Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/9PecE79656DPdYv9GoodkguUtlU.roa
File:                     9PecE79656DPdYv9GoodkguUtlU.roa (raw, json)
Hash identifier:          QC1TMFstkTeMzI1vSYpIbBijOPmVw71G3lj4/BSQc60=
Subject key identifier:   F4:F7:9C:13:BF:7A:E7:A0:CF:75:8B:FD:1A:8A:1D:92:0B:94:B6:55
Certificate issuer:       /CN=aafc41aafbbccaa96711849745ef722a5260ac7e
Certificate serial:       018CC7272A7452D1E80B77E70102B2A1E51A
Authority key identifier: AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/9PecE79656DPdYv9GoodkguUtlU.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        45.67.92.0/22 maxlen: 24
                          2a09:7440::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2a:74:52:d1:e8:0b:77:e7:01:02:b2:a1:e5:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aafc41aafbbccaa96711849745ef722a5260ac7e
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4f79c13bf7ae7a0cf758bfd1a8a1d920b94b655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d7:10:db:71:92:91:a9:8d:7a:a5:c4:75:1e:
                    c7:f4:80:50:04:88:d5:df:32:62:57:62:5f:32:17:
                    9f:86:58:8c:83:0c:9e:94:aa:09:10:ec:53:bf:39:
                    74:85:f5:df:c6:2f:8a:da:17:77:cd:79:4f:1d:6f:
                    46:99:60:7f:35:9c:4b:88:0b:d2:4d:91:42:e0:da:
                    0c:06:32:31:25:5c:8d:33:88:79:b7:f7:d9:10:fe:
                    38:22:6f:8a:a7:10:30:10:62:e8:b0:27:55:8a:60:
                    f3:0f:84:42:ef:55:3b:21:bf:dc:0a:ee:c4:a9:e4:
                    07:61:24:7c:81:c1:1c:dc:8a:90:46:fe:ae:7f:6e:
                    37:81:57:5c:40:64:cf:ed:91:71:7d:b8:a7:bb:67:
                    67:99:c6:45:e0:6b:0b:9d:a8:c5:a7:d1:86:99:9b:
                    9d:61:2c:bf:ac:aa:8f:9b:d0:a0:0b:f2:e1:46:19:
                    65:51:68:ec:97:26:c3:ae:40:61:d6:69:93:54:6b:
                    92:48:a4:af:e5:52:1f:f3:23:e6:08:7e:d2:ee:2e:
                    eb:b4:89:53:dd:a8:f0:55:68:5e:07:8c:d7:24:b0:
                    6a:d9:63:3b:32:a0:bc:76:53:ad:68:62:e5:19:ee:
                    be:44:cb:3f:20:f8:36:f6:31:8c:ef:2b:57:8d:c2:
                    a6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F7:9C:13:BF:7A:E7:A0:CF:75:8B:FD:1A:8A:1D:92:0B:94:B6:55
            X509v3 Authority Key Identifier:
                keyid:AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/9PecE79656DPdYv9GoodkguUtlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.92.0/22
                IPv6:
                  2a09:7440::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:6f:7f:26:ee:fc:fb:67:ac:4f:df:e5:65:c1:64:07:e8:55:
         df:3d:4d:0b:d6:36:c8:64:96:45:c7:e3:a5:52:bd:d8:18:ec:
         70:d0:db:7f:19:b8:6d:97:b0:b0:0f:55:01:31:35:3f:b9:8b:
         ac:6b:f5:b8:50:81:ef:4e:f7:71:81:6a:11:9a:01:25:de:4f:
         f2:24:be:48:ae:18:31:2b:54:08:93:68:9d:86:2c:04:e9:bc:
         a1:9b:47:b6:28:e8:86:7a:d4:b2:61:b1:a8:26:07:a0:81:ed:
         e8:97:9b:56:e3:2e:43:c4:1e:9b:bd:b3:0b:d9:3d:65:1e:c8:
         29:6a:6c:8e:0a:a5:84:63:e8:5a:2a:5d:5b:d9:1d:8a:9f:2e:
         bb:b8:91:57:80:f9:7d:c0:78:ba:d3:c8:14:f5:4f:6f:c5:75:
         ef:53:b3:3e:87:bf:dc:3e:51:ea:63:dc:3b:d6:85:eb:ea:fd:
         8e:ac:29:4d:96:89:08:33:92:c3:fa:f5:1a:eb:e1:ad:94:f7:
         93:b6:bf:62:91:c4:07:e7:be:37:bf:9f:2c:42:3e:b2:5b:19:
         55:ba:f9:4f:33:85:96:65:05:bc:fd:c1:69:5f:38:51:a0:6c:
         35:8b:01:83:ea:92:f6:e0:fd:1a:9f:ff:6a:99:e9:db:3d:a7:
         2c:81:1e:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJyp0UtHoC3fnAQKyoeUaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZmM0MWFhZmJiY2NhYTk2NzExODQ5NzQ1ZWY3MjJhNTI2
MGFjN2UwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGY3OWMxM2JmN2FlN2EwY2Y3NThiZmQxYThhMWQ5MjBiOTRiNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNcQ23GSkamNeqXEdR7H9IBQBIjV
3zJiV2JfMhefhliMgwyelKoJEOxTvzl0hfXfxi+K2hd3zXlPHW9GmWB/NZxLiAvS
TZFC4NoMBjIxJVyNM4h5t/fZEP44Im+KpxAwEGLosCdVimDzD4RC71U7Ib/cCu7E
qeQHYSR8gcEc3IqQRv6uf243gVdcQGTP7ZFxfbinu2dnmcZF4GsLnajFp9GGmZud
YSy/rKqPm9CgC/LhRhllUWjslybDrkBh1mmTVGuSSKSv5VIf8yPmCH7S7i7rtIlT
3ajwVWheB4zXJLBq2WM7MqC8dlOtaGLlGe6+RMs/IPg29jGM7ytXjcKmoQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPT3nBO/euegz3WL/RqKHZILlLZVMB8GA1UdIwQY
MBaAFKr8Qar7vMqpZxGEl0XvcipSYKx+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjct
MWJjMzFjNjI0MDFmLzEvOVBlY0U3OTY1NkRQZFl2OUdvb2RrZ3VVdGxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjctMWJjMzFjNjI0MDFm
LzEvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUNcMA0E
AgACMAcDBQAqCXRAMA0GCSqGSIb3DQEBCwUAA4IBAQAJb38m7vz7Z6xP3+VlwWQH
6FXfPU0L1jbIZJZFx+OlUr3YGOxw0Nt/Gbhtl7CwD1UBMTU/uYusa/W4UIHvTvdx
gWoRmgEl3k/yJL5IrhgxK1QIk2idhiwE6byhm0e2KOiGetSyYbGoJgegge3ol5tW
4y5DxB6bvbML2T1lHsgpamyOCqWEY+haKl1b2R2Kny67uJFXgPl9wHi608gU9U9v
xXXvU7M+h7/cPlHqY9w71oXr6v2OrClNlokIM5LD+vUa6+GtlPeTtr9ikcQH5743
v58sQj6yWxlVuvlPM4WWZQW8/cFpXzhRoGw1iwGD6pL24P0an/9qmenbPacsgR7r
-----END CERTIFICATE-----