Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/A01CLQgLmJIAx2YuoN-xXMgntDA.roa
File:                     A01CLQgLmJIAx2YuoN-xXMgntDA.roa (raw, json)
Hash identifier:          fYcwlBJcDihetmhak+Kvts06BU1nRCJwunu1kPOPZPI=
Subject key identifier:   03:4D:42:2D:08:0B:98:92:00:C7:66:2E:A0:DF:B1:5C:C8:27:B4:30
Certificate issuer:       /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial:       0192AF0D1AB630E82BE658D9A9ABF0A6189A
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/A01CLQgLmJIAx2YuoN-xXMgntDA.roa
Signing time:             Mon 21 Oct 2024 12:28:44 +0000
ROA not before:           Mon 21 Oct 2024 12:28:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9094
IP address blocks:        213.9.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:af:0d:1a:b6:30:e8:2b:e6:58:d9:a9:ab:f0:a6:18:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
        Validity
            Not Before: Oct 21 12:28:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=034d422d080b989200c7662ea0dfb15cc827b430
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:31:23:58:01:28:e0:fc:9c:45:ea:d8:08:3f:
                    fd:e8:bb:f0:fe:3b:1b:f4:eb:18:b1:00:86:7e:10:
                    82:66:1a:3c:38:39:81:87:c1:50:64:b1:b4:a0:f2:
                    cd:da:a7:fe:89:82:0b:6c:fc:b7:f8:c0:b9:3f:fe:
                    29:31:71:e5:82:a4:2a:2b:1f:1b:df:22:1a:e2:e4:
                    f5:f7:5a:53:10:ed:7d:34:ad:dc:42:7e:89:17:02:
                    9c:a8:99:15:bb:66:91:69:e9:bb:6c:ad:e0:23:86:
                    c3:30:34:e1:79:ff:e0:17:de:17:b7:d4:1f:ef:90:
                    8d:75:55:b1:2f:05:4d:65:27:f6:09:98:b3:81:e8:
                    13:c2:da:f9:50:b2:f5:54:7c:e2:8c:b2:92:45:b5:
                    53:82:65:d2:0c:32:86:e6:31:66:87:86:bd:ac:b6:
                    b8:8e:80:2b:a4:9e:09:2c:cb:d5:ca:bd:54:01:ae:
                    33:5d:aa:c7:67:71:a2:13:b4:fd:a7:1d:88:b6:9d:
                    ac:5a:f9:de:31:eb:66:74:cc:63:86:1d:47:29:ad:
                    fb:fa:19:64:cb:8b:bc:41:85:25:e5:54:19:73:9d:
                    bb:99:f9:a6:74:a6:e6:d2:7d:bf:84:64:e0:03:b0:
                    c9:1b:89:1f:e3:2c:32:40:69:d3:6c:f5:03:f9:56:
                    16:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4D:42:2D:08:0B:98:92:00:C7:66:2E:A0:DF:B1:5C:C8:27:B4:30
            X509v3 Authority Key Identifier:
                keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/A01CLQgLmJIAx2YuoN-xXMgntDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.9.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:f6:cc:ee:63:1b:53:c2:b5:02:60:bd:b9:c4:3b:0f:b3:38:
         a9:82:01:50:8d:a1:a9:2e:5c:de:fb:0e:b0:9d:29:1f:08:5e:
         d2:b2:d2:df:85:b9:fb:ab:e9:65:e9:fc:80:04:69:79:91:d4:
         ac:72:cf:46:7f:74:89:bb:3d:2e:31:25:1f:6b:c1:ea:16:6e:
         36:14:0c:03:22:9a:7b:bc:99:99:3f:ec:13:8b:af:29:3a:ef:
         a4:36:f9:dc:4b:c9:6d:35:5c:1b:c9:e9:26:4d:7a:e9:ca:d1:
         39:23:b9:87:0a:5b:dd:d7:f4:fc:25:17:89:42:29:df:88:c6:
         1b:64:16:16:d1:eb:37:63:73:db:82:3a:99:8a:bc:99:58:7e:
         9f:3c:f7:59:56:9c:16:01:83:a6:67:73:f6:3b:46:93:36:3b:
         7b:e8:fd:28:07:b5:8f:a7:d9:b0:cb:d3:a0:de:9b:91:7a:6c:
         42:52:8f:85:f5:22:76:e0:2d:7f:eb:8b:6d:76:07:c1:5a:1a:
         3b:5e:0d:32:39:34:3d:cd:85:6d:17:44:17:d4:f6:52:77:62:
         eb:97:81:8e:82:d3:d5:40:42:7f:c4:38:55:55:6e:dc:5b:18:
         1d:66:6d:79:64:10:bd:78:dc:2e:0d:5f:80:cb:30:05:b9:27:
         71:e7:01:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKvDRq2MOgr5ljZqavwphiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjQxMDIxMTIyODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRkNDIyZDA4MGI5ODkyMDBjNzY2MmVhMGRmYjE1Y2M4MjdiNDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9DEjWAEo4PycRerYCD/96Lvw/jsb
9OsYsQCGfhCCZho8ODmBh8FQZLG0oPLN2qf+iYILbPy3+MC5P/4pMXHlgqQqKx8b
3yIa4uT191pTEO19NK3cQn6JFwKcqJkVu2aRaem7bK3gI4bDMDThef/gF94Xt9Qf
75CNdVWxLwVNZSf2CZizgegTwtr5ULL1VHzijLKSRbVTgmXSDDKG5jFmh4a9rLa4
joArpJ4JLMvVyr1UAa4zXarHZ3GiE7T9px2Itp2sWvneMetmdMxjhh1HKa37+hlk
y4u8QYUl5VQZc527mfmmdKbm0n2/hGTgA7DJG4kf4ywyQGnTbPUD+VYWawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANNQi0IC5iSAMdmLqDfsVzIJ7QwMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvQTAxQ0xRZ0xtSklBeDJZdW9OLXhYTWdudERBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1QnzMA0G
CSqGSIb3DQEBCwUAA4IBAQCi9szuYxtTwrUCYL25xDsPszipggFQjaGpLlze+w6w
nSkfCF7SstLfhbn7q+ll6fyABGl5kdSscs9Gf3SJuz0uMSUfa8HqFm42FAwDIpp7
vJmZP+wTi68pOu+kNvncS8ltNVwbyekmTXrpytE5I7mHClvd1/T8JReJQinfiMYb
ZBYW0es3Y3PbgjqZiryZWH6fPPdZVpwWAYOmZ3P2O0aTNjt76P0oB7WPp9mwy9Og
3puRemxCUo+F9SJ24C1/64ttdgfBWho7Xg0yOTQ9zYVtF0QX1PZSd2Lrl4GOgtPV
QEJ/xDhVVW7cWxgdZm15ZBC9eNwuDV+AyzAFuSdx5wEK
-----END CERTIFICATE-----