c5:59:
         72:7f:42:2d:00:a4:dd:b4:65:55:0b:41:7b:67:cd:55:08:f5:
         85:a4:91:da:2d:c1:0e:79:3d:c9:ab:30:df:12:b3:df:7b:19:
         f5:fc:fa:06:b7:bb:d0:dd:cf:7d:a8:4d:13:27:b5:63:0b:5d:
         e1:0a:93:7b:40:a8:2f:25:bb:1a:31:74:91:e8:92:d3:97:76:
         8d:fa:4b:d7:1c:93:ac:44:f4:25:80:eb:66:c5:ce:3f:05:b2:
         1b:b3:36:00:12:f0:35:02:b2:e9:31:2d:38:77:cd:b9:ea:a1:
         14:e5:0c:56:11:73:81:79:f3:3d:b9:be:55:bb:4f:dc:02:b2:
         35:de:7a:7b:9a:ec:ef:9a:5e:b5:04:d7:d3:e7:79:07:67:53:
         c8:6e:a8:6c:de:7f:df:6a:af:20:47:a5:49:0f:5b:92:50:99:
         82:97:b4:b0:b3:16:34:ad:3a:ab:9d:2a:2d:ca:8c:ad:a8:1b:
         86:2f:e9:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNKdNDtiOBcIyocBoFEwy4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2M2YwOTUwOGZkZjI1NjQ0ODIxOWIyODRiYjA5YjIzYjJi
NTEzOTYwHhcNMjQxMTIwMTY0MzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTUzOWY1NDVlYWJmNzVmYmJkNWUyY2I1ZjUyYTE0ZGFiNjdiZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmnLFKwKWcbdxx7UD8GOR+WIHfJh
hWOkqfUTEtQN2gkGUOoklNHPTPpncRxeobka2hUEL1TE9ScVO2afEYIBRx4ei4cd
Nwj6r54LwiexzuCIDrUYL4hQRon1I7A73YXSaWcLcykpT/cCUd9zOZ0CqaocHfG+
e5/CMK0Znl5f7fy139EOG8al21VfV5eX316G3NKA7COMvl+K7Hsu+qaPx8Qs2Z9U
ueE5tYsgXhRceBVSWbCOGSiw2H6hxGIMNjWcUgd9B6zjKi1guDekLoEnE1s9wgjE
DRkPzecrL7rzKzQ1QDDrQ+CAZq4cMalgZ6binQSFXbvfdnjxmhE0jzNvEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVTn1Req/dfu9Xiy19SoU2rZ73jMB8GA1UdIwQY
MBaAFDY/CVCP3yVkSCGbKEuwmyOytROWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmo4SlVJX2ZKV1JJSVpzb1M3Q2JJN0sxRTVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9hZDA1ZjItYWIzOS00MTMyLTg0OTIt
ZmQ4MTQ0NTVhODY4LzEvOVZPZlZGNnI5MS03MWVMTFgxS2hUYXRudmVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9hZDA1ZjItYWIzOS00MTMyLTg0OTItZmQ4MTQ0NTVhODY4
LzEvTmo4SlVJX2ZKV1JJSVpzb1M3Q2JJN0sxRTVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1GiMMA0G
CSqGSIb3DQEBCwUAA4IBAQBsOFsBYbDVtGjhOZXcZi6cbs7oP1g0Kqh6efXQeLrr
q4jfE30ndoFGNZIPtI2zurvRFddMC4cCYyIFnjlkHzOmv+4a62NRxVlyf0ItAKTd
tGVVC0F7Z81VCPWFpJHaLcEOeT3JqzDfErPfexn1/PoGt7vQ3c99qE0TJ7VjC13h
CpN7QKgvJbsaMXSR6JLTl3aN+kvXHJOsRPQlgOtmxc4/BbIbszYAEvA1ArLpMS04
d8256qEU5QxWEXOBefM9ub5Vu0/cArI13np7muzvml61BNfT53kHZ1PIbqhs3n/f
aq8gR6VJD1uSUJmCl7SwsxY0rTqrnSotyoytqBuGL+nm
-----END CERTIFICATE-----