Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/b43857-021c-4262-b183-1d77cf2a7100/1/9ST2-6cmLJeJkqI_tigXJQPop4U.roa
File:                     9ST2-6cmLJeJkqI_tigXJQPop4U.roa (raw, json)
Hash identifier:          ZHiU+U5tDdngrBS/baK4idplhbfRtb8E0gPkQQO4y5c=
Subject key identifier:   F5:24:F6:FB:A7:26:2C:97:89:92:A2:3F:B6:28:17:25:03:E8:A7:85
Certificate issuer:       /CN=418d54b55b192a248b847234dba512f9760cabfa
Certificate serial:       018CC6B90C30F4538274F342F16A51246199
Authority key identifier: 41:8D:54:B5:5B:19:2A:24:8B:84:72:34:DB:A5:12:F9:76:0C:AB:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QY1UtVsZKiSLhHI026US-XYMq_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/b43857-021c-4262-b183-1d77cf2a7100/1/9ST2-6cmLJeJkqI_tigXJQPop4U.roa
Signing time:             Mon 01 Jan 2024 20:31:05 +0000
ROA not before:           Mon 01 Jan 2024 20:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48252
IP address blocks:        185.14.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/b43857-021c-4262-b183-1d77cf2a7100/1/QY1UtVsZKiSLhHI026US-XYMq_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/b43857-021c-4262-b183-1d77cf2a7100/1/QY1UtVsZKiSLhHI026US-XYMq_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QY1UtVsZKiSLhHI026US-XYMq_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:02:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:0c:30:f4:53:82:74:f3:42:f1:6a:51:24:61:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=418d54b55b192a248b847234dba512f9760cabfa
        Validity
            Not Before: Jan  1 20:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f524f6fba7262c978992a23fb628172503e8a785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:75:5f:e7:8a:63:46:ac:9b:2c:a2:80:00:fa:
                    e4:23:2e:24:07:03:ee:61:ba:c5:64:f3:19:24:6c:
                    17:eb:18:28:ae:4f:bb:00:ce:42:18:b5:b4:ac:dc:
                    ac:3c:d4:a4:8f:28:fe:b7:5e:65:c5:4f:0d:c6:9f:
                    8c:90:ec:29:26:cf:74:ee:7c:c8:44:7e:f4:62:3b:
                    a7:20:d6:90:da:3c:3a:05:91:d8:2e:ff:cd:88:4a:
                    7e:91:6b:2c:bd:c8:c7:6d:0f:f2:80:87:b2:67:51:
                    4a:5e:0a:5c:d4:54:5e:e3:3f:31:0f:c0:8f:eb:69:
                    c5:2d:1c:b6:96:51:05:ca:da:0a:4c:53:d8:ee:ae:
                    c4:c7:91:35:6e:11:09:76:a8:47:27:6a:61:44:2c:
                    d7:4c:45:56:e5:b4:d0:bb:ac:f9:98:c0:47:b3:f6:
                    8b:8d:b3:65:35:dc:3b:4f:eb:44:2e:d5:8e:cb:c8:
                    30:9f:d0:52:ca:d0:8c:39:c0:6f:dd:1a:33:40:ef:
                    72:e7:de:40:72:37:51:4a:4f:76:15:48:a4:ae:8b:
                    86:8a:30:67:15:fb:25:67:5c:45:fc:6b:6c:b8:0c:
                    bd:b4:3f:6a:73:99:41:79:fe:54:05:38:64:3b:b7:
                    d5:bb:66:e6:30:8e:fc:e9:e1:74:c6:62:41:81:b6:
                    cd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:24:F6:FB:A7:26:2C:97:89:92:A2:3F:B6:28:17:25:03:E8:A7:85
            X509v3 Authority Key Identifier:
                keyid:41:8D:54:B5:5B:19:2A:24:8B:84:72:34:DB:A5:12:F9:76:0C:AB:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QY1UtVsZKiSLhHI026US-XYMq_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b43857-021c-4262-b183-1d77cf2a7100/1/9ST2-6cmLJeJkqI_tigXJQPop4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/b43857-021c-4262-b183-1d77cf2a7100/1/QY1UtVsZKiSLhHI026US-XYMq_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:16:76:cd:42:2d:43:a9:1f:92:db:96:ea:dc:11:bb:ff:52:
         76:6a:ef:99:4d:01:f0:96:ad:e7:ee:d3:b6:a9:25:61:b4:2d:
         a1:8a:a2:ed:84:e7:e4:2b:bb:4f:f0:c4:80:c8:c0:9d:7f:9e:
         bf:9b:7e:5b:ba:ed:f0:2c:ee:35:63:00:19:af:11:fb:e9:9b:
         53:fa:95:ea:d3:f1:c2:d4:88:c3:70:50:c6:ae:ac:a1:ae:0e:
         89:da:a0:5e:3b:22:42:78:c4:e4:37:c5:90:df:3a:ff:05:ed:
         4d:08:97:dc:cc:1e:e7:b3:49:d4:7f:7a:85:68:20:4f:15:60:
         89:b7:75:f2:3e:c9:79:b8:99:d1:c1:e9:a9:92:4b:18:f6:8c:
         83:b9:ee:0f:10:76:5a:e9:8a:40:f0:21:93:c3:67:71:e8:c2:
         64:34:a4:70:eb:d4:2b:a7:70:9f:c8:ae:f3:66:1c:ab:60:da:
         54:02:8c:a6:34:ca:c4:ce:7d:e0:60:2b:81:02:52:51:5d:55:
         3b:4d:53:7e:ce:eb:9e:c5:61:a9:37:14:05:e2:fe:3b:d2:16:
         61:51:0e:4c:49:7d:ed:af:35:c3:13:79:44:92:67:da:dc:aa:
         f2:07:88:53:a7:5a:a8:5f:ff:30:69:a0:3d:7c:a6:17:13:d4:
         ea:2d:4d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQww9FOCdPNC8WpRJGGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOGQ1NGI1NWIxOTJhMjQ4Yjg0NzIzNGRiYTUxMmY5NzYw
Y2FiZmEwHhcNMjQwMTAxMjAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTI0ZjZmYmE3MjYyYzk3ODk5MmEyM2ZiNjI4MTcyNTAzZThhNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHVf54pjRqybLKKAAPrkIy4kBwPu
YbrFZPMZJGwX6xgork+7AM5CGLW0rNysPNSkjyj+t15lxU8Nxp+MkOwpJs907nzI
RH70YjunINaQ2jw6BZHYLv/NiEp+kWssvcjHbQ/ygIeyZ1FKXgpc1FRe4z8xD8CP
62nFLRy2llEFytoKTFPY7q7Ex5E1bhEJdqhHJ2phRCzXTEVW5bTQu6z5mMBHs/aL
jbNlNdw7T+tELtWOy8gwn9BSytCMOcBv3RozQO9y595AcjdRSk92FUikrouGijBn
FfslZ1xF/GtsuAy9tD9qc5lBef5UBThkO7fVu2bmMI786eF0xmJBgbbN9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUk9vunJiyXiZKiP7YoFyUD6KeFMB8GA1UdIwQY
MBaAFEGNVLVbGSoki4RyNNulEvl2DKv6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVkxVXRWc1pLaVNMaEhJMDI2VVMtWFlNcV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iNDM4NTctMDIxYy00MjYyLWIxODMt
MWQ3N2NmMmE3MTAwLzEvOVNUMi02Y21MSmVKa3FJX3RpZ1hKUVBvcDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iNDM4NTctMDIxYy00MjYyLWIxODMtMWQ3N2NmMmE3MTAw
LzEvUVkxVXRWc1pLaVNMaEhJMDI2VVMtWFlNcV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ5jMA0G
CSqGSIb3DQEBCwUAA4IBAQCpFnbNQi1DqR+S25bq3BG7/1J2au+ZTQHwlq3n7tO2
qSVhtC2hiqLthOfkK7tP8MSAyMCdf56/m35buu3wLO41YwAZrxH76ZtT+pXq0/HC
1IjDcFDGrqyhrg6J2qBeOyJCeMTkN8WQ3zr/Be1NCJfczB7ns0nUf3qFaCBPFWCJ
t3XyPsl5uJnRwempkksY9oyDue4PEHZa6YpA8CGTw2dx6MJkNKRw69Qrp3CfyK7z
ZhyrYNpUAoymNMrEzn3gYCuBAlJRXVU7TVN+zuuexWGpNxQF4v470hZhUQ5MSX3t
rzXDE3lEkmfa3KryB4hTp1qoX/8waaA9fKYXE9TqLU1u
-----END CERTIFICATE-----