Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/IA9GwldjOw9-FDcL1Z5NvDRoV8o.roa
File:                     IA9GwldjOw9-FDcL1Z5NvDRoV8o.roa (raw, json)
Hash identifier:          JGnnbwxvv3umQt0hUMu33+qEaGb7aQqm27F1r7RRSvg=
Subject key identifier:   20:0F:46:C2:57:63:3B:0F:7E:14:37:0B:D5:9E:4D:BC:34:68:57:CA
Certificate issuer:       /CN=69d731fa4dd292c0c0532eea6967cec0790745aa
Certificate serial:       018CC8DF1A18458227BCE9702060781CBE48
Authority key identifier: 69:D7:31:FA:4D:D2:92:C0:C0:53:2E:EA:69:67:CE:C0:79:07:45:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/adcx-k3SksDAUy7qaWfOwHkHRao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/IA9GwldjOw9-FDcL1Z5NvDRoV8o.roa
Signing time:             Tue 02 Jan 2024 06:31:53 +0000
ROA not before:           Tue 02 Jan 2024 06:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50919
IP address blocks:        185.96.34.0/24 maxlen: 24
                          2a13:eb00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/adcx-k3SksDAUy7qaWfOwHkHRao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/adcx-k3SksDAUy7qaWfOwHkHRao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/adcx-k3SksDAUy7qaWfOwHkHRao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:1a:18:45:82:27:bc:e9:70:20:60:78:1c:be:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69d731fa4dd292c0c0532eea6967cec0790745aa
        Validity
            Not Before: Jan  2 06:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=200f46c257633b0f7e14370bd59e4dbc346857ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0e:2b:d4:6c:03:9a:61:fe:b6:75:42:52:bc:
                    3d:50:40:11:9c:e3:18:2f:12:c8:2e:53:a5:29:bb:
                    f0:39:e1:78:29:ed:f9:d7:28:2e:74:0d:d0:6b:07:
                    06:92:22:c9:0e:76:b9:12:a7:44:5e:9c:79:01:1b:
                    c6:a6:ae:6d:8d:96:31:d2:5c:a1:f8:b5:8d:b5:24:
                    3f:94:d1:03:3d:27:d6:fe:17:f0:de:c2:37:e3:c1:
                    75:99:48:72:81:4c:69:d7:e7:77:74:39:df:20:31:
                    ff:15:99:ec:10:c1:17:7c:3b:96:7e:aa:8d:46:c7:
                    1c:24:f5:74:61:e6:8b:66:bb:19:c5:f5:cd:d3:bc:
                    f4:70:cc:70:54:81:4d:62:4f:99:1b:56:7e:48:ec:
                    a2:83:3f:02:b2:ec:9a:10:b7:50:34:60:bd:4a:94:
                    43:86:52:7b:e4:db:76:d4:c6:96:4d:d4:99:46:e5:
                    cf:1f:7c:4e:cf:27:20:a0:38:2b:d7:3b:6a:d3:1a:
                    40:47:12:d1:c2:bc:7b:68:f0:a3:36:7d:97:43:ab:
                    b6:4b:b7:32:3f:29:c7:1c:8c:d1:2e:0d:2d:01:e6:
                    4e:3c:48:d5:18:da:b2:14:20:ca:46:71:65:7e:13:
                    7f:6f:ad:02:8f:f8:66:ca:60:c0:f1:ce:09:92:e7:
                    3c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:0F:46:C2:57:63:3B:0F:7E:14:37:0B:D5:9E:4D:BC:34:68:57:CA
            X509v3 Authority Key Identifier:
                keyid:69:D7:31:FA:4D:D2:92:C0:C0:53:2E:EA:69:67:CE:C0:79:07:45:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/adcx-k3SksDAUy7qaWfOwHkHRao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/IA9GwldjOw9-FDcL1Z5NvDRoV8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/9fb5e0-5508-49f4-9f9e-34362415182a/1/adcx-k3SksDAUy7qaWfOwHkHRao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.34.0/24
                IPv6:
                  2a13:eb00::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:95:22:b5:33:e7:ff:de:3c:63:db:ce:e7:bb:3a:d8:95:91:
         7e:2f:74:09:04:de:af:16:58:d4:d2:3c:f9:c0:66:e5:12:50:
         c7:80:e0:dc:8c:4d:ec:ff:0f:b1:11:4f:6b:d6:17:c0:8a:48:
         5e:c0:bf:a4:5a:1d:cd:4d:91:8a:e3:6b:e5:29:dd:fc:dd:55:
         b9:13:c4:23:b3:35:17:2c:9f:59:56:38:03:43:a0:47:c2:c6:
         45:32:a9:f3:2b:52:83:35:73:74:10:66:31:4d:9b:9e:09:94:
         55:c3:85:e7:4f:20:d4:13:dc:4c:28:cb:74:a1:76:7e:f1:84:
         40:44:44:5c:7d:b8:6f:9f:6e:0d:e5:01:b7:44:73:f2:33:56:
         42:b4:1a:fe:14:ca:fe:c1:c1:d0:18:af:de:33:54:29:32:51:
         d8:fb:0f:ae:25:eb:f5:92:80:e1:30:57:37:94:1a:bb:f7:32:
         a5:b2:ee:fd:08:01:fb:04:b6:30:80:a3:cd:18:c2:cc:ff:eb:
         a1:f1:69:2c:07:2a:29:1a:cc:c8:1a:09:83:7e:10:9c:19:90:
         92:10:71:c3:37:29:ad:9e:c7:31:dc:c1:64:05:52:fc:51:55:
         1c:f8:ab:4d:24:07:b8:76:dd:e9:a0:a6:40:91:86:de:d9:fe:
         cf:a0:bb:94
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzI3xoYRYInvOlwIGB4HL5IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZDczMWZhNGRkMjkyYzBjMDUzMmVlYTY5NjdjZWMwNzkw
NzQ1YWEwHhcNMjQwMTAyMDYzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDBmNDZjMjU3NjMzYjBmN2UxNDM3MGJkNTllNGRiYzM0Njg1N2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3A4r1GwDmmH+tnVCUrw9UEARnOMY
LxLILlOlKbvwOeF4Ke351ygudA3QawcGkiLJDna5EqdEXpx5ARvGpq5tjZYx0lyh
+LWNtSQ/lNEDPSfW/hfw3sI348F1mUhygUxp1+d3dDnfIDH/FZnsEMEXfDuWfqqN
RsccJPV0YeaLZrsZxfXN07z0cMxwVIFNYk+ZG1Z+SOyigz8CsuyaELdQNGC9SpRD
hlJ75Nt21MaWTdSZRuXPH3xOzycgoDgr1ztq0xpARxLRwrx7aPCjNn2XQ6u2S7cy
PynHHIzRLg0tAeZOPEjVGNqyFCDKRnFlfhN/b60Cj/hmymDA8c4Jkuc8aQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCAPRsJXYzsPfhQ3C9WeTbw0aFfKMB8GA1UdIwQY
MBaAFGnXMfpN0pLAwFMu6mlnzsB5B0WqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWRjeC1rM1Nrc0RBVXk3cWFXZk93SGtIUmFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC85ZmI1ZTAtNTUwOC00OWY0LTlmOWUt
MzQzNjI0MTUxODJhLzEvSUE5R3dsZGpPdzktRkRjTDFaNU52RFJvVjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC85ZmI1ZTAtNTUwOC00OWY0LTlmOWUtMzQzNjI0MTUxODJh
LzEvYWRjeC1rM1Nrc0RBVXk3cWFXZk93SGtIUmFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuWAiMA8E
AgACMAkDBwAqE+sAAAAwDQYJKoZIhvcNAQELBQADggEBAGuVIrUz5//ePGPbzue7
OtiVkX4vdAkE3q8WWNTSPPnAZuUSUMeA4NyMTez/D7ERT2vWF8CKSF7Av6RaHc1N
kYrja+Up3fzdVbkTxCOzNRcsn1lWOANDoEfCxkUyqfMrUoM1c3QQZjFNm54JlFXD
hedPINQT3Ewoy3Shdn7xhEBERFx9uG+fbg3lAbdEc/IzVkK0Gv4Uyv7BwdAYr94z
VCkyUdj7D64l6/WSgOEwVzeUGrv3MqWy7v0IAfsEtjCAo80Ywsz/66HxaSwHKika
zMgaCYN+EJwZkJIQccM3Ka2exzHcwWQFUvxRVRz4q00kB7h23emgpkCRht7Z/s+g
u5Q=
-----END CERTIFICATE-----