Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/1b814a-d388-4c64-8302-370d1fd4254b/1/x9mJhNPhABZF_opf-agz7gsnwp0.roa
File:                     x9mJhNPhABZF_opf-agz7gsnwp0.roa (raw, json)
Hash identifier:          WDm5LxZqvYs7GjiDVlmkjt411Y5mjCisA93cVWCvy/0=
Subject key identifier:   C7:D9:89:84:D3:E1:00:16:45:FE:8A:5F:F9:A8:33:EE:0B:27:C2:9D
Certificate issuer:       /CN=a9c187bc7a9e885335a7eb9b0a438fe811c03847
Certificate serial:       018CC94E602D5CF3D1BF83386C6B3CE6DB69
Authority key identifier: A9:C1:87:BC:7A:9E:88:53:35:A7:EB:9B:0A:43:8F:E8:11:C0:38:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qcGHvHqeiFM1p-ubCkOP6BHAOEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/1b814a-d388-4c64-8302-370d1fd4254b/1/x9mJhNPhABZF_opf-agz7gsnwp0.roa
Signing time:             Tue 02 Jan 2024 08:33:25 +0000
ROA not before:           Tue 02 Jan 2024 08:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51979
IP address blocks:        91.222.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/1b814a-d388-4c64-8302-370d1fd4254b/1/qcGHvHqeiFM1p-ubCkOP6BHAOEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/1b814a-d388-4c64-8302-370d1fd4254b/1/qcGHvHqeiFM1p-ubCkOP6BHAOEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qcGHvHqeiFM1p-ubCkOP6BHAOEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:60:2d:5c:f3:d1:bf:83:38:6c:6b:3c:e6:db:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9c187bc7a9e885335a7eb9b0a438fe811c03847
        Validity
            Not Before: Jan  2 08:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7d98984d3e1001645fe8a5ff9a833ee0b27c29d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ae:7e:6c:79:ac:a0:86:59:ea:68:ec:e1:b4:
                    e1:90:63:09:a5:41:8f:06:a4:bc:9d:aa:ee:d1:69:
                    ff:db:db:dc:5d:54:4e:7a:e4:ce:20:ae:06:93:bd:
                    bd:f3:3e:d4:b5:4d:1b:9b:e3:e8:ab:45:12:dc:ba:
                    9b:c6:2b:f1:ab:0d:c2:d0:6f:7a:34:6f:ec:e8:60:
                    58:08:44:6b:98:66:9f:c0:a5:86:c6:4d:eb:0f:f6:
                    b7:10:8f:2b:65:7a:1f:84:86:81:6b:b8:08:42:be:
                    dc:c4:be:79:df:cf:86:6a:98:8e:ea:e7:a5:6a:d4:
                    a4:14:0f:6d:65:75:b7:e2:19:bf:34:42:36:95:e3:
                    7c:e1:1e:40:7a:ec:da:44:19:a6:0d:bd:d6:70:2e:
                    40:c6:23:63:82:90:dc:6a:42:01:cd:ac:4d:50:c1:
                    98:34:65:8e:79:00:0c:3d:14:50:02:87:4c:0b:de:
                    49:7d:fa:c8:bb:dd:62:84:7d:00:ff:46:58:62:1e:
                    85:1d:07:b6:dd:7f:3e:9f:1d:5d:92:eb:e5:16:01:
                    f3:c2:d5:2b:eb:ab:ff:da:fe:ee:c9:2e:27:01:f0:
                    22:50:53:5c:61:8a:d8:32:52:4d:1e:cd:fd:a4:3f:
                    f6:70:2e:4a:cf:66:fe:d6:3e:f0:84:86:79:54:66:
                    5f:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D9:89:84:D3:E1:00:16:45:FE:8A:5F:F9:A8:33:EE:0B:27:C2:9D
            X509v3 Authority Key Identifier:
                keyid:A9:C1:87:BC:7A:9E:88:53:35:A7:EB:9B:0A:43:8F:E8:11:C0:38:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qcGHvHqeiFM1p-ubCkOP6BHAOEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/1b814a-d388-4c64-8302-370d1fd4254b/1/x9mJhNPhABZF_opf-agz7gsnwp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/1b814a-d388-4c64-8302-370d1fd4254b/1/qcGHvHqeiFM1p-ubCkOP6BHAOEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:99:50:51:c3:09:3c:59:7a:90:d6:17:9d:8e:f8:08:fd:02:
         32:85:ca:90:2e:27:3e:12:b1:f2:b2:b7:1a:5e:52:df:78:d5:
         76:c0:7b:15:84:94:b5:56:eb:54:4b:54:10:7e:31:62:fe:b1:
         32:93:d2:12:ba:fd:46:b4:13:35:97:3e:e4:b7:ed:42:73:68:
         b4:08:b3:80:53:ec:3e:c2:d9:1c:f9:db:86:8b:fc:2f:30:da:
         18:99:60:be:a5:9a:47:55:be:93:36:6e:74:0c:c2:98:df:ff:
         87:a6:82:8d:2e:ba:59:a9:0e:d6:b0:14:fa:8b:66:b5:49:7d:
         63:5a:7e:8d:6f:6a:fa:60:a5:b9:7f:1c:06:6e:c6:8b:7c:8d:
         34:2b:f8:fe:20:63:07:db:0e:25:ba:c8:27:73:b6:f6:12:60:
         81:14:77:4c:a0:94:64:92:54:0f:0e:9b:c3:cd:8d:fc:45:44:
         34:7e:f3:44:1e:e7:0c:e9:e0:1f:42:2b:f3:66:ba:d5:8b:73:
         70:2c:cf:d1:9b:15:a8:1f:0c:f5:d3:02:76:6e:5f:5c:a3:7a:
         45:95:74:21:49:8f:73:22:7f:e4:04:56:61:dc:87:fe:c0:fe:
         d8:be:87:c0:e0:c3:98:8c:c8:15:cf:c4:27:3b:de:b7:26:1b:
         5a:9b:90:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmAtXPPRv4M4bGs85ttpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5YzE4N2JjN2E5ZTg4NTMzNWE3ZWI5YjBhNDM4ZmU4MTFj
MDM4NDcwHhcNMjQwMTAyMDgzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Q5ODk4NGQzZTEwMDE2NDVmZThhNWZmOWE4MzNlZTBiMjdjMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmq5+bHmsoIZZ6mjs4bThkGMJpUGP
BqS8naru0Wn/29vcXVROeuTOIK4Gk7298z7UtU0bm+Poq0US3Lqbxivxqw3C0G96
NG/s6GBYCERrmGafwKWGxk3rD/a3EI8rZXofhIaBa7gIQr7cxL5538+GapiO6uel
atSkFA9tZXW34hm/NEI2leN84R5AeuzaRBmmDb3WcC5AxiNjgpDcakIBzaxNUMGY
NGWOeQAMPRRQAodMC95JffrIu91ihH0A/0ZYYh6FHQe23X8+nx1dkuvlFgHzwtUr
66v/2v7uyS4nAfAiUFNcYYrYMlJNHs39pD/2cC5Kz2b+1j7whIZ5VGZf9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfZiYTT4QAWRf6KX/moM+4LJ8KdMB8GA1UdIwQY
MBaAFKnBh7x6nohTNafrmwpDj+gRwDhHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWNHSHZIcWVpRk0xcC11YkNrT1A2QkhBT0VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8xYjgxNGEtZDM4OC00YzY0LTgzMDIt
MzcwZDFmZDQyNTRiLzEveDltSmhOUGhBQlpGX29wZi1hZ3o3Z3Nud3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8xYjgxNGEtZDM4OC00YzY0LTgzMDItMzcwZDFmZDQyNTRi
LzEvcWNHSHZIcWVpRk0xcC11YkNrT1A2QkhBT0VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW95YMA0G
CSqGSIb3DQEBCwUAA4IBAQCTmVBRwwk8WXqQ1hedjvgI/QIyhcqQLic+ErHysrca
XlLfeNV2wHsVhJS1VutUS1QQfjFi/rEyk9ISuv1GtBM1lz7kt+1Cc2i0CLOAU+w+
wtkc+duGi/wvMNoYmWC+pZpHVb6TNm50DMKY3/+HpoKNLrpZqQ7WsBT6i2a1SX1j
Wn6Nb2r6YKW5fxwGbsaLfI00K/j+IGMH2w4lusgnc7b2EmCBFHdMoJRkklQPDpvD
zY38RUQ0fvNEHucM6eAfQivzZrrVi3NwLM/RmxWoHwz10wJ2bl9co3pFlXQhSY9z
In/kBFZh3If+wP7YvofA4MOYjMgVz8QnO963Jhtam5Aa
-----END CERTIFICATE-----