Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/snrds9K052XRLwC3njP7KQcgIdw.roa
File:                     snrds9K052XRLwC3njP7KQcgIdw.roa (raw, json)
Hash identifier:          kZEmBRYnlEOqPAKQ5NJuUL9XvJrKOuQyct1n7NY8VeE=
Subject key identifier:   B2:7A:DD:B3:D2:B4:E7:65:D1:2F:00:B7:9E:33:FB:29:07:20:21:DC
Certificate issuer:       /CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
Certificate serial:       018CCA96D12F9A3D913864A967A7ADB8D529
Authority key identifier: 2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/snrds9K052XRLwC3njP7KQcgIdw.roa
Signing time:             Tue 02 Jan 2024 14:32:10 +0000
ROA not before:           Tue 02 Jan 2024 14:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        193.9.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:d1:2f:9a:3d:91:38:64:a9:67:a7:ad:b8:d5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e368b0aec6c7fd48d0d96b4077a23f906a86a48
        Validity
            Not Before: Jan  2 14:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b27addb3d2b4e765d12f00b79e33fb29072021dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7a:c2:2f:ad:14:b2:34:e0:8f:03:ea:8e:40:
                    be:fd:66:9f:d8:8b:56:30:40:7a:4d:a9:08:f7:c9:
                    27:18:1f:d6:4a:68:fb:c7:ac:4e:aa:d5:c0:7e:c0:
                    6d:2b:8f:8c:24:5a:e7:23:e0:16:04:77:ce:3c:ba:
                    69:41:a5:74:81:7b:c9:d9:6b:f1:b8:50:cf:16:3f:
                    e3:05:27:2c:36:7a:70:46:e3:00:cf:01:d1:a1:5e:
                    ec:26:bf:0c:3d:36:f3:31:4c:24:67:7d:54:49:b9:
                    7b:b0:db:b3:2d:fb:ab:f4:1b:eb:5d:06:ac:98:e2:
                    41:47:32:59:d9:2e:58:50:cd:2d:d8:c1:49:67:6b:
                    2b:35:66:e0:49:a6:64:6b:fb:29:bf:a7:b0:c8:02:
                    58:80:4a:1f:15:5c:ba:d6:00:a7:1f:a7:1c:37:30:
                    4c:e0:42:93:61:30:c3:2d:33:fd:ad:4e:7b:70:5b:
                    3d:8b:ac:fb:58:6f:64:ce:eb:71:a8:e3:ee:66:ff:
                    b6:bf:db:b9:9f:ee:be:dc:86:a5:5e:56:0e:94:f3:
                    f9:38:4b:18:91:49:b0:e8:20:8d:04:9b:aa:6a:ac:
                    92:00:03:97:fb:ef:d7:d2:07:c4:a7:21:3f:59:25:
                    a2:3b:29:45:0f:33:99:15:fa:1c:4d:e2:ab:86:65:
                    50:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:7A:DD:B3:D2:B4:E7:65:D1:2F:00:B7:9E:33:FB:29:07:20:21:DC
            X509v3 Authority Key Identifier:
                keyid:2E:36:8B:0A:EC:6C:7F:D4:8D:0D:96:B4:07:7A:23:F9:06:A8:6A:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LjaLCuxsf9SNDZa0B3oj-Qaoakg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/snrds9K052XRLwC3njP7KQcgIdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/dc7030-78cc-4800-888d-1427dd16efa4/1/LjaLCuxsf9SNDZa0B3oj-Qaoakg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:e7:dc:66:72:ee:0c:b9:6b:a2:45:52:82:b6:b1:25:d5:6b:
         a8:2f:46:df:e8:1e:42:fc:00:10:71:ce:a6:2c:eb:30:09:0e:
         fc:ed:f9:0f:01:c6:c8:b4:ad:c0:3e:73:e8:0a:43:51:be:de:
         7d:88:4f:84:1a:ec:99:09:84:b2:be:bf:e9:7f:32:da:5a:45:
         d0:5b:6c:22:2e:d5:fa:92:87:0e:5d:63:da:8e:15:56:15:88:
         8b:f9:00:d7:c4:f2:ee:4d:c7:86:93:e2:0b:0d:c5:11:ef:b3:
         90:72:ec:13:d4:c2:20:6a:f0:62:32:93:80:a0:8c:64:b9:f2:
         bf:fe:ae:d7:72:f4:2f:e7:f8:2a:c9:bd:61:e9:87:13:69:00:
         1b:f7:a1:e7:29:fb:bd:f8:c9:8d:25:16:e2:8f:63:cb:1b:40:
         06:e2:40:aa:e9:6f:dc:e2:a5:17:49:a8:7a:eb:b9:cc:74:7d:
         c7:2d:75:a4:24:be:de:05:6d:68:4b:24:b9:8e:26:25:ac:12:
         10:f1:d0:e8:23:24:23:b4:a9:fd:8d:de:21:05:9a:f6:46:11:
         92:5e:c7:d9:ea:47:2f:41:3d:83:7e:18:29:88:82:1a:0b:49:
         5f:47:ce:64:fd:82:8e:ba:a0:e6:16:61:ff:49:19:f8:ae:ee:
         bd:17:e2:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKltEvmj2ROGSpZ6etuNUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMzY4YjBhZWM2YzdmZDQ4ZDBkOTZiNDA3N2EyM2Y5MDZh
ODZhNDgwHhcNMjQwMTAyMTQzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjdhZGRiM2QyYjRlNzY1ZDEyZjAwYjc5ZTMzZmIyOTA3MjAyMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13rCL60UsjTgjwPqjkC+/Waf2ItW
MEB6TakI98knGB/WSmj7x6xOqtXAfsBtK4+MJFrnI+AWBHfOPLppQaV0gXvJ2Wvx
uFDPFj/jBScsNnpwRuMAzwHRoV7sJr8MPTbzMUwkZ31USbl7sNuzLfur9BvrXQas
mOJBRzJZ2S5YUM0t2MFJZ2srNWbgSaZka/spv6ewyAJYgEofFVy61gCnH6ccNzBM
4EKTYTDDLTP9rU57cFs9i6z7WG9kzutxqOPuZv+2v9u5n+6+3IalXlYOlPP5OEsY
kUmw6CCNBJuqaqySAAOX++/X0gfEpyE/WSWiOylFDzOZFfocTeKrhmVQ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJ63bPStOdl0S8At54z+ykHICHcMB8GA1UdIwQY
MBaAFC42iwrsbH/UjQ2WtAd6I/kGqGpIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQt
MTQyN2RkMTZlZmE0LzEvc25yZHM5SzA1MlhSTHdDM25qUDdLUWNnSWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9kYzcwMzAtNzhjYy00ODAwLTg4OGQtMTQyN2RkMTZlZmE0
LzEvTGphTEN1eHNmOVNORFphMEIzb2otUWFvYWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQkzMA0G
CSqGSIb3DQEBCwUAA4IBAQCn59xmcu4MuWuiRVKCtrEl1WuoL0bf6B5C/AAQcc6m
LOswCQ787fkPAcbItK3APnPoCkNRvt59iE+EGuyZCYSyvr/pfzLaWkXQW2wiLtX6
kocOXWPajhVWFYiL+QDXxPLuTceGk+ILDcUR77OQcuwT1MIgavBiMpOAoIxkufK/
/q7XcvQv5/gqyb1h6YcTaQAb96HnKfu9+MmNJRbij2PLG0AG4kCq6W/c4qUXSah6
67nMdH3HLXWkJL7eBW1oSyS5jiYlrBIQ8dDoIyQjtKn9jd4hBZr2RhGSXsfZ6kcv
QT2DfhgpiIIaC0lfR85k/YKOuqDmFmH/SRn4ru69F+It
-----END CERTIFICATE-----