Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/2a8f88-b05d-4291-93d4-07f7d5195c2c/1/d9c-uzH88-miU1xZMhw7Fongcaw.roa
File:                     d9c-uzH88-miU1xZMhw7Fongcaw.roa (raw, json)
Hash identifier:          rgXyxH4QE1acioDU9dJ/KbtOIZ9cSDqILuSujqNQ/PU=
Subject key identifier:   77:D7:3E:BB:31:FC:F3:E9:A2:53:5C:59:32:1C:3B:16:89:E0:71:AC
Certificate issuer:       /CN=e4bdd6b1ebfc95899a58333dc94cf82a19a6b3be
Certificate serial:       018CC3B6A2646041AAFD854999BC8CA1F12F
Authority key identifier: E4:BD:D6:B1:EB:FC:95:89:9A:58:33:3D:C9:4C:F8:2A:19:A6:B3:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5L3Wsev8lYmaWDM9yUz4Khmms74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/2a8f88-b05d-4291-93d4-07f7d5195c2c/1/d9c-uzH88-miU1xZMhw7Fongcaw.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57747
IP address blocks:        188.227.228.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/2a8f88-b05d-4291-93d4-07f7d5195c2c/1/5L3Wsev8lYmaWDM9yUz4Khmms74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/2a8f88-b05d-4291-93d4-07f7d5195c2c/1/5L3Wsev8lYmaWDM9yUz4Khmms74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5L3Wsev8lYmaWDM9yUz4Khmms74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a2:64:60:41:aa:fd:85:49:99:bc:8c:a1:f1:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4bdd6b1ebfc95899a58333dc94cf82a19a6b3be
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77d73ebb31fcf3e9a2535c59321c3b1689e071ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e1:f7:ca:61:62:4d:37:fe:90:d0:18:14:03:
                    bb:b7:c4:e0:65:ae:9b:81:4f:2e:f6:35:62:d5:bf:
                    40:89:a7:1b:e4:7d:b9:ac:a2:71:a2:b7:eb:d4:b9:
                    44:b1:e9:f6:a8:07:96:5c:0c:4b:bc:51:fe:d7:7b:
                    76:d6:93:63:14:3f:07:a1:e0:25:08:71:b2:99:ec:
                    c1:a2:85:4f:d9:06:d0:7c:16:41:db:c5:b7:8f:67:
                    0f:f2:6b:ff:8a:9c:4a:54:ee:58:eb:44:03:25:69:
                    c8:d2:f0:91:3a:da:8b:6c:80:c1:02:21:92:a0:08:
                    cf:ce:d8:6b:91:ea:c2:ec:4f:c2:f7:24:d2:b3:aa:
                    2f:99:21:c7:38:31:07:9e:d2:8c:d0:4a:82:6e:67:
                    2e:bb:cc:ca:a2:c7:12:ea:28:c6:9a:89:a8:f5:1d:
                    a3:81:e2:0c:6c:87:bd:b3:9f:4c:ef:aa:aa:17:cb:
                    0a:a8:e8:23:cd:fc:19:7a:48:81:2f:27:ac:3c:17:
                    b5:21:53:46:c6:bf:08:8f:72:4b:3b:06:0d:07:d5:
                    c6:ae:8d:3a:37:9e:00:5b:68:67:ef:02:d3:51:d3:
                    e6:c0:53:e1:9a:f4:2c:15:d5:b8:27:a0:16:d7:0d:
                    8c:7c:b2:c9:3d:13:3e:4f:f4:4a:3a:5d:81:d1:ac:
                    fd:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D7:3E:BB:31:FC:F3:E9:A2:53:5C:59:32:1C:3B:16:89:E0:71:AC
            X509v3 Authority Key Identifier:
                keyid:E4:BD:D6:B1:EB:FC:95:89:9A:58:33:3D:C9:4C:F8:2A:19:A6:B3:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5L3Wsev8lYmaWDM9yUz4Khmms74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/2a8f88-b05d-4291-93d4-07f7d5195c2c/1/d9c-uzH88-miU1xZMhw7Fongcaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/2a8f88-b05d-4291-93d4-07f7d5195c2c/1/5L3Wsev8lYmaWDM9yUz4Khmms74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.227.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:6b:45:d5:02:06:11:77:4b:82:6b:87:16:81:44:3c:ec:d8:
         60:44:9b:05:75:72:03:33:9c:c7:2c:c6:db:db:43:e8:eb:9b:
         e8:99:97:9b:a7:ce:a0:d5:b3:67:2c:a8:91:f1:b2:07:c0:90:
         5a:93:26:5f:48:67:4f:82:48:92:7c:0f:88:77:64:a1:36:f7:
         73:56:2e:00:06:36:a3:95:12:5d:7c:48:bb:7a:f6:18:da:8e:
         4f:34:be:40:f6:d0:f0:82:3e:bd:21:12:f4:b3:05:3a:ee:e8:
         a2:43:54:ca:5f:9a:44:f3:01:86:b7:5b:13:19:55:8d:40:35:
         58:05:6d:21:e6:e7:74:e9:b2:21:98:ee:25:58:49:db:01:bf:
         64:d3:b2:0b:05:2a:a4:db:99:37:af:c3:b9:9f:a1:50:20:f7:
         dd:04:81:c3:a8:df:71:26:4d:58:6f:f4:cc:9f:23:4a:c0:49:
         e5:6c:b1:53:88:c1:bb:dc:98:b4:01:d9:d4:24:a9:e1:e0:c5:
         7d:78:fa:00:c4:4c:7c:fb:34:7f:a2:46:a2:fb:ea:84:41:f1:
         bf:4c:ac:f8:5c:f1:6d:d4:e1:e6:7c:94:90:c4:6e:59:15:12:
         11:b0:b7:ff:63:8f:64:ae:59:dd:95:68:a4:f1:7e:de:c4:bc:
         cd:78:2b:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqJkYEGq/YVJmbyMofEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YmRkNmIxZWJmYzk1ODk5YTU4MzMzZGM5NGNmODJhMTlh
NmIzYmUwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2Q3M2ViYjMxZmNmM2U5YTI1MzVjNTkzMjFjM2IxNjg5ZTA3MWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOH3ymFiTTf+kNAYFAO7t8TgZa6b
gU8u9jVi1b9Aiacb5H25rKJxorfr1LlEsen2qAeWXAxLvFH+13t21pNjFD8HoeAl
CHGymezBooVP2QbQfBZB28W3j2cP8mv/ipxKVO5Y60QDJWnI0vCROtqLbIDBAiGS
oAjPzthrkerC7E/C9yTSs6ovmSHHODEHntKM0EqCbmcuu8zKoscS6ijGmomo9R2j
geIMbIe9s59M76qqF8sKqOgjzfwZekiBLyesPBe1IVNGxr8Ij3JLOwYNB9XGro06
N54AW2hn7wLTUdPmwFPhmvQsFdW4J6AW1w2MfLLJPRM+T/RKOl2B0az9uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfXPrsx/PPpolNcWTIcOxaJ4HGsMB8GA1UdIwQY
MBaAFOS91rHr/JWJmlgzPclM+CoZprO+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUwzV3NldjhsWW1hV0RNOXlVejRLaG1tczc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8yYThmODgtYjA1ZC00MjkxLTkzZDQt
MDdmN2Q1MTk1YzJjLzEvZDljLXV6SDg4LW1pVTF4Wk1odzdGb25nY2F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8yYThmODgtYjA1ZC00MjkxLTkzZDQtMDdmN2Q1MTk1YzJj
LzEvNUwzV3NldjhsWW1hV0RNOXlVejRLaG1tczc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvOPkMA0G
CSqGSIb3DQEBCwUAA4IBAQB4a0XVAgYRd0uCa4cWgUQ87NhgRJsFdXIDM5zHLMbb
20Po65vomZebp86g1bNnLKiR8bIHwJBakyZfSGdPgkiSfA+Id2ShNvdzVi4ABjaj
lRJdfEi7evYY2o5PNL5A9tDwgj69IRL0swU67uiiQ1TKX5pE8wGGt1sTGVWNQDVY
BW0h5ud06bIhmO4lWEnbAb9k07ILBSqk25k3r8O5n6FQIPfdBIHDqN9xJk1Yb/TM
nyNKwEnlbLFTiMG73Ji0AdnUJKnh4MV9ePoAxEx8+zR/okai++qEQfG/TKz4XPFt
1OHmfJSQxG5ZFRIRsLf/Y49krlndlWik8X7exLzNeCv2
-----END CERTIFICATE-----