Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/r9W5a75k_9JlOUI7oztKaQ0fjHc.roa
File:                     r9W5a75k_9JlOUI7oztKaQ0fjHc.roa (raw, json)
Hash identifier:          EfsQLa8GhdOW295qX/xMrfGGtpTwt7q79TbE+VMGYus=
Subject key identifier:   AF:D5:B9:6B:BE:64:FF:D2:65:39:42:3B:A3:3B:4A:69:0D:1F:8C:77
Certificate issuer:       /CN=126c660b30f5692b2b16e289b24901c518fda520
Certificate serial:       018CC79586CD256F428938CB32EAB07B2A3F
Authority key identifier: 12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/r9W5a75k_9JlOUI7oztKaQ0fjHc.roa
Signing time:             Tue 02 Jan 2024 00:31:54 +0000
ROA not before:           Tue 02 Jan 2024 00:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202872
IP address blocks:        185.149.128.0/23 maxlen: 23
                          185.149.130.0/23 maxlen: 23
                          2a07:6880::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:86:cd:25:6f:42:89:38:cb:32:ea:b0:7b:2a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=126c660b30f5692b2b16e289b24901c518fda520
        Validity
            Not Before: Jan  2 00:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afd5b96bbe64ffd26539423ba33b4a690d1f8c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4b:6e:4d:3c:7d:84:85:1f:4d:c6:94:ce:95:
                    22:7b:69:a7:ae:1d:4d:ad:a6:11:49:ab:31:7b:99:
                    06:f9:15:fb:fe:c5:36:14:9f:67:51:a8:6f:de:54:
                    79:1d:62:ea:52:7f:95:50:5f:13:87:cf:9d:71:3f:
                    35:cf:56:63:88:07:e8:6c:42:5d:1e:c0:09:0d:b3:
                    3c:32:5c:91:05:be:97:9c:0b:d8:9f:b0:b9:92:f7:
                    53:18:a8:34:c4:cd:d6:5c:18:5c:af:21:08:c5:4d:
                    f1:89:93:74:a0:ee:9a:5e:ad:ef:5c:c0:f3:04:0e:
                    11:ea:37:22:67:c9:6e:2c:78:e6:71:a3:77:41:54:
                    65:c2:08:61:ab:7a:3b:95:55:63:5c:be:77:26:ab:
                    4f:63:cf:b9:97:b9:72:85:8b:1a:5a:d0:64:33:3a:
                    20:40:c0:45:c4:9e:fd:8c:6c:eb:8c:24:fc:f5:fa:
                    f5:e4:eb:c7:6c:3c:24:97:f7:15:be:c4:a0:5d:5b:
                    93:56:17:b6:99:00:ee:b4:da:b6:c2:04:d8:0f:a0:
                    0c:5d:b4:87:c7:c6:26:3f:d2:b2:64:63:14:34:1e:
                    72:80:f5:d6:76:8f:46:49:7d:3e:c3:10:a8:6a:c0:
                    f9:63:fb:96:9d:b3:ed:18:9b:85:3a:d2:20:b0:89:
                    1e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D5:B9:6B:BE:64:FF:D2:65:39:42:3B:A3:3B:4A:69:0D:1F:8C:77
            X509v3 Authority Key Identifier:
                keyid:12:6C:66:0B:30:F5:69:2B:2B:16:E2:89:B2:49:01:C5:18:FD:A5:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EmxmCzD1aSsrFuKJskkBxRj9pSA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/r9W5a75k_9JlOUI7oztKaQ0fjHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/db787f-c27a-4f23-99b2-438acb72fc5b/1/EmxmCzD1aSsrFuKJskkBxRj9pSA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.128.0/22
                IPv6:
                  2a07:6880::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:f7:82:d2:00:e3:7d:26:cf:2c:96:9b:6e:97:14:bc:77:60:
         f5:e2:69:44:77:63:ef:4c:22:72:92:54:d4:46:da:fa:ea:81:
         21:3c:01:59:72:c3:4f:a2:44:4e:a3:a2:0f:75:b1:e4:c6:5a:
         48:bc:7a:58:6f:f5:da:0b:b3:07:4a:18:47:59:9f:bf:49:ab:
         e5:f5:85:b2:47:a6:2b:25:09:30:2c:fc:3d:57:e5:24:c3:0f:
         e1:b8:de:b1:ef:4e:db:5b:f3:28:0f:bd:49:94:b3:4a:18:62:
         a2:ef:6a:db:99:40:06:7e:92:c7:c3:c4:33:3c:f1:dc:d6:05:
         d5:69:a1:92:8d:00:19:6c:25:0f:c3:9c:1f:fe:b3:fc:ef:e7:
         3c:7a:77:be:cd:45:60:b9:b4:be:a2:7a:eb:f7:49:7d:17:15:
         b7:59:02:bf:b7:6f:93:95:ef:66:84:99:fb:08:82:a2:42:dd:
         cd:1f:83:e0:5b:76:ef:b2:5e:a4:b6:5e:69:f3:78:73:84:f6:
         43:d1:02:10:09:f0:a2:f5:91:45:57:ff:e5:43:2e:93:40:e4:
         05:32:2d:bc:65:5c:77:45:93:af:6a:75:80:a1:ac:95:46:a1:
         4d:45:8b:0b:0b:96:20:8f:a6:a7:bb:c3:86:c6:e3:f2:b0:52:
         14:9e:f6:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlYbNJW9CiTjLMuqweyo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNmM2NjBiMzBmNTY5MmIyYjE2ZTI4OWIyNDkwMWM1MThm
ZGE1MjAwHhcNMjQwMTAyMDAzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQ1Yjk2YmJlNjRmZmQyNjUzOTQyM2JhMzNiNGE2OTBkMWY4Yzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjktuTTx9hIUfTcaUzpUie2mnrh1N
raYRSasxe5kG+RX7/sU2FJ9nUahv3lR5HWLqUn+VUF8Th8+dcT81z1ZjiAfobEJd
HsAJDbM8MlyRBb6XnAvYn7C5kvdTGKg0xM3WXBhcryEIxU3xiZN0oO6aXq3vXMDz
BA4R6jciZ8luLHjmcaN3QVRlwghhq3o7lVVjXL53JqtPY8+5l7lyhYsaWtBkMzog
QMBFxJ79jGzrjCT89fr15OvHbDwkl/cVvsSgXVuTVhe2mQDutNq2wgTYD6AMXbSH
x8YmP9KyZGMUNB5ygPXWdo9GSX0+wxCoasD5Y/uWnbPtGJuFOtIgsIkeaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK/VuWu+ZP/SZTlCO6M7SmkNH4x3MB8GA1UdIwQY
MBaAFBJsZgsw9WkrKxbiibJJAcUY/aUgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjIt
NDM4YWNiNzJmYzViLzEvcjlXNWE3NWtfOUpsT1VJN296dEthUTBmakhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9kYjc4N2YtYzI3YS00ZjIzLTk5YjItNDM4YWNiNzJmYzVi
LzEvRW14bUN6RDFhU3NyRnVLSnNra0J4Umo5cFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZWAMA0E
AgACMAcDBQAqB2iAMA0GCSqGSIb3DQEBCwUAA4IBAQDA94LSAON9Js8slptulxS8
d2D14mlEd2PvTCJyklTURtr66oEhPAFZcsNPokROo6IPdbHkxlpIvHpYb/XaC7MH
ShhHWZ+/Savl9YWyR6YrJQkwLPw9V+Ukww/huN6x707bW/MoD71JlLNKGGKi72rb
mUAGfpLHw8QzPPHc1gXVaaGSjQAZbCUPw5wf/rP87+c8ene+zUVgubS+onrr90l9
FxW3WQK/t2+Tle9mhJn7CIKiQt3NH4PgW3bvsl6ktl5p83hzhPZD0QIQCfCi9ZFF
V//lQy6TQOQFMi28ZVx3RZOvanWAoayVRqFNRYsLC5Ygj6anu8OGxuPysFIUnvZi
-----END CERTIFICATE-----