Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/x0rcn2M9mQc0QpVkt-MHoa_bx0o.roa
File:                     x0rcn2M9mQc0QpVkt-MHoa_bx0o.roa (raw, json)
Hash identifier:          NpqkvZpY9KXTZ0SmRskbGRaWqWjpfSZbu9U8Da1mJcY=
Subject key identifier:   C7:4A:DC:9F:63:3D:99:07:34:42:95:64:B7:E3:07:A1:AF:DB:C7:4A
Certificate issuer:       /CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
Certificate serial:       019081FBC2481BB664FB9E4B28C301351877
Authority key identifier: A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/x0rcn2M9mQc0QpVkt-MHoa_bx0o.roa
Signing time:             Fri 05 Jul 2024 08:21:18 +0000
ROA not before:           Fri 05 Jul 2024 08:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208943
IP address blocks:        213.108.131.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:81:fb:c2:48:1b:b6:64:fb:9e:4b:28:c3:01:35:18:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9ec57bc8464fec2e9a1b098ffce34c21aaf9ca6
        Validity
            Not Before: Jul  5 08:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c74adc9f633d990734429564b7e307a1afdbc74a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:30:fc:1a:cb:87:44:c7:7e:3b:63:1c:1f:32:
                    d7:be:5e:86:a5:84:5a:c5:64:7c:d5:3b:13:ca:e4:
                    b9:7a:2c:b7:e5:eb:8b:64:9e:5b:d3:b0:cd:31:d9:
                    01:11:63:53:25:b3:3d:85:5b:23:07:33:d9:f4:bd:
                    24:d8:64:10:8a:81:cf:a2:41:61:44:2a:e5:5d:79:
                    2b:04:66:97:5d:bf:c9:b4:62:64:8d:42:1c:ec:9e:
                    5e:0e:15:20:b3:90:80:f9:94:7e:4c:e7:ca:40:6f:
                    97:85:96:f8:f5:ae:14:99:65:9f:19:58:cd:79:c0:
                    ed:bf:ae:29:07:d8:91:6d:bc:4a:ff:ce:44:13:cb:
                    27:04:55:3e:28:78:f7:6f:3c:3e:d4:47:a7:d3:e9:
                    50:16:5c:ba:ad:ba:3b:5c:03:79:b9:95:58:7c:19:
                    68:c3:61:95:3b:d8:72:05:da:95:9b:5f:aa:00:cd:
                    21:f3:4e:1b:de:c2:6f:0d:eb:67:1f:1d:d9:bf:e0:
                    f7:ee:10:4a:55:60:42:c6:a7:da:cf:36:24:f2:fc:
                    72:04:15:c9:99:be:06:4b:2b:7c:9c:f9:5c:36:9b:
                    c7:36:00:79:0b:bd:24:08:aa:8c:31:5a:86:26:b8:
                    9d:b0:3e:af:59:b8:d3:50:4c:9b:a2:3b:e6:32:e8:
                    bc:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4A:DC:9F:63:3D:99:07:34:42:95:64:B7:E3:07:A1:AF:DB:C7:4A
            X509v3 Authority Key Identifier:
                keyid:A9:EC:57:BC:84:64:FE:C2:E9:A1:B0:98:FF:CE:34:C2:1A:AF:9C:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qexXvIRk_sLpobCY_840whqvnKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/x0rcn2M9mQc0QpVkt-MHoa_bx0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/41b40c-f3b6-40b8-840c-19a3c5649b57/1/qexXvIRk_sLpobCY_840whqvnKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.108.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:6a:c4:81:b1:d2:c7:9d:34:a2:f3:d7:d5:80:2b:b0:e9:03:
         30:a9:6d:55:81:f8:d4:d6:f7:8c:56:48:f0:8d:c9:e9:62:b3:
         98:33:3a:cd:c4:63:1c:ca:b1:32:e9:0f:65:90:54:e1:78:91:
         75:28:1b:52:fa:32:d6:0d:0e:8d:c6:f4:d1:56:57:65:6c:73:
         a6:66:35:aa:39:7e:b3:6d:7c:c4:91:5e:14:6e:80:7c:42:37:
         e2:d9:e5:1d:92:0c:91:8e:5d:8b:9e:7c:f6:4a:a5:1a:8f:a2:
         c3:ca:86:57:92:2a:70:cb:4a:84:85:18:00:f2:4d:37:9a:ca:
         d3:9d:ae:a6:9d:14:ea:f8:d7:af:67:5d:8c:a2:dc:ba:e5:0a:
         01:8a:04:c9:54:88:72:4a:ac:34:54:98:d3:c4:fb:54:59:95:
         33:55:a1:70:76:f4:c6:0d:58:ee:63:5d:75:31:17:a4:6e:7e:
         88:b0:80:af:71:98:b7:85:9c:0e:7a:4b:38:0d:b5:5f:83:26:
         a0:eb:73:e0:ed:31:48:18:47:12:e1:7e:a1:1f:c9:5d:50:b9:
         18:e2:a6:1b:49:69:e0:21:51:7a:a8:bf:c5:10:04:12:c7:a6:
         4d:23:77:01:fc:b0:e4:8b:85:2f:24:af:2c:76:fd:f9:37:2c:
         73:71:b1:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCB+8JIG7Zk+55LKMMBNRh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZWM1N2JjODQ2NGZlYzJlOWExYjA5OGZmY2UzNGMyMWFh
ZjljYTYwHhcNMjQwNzA1MDgyMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRhZGM5ZjYzM2Q5OTA3MzQ0Mjk1NjRiN2UzMDdhMWFmZGJjNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzD8GsuHRMd+O2McHzLXvl6GpYRa
xWR81TsTyuS5eiy35euLZJ5b07DNMdkBEWNTJbM9hVsjBzPZ9L0k2GQQioHPokFh
RCrlXXkrBGaXXb/JtGJkjUIc7J5eDhUgs5CA+ZR+TOfKQG+XhZb49a4UmWWfGVjN
ecDtv64pB9iRbbxK/85EE8snBFU+KHj3bzw+1Een0+lQFly6rbo7XAN5uZVYfBlo
w2GVO9hyBdqVm1+qAM0h804b3sJvDetnHx3Zv+D37hBKVWBCxqfazzYk8vxyBBXJ
mb4GSyt8nPlcNpvHNgB5C70kCKqMMVqGJridsD6vWbjTUEybojvmMui88QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdK3J9jPZkHNEKVZLfjB6Gv28dKMB8GA1UdIwQY
MBaAFKnsV7yEZP7C6aGwmP/ONMIar5ymMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMt
MTlhM2M1NjQ5YjU3LzEveDByY24yTTltUWMwUXBWa3QtTUhvYV9ieDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy80MWI0MGMtZjNiNi00MGI4LTg0MGMtMTlhM2M1NjQ5YjU3
LzEvcWV4WHZJUmtfc0xwb2JDWV84NDB3aHF2bktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1WyDMA0G
CSqGSIb3DQEBCwUAA4IBAQAVasSBsdLHnTSi89fVgCuw6QMwqW1VgfjU1veMVkjw
jcnpYrOYMzrNxGMcyrEy6Q9lkFTheJF1KBtS+jLWDQ6NxvTRVldlbHOmZjWqOX6z
bXzEkV4UboB8Qjfi2eUdkgyRjl2Lnnz2SqUaj6LDyoZXkipwy0qEhRgA8k03msrT
na6mnRTq+NevZ12Moty65QoBigTJVIhySqw0VJjTxPtUWZUzVaFwdvTGDVjuY111
MRekbn6IsICvcZi3hZwOeks4DbVfgyag63Pg7TFIGEcS4X6hH8ldULkY4qYbSWng
IVF6qL/FEAQSx6ZNI3cB/LDki4UvJK8sdv35NyxzcbGr
-----END CERTIFICATE-----