Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/9Rm2iSYgZ_KOPh_fruilp5YDpDU.roa
File:                     9Rm2iSYgZ_KOPh_fruilp5YDpDU.roa (raw, json)
Hash identifier:          lsM0oqX02m5XdSROZ6EcboBSltPtTt5FfJWnlFAFFBc=
Subject key identifier:   F5:19:B6:89:26:20:67:F2:8E:3E:1F:DF:AE:E8:A5:A7:96:03:A4:35
Certificate issuer:       /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial:       018CC9BCA4CB625D9F5D0997AA9BB495E7D4
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/9Rm2iSYgZ_KOPh_fruilp5YDpDU.roa
Signing time:             Tue 02 Jan 2024 10:33:52 +0000
ROA not before:           Tue 02 Jan 2024 10:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209901
IP address blocks:        188.125.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a4:cb:62:5d:9f:5d:09:97:aa:9b:b4:95:e7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
        Validity
            Not Before: Jan  2 10:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f519b689262067f28e3e1fdfaee8a5a79603a435
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f3:38:9c:e0:19:d3:f3:d0:4d:75:7f:81:2f:
                    3b:b2:e8:7e:65:48:e8:19:66:f2:00:4e:55:07:c8:
                    c6:d0:a5:d3:39:46:6c:ff:16:be:28:7c:24:b2:d9:
                    22:2d:52:d9:b3:9d:ef:18:47:be:13:9f:e4:ef:86:
                    bd:37:75:5d:a3:d0:9f:5d:05:1d:68:0c:53:28:bc:
                    d6:92:9d:b1:7f:5f:ec:3c:98:25:7e:c2:1a:96:1a:
                    8b:a2:b7:0d:3f:87:97:48:3b:dc:45:90:10:68:99:
                    ae:d4:c8:f3:20:a5:81:09:e4:db:39:b2:bd:64:32:
                    52:9c:b5:76:6d:74:61:95:6c:fe:ed:04:28:f8:4e:
                    29:bd:d3:d6:35:f5:24:79:39:98:81:14:9e:16:a1:
                    ab:2a:65:af:76:af:64:5d:c1:cc:47:28:3f:ed:f4:
                    d1:b2:19:af:d6:28:bb:d8:2a:86:cd:26:12:68:4a:
                    08:6d:9f:fe:f3:ad:36:14:3a:f6:48:c2:e8:4d:bb:
                    c6:95:78:4c:9b:88:df:23:c7:39:46:12:1b:5f:d9:
                    ee:b7:aa:60:d9:ef:5c:08:9a:6d:6a:8c:06:64:fe:
                    bb:be:d4:af:2a:50:87:8f:34:a2:5e:8e:dd:40:d3:
                    ed:97:75:4d:65:e6:28:27:48:b1:eb:01:c3:1d:c9:
                    58:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:19:B6:89:26:20:67:F2:8E:3E:1F:DF:AE:E8:A5:A7:96:03:A4:35
            X509v3 Authority Key Identifier:
                keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/9Rm2iSYgZ_KOPh_fruilp5YDpDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.125.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:76:bd:3b:50:a1:9d:73:3b:a6:70:2e:31:81:cc:72:98:bd:
         92:09:4b:00:f4:6d:82:c8:09:21:79:e5:85:88:33:36:24:79:
         15:64:e8:6c:cc:07:47:86:26:b7:de:e2:82:4b:46:60:6c:a3:
         f7:5a:aa:43:3c:37:9d:bd:b5:a5:3b:ac:38:af:54:81:df:f8:
         97:88:25:f8:73:e6:64:f2:93:4d:ce:3b:c3:65:5f:8b:e8:98:
         3c:57:12:51:46:cb:4f:f0:14:7a:64:8a:6a:fb:93:51:26:c2:
         95:32:7b:4f:34:35:e3:6a:43:ef:34:09:9d:ee:43:98:bc:22:
         15:ac:ad:e3:e3:05:bd:6c:5b:da:58:6f:9c:dc:c4:6d:21:1e:
         f3:0e:ec:c6:a7:03:c2:c8:86:7e:2d:91:99:33:ab:1f:b4:49:
         17:8c:a0:ce:41:99:a4:52:fc:51:40:58:7e:16:d2:3d:0b:d5:
         da:46:96:d7:41:2a:38:88:32:d8:7b:91:dd:e4:96:e2:96:ce:
         91:bc:06:bb:f5:74:6a:e4:8b:3c:e8:cd:da:a1:3d:30:db:2b:
         b0:aa:39:71:99:25:fe:d4:5d:48:81:da:8a:aa:22:5b:2d:fd:
         fd:93:a4:61:06:9f:a2:be:9e:a1:af:d8:9f:11:ec:45:76:20:
         e5:8c:d1:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKTLYl2fXQmXqpu0lefUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTE5YjY4OTI2MjA2N2YyOGUzZTFmZGZhZWU4YTVhNzk2MDNhNDM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfM4nOAZ0/PQTXV/gS87suh+ZUjo
GWbyAE5VB8jG0KXTOUZs/xa+KHwkstkiLVLZs53vGEe+E5/k74a9N3Vdo9CfXQUd
aAxTKLzWkp2xf1/sPJglfsIalhqLorcNP4eXSDvcRZAQaJmu1MjzIKWBCeTbObK9
ZDJSnLV2bXRhlWz+7QQo+E4pvdPWNfUkeTmYgRSeFqGrKmWvdq9kXcHMRyg/7fTR
shmv1ii72CqGzSYSaEoIbZ/+8602FDr2SMLoTbvGlXhMm4jfI8c5RhIbX9nut6pg
2e9cCJptaowGZP67vtSvKlCHjzSiXo7dQNPtl3VNZeYoJ0ix6wHDHclYZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUZtokmIGfyjj4f367opaeWA6Q1MB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvOVJtMmlTWWdaX0tPUGhfZnJ1aWxwNVlEcERVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvH2cMA0G
CSqGSIb3DQEBCwUAA4IBAQBwdr07UKGdczumcC4xgcxymL2SCUsA9G2CyAkheeWF
iDM2JHkVZOhszAdHhia33uKCS0ZgbKP3WqpDPDedvbWlO6w4r1SB3/iXiCX4c+Zk
8pNNzjvDZV+L6Jg8VxJRRstP8BR6ZIpq+5NRJsKVMntPNDXjakPvNAmd7kOYvCIV
rK3j4wW9bFvaWG+c3MRtIR7zDuzGpwPCyIZ+LZGZM6sftEkXjKDOQZmkUvxRQFh+
FtI9C9XaRpbXQSo4iDLYe5Hd5Jbils6RvAa79XRq5Is86M3aoT0w2yuwqjlxmSX+
1F1IgdqKqiJbLf39k6RhBp+ivp6hr9ifEexFdiDljNH7
-----END CERTIFICATE-----