Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/b6aa96-aa8f-4fd4-b9e8-373a0d3c4534/1/9ZmPO-lKtuluqq-4yroEjFqOPRQ.roa
File:                     9ZmPO-lKtuluqq-4yroEjFqOPRQ.roa (raw, json)
Hash identifier:          xezKdbVKkFpKrkgEb5QqoNRokKauBOlpJUUdhxL8/jE=
Subject key identifier:   F5:99:8F:3B:E9:4A:B6:E9:6E:AA:AF:B8:CA:BA:04:8C:5A:8E:3D:14
Certificate issuer:       /CN=c115f1341a87140a122dc8f96502b72449057e60
Certificate serial:       018CC94E45477438076FABD4AE8DC92A3DA7
Authority key identifier: C1:15:F1:34:1A:87:14:0A:12:2D:C8:F9:65:02:B7:24:49:05:7E:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRXxNBqHFAoSLcj5ZQK3JEkFfmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/b6aa96-aa8f-4fd4-b9e8-373a0d3c4534/1/9ZmPO-lKtuluqq-4yroEjFqOPRQ.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212991
IP address blocks:        185.158.206.0/24 maxlen: 24
                          2a0c:8d80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/b6aa96-aa8f-4fd4-b9e8-373a0d3c4534/1/wRXxNBqHFAoSLcj5ZQK3JEkFfmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/b6aa96-aa8f-4fd4-b9e8-373a0d3c4534/1/wRXxNBqHFAoSLcj5ZQK3JEkFfmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRXxNBqHFAoSLcj5ZQK3JEkFfmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:45:47:74:38:07:6f:ab:d4:ae:8d:c9:2a:3d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c115f1341a87140a122dc8f96502b72449057e60
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5998f3be94ab6e96eaaafb8caba048c5a8e3d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f8:33:56:b8:06:93:24:2f:a2:81:b8:11:ac:
                    c7:ef:f8:90:bf:46:2d:77:bf:d3:04:13:02:cd:89:
                    0d:93:70:c0:a1:0d:db:66:0e:17:75:66:1f:c3:d3:
                    3e:e3:64:66:fe:10:4f:1b:45:02:16:c3:78:bb:63:
                    7b:d1:6e:5c:dd:40:de:3a:d4:fa:b3:95:4d:f7:21:
                    90:bc:a2:42:c4:91:ad:b5:25:0d:83:1d:5a:61:52:
                    78:70:d2:ad:b2:66:50:f1:13:89:be:9e:ca:fd:b8:
                    38:ee:46:82:31:28:88:8f:9b:e6:04:2b:a6:70:71:
                    7a:fa:b1:ac:d8:50:78:1d:df:a6:c7:9b:18:53:22:
                    35:28:8c:03:0e:3f:5d:82:58:a0:b8:db:a7:cd:b4:
                    5b:b4:30:ec:bb:d7:eb:de:88:12:4c:60:a5:2f:87:
                    49:3d:52:1b:da:50:9e:8a:f0:8e:be:23:65:ed:31:
                    46:3a:f7:06:86:4f:50:7f:84:b0:32:f5:fe:dd:0f:
                    8c:25:2f:49:ae:f5:98:f6:6d:e9:3b:d4:0b:db:98:
                    c0:eb:3b:08:be:c1:ab:92:59:84:f0:7c:69:5a:41:
                    71:c4:2c:67:43:63:0e:30:33:32:c4:b2:c5:7a:f4:
                    71:da:0c:4b:6a:06:f0:d5:cf:22:99:17:3c:a3:27:
                    c0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:99:8F:3B:E9:4A:B6:E9:6E:AA:AF:B8:CA:BA:04:8C:5A:8E:3D:14
            X509v3 Authority Key Identifier:
                keyid:C1:15:F1:34:1A:87:14:0A:12:2D:C8:F9:65:02:B7:24:49:05:7E:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRXxNBqHFAoSLcj5ZQK3JEkFfmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b6aa96-aa8f-4fd4-b9e8-373a0d3c4534/1/9ZmPO-lKtuluqq-4yroEjFqOPRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/b6aa96-aa8f-4fd4-b9e8-373a0d3c4534/1/wRXxNBqHFAoSLcj5ZQK3JEkFfmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.206.0/24
                IPv6:
                  2a0c:8d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:62:32:e0:5a:8e:c2:a9:f3:de:e3:e6:4a:ef:c3:9f:01:bb:
         b4:0c:3c:ae:a8:83:e9:1f:ce:1b:b2:77:4c:77:ec:fa:d6:cd:
         dc:0c:7f:df:04:ab:8a:6c:1b:99:4a:b1:c6:64:71:88:b2:a8:
         b6:55:9c:55:cc:29:aa:9c:4c:a7:95:fb:e3:51:98:f9:46:79:
         f1:26:3b:cd:78:22:54:0b:2f:1b:8a:0d:f0:eb:66:60:d1:65:
         16:b9:84:5f:50:42:96:e3:ff:3e:3f:5b:19:e2:c1:3d:b7:ad:
         73:e7:63:a3:bd:a6:1f:c0:9a:27:c4:7f:81:91:f5:2e:64:f3:
         5b:37:39:26:f1:f8:ce:99:0e:e3:b1:cc:27:dd:20:29:78:1c:
         c9:ca:77:9b:7a:85:ae:4f:d0:62:25:43:31:08:ea:82:9b:14:
         77:da:94:a7:7b:55:47:4e:09:da:67:51:0f:62:f1:80:49:0d:
         ac:68:a4:72:7a:c0:a3:90:d1:22:3b:ae:58:be:30:c5:af:fd:
         15:43:9c:ee:ef:8c:db:d4:20:01:42:52:24:a2:e9:e1:22:c0:
         8d:7c:68:b4:9e:5b:e7:dc:7b:52:82:b9:c9:e3:df:89:4e:76:
         43:3e:7a:1f:5b:86:ae:c9:c2:0d:df:16:e0:bb:4f:2c:b3:f6:
         28:08:16:0a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTkVHdDgHb6vUro3JKj2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTVmMTM0MWE4NzE0MGExMjJkYzhmOTY1MDJiNzI0NDkw
NTdlNjAwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTk5OGYzYmU5NGFiNmU5NmVhYWFmYjhjYWJhMDQ4YzVhOGUzZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvgzVrgGkyQvooG4EazH7/iQv0Yt
d7/TBBMCzYkNk3DAoQ3bZg4XdWYfw9M+42Rm/hBPG0UCFsN4u2N70W5c3UDeOtT6
s5VN9yGQvKJCxJGttSUNgx1aYVJ4cNKtsmZQ8ROJvp7K/bg47kaCMSiIj5vmBCum
cHF6+rGs2FB4Hd+mx5sYUyI1KIwDDj9dgliguNunzbRbtDDsu9fr3ogSTGClL4dJ
PVIb2lCeivCOviNl7TFGOvcGhk9Qf4SwMvX+3Q+MJS9JrvWY9m3pO9QL25jA6zsI
vsGrklmE8HxpWkFxxCxnQ2MOMDMyxLLFevRx2gxLagbw1c8imRc8oyfAOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPWZjzvpSrbpbqqvuMq6BIxajj0UMB8GA1UdIwQY
MBaAFMEV8TQahxQKEi3I+WUCtyRJBX5gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JYeE5CcUhGQW9TTGNqNVpRSzNKRWtGZm1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9iNmFhOTYtYWE4Zi00ZmQ0LWI5ZTgt
MzczYTBkM2M0NTM0LzEvOVptUE8tbEt0dWx1cXEtNHlyb0VqRnFPUFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9iNmFhOTYtYWE4Zi00ZmQ0LWI5ZTgtMzczYTBkM2M0NTM0
LzEvd1JYeE5CcUhGQW9TTGNqNVpRSzNKRWtGZm1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZ7OMA0E
AgACMAcDBQMqDI2AMA0GCSqGSIb3DQEBCwUAA4IBAQCZYjLgWo7CqfPe4+ZK78Of
Abu0DDyuqIPpH84bsndMd+z61s3cDH/fBKuKbBuZSrHGZHGIsqi2VZxVzCmqnEyn
lfvjUZj5RnnxJjvNeCJUCy8big3w62Zg0WUWuYRfUEKW4/8+P1sZ4sE9t61z52Oj
vaYfwJonxH+BkfUuZPNbNzkm8fjOmQ7jscwn3SApeBzJynebeoWuT9BiJUMxCOqC
mxR32pSne1VHTgnaZ1EPYvGASQ2saKRyesCjkNEiO65YvjDFr/0VQ5zu74zb1CAB
QlIkounhIsCNfGi0nlvn3HtSgrnJ49+JTnZDPnofW4auycIN3xbgu08ss/YoCBYK
-----END CERTIFICATE-----