Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/9W9GexccxcsFndnrz6bnFerKh-4.roa
File:                     9W9GexccxcsFndnrz6bnFerKh-4.roa (raw, json)
Hash identifier:          hXD6vG7uFRXfvvZtaLy0p3yxzEUh5H5mMHn4MHQOxCU=
Subject key identifier:   F5:6F:46:7B:17:1C:C5:CB:05:9D:D9:EB:CF:A6:E7:15:EA:CA:87:EE
Certificate issuer:       /CN=c3037d2e7b09a0fbd108168a44874f6bd1689b60
Certificate serial:       018CC726FC4FFF6C3580CFE884B26F599655
Authority key identifier: C3:03:7D:2E:7B:09:A0:FB:D1:08:16:8A:44:87:4F:6B:D1:68:9B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wwN9LnsJoPvRCBaKRIdPa9Fom2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/9W9GexccxcsFndnrz6bnFerKh-4.roa
Signing time:             Mon 01 Jan 2024 22:31:10 +0000
ROA not before:           Mon 01 Jan 2024 22:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24929
IP address blocks:        195.144.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/wwN9LnsJoPvRCBaKRIdPa9Fom2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/wwN9LnsJoPvRCBaKRIdPa9Fom2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wwN9LnsJoPvRCBaKRIdPa9Fom2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fc:4f:ff:6c:35:80:cf:e8:84:b2:6f:59:96:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3037d2e7b09a0fbd108168a44874f6bd1689b60
        Validity
            Not Before: Jan  1 22:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f56f467b171cc5cb059dd9ebcfa6e715eaca87ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a2:9d:fd:41:a9:b7:06:90:4c:af:d3:fb:a6:
                    ed:30:f3:40:19:ab:26:06:4a:35:40:53:cb:79:c3:
                    41:da:8f:09:36:be:47:10:08:d4:ef:69:ac:e3:c5:
                    05:8d:e7:38:d6:03:16:2b:fe:34:01:9a:b6:12:b2:
                    7d:ba:32:cd:31:68:12:27:26:a4:79:31:45:93:f8:
                    08:f3:8d:12:fe:84:a4:07:de:0f:74:9c:48:c8:2a:
                    c4:6a:15:b9:be:94:44:95:22:06:02:d8:cc:1a:b9:
                    b2:ed:86:22:80:86:66:bb:bb:75:68:79:4e:1e:ee:
                    00:85:47:f2:9e:ff:de:4a:1e:3b:49:86:83:a2:e4:
                    24:55:45:54:e0:ff:d5:21:1d:57:83:77:52:4c:09:
                    ba:90:ff:5b:66:ea:a0:bf:e5:97:fc:6c:2a:58:81:
                    c0:a0:03:8e:78:9f:be:36:33:29:d7:7f:7f:09:ed:
                    1d:72:80:a7:28:d1:0d:96:e7:a1:2d:95:92:e3:b5:
                    cf:ff:48:8f:51:e7:3f:cf:a1:3f:93:f4:a4:40:17:
                    4f:15:75:4c:a2:d3:85:f2:39:6b:bf:8e:0f:42:ed:
                    fd:21:b0:ac:09:56:0b:8e:70:13:e4:cf:7b:5a:a4:
                    b8:ee:26:ca:8a:72:ce:b5:7a:2e:3d:ac:4b:71:97:
                    19:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6F:46:7B:17:1C:C5:CB:05:9D:D9:EB:CF:A6:E7:15:EA:CA:87:EE
            X509v3 Authority Key Identifier:
                keyid:C3:03:7D:2E:7B:09:A0:FB:D1:08:16:8A:44:87:4F:6B:D1:68:9B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wwN9LnsJoPvRCBaKRIdPa9Fom2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/9W9GexccxcsFndnrz6bnFerKh-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/wwN9LnsJoPvRCBaKRIdPa9Fom2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.144.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:22:c2:37:bb:6e:f6:10:b3:a5:9b:2d:82:38:ce:c8:df:ef:
         56:8a:22:03:12:8a:73:4d:ad:34:5b:3b:69:d7:fb:39:c1:38:
         ef:4e:2c:c0:df:d9:9c:c8:4b:38:c6:20:8d:b0:61:c9:fb:c6:
         f5:8c:a8:7e:02:6e:27:c7:e7:a0:41:03:ab:a9:81:36:9d:a0:
         75:28:24:e5:41:73:bc:2e:69:d9:97:4d:03:70:23:58:b1:7e:
         a4:25:99:49:25:85:c8:f6:21:90:b7:e0:23:b6:37:3a:aa:ec:
         1b:b2:14:ec:68:cd:57:f4:8c:b0:05:81:66:c6:7f:b2:54:36:
         1d:26:2a:d3:73:4c:f9:fd:1a:92:87:c2:ec:02:ad:05:4a:d7:
         07:bb:8d:e7:47:21:c6:81:65:dd:98:78:1d:26:c0:d6:be:19:
         37:6a:b4:67:63:ce:c7:88:2a:38:89:e4:9a:8b:8d:ab:20:07:
         03:f9:33:da:32:ff:5f:fb:9a:35:01:ba:e4:6b:02:2e:07:9c:
         d2:be:40:70:0a:29:40:f6:f3:51:41:a6:7f:1b:7a:97:5d:77:
         9f:cf:88:c6:d7:7f:f8:23:46:e1:75:aa:71:35:b5:fd:fe:d3:
         dc:f5:78:7f:74:96:95:49:39:8a:c2:3b:06:81:bd:c2:48:73:
         3f:28:78:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvxP/2w1gM/ohLJvWZZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMDM3ZDJlN2IwOWEwZmJkMTA4MTY4YTQ0ODc0ZjZiZDE2
ODliNjAwHhcNMjQwMTAxMjIzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZmNDY3YjE3MWNjNWNiMDU5ZGQ5ZWJjZmE2ZTcxNWVhY2E4N2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6Kd/UGptwaQTK/T+6btMPNAGasm
Bko1QFPLecNB2o8JNr5HEAjU72ms48UFjec41gMWK/40AZq2ErJ9ujLNMWgSJyak
eTFFk/gI840S/oSkB94PdJxIyCrEahW5vpRElSIGAtjMGrmy7YYigIZmu7t1aHlO
Hu4AhUfynv/eSh47SYaDouQkVUVU4P/VIR1Xg3dSTAm6kP9bZuqgv+WX/GwqWIHA
oAOOeJ++NjMp139/Ce0dcoCnKNENluehLZWS47XP/0iPUec/z6E/k/SkQBdPFXVM
otOF8jlrv44PQu39IbCsCVYLjnAT5M97WqS47ibKinLOtXouPaxLcZcZCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVvRnsXHMXLBZ3Z68+m5xXqyofuMB8GA1UdIwQY
MBaAFMMDfS57CaD70QgWikSHT2vRaJtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3dOOUxuc0pvUHZSQ0JhS1JJZFBhOUZvbTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS82Y2I3MmQtNjkwYS00MDZmLThhZGQt
ODBlN2JiYjA0MWIyLzEvOVc5R2V4Y2N4Y3NGbmRucno2Ym5GZXJLaC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS82Y2I3MmQtNjkwYS00MDZmLThhZGQtODBlN2JiYjA0MWIy
LzEvd3dOOUxuc0pvUHZSQ0JhS1JJZFBhOUZvbTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5AJMA0G
CSqGSIb3DQEBCwUAA4IBAQAhIsI3u272ELOlmy2COM7I3+9WiiIDEopzTa00Wztp
1/s5wTjvTizA39mcyEs4xiCNsGHJ+8b1jKh+Am4nx+egQQOrqYE2naB1KCTlQXO8
LmnZl00DcCNYsX6kJZlJJYXI9iGQt+Ajtjc6quwbshTsaM1X9IywBYFmxn+yVDYd
JirTc0z5/RqSh8LsAq0FStcHu43nRyHGgWXdmHgdJsDWvhk3arRnY87HiCo4ieSa
i42rIAcD+TPaMv9f+5o1AbrkawIuB5zSvkBwCilA9vNRQaZ/G3qXXXefz4jG13/4
I0bhdapxNbX9/tPc9Xh/dJaVSTmKwjsGgb3CSHM/KHjt
-----END CERTIFICATE-----