Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/9yVY6yUm5RPHBH3cYHYF_a2-HhA.roa
File:                     9yVY6yUm5RPHBH3cYHYF_a2-HhA.roa (raw, json)
Hash identifier:          5Z3OjCiAIpNWwlNMzv/LCkUxFw7Wmcv82+QThBSFncY=
Subject key identifier:   F7:25:58:EB:25:26:E5:13:C7:04:7D:DC:60:76:05:FD:AD:BE:1E:10
Certificate issuer:       /CN=8810fc3198a0ab99647877dbe5725e05cee013f0
Certificate serial:       018CC9BC1DC904AD31591D1AE4AED4A18E82
Authority key identifier: 88:10:FC:31:98:A0:AB:99:64:78:77:DB:E5:72:5E:05:CE:E0:13:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBD8MZigq5lkeHfb5XJeBc7gE_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/9yVY6yUm5RPHBH3cYHYF_a2-HhA.roa
Signing time:             Tue 02 Jan 2024 10:33:17 +0000
ROA not before:           Tue 02 Jan 2024 10:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210118
IP address blocks:        217.198.184.0/24 maxlen: 24
                          2a11:f940::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/iBD8MZigq5lkeHfb5XJeBc7gE_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/iBD8MZigq5lkeHfb5XJeBc7gE_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBD8MZigq5lkeHfb5XJeBc7gE_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:1d:c9:04:ad:31:59:1d:1a:e4:ae:d4:a1:8e:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8810fc3198a0ab99647877dbe5725e05cee013f0
        Validity
            Not Before: Jan  2 10:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f72558eb2526e513c7047ddc607605fdadbe1e10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c7:92:ba:fa:39:0d:e7:3e:ad:a3:2a:54:cf:
                    37:b2:c3:ad:dd:ea:1b:58:f5:45:b3:43:3d:47:ed:
                    63:ed:c6:3c:12:14:66:c3:c9:38:94:69:6b:a6:89:
                    9d:35:07:9a:29:69:c2:b7:51:3b:77:d0:9a:e5:57:
                    62:ff:78:11:e6:36:64:49:89:62:32:1e:59:40:56:
                    74:94:c1:ab:39:93:51:7f:a6:e3:28:24:49:c3:5b:
                    43:75:6f:87:08:58:ea:e6:20:71:a5:2b:8f:41:dc:
                    82:2b:0e:e1:5f:1e:a7:0f:f8:b9:26:6d:7e:1e:54:
                    2d:d2:5e:b8:24:d7:ef:9f:b9:6e:ad:bc:eb:8d:6f:
                    a8:dd:e6:d1:db:c4:1a:ba:43:fc:ab:0c:b4:5a:6c:
                    74:e6:3e:1a:0f:c7:c7:34:9e:4b:bd:cd:3f:11:56:
                    ac:ea:29:20:63:7b:0f:e4:25:99:63:dd:ac:d3:23:
                    aa:d3:4d:79:c6:df:c6:f6:64:2f:4c:f9:e8:f1:dc:
                    d3:a7:aa:d3:3a:b3:ed:16:4f:92:d7:54:6e:0c:fa:
                    e0:90:5c:f0:65:a1:39:55:54:66:e9:d2:6c:a0:93:
                    9f:f3:58:62:13:5d:47:5d:c4:30:f3:69:8f:7e:c3:
                    f3:69:60:81:c5:7e:5d:8b:2c:93:3c:b5:a7:27:a1:
                    a3:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:25:58:EB:25:26:E5:13:C7:04:7D:DC:60:76:05:FD:AD:BE:1E:10
            X509v3 Authority Key Identifier:
                keyid:88:10:FC:31:98:A0:AB:99:64:78:77:DB:E5:72:5E:05:CE:E0:13:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBD8MZigq5lkeHfb5XJeBc7gE_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/9yVY6yUm5RPHBH3cYHYF_a2-HhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/iBD8MZigq5lkeHfb5XJeBc7gE_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.184.0/24
                IPv6:
                  2a11:f940::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:04:6f:76:55:5e:39:18:92:d9:f2:0a:f7:6b:ee:6e:4f:b2:
         85:5a:6d:b7:31:69:1b:08:3a:d5:b0:57:88:66:c2:5f:f7:9e:
         21:8b:f3:7f:72:6d:b6:2c:29:5c:09:31:9d:29:20:c2:fd:03:
         26:5c:3b:30:cf:45:7a:ba:21:51:a9:b1:82:89:0f:46:cb:e8:
         5a:58:4d:87:45:9f:af:cc:7d:01:c1:35:13:92:e3:d2:0e:7c:
         bf:90:c1:cd:fa:63:f6:c8:82:08:53:5c:fb:af:6a:c1:ff:6a:
         1d:8d:3e:72:54:31:0e:f9:3f:90:1f:78:23:94:2e:eb:c2:cc:
         2c:c9:23:82:66:5e:57:1b:3d:f8:10:bf:3f:7d:6c:24:d7:5f:
         68:85:78:b7:3d:81:be:0d:89:2c:bd:49:d5:63:ef:89:34:b2:
         fc:5f:f2:d0:18:82:d3:b7:d5:cb:e3:25:03:a1:e6:41:09:ae:
         db:54:30:89:4d:92:6e:38:2b:dd:89:ba:13:9d:3d:2c:05:5f:
         e5:59:c6:56:f6:4b:ea:76:64:00:14:00:25:01:88:a8:a8:0e:
         7a:bb:77:a5:c0:b9:25:c7:75:37:33:dc:57:ca:17:7f:f3:fd:
         e2:26:c5:54:2c:59:5c:0d:f3:01:fd:22:30:8f:ac:58:bc:99:
         c7:40:8c:6a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvB3JBK0xWR0a5K7UoY6CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTBmYzMxOThhMGFiOTk2NDc4NzdkYmU1NzI1ZTA1Y2Vl
MDEzZjAwHhcNMjQwMTAyMTAzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzI1NThlYjI1MjZlNTEzYzcwNDdkZGM2MDc2MDVmZGFkYmUxZTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhseSuvo5Dec+raMqVM83ssOt3eob
WPVFs0M9R+1j7cY8EhRmw8k4lGlrpomdNQeaKWnCt1E7d9Ca5Vdi/3gR5jZkSYli
Mh5ZQFZ0lMGrOZNRf6bjKCRJw1tDdW+HCFjq5iBxpSuPQdyCKw7hXx6nD/i5Jm1+
HlQt0l64JNfvn7lurbzrjW+o3ebR28QaukP8qwy0Wmx05j4aD8fHNJ5Lvc0/EVas
6ikgY3sP5CWZY92s0yOq0015xt/G9mQvTPno8dzTp6rTOrPtFk+S11RuDPrgkFzw
ZaE5VVRm6dJsoJOf81hiE11HXcQw82mPfsPzaWCBxX5diyyTPLWnJ6GjdwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPclWOslJuUTxwR93GB2Bf2tvh4QMB8GA1UdIwQY
MBaAFIgQ/DGYoKuZZHh32+VyXgXO4BPwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJEOE1aaWdxNWxrZUhmYjVYSmVCYzdnRV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jZjFmZmQtMTM0ZC00MzgyLThlNTkt
NGEwOGQ1YTFjNzFmLzEvOXlWWTZ5VW01UlBIQkgzY1lIWUZfYTItSGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jZjFmZmQtMTM0ZC00MzgyLThlNTktNGEwOGQ1YTFjNzFm
LzEvaUJEOE1aaWdxNWxrZUhmYjVYSmVCYzdnRV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2ca4MA0E
AgACMAcDBQMqEflAMA0GCSqGSIb3DQEBCwUAA4IBAQCpBG92VV45GJLZ8gr3a+5u
T7KFWm23MWkbCDrVsFeIZsJf954hi/N/cm22LClcCTGdKSDC/QMmXDswz0V6uiFR
qbGCiQ9Gy+haWE2HRZ+vzH0BwTUTkuPSDny/kMHN+mP2yIIIU1z7r2rB/2odjT5y
VDEO+T+QH3gjlC7rwswsySOCZl5XGz34EL8/fWwk119ohXi3PYG+DYksvUnVY++J
NLL8X/LQGILTt9XL4yUDoeZBCa7bVDCJTZJuOCvdiboTnT0sBV/lWcZW9kvqdmQA
FAAlAYioqA56u3elwLklx3U3M9xXyhd/8/3iJsVULFlcDfMB/SIwj6xYvJnHQIxq
-----END CERTIFICATE-----