Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/9Lg_b5u9tcPtdyPk4mdjB3wLjGs.roa
File:                     9Lg_b5u9tcPtdyPk4mdjB3wLjGs.roa (raw, json)
Hash identifier:          8OHxUt4ox8MyV5aY5cpTdt7tuQyh1yaRU2yY0KmxPyU=
Subject key identifier:   F4:B8:3F:6F:9B:BD:B5:C3:ED:77:23:E4:E2:67:63:07:7C:0B:8C:6B
Certificate issuer:       /CN=3bad9cd5034f81558f83d238eca406332bd7ba85
Certificate serial:       018CC94E10DEFCF186AF51732C4EAB226DE3
Authority key identifier: 3B:AD:9C:D5:03:4F:81:55:8F:83:D2:38:EC:A4:06:33:2B:D7:BA:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/9Lg_b5u9tcPtdyPk4mdjB3wLjGs.roa
Signing time:             Tue 02 Jan 2024 08:33:05 +0000
ROA not before:           Tue 02 Jan 2024 08:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13054
IP address blocks:        185.253.12.0/22 maxlen: 22
                          2a0c:3040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:10:de:fc:f1:86:af:51:73:2c:4e:ab:22:6d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bad9cd5034f81558f83d238eca406332bd7ba85
        Validity
            Not Before: Jan  2 08:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4b83f6f9bbdb5c3ed7723e4e26763077c0b8c6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d9:8c:75:54:70:48:80:77:88:e9:45:2e:08:
                    e3:01:fa:6f:05:25:96:e4:b7:7c:5c:dd:22:f3:fc:
                    df:2a:00:fd:e4:a7:f1:85:e9:a9:e5:49:d6:d2:26:
                    5e:2a:86:26:41:d7:be:43:ee:96:21:8a:fe:d8:b1:
                    64:30:15:d4:91:ce:0d:f8:27:a2:9a:a3:43:3b:b6:
                    c7:98:e3:e1:04:ef:b9:83:f8:31:36:46:94:d7:69:
                    9d:b9:ff:c1:d5:a0:b2:72:e3:d7:cf:a6:0a:e5:c4:
                    d7:d5:15:76:00:b9:1a:45:4c:21:11:06:62:03:50:
                    5e:66:be:f9:8b:cc:88:cf:07:c2:12:9d:b1:9d:a8:
                    09:67:cd:b6:97:19:01:35:a5:24:14:fa:7f:25:3e:
                    9d:f2:dd:25:8f:43:89:f4:ef:28:9a:ee:c0:63:09:
                    2d:4f:dd:7f:fa:80:50:08:6b:78:2e:36:a3:d3:64:
                    ad:c5:fb:1f:8d:99:20:da:ca:f4:38:46:1b:e4:6a:
                    64:d2:40:19:ed:5d:1f:67:28:e7:62:30:26:88:0a:
                    bb:e1:0f:34:c7:2f:1f:77:ac:27:fe:75:a9:a2:ff:
                    a6:51:ba:aa:a0:7d:18:34:88:f4:07:e1:f6:f9:79:
                    d0:3f:93:ba:7d:51:f9:72:db:d7:d1:b7:fe:cd:72:
                    56:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:B8:3F:6F:9B:BD:B5:C3:ED:77:23:E4:E2:67:63:07:7C:0B:8C:6B
            X509v3 Authority Key Identifier:
                keyid:3B:AD:9C:D5:03:4F:81:55:8F:83:D2:38:EC:A4:06:33:2B:D7:BA:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/9Lg_b5u9tcPtdyPk4mdjB3wLjGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.12.0/22
                IPv6:
                  2a0c:3040::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:92:a9:07:bf:40:89:8f:f4:64:af:cb:a9:d2:e2:e5:48:d0:
         81:6c:04:e6:d7:8e:a5:65:31:92:b8:74:fb:9c:5c:b3:52:c2:
         75:08:6f:7e:3a:d6:06:e7:71:26:b5:8e:b4:62:ab:54:f6:de:
         50:e9:66:49:d8:75:41:40:8c:95:ce:3b:3f:73:7c:5d:ca:fe:
         f0:2a:64:64:1c:ca:76:87:85:47:97:86:f6:45:8f:41:87:07:
         73:fa:bd:87:2f:82:25:8b:91:64:42:3a:6f:d8:21:68:d2:56:
         64:02:e0:f1:0f:87:9b:08:c3:1d:7a:cd:31:f5:0f:ab:16:3d:
         e1:91:d3:23:3c:da:f4:cf:f9:ad:18:e5:79:01:0b:7f:2c:13:
         81:66:49:40:ea:9c:aa:d9:55:db:51:0d:64:20:7c:1f:90:c6:
         56:79:28:4b:6e:c9:77:45:3e:f5:55:8b:92:de:a3:04:74:80:
         42:27:9d:bf:c2:dc:a3:a1:c4:20:0a:19:4a:76:57:90:4b:d8:
         8d:f3:31:1f:55:91:59:f5:09:cc:2e:16:cb:d8:02:d9:24:ce:
         e4:cd:39:b2:b1:6b:02:d9:4b:31:85:d7:cd:21:7e:cf:25:fc:
         11:0d:fe:e7:6f:d8:76:59:ee:6d:ae:10:89:39:e2:5d:ad:d6:
         d8:75:ae:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJThDe/PGGr1FzLE6rIm3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYWQ5Y2Q1MDM0ZjgxNTU4ZjgzZDIzOGVjYTQwNjMzMmJk
N2JhODUwHhcNMjQwMTAyMDgzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGI4M2Y2ZjliYmRiNWMzZWQ3NzIzZTRlMjY3NjMwNzdjMGI4YzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNmMdVRwSIB3iOlFLgjjAfpvBSWW
5Ld8XN0i8/zfKgD95Kfxhemp5UnW0iZeKoYmQde+Q+6WIYr+2LFkMBXUkc4N+Cei
mqNDO7bHmOPhBO+5g/gxNkaU12mduf/B1aCycuPXz6YK5cTX1RV2ALkaRUwhEQZi
A1BeZr75i8yIzwfCEp2xnagJZ822lxkBNaUkFPp/JT6d8t0lj0OJ9O8omu7AYwkt
T91/+oBQCGt4Ljaj02StxfsfjZkg2sr0OEYb5Gpk0kAZ7V0fZyjnYjAmiAq74Q80
xy8fd6wn/nWpov+mUbqqoH0YNIj0B+H2+XnQP5O6fVH5ctvX0bf+zXJWKwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPS4P2+bvbXD7Xcj5OJnYwd8C4xrMB8GA1UdIwQY
MBaAFDutnNUDT4FVj4PSOOykBjMr17qFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzYyYzFRTlBnVldQZzlJNDdLUUdNeXZYdW9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80MTZiYzctY2U4Ny00MmI2LThjNjgt
NGJhNWYyMDZmNjVhLzEvOUxnX2I1dTl0Y1B0ZHlQazRtZGpCM3dMakdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80MTZiYzctY2U4Ny00MmI2LThjNjgtNGJhNWYyMDZmNjVh
LzEvTzYyYzFRTlBnVldQZzlJNDdLUUdNeXZYdW9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf0MMA0E
AgACMAcDBQMqDDBAMA0GCSqGSIb3DQEBCwUAA4IBAQClkqkHv0CJj/Rkr8up0uLl
SNCBbATm146lZTGSuHT7nFyzUsJ1CG9+OtYG53EmtY60YqtU9t5Q6WZJ2HVBQIyV
zjs/c3xdyv7wKmRkHMp2h4VHl4b2RY9Bhwdz+r2HL4Ili5FkQjpv2CFo0lZkAuDx
D4ebCMMdes0x9Q+rFj3hkdMjPNr0z/mtGOV5AQt/LBOBZklA6pyq2VXbUQ1kIHwf
kMZWeShLbsl3RT71VYuS3qMEdIBCJ52/wtyjocQgChlKdleQS9iN8zEfVZFZ9QnM
LhbL2ALZJM7kzTmysWsC2UsxhdfNIX7PJfwRDf7nb9h2We5trhCJOeJdrdbYda6b
-----END CERTIFICATE-----