Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/j-9U4DI-atm6fVgm8PUjxMDP77A.roa
File:                     j-9U4DI-atm6fVgm8PUjxMDP77A.roa (raw, json)
Hash identifier:          RiBlLkYIVdXTqFRMsrzca7dzWOHxAsdA7F4xMAYbS0g=
Subject key identifier:   8F:EF:54:E0:32:3E:6A:D9:BA:7D:58:26:F0:F5:23:C4:C0:CF:EF:B0
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018F813FABAAE3792F89D7B4D6C273B6539F
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/j-9U4DI-atm6fVgm8PUjxMDP77A.roa
Signing time:             Thu 16 May 2024 11:53:04 +0000
ROA not before:           Thu 16 May 2024 11:53:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        109.172.80.0/22 maxlen: 22
                          178.130.132.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:3f:ab:aa:e3:79:2f:89:d7:b4:d6:c2:73:b6:53:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: May 16 11:53:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fef54e0323e6ad9ba7d5826f0f523c4c0cfefb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fd:a2:97:03:2c:62:d5:3e:b0:2a:22:4c:15:
                    57:5b:ba:3b:7d:de:57:40:3b:6a:e4:1e:ca:b1:7e:
                    13:06:6a:b0:ac:18:26:8e:b6:48:40:82:44:f8:07:
                    1a:2d:5e:5a:ea:7b:e3:aa:22:d8:9c:49:61:77:46:
                    b5:10:13:e4:06:cb:be:0c:52:e1:35:cb:1e:f7:22:
                    ad:03:c0:cd:61:2c:6d:83:25:93:b7:25:1f:43:d0:
                    96:58:e6:98:4a:3f:e2:ab:a3:05:00:22:76:31:1f:
                    37:23:c7:f5:fd:af:ba:b9:6f:08:69:56:70:fb:37:
                    3b:c9:8d:7b:1c:f8:40:fd:81:e5:31:58:0e:38:be:
                    94:8c:cf:b5:3e:49:4d:19:00:78:50:24:96:d4:76:
                    2e:51:e0:08:25:2a:68:93:77:e1:98:dc:ca:87:30:
                    ee:82:6f:80:5f:2d:33:43:38:d6:01:d1:6a:ad:c0:
                    7a:ef:ac:5f:0d:6f:83:c2:4f:13:68:e0:86:94:93:
                    8f:a2:94:ab:66:e2:b7:2f:a0:e7:3a:8f:a9:fb:dc:
                    a1:d2:ca:8c:e9:67:56:bd:0e:0a:93:93:4c:de:80:
                    a4:44:21:10:f1:cf:b0:75:e3:de:0c:f9:bc:7d:89:
                    70:1c:f5:22:e8:bd:10:47:29:4b:2d:18:fc:81:e0:
                    73:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:EF:54:E0:32:3E:6A:D9:BA:7D:58:26:F0:F5:23:C4:C0:CF:EF:B0
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/j-9U4DI-atm6fVgm8PUjxMDP77A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.172.80.0/22
                  178.130.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:28:99:f6:14:7e:54:c9:c0:d4:6c:45:65:b9:df:3b:e7:f7:
         90:85:d3:a8:f8:26:f5:59:e2:34:0e:56:78:85:d0:e9:5f:0b:
         fc:56:fe:a4:0f:16:61:9a:e9:b8:cb:2a:b1:f0:29:00:00:b6:
         dd:fe:59:dd:0f:44:09:e5:4c:19:e2:22:2e:02:e6:ad:19:50:
         b3:7a:db:6c:b9:51:5c:10:f3:c4:3f:5d:58:22:16:a9:b9:33:
         b5:c6:ba:69:11:a6:be:90:e5:9c:5e:b2:3f:a3:13:4c:a5:b9:
         88:9a:7a:e5:f8:34:ca:8f:b7:92:70:c4:42:4b:06:ee:9b:ae:
         36:31:03:c5:c7:30:c6:51:0f:2a:0b:14:67:13:f9:89:60:d7:
         50:ee:b2:4a:2c:ef:e5:43:2c:f0:31:09:c2:ec:46:30:2e:2b:
         0a:0c:90:20:c2:a9:fd:b6:cf:1d:9a:c9:9f:af:3a:91:91:35:
         60:39:06:a9:22:cf:17:95:21:43:bc:f2:ea:27:f6:87:5d:1c:
         a1:45:b3:59:b1:fd:a0:9e:5b:93:88:9d:e4:c3:8b:94:4e:48:
         d3:9c:be:34:b8:5c:a4:cb:46:c5:34:35:ff:a4:80:c2:c1:62:
         90:d1:6a:2c:8c:f5:86:1b:a9:17:1a:1a:26:88:91:2b:44:4c:
         a8:42:8d:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+BP6uq43kvide01sJztlOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwNTE2MTE1MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmVmNTRlMDMyM2U2YWQ5YmE3ZDU4MjZmMGY1MjNjNGMwY2ZlZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuP2ilwMsYtU+sCoiTBVXW7o7fd5X
QDtq5B7KsX4TBmqwrBgmjrZIQIJE+AcaLV5a6nvjqiLYnElhd0a1EBPkBsu+DFLh
Ncse9yKtA8DNYSxtgyWTtyUfQ9CWWOaYSj/iq6MFACJ2MR83I8f1/a+6uW8IaVZw
+zc7yY17HPhA/YHlMVgOOL6UjM+1PklNGQB4UCSW1HYuUeAIJSpok3fhmNzKhzDu
gm+AXy0zQzjWAdFqrcB676xfDW+Dwk8TaOCGlJOPopSrZuK3L6DnOo+p+9yh0sqM
6WdWvQ4Kk5NM3oCkRCEQ8c+wdePeDPm8fYlwHPUi6L0QRylLLRj8geBzhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI/vVOAyPmrZun1YJvD1I8TAz++wMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvai05VTRESS1hdG02ZlZnbThQVWp4TURQNzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCbaxQAwQC
soKEMA0GCSqGSIb3DQEBCwUAA4IBAQBjKJn2FH5UycDUbEVlud875/eQhdOo+Cb1
WeI0DlZ4hdDpXwv8Vv6kDxZhmum4yyqx8CkAALbd/lndD0QJ5UwZ4iIuAuatGVCz
ettsuVFcEPPEP11YIhapuTO1xrppEaa+kOWcXrI/oxNMpbmImnrl+DTKj7eScMRC
Swbum642MQPFxzDGUQ8qCxRnE/mJYNdQ7rJKLO/lQyzwMQnC7EYwLisKDJAgwqn9
ts8dmsmfrzqRkTVgOQapIs8XlSFDvPLqJ/aHXRyhRbNZsf2gnluTiJ3kw4uUTkjT
nL40uFyky0bFNDX/pIDCwWKQ0WosjPWGG6kXGhomiJErREyoQo1I
-----END CERTIFICATE-----