Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9GAtQYssRDGVgjNRyKCZ5zRM9IQ.roa
File:                     9GAtQYssRDGVgjNRyKCZ5zRM9IQ.roa (raw, json)
Hash identifier:          m5NE4gUBVRZ4vSY7MntCY2opldU2Z9N8W3PLGo1lEvI=
Subject key identifier:   F4:60:2D:41:8B:2C:44:31:95:82:33:51:C8:A0:99:E7:34:4C:F4:84
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018CC34947A7DCAAE9F68066514B1910B23C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9GAtQYssRDGVgjNRyKCZ5zRM9IQ.roa
Signing time:             Mon 01 Jan 2024 04:30:08 +0000
ROA not before:           Mon 01 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        109.176.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 15:46:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:47:a7:dc:aa:e9:f6:80:66:51:4b:19:10:b2:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4602d418b2c443195823351c8a099e7344cf484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6a:c7:72:24:8c:df:9f:5f:d2:a2:c2:fe:b2:
                    75:1b:39:d3:62:45:dc:19:ae:a2:2c:89:28:dc:42:
                    61:17:88:25:22:2e:1c:ac:2e:43:8e:f8:23:75:85:
                    88:a8:e7:6b:24:66:2d:6c:de:3a:78:ec:b6:f5:7c:
                    39:1d:ef:43:1c:38:9d:3e:6c:05:4a:0d:74:fc:94:
                    00:86:bd:8f:d5:08:86:62:27:14:cd:ec:0f:dd:21:
                    e1:71:08:fb:fa:2e:40:0f:12:49:6b:3a:0b:2b:e3:
                    d4:c5:73:b8:be:a3:a9:78:b6:24:f0:a9:ab:a9:08:
                    00:ad:db:bb:2c:a4:59:f3:ec:3e:18:37:75:c0:b0:
                    c8:42:dd:d1:a0:68:82:87:31:d6:b8:ea:ea:7b:64:
                    69:00:f1:d0:de:79:c8:17:29:a5:44:ca:dd:e2:e5:
                    f4:91:80:05:ad:11:63:c8:7d:62:65:59:fd:67:9d:
                    d1:7c:26:23:3e:34:11:3c:2d:5d:da:48:ba:9a:39:
                    49:fc:9f:9d:6a:a0:c4:a3:bf:7d:43:8c:d0:03:cb:
                    40:60:49:a5:b9:4e:1b:ae:ac:90:ca:2f:70:9f:e2:
                    a1:fd:17:25:f2:cd:1b:79:ab:f3:6f:15:f7:6e:d3:
                    c5:bf:0c:af:4b:3f:3a:95:50:28:bb:93:10:03:b8:
                    ce:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:60:2D:41:8B:2C:44:31:95:82:33:51:C8:A0:99:E7:34:4C:F4:84
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9GAtQYssRDGVgjNRyKCZ5zRM9IQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.176.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:12:42:fe:88:24:0d:db:e2:36:c3:44:92:04:fd:11:22:ff:
         ae:43:97:10:82:5b:f7:98:3a:56:55:a5:91:76:6e:0c:cb:e6:
         e0:55:7a:65:b3:01:61:33:01:ad:59:ec:35:d8:c4:5f:50:8c:
         0c:fd:cc:f8:8f:c6:26:b2:b3:d8:64:e7:25:01:c7:66:ba:ef:
         4b:d0:af:88:17:83:b6:b7:44:ba:13:98:4d:0b:0b:f0:28:b0:
         c1:81:3a:4e:9e:a8:ef:31:83:60:7a:5f:f0:6e:04:03:32:6b:
         af:87:24:99:8d:75:2d:5e:a7:3c:82:1c:b6:dd:59:0d:ae:2f:
         34:71:b2:58:75:ea:cd:8c:bf:42:ab:71:1c:a3:7f:a6:2b:51:
         07:f6:c3:7c:07:58:ad:c7:47:c0:bd:8c:3c:11:3a:2c:4a:5a:
         62:25:e9:f5:1f:4f:b0:77:dd:15:cf:d8:00:e6:41:a3:06:4b:
         3b:2c:4d:c0:f4:a2:1b:d1:ce:80:f6:3b:f9:57:8a:fb:17:ce:
         8f:80:46:6c:0d:87:5a:07:27:2b:1c:9c:88:ad:aa:3d:20:40:
         0b:13:f8:4c:f7:dc:6f:15:5e:ac:75:28:54:65:fc:0e:57:9c:
         3b:2f:ca:6c:2f:45:59:1a:c5:71:76:0f:fb:5e:ab:bb:4f:23:
         d6:83:63:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUen3Krp9oBmUUsZELI8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMTAxMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDYwMmQ0MThiMmM0NDMxOTU4MjMzNTFjOGEwOTllNzM0NGNmNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWrHciSM359f0qLC/rJ1GznTYkXc
Ga6iLIko3EJhF4glIi4crC5DjvgjdYWIqOdrJGYtbN46eOy29Xw5He9DHDidPmwF
Sg10/JQAhr2P1QiGYicUzewP3SHhcQj7+i5ADxJJazoLK+PUxXO4vqOpeLYk8Kmr
qQgArdu7LKRZ8+w+GDd1wLDIQt3RoGiChzHWuOrqe2RpAPHQ3nnIFymlRMrd4uX0
kYAFrRFjyH1iZVn9Z53RfCYjPjQRPC1d2ki6mjlJ/J+daqDEo799Q4zQA8tAYEml
uU4brqyQyi9wn+Kh/Rcl8s0beavzbxX3btPFvwyvSz86lVAou5MQA7jOqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRgLUGLLEQxlYIzUcigmec0TPSEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOUdBdFFZc3NSREdWZ2pOUnlLQ1o1elJNOUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbbD/MA0G
CSqGSIb3DQEBCwUAA4IBAQB9EkL+iCQN2+I2w0SSBP0RIv+uQ5cQglv3mDpWVaWR
dm4My+bgVXplswFhMwGtWew12MRfUIwM/cz4j8YmsrPYZOclAcdmuu9L0K+IF4O2
t0S6E5hNCwvwKLDBgTpOnqjvMYNgel/wbgQDMmuvhySZjXUtXqc8ghy23VkNri80
cbJYderNjL9Cq3Eco3+mK1EH9sN8B1itx0fAvYw8ETosSlpiJen1H0+wd90Vz9gA
5kGjBks7LE3A9KIb0c6A9jv5V4r7F86PgEZsDYdaBycrHJyIrao9IEALE/hM99xv
FV6sdShUZfwOV5w7L8psL0VZGsVxdg/7Xqu7TyPWg2M7
-----END CERTIFICATE-----