Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/v09wgmaQEvvE9jeZGlpuaqiOpyE.roa
File:                     v09wgmaQEvvE9jeZGlpuaqiOpyE.roa (raw, json)
Hash identifier:          iVYbCREKbRDTopUth8n3nBAIzhViQkTkOjxKtGbWYqs=
Subject key identifier:   BF:4F:70:82:66:90:12:FB:C4:F6:37:99:1A:5A:6E:6A:A8:8E:A7:21
Certificate issuer:       /CN=764928a97be955377013d382c62940e950dd212b
Certificate serial:       018CC2DB29B3B6D408CB2968961B57907288
Authority key identifier: 76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/v09wgmaQEvvE9jeZGlpuaqiOpyE.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51131
IP address blocks:        185.205.216.0/22 maxlen: 24
                          2a0b:cc0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:29:b3:b6:d4:08:cb:29:68:96:1b:57:90:72:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=764928a97be955377013d382c62940e950dd212b
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf4f7082669012fbc4f637991a5a6e6aa88ea721
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bc:e6:b2:76:50:ed:f9:c4:60:a1:ca:7a:79:
                    67:d6:2c:b0:57:ba:f1:ec:24:dc:69:40:8b:50:be:
                    f3:8c:be:19:5f:ac:8d:e4:3e:c3:36:57:52:78:f3:
                    3b:b1:0f:ff:41:29:cd:66:1c:72:7e:75:9a:7c:f6:
                    f1:e2:53:2d:a7:96:91:71:b8:ba:a7:9a:c6:63:27:
                    db:19:79:06:cc:2d:10:75:f0:36:55:fb:a2:d1:da:
                    58:4a:e4:af:3e:1e:ef:69:a3:a1:57:e0:ff:56:1a:
                    b6:fd:02:39:27:52:c1:18:f4:6d:15:79:fa:da:aa:
                    12:92:95:27:ff:90:36:45:06:e1:b0:66:74:10:e0:
                    5e:b8:8a:45:9b:14:e3:bc:0b:da:3b:8e:4b:92:9c:
                    78:f2:71:da:0c:8e:66:fd:c9:27:af:5a:03:17:8c:
                    7d:c5:fd:a8:67:9f:6f:bf:48:18:1c:56:40:9e:97:
                    88:13:e6:d6:30:85:cb:a8:d1:46:49:51:b0:bf:26:
                    ad:a8:af:ee:83:a6:d0:3d:46:38:6f:01:59:55:da:
                    c1:01:7f:2f:72:34:d3:9c:63:16:2f:ce:c8:76:b2:
                    1d:41:95:7b:f4:5e:41:68:8d:e4:68:58:9d:a4:fb:
                    10:8e:b4:80:7c:64:52:c6:94:d1:b8:04:f4:24:fc:
                    7c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4F:70:82:66:90:12:FB:C4:F6:37:99:1A:5A:6E:6A:A8:8E:A7:21
            X509v3 Authority Key Identifier:
                keyid:76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/v09wgmaQEvvE9jeZGlpuaqiOpyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.216.0/22
                IPv6:
                  2a0b:cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:3d:95:90:d6:95:07:d9:a0:00:69:0f:03:22:d8:e0:03:5a:
         a6:78:e4:07:f3:35:07:d7:7c:5a:a9:e9:55:95:88:89:c9:61:
         0d:8f:17:47:b2:e1:d9:d8:bf:23:1d:ce:90:da:ec:bb:f7:07:
         ad:93:c2:c2:1a:1f:9b:b6:b1:59:dc:5c:01:f1:a8:53:a3:06:
         15:05:58:fc:1d:41:82:7a:dd:64:e4:21:c7:2f:56:0a:5b:67:
         c4:bf:ab:32:32:80:0e:0f:ba:27:54:c7:ec:e8:f2:ad:4c:30:
         6e:85:dd:3f:86:d1:02:61:87:fd:34:a8:6c:d0:b7:90:65:51:
         ef:ba:57:03:0e:29:a7:62:00:dd:47:cb:aa:86:d6:9b:52:32:
         09:d1:a1:b3:a5:8f:fb:de:c3:2a:e7:8d:78:ea:db:31:29:e3:
         59:7a:a5:ed:27:06:b8:43:ca:a3:d2:d8:bb:58:43:38:41:57:
         dd:7a:e0:a5:8f:d9:cc:d5:c8:a6:6d:aa:5b:cb:3a:5a:cf:46:
         4d:68:8d:04:20:f3:b9:a8:8b:fa:63:d4:4e:77:ca:3b:90:16:
         c5:b9:bb:2f:62:ed:ce:90:7f:8d:09:6b:d5:52:c8:ac:9b:46:
         1f:6c:71:ba:27:c4:9c:8b:fd:22:6c:7f:87:bc:32:8e:ce:bb:
         e7:45:bf:fb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2ymzttQIyylolhtXkHKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDkyOGE5N2JlOTU1Mzc3MDEzZDM4MmM2Mjk0MGU5NTBk
ZDIxMmIwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRmNzA4MjY2OTAxMmZiYzRmNjM3OTkxYTVhNmU2YWE4OGVhNzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLzmsnZQ7fnEYKHKenln1iywV7rx
7CTcaUCLUL7zjL4ZX6yN5D7DNldSePM7sQ//QSnNZhxyfnWafPbx4lMtp5aRcbi6
p5rGYyfbGXkGzC0QdfA2Vfui0dpYSuSvPh7vaaOhV+D/Vhq2/QI5J1LBGPRtFXn6
2qoSkpUn/5A2RQbhsGZ0EOBeuIpFmxTjvAvaO45Lkpx48nHaDI5m/cknr1oDF4x9
xf2oZ59vv0gYHFZAnpeIE+bWMIXLqNFGSVGwvyatqK/ug6bQPUY4bwFZVdrBAX8v
cjTTnGMWL87IdrIdQZV79F5BaI3kaFidpPsQjrSAfGRSxpTRuAT0JPx8MwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL9PcIJmkBL7xPY3mRpabmqojqchMB8GA1UdIwQY
MBaAFHZJKKl76VU3cBPTgsYpQOlQ3SErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDkt
YmMxNTIyNzg5ZDNiLzEvdjA5d2dtYVFFdnZFOWplWkdscHVhcWlPcHlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDktYmMxNTIyNzg5ZDNi
LzEvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc3YMA0E
AgACMAcDBQAqCwzAMA0GCSqGSIb3DQEBCwUAA4IBAQBEPZWQ1pUH2aAAaQ8DItjg
A1qmeOQH8zUH13xaqelVlYiJyWENjxdHsuHZ2L8jHc6Q2uy79wetk8LCGh+btrFZ
3FwB8ahTowYVBVj8HUGCet1k5CHHL1YKW2fEv6syMoAOD7onVMfs6PKtTDBuhd0/
htECYYf9NKhs0LeQZVHvulcDDimnYgDdR8uqhtabUjIJ0aGzpY/73sMq54146tsx
KeNZeqXtJwa4Q8qj0ti7WEM4QVfdeuClj9nM1cimbapbyzpaz0ZNaI0EIPO5qIv6
Y9ROd8o7kBbFubsvYu3OkH+NCWvVUsism0YfbHG6J8Sci/0ibH+HvDKOzrvnRb/7
-----END CERTIFICATE-----