Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/9PdQPRnnZyiyxaFI3CXVAqLbtPo.roa
File:                     9PdQPRnnZyiyxaFI3CXVAqLbtPo.roa (raw, json)
Hash identifier:          77bdVRJLI57StmPTeMBaNq7W14GnEAlDVEzircm5EEU=
Subject key identifier:   F4:F7:50:3D:19:E7:67:28:B2:C5:A1:48:DC:25:D5:02:A2:DB:B4:FA
Certificate issuer:       /CN=06c92df2c9faa2915fc5feb5a4270183419faef2
Certificate serial:       018CCA2BA9A7E0C775544AE96DA1B45D4D45
Authority key identifier: 06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/9PdQPRnnZyiyxaFI3CXVAqLbtPo.roa
Signing time:             Tue 02 Jan 2024 12:35:08 +0000
ROA not before:           Tue 02 Jan 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212981
IP address blocks:        193.200.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:a9:a7:e0:c7:75:54:4a:e9:6d:a1:b4:5d:4d:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06c92df2c9faa2915fc5feb5a4270183419faef2
        Validity
            Not Before: Jan  2 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4f7503d19e76728b2c5a148dc25d502a2dbb4fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2d:79:1b:2e:83:73:a4:40:5d:2c:1b:50:bb:
                    e1:43:b7:fb:57:c8:30:30:8e:41:a1:93:cb:20:ac:
                    60:9c:03:05:cb:91:49:fb:ad:f3:3f:16:d5:7e:78:
                    3a:ec:e7:e9:ea:81:87:d1:ee:bc:7c:d5:4b:52:5c:
                    e1:bc:01:8b:ec:9f:28:62:43:4f:69:99:7c:69:3c:
                    46:30:60:98:6b:88:3c:2a:5d:a0:26:12:c3:c1:34:
                    58:5b:1b:3e:ab:eb:1c:10:3e:3a:8b:e0:e8:a3:a9:
                    7a:05:19:29:57:fa:f3:4f:96:a7:0f:b8:f6:31:14:
                    12:f0:bc:53:68:45:f6:ed:69:62:bd:ed:05:59:16:
                    4f:1f:3d:18:f7:f0:55:8c:0f:96:83:ee:16:d6:f6:
                    28:05:3d:9e:46:8d:15:83:e1:8e:f2:63:31:3d:f5:
                    4a:28:77:86:58:ed:58:7e:be:c1:51:8d:b1:69:d3:
                    6a:4a:e2:d5:f3:05:c1:45:2b:4a:d1:69:f3:5b:85:
                    f4:0c:74:d7:e6:fe:66:6b:4e:24:b8:9a:b4:cf:c0:
                    7d:b2:11:c7:70:c8:22:2b:bb:5f:06:1d:61:42:af:
                    5c:c1:46:37:19:cb:cc:d1:9c:bc:ab:5a:0e:f2:96:
                    de:e6:96:b9:e1:4b:a3:3d:e4:c4:6b:60:cc:a8:5e:
                    09:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:F7:50:3D:19:E7:67:28:B2:C5:A1:48:DC:25:D5:02:A2:DB:B4:FA
            X509v3 Authority Key Identifier:
                keyid:06:C9:2D:F2:C9:FA:A2:91:5F:C5:FE:B5:A4:27:01:83:41:9F:AE:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bskt8sn6opFfxf61pCcBg0GfrvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/9PdQPRnnZyiyxaFI3CXVAqLbtPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/aae9a1-d05d-47ca-91de-d6d55c169e16/1/Bskt8sn6opFfxf61pCcBg0GfrvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:8c:94:a5:96:04:96:bd:ae:09:ce:8f:7c:37:1b:1c:be:f4:
         d2:74:92:9f:e7:f6:15:33:40:61:cf:35:5f:7a:6f:c1:5e:27:
         a6:23:8b:1d:2b:78:e5:e2:38:d7:84:fa:d0:3d:2d:da:03:41:
         2d:39:f7:b8:5e:bc:b4:5a:a6:87:d2:e3:58:c8:fd:ec:02:bd:
         20:31:1d:b8:71:ab:4b:f9:44:98:95:35:a0:6b:3a:7f:e0:8b:
         47:96:08:1f:4e:5a:8d:6a:59:a6:2f:c7:6a:74:49:cb:6f:bf:
         4e:96:86:6f:00:d3:89:a5:47:bf:5d:19:db:9a:0d:03:76:74:
         4d:36:d4:6b:4d:4b:3a:4d:7f:1a:24:ed:f1:26:19:97:d5:07:
         c2:69:ef:5b:e9:1c:2d:4d:d8:c6:24:e5:d1:d1:29:93:d6:39:
         fc:80:ec:0f:95:5b:1e:f7:49:10:36:28:3e:76:19:15:be:b6:
         f3:43:e6:d8:ac:86:36:bc:8d:0b:29:00:7e:56:c7:3d:62:a6:
         9f:ee:1a:66:cc:1a:79:59:13:70:dd:d5:b8:7c:cc:72:f7:f1:
         12:5f:a5:51:df:bf:e4:57:89:f3:fb:b7:4e:09:73:88:59:12:
         2c:87:36:e0:12:70:12:76:4a:36:ab:1a:23:d9:83:3d:47:77:
         2c:b8:b8:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK6mn4Md1VErpbaG0XU1FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YzkyZGYyYzlmYWEyOTE1ZmM1ZmViNWE0MjcwMTgzNDE5
ZmFlZjIwHhcNMjQwMTAyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGY3NTAzZDE5ZTc2NzI4YjJjNWExNDhkYzI1ZDUwMmEyZGJiNGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmi15Gy6Dc6RAXSwbULvhQ7f7V8gw
MI5BoZPLIKxgnAMFy5FJ+63zPxbVfng67Ofp6oGH0e68fNVLUlzhvAGL7J8oYkNP
aZl8aTxGMGCYa4g8Kl2gJhLDwTRYWxs+q+scED46i+Doo6l6BRkpV/rzT5anD7j2
MRQS8LxTaEX27Wlive0FWRZPHz0Y9/BVjA+Wg+4W1vYoBT2eRo0Vg+GO8mMxPfVK
KHeGWO1Yfr7BUY2xadNqSuLV8wXBRStK0WnzW4X0DHTX5v5ma04kuJq0z8B9shHH
cMgiK7tfBh1hQq9cwUY3GcvM0Zy8q1oO8pbe5pa54UujPeTEa2DMqF4JPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPT3UD0Z52cossWhSNwl1QKi27T6MB8GA1UdIwQY
MBaAFAbJLfLJ+qKRX8X+taQnAYNBn67yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUt
ZDZkNTVjMTY5ZTE2LzEvOVBkUVBSbm5aeWl5eGFGSTNDWFZBcUxidFBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni9hYWU5YTEtZDA1ZC00N2NhLTkxZGUtZDZkNTVjMTY5ZTE2
LzEvQnNrdDhzbjZvcEZmeGY2MXBDY0JnMEdmcnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwci6MA0G
CSqGSIb3DQEBCwUAA4IBAQAmjJSllgSWva4Jzo98NxscvvTSdJKf5/YVM0BhzzVf
em/BXiemI4sdK3jl4jjXhPrQPS3aA0EtOfe4Xry0WqaH0uNYyP3sAr0gMR24catL
+USYlTWgazp/4ItHlggfTlqNalmmL8dqdEnLb79OloZvANOJpUe/XRnbmg0DdnRN
NtRrTUs6TX8aJO3xJhmX1QfCae9b6RwtTdjGJOXR0SmT1jn8gOwPlVse90kQNig+
dhkVvrbzQ+bYrIY2vI0LKQB+Vsc9Yqaf7hpmzBp5WRNw3dW4fMxy9/ESX6VR37/k
V4nz+7dOCXOIWRIshzbgEnASdko2qxoj2YM9R3csuLjQ
-----END CERTIFICATE-----