Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/9u4MlE0b9sPL4DYard_TyzusMSs.roa
File:                     9u4MlE0b9sPL4DYard_TyzusMSs.roa (raw, json)
Hash identifier:          xNJtJ3ljGRunrRqvR1juY4uMDPSy3sHnBiyd7hMw7Pc=
Subject key identifier:   F6:EE:0C:94:4D:1B:F6:C3:CB:E0:36:1A:AD:DF:D3:CB:3B:AC:31:2B
Certificate issuer:       /CN=5d644b902caa17a99d65c46cb3a6f8d939cd98b5
Certificate serial:       018CC4255D4145A78678D473C2AD23B85ABB
Authority key identifier: 5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/9u4MlE0b9sPL4DYard_TyzusMSs.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209014
IP address blocks:        62.3.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:41:45:a7:86:78:d4:73:c2:ad:23:b8:5a:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d644b902caa17a99d65c46cb3a6f8d939cd98b5
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6ee0c944d1bf6c3cbe0361aaddfd3cb3bac312b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ce:27:1c:72:b3:fe:cd:01:ef:51:01:36:26:
                    84:82:92:47:15:8e:e5:54:60:7a:7c:57:8b:ee:49:
                    e7:8f:d7:7b:bc:f2:87:3e:62:0d:ba:44:b4:40:e3:
                    92:21:0c:4f:73:99:86:58:0e:c6:58:33:a6:c1:2a:
                    a0:dc:0d:b6:da:d7:c8:8a:e1:a1:45:c2:a8:7d:35:
                    d0:27:25:4f:3b:7c:ea:30:c6:d4:85:2f:29:56:58:
                    ac:7b:8c:02:d1:4b:7a:e6:14:d1:f0:f2:e4:60:a7:
                    b5:f4:8a:9f:b4:76:c9:92:4e:8b:3f:d2:e3:9c:dd:
                    43:99:4e:43:71:61:1a:0d:eb:82:82:55:00:48:58:
                    1b:54:14:2b:95:d1:d7:56:42:ee:6f:fd:de:c8:dc:
                    b2:5e:8b:02:f9:93:8c:e5:24:4a:cc:8b:81:4d:b7:
                    bc:03:51:5d:3c:67:74:cc:8e:a7:5f:54:48:af:e5:
                    82:75:80:69:c5:08:8b:a7:fa:19:95:62:37:b7:f1:
                    60:92:5d:2a:b4:27:3d:26:0b:93:35:35:af:6d:c0:
                    d3:96:a0:51:8d:52:16:29:61:88:a3:6f:d2:c1:89:
                    1e:60:ec:c0:27:11:31:d4:c8:ba:81:64:44:e8:4d:
                    53:66:c9:2e:b5:08:49:7f:7a:a5:95:c5:d4:12:20:
                    95:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:EE:0C:94:4D:1B:F6:C3:CB:E0:36:1A:AD:DF:D3:CB:3B:AC:31:2B
            X509v3 Authority Key Identifier:
                keyid:5D:64:4B:90:2C:AA:17:A9:9D:65:C4:6C:B3:A6:F8:D9:39:CD:98:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWRLkCyqF6mdZcRss6b42TnNmLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/9u4MlE0b9sPL4DYard_TyzusMSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/cd39a7-ed1a-4bf3-b5a6-40d836c62829/1/XWRLkCyqF6mdZcRss6b42TnNmLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:02:a0:d2:32:01:48:c2:8d:41:e9:20:68:19:0e:95:a2:f4:
         53:c1:91:de:b3:51:1a:6d:c2:1e:22:d5:db:89:21:a0:8c:e9:
         6b:4c:8b:6f:8c:cd:cf:11:ed:a5:0c:fe:26:0d:31:e5:61:76:
         a3:fa:a2:9a:4a:e7:3c:c3:d5:d4:8a:f8:9f:27:12:fb:c1:cb:
         8e:90:a9:bb:d6:29:83:d9:cc:34:87:aa:c0:0e:89:f4:9a:80:
         51:b0:4b:f1:ad:c3:58:76:86:92:0c:a8:b9:b3:a5:37:62:cf:
         a6:cd:68:65:45:dc:e7:8d:b3:73:0d:5b:ad:03:9f:3f:dd:ab:
         2f:c0:aa:ac:e9:6a:68:6b:03:81:2d:9d:72:9b:3b:d6:63:bf:
         f9:cb:26:b1:cf:01:83:13:ba:8a:7f:e8:a0:3d:84:34:0c:a1:
         a2:0d:9d:f5:e4:4f:94:b8:7a:e6:5f:4b:53:75:35:6e:fb:e0:
         70:31:6e:10:ac:0f:2e:21:fa:a9:e3:71:a0:da:a7:b6:44:0a:
         b5:d3:40:e5:fc:21:a9:30:5d:6e:24:68:bc:28:c2:b2:74:17:
         56:8b:96:6a:b9:23:d0:3e:74:c3:c7:47:1c:bb:70:df:ca:60:
         ae:05:6a:21:c5:3d:34:98:9c:4b:40:f3:2e:3a:97:7e:5b:74:
         d6:fe:35:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV1BRaeGeNRzwq0juFq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjQ0YjkwMmNhYTE3YTk5ZDY1YzQ2Y2IzYTZmOGQ5Mzlj
ZDk4YjUwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmVlMGM5NDRkMWJmNmMzY2JlMDM2MWFhZGRmZDNjYjNiYWMzMTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhs4nHHKz/s0B71EBNiaEgpJHFY7l
VGB6fFeL7knnj9d7vPKHPmINukS0QOOSIQxPc5mGWA7GWDOmwSqg3A222tfIiuGh
RcKofTXQJyVPO3zqMMbUhS8pVlise4wC0Ut65hTR8PLkYKe19IqftHbJkk6LP9Lj
nN1DmU5DcWEaDeuCglUASFgbVBQrldHXVkLub/3eyNyyXosC+ZOM5SRKzIuBTbe8
A1FdPGd0zI6nX1RIr+WCdYBpxQiLp/oZlWI3t/Fgkl0qtCc9JguTNTWvbcDTlqBR
jVIWKWGIo2/SwYkeYOzAJxEx1Mi6gWRE6E1TZskutQhJf3qllcXUEiCVlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbuDJRNG/bDy+A2Gq3f08s7rDErMB8GA1UdIwQY
MBaAFF1kS5AsqhepnWXEbLOm+Nk5zZi1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdSTGtDeXFGNm1kWmNSc3M2YjQyVG5ObUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZDM5YTctZWQxYS00YmYzLWI1YTYt
NDBkODM2YzYyODI5LzEvOXU0TWxFMGI5c1BMNERZYXJkX1R5enVzTVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZDM5YTctZWQxYS00YmYzLWI1YTYtNDBkODM2YzYyODI5
LzEvWFdSTGtDeXFGNm1kWmNSc3M2YjQyVG5ObUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgMrMA0G
CSqGSIb3DQEBCwUAA4IBAQCOAqDSMgFIwo1B6SBoGQ6VovRTwZHes1EabcIeItXb
iSGgjOlrTItvjM3PEe2lDP4mDTHlYXaj+qKaSuc8w9XUivifJxL7wcuOkKm71imD
2cw0h6rADon0moBRsEvxrcNYdoaSDKi5s6U3Ys+mzWhlRdznjbNzDVutA58/3asv
wKqs6WpoawOBLZ1ymzvWY7/5yyaxzwGDE7qKf+igPYQ0DKGiDZ315E+UuHrmX0tT
dTVu++BwMW4QrA8uIfqp43Gg2qe2RAq100Dl/CGpMF1uJGi8KMKydBdWi5ZquSPQ
PnTDx0ccu3DfymCuBWohxT00mJxLQPMuOpd+W3TW/jUR
-----END CERTIFICATE-----