Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/9a99f9-2d6c-4a4a-a096-0c73bec5107c/1/tJ9MZUMDPiq310kt4eN6ud_uZrs.roa
File:                     tJ9MZUMDPiq310kt4eN6ud_uZrs.roa (raw, json)
Hash identifier:          8jaSopPSKJW6R6et8QiU5WegV1yg61h7nBFzDVjTBr4=
Subject key identifier:   B4:9F:4C:65:43:03:3E:2A:B7:D7:49:2D:E1:E3:7A:B9:DF:EE:66:BB
Certificate issuer:       /CN=d0f313b640c6de7535b81ec68c40ee6ec99fff4d
Certificate serial:       018CC4934175C5A87F3AACB529DC7CA3FD63
Authority key identifier: D0:F3:13:B6:40:C6:DE:75:35:B8:1E:C6:8C:40:EE:6E:C9:9F:FF:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0PMTtkDG3nU1uB7GjEDubsmf_00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/9a99f9-2d6c-4a4a-a096-0c73bec5107c/1/tJ9MZUMDPiq310kt4eN6ud_uZrs.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50600
IP address blocks:        109.197.72.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/9a99f9-2d6c-4a4a-a096-0c73bec5107c/1/0PMTtkDG3nU1uB7GjEDubsmf_00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/9a99f9-2d6c-4a4a-a096-0c73bec5107c/1/0PMTtkDG3nU1uB7GjEDubsmf_00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0PMTtkDG3nU1uB7GjEDubsmf_00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:41:75:c5:a8:7f:3a:ac:b5:29:dc:7c:a3:fd:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0f313b640c6de7535b81ec68c40ee6ec99fff4d
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b49f4c6543033e2ab7d7492de1e37ab9dfee66bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:94:67:f9:dd:be:fc:b0:b6:d0:0c:a9:52:18:
                    72:1c:84:53:58:a5:4a:9e:e8:b3:4f:27:0f:17:4c:
                    8b:5f:18:8e:d2:9d:09:12:ea:4f:df:f2:02:cb:a0:
                    86:33:bc:13:2f:d4:2b:04:7b:0c:32:35:4b:ac:fe:
                    50:20:eb:b0:14:bc:71:a2:d2:5e:4a:3f:aa:e9:5a:
                    7a:0b:18:fa:ab:3a:86:1e:6e:6f:1a:f9:9b:59:93:
                    4c:d1:41:4f:fd:41:ce:26:00:20:54:53:3f:83:3d:
                    a9:5c:33:df:02:46:ac:c1:01:3a:e9:45:1a:bd:83:
                    5f:1f:8d:63:57:af:06:50:d1:15:50:e7:1d:84:b7:
                    e1:39:68:32:6c:43:fa:90:94:f2:c2:97:55:53:47:
                    75:1f:26:27:25:75:e0:d4:00:de:b9:71:d8:4a:82:
                    1e:f4:5d:66:4d:a6:6f:04:a2:96:f7:50:56:1b:b5:
                    11:ce:f2:76:5e:44:83:6b:76:83:45:a4:d2:f5:f3:
                    30:bf:00:86:6a:e8:79:55:ce:bd:83:78:27:a3:84:
                    64:c1:d3:7b:d7:71:63:99:6f:41:c9:d2:2a:99:8e:
                    a3:6e:4f:77:bc:5b:16:d0:48:11:05:6b:ea:72:64:
                    0d:d5:f4:52:0e:fa:47:56:83:88:69:5b:16:62:2a:
                    5e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:9F:4C:65:43:03:3E:2A:B7:D7:49:2D:E1:E3:7A:B9:DF:EE:66:BB
            X509v3 Authority Key Identifier:
                keyid:D0:F3:13:B6:40:C6:DE:75:35:B8:1E:C6:8C:40:EE:6E:C9:9F:FF:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0PMTtkDG3nU1uB7GjEDubsmf_00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9a99f9-2d6c-4a4a-a096-0c73bec5107c/1/tJ9MZUMDPiq310kt4eN6ud_uZrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/9a99f9-2d6c-4a4a-a096-0c73bec5107c/1/0PMTtkDG3nU1uB7GjEDubsmf_00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.197.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:4e:69:36:fd:d2:42:0a:aa:dd:db:d1:ec:cd:4b:8b:a4:f1:
         03:54:41:54:30:24:93:55:61:f0:4e:eb:95:a6:18:2f:d8:5d:
         15:ff:06:c9:19:57:84:69:18:33:7b:5c:84:ea:c3:a3:22:df:
         b2:9a:7a:f6:fc:5c:93:71:81:fa:36:29:15:60:bd:68:33:63:
         3a:b9:63:79:15:87:22:e1:ad:39:a0:65:39:6f:b1:58:a4:75:
         5d:6f:9e:c1:77:ee:b7:e5:14:f5:21:69:54:7a:42:00:4f:e1:
         23:9b:d6:4f:3a:92:64:c2:cb:3f:ee:ba:ae:b9:d5:d7:b2:7b:
         26:0d:60:30:1b:26:c9:c4:eb:1d:5b:eb:82:42:1a:ed:7a:4e:
         1e:d1:6a:8f:20:66:8e:3e:1f:83:d2:c4:b0:45:f3:45:c2:25:
         8c:f8:44:f7:d4:4b:eb:8f:64:05:63:5c:a2:af:58:3c:d1:0d:
         82:fc:3d:7c:95:0a:fb:c0:cd:94:92:60:8d:68:c4:58:24:97:
         87:ad:d0:cf:61:0a:d3:a5:c1:9b:12:e1:90:f7:c5:22:d1:9d:
         c0:4e:40:fe:cd:b0:bc:3e:d5:d7:6c:0e:20:d2:39:3b:e5:08:
         2b:be:62:72:81:a7:bf:9c:8b:fc:95:5f:a5:c0:50:b5:d2:be:
         46:c5:a8:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0F1xah/Oqy1Kdx8o/1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwZjMxM2I2NDBjNmRlNzUzNWI4MWVjNjhjNDBlZTZlYzk5
ZmZmNGQwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDlmNGM2NTQzMDMzZTJhYjdkNzQ5MmRlMWUzN2FiOWRmZWU2NmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj5Rn+d2+/LC20AypUhhyHIRTWKVK
nuizTycPF0yLXxiO0p0JEupP3/ICy6CGM7wTL9QrBHsMMjVLrP5QIOuwFLxxotJe
Sj+q6Vp6Cxj6qzqGHm5vGvmbWZNM0UFP/UHOJgAgVFM/gz2pXDPfAkaswQE66UUa
vYNfH41jV68GUNEVUOcdhLfhOWgybEP6kJTywpdVU0d1HyYnJXXg1ADeuXHYSoIe
9F1mTaZvBKKW91BWG7URzvJ2XkSDa3aDRaTS9fMwvwCGauh5Vc69g3gno4RkwdN7
13FjmW9BydIqmY6jbk93vFsW0EgRBWvqcmQN1fRSDvpHVoOIaVsWYipelQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSfTGVDAz4qt9dJLeHjernf7ma7MB8GA1UdIwQY
MBaAFNDzE7ZAxt51NbgexoxA7m7Jn/9NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFBNVHRrREczblUxdUI3R2pFRHVic21mXzAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85YTk5ZjktMmQ2Yy00YTRhLWEwOTYt
MGM3M2JlYzUxMDdjLzEvdEo5TVpVTURQaXEzMTBrdDRlTjZ1ZF91WnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85YTk5ZjktMmQ2Yy00YTRhLWEwOTYtMGM3M2JlYzUxMDdj
LzEvMFBNVHRrREczblUxdUI3R2pFRHVic21mXzAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbcVIMA0G
CSqGSIb3DQEBCwUAA4IBAQACTmk2/dJCCqrd29HszUuLpPEDVEFUMCSTVWHwTuuV
phgv2F0V/wbJGVeEaRgze1yE6sOjIt+ymnr2/FyTcYH6NikVYL1oM2M6uWN5FYci
4a05oGU5b7FYpHVdb57Bd+635RT1IWlUekIAT+Ejm9ZPOpJkwss/7rquudXXsnsm
DWAwGybJxOsdW+uCQhrtek4e0WqPIGaOPh+D0sSwRfNFwiWM+ET31Evrj2QFY1yi
r1g80Q2C/D18lQr7wM2UkmCNaMRYJJeHrdDPYQrTpcGbEuGQ98Ui0Z3ATkD+zbC8
PtXXbA4g0jk75QgrvmJygae/nIv8lV+lwFC10r5Gxah8
-----END CERTIFICATE-----