Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/b38821-23f2-4e5e-941c-a8f0ee00b2ad/1/l9pvAOvJo3U3y4hlc35uaW6pRP0.roa
File:                     l9pvAOvJo3U3y4hlc35uaW6pRP0.roa (raw, json)
Hash identifier:          2qSPauEg0wasu2tbhOwWMxtDNkF89f6c1hyH80SiKME=
Subject key identifier:   97:DA:6F:00:EB:C9:A3:75:37:CB:88:65:73:7E:6E:69:6E:A9:44:FD
Certificate issuer:       /CN=b132e935a10f9ce216e0993ae4199c96f5273af4
Certificate serial:       018CC8016DDC66D98A98202AC496CE706CD1
Authority key identifier: B1:32:E9:35:A1:0F:9C:E2:16:E0:99:3A:E4:19:9C:96:F5:27:3A:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sTLpNaEPnOIW4Jk65BmclvUnOvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/b38821-23f2-4e5e-941c-a8f0ee00b2ad/1/l9pvAOvJo3U3y4hlc35uaW6pRP0.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        212.6.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/b38821-23f2-4e5e-941c-a8f0ee00b2ad/1/sTLpNaEPnOIW4Jk65BmclvUnOvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/b38821-23f2-4e5e-941c-a8f0ee00b2ad/1/sTLpNaEPnOIW4Jk65BmclvUnOvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sTLpNaEPnOIW4Jk65BmclvUnOvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:6d:dc:66:d9:8a:98:20:2a:c4:96:ce:70:6c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b132e935a10f9ce216e0993ae4199c96f5273af4
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97da6f00ebc9a37537cb8865737e6e696ea944fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3a:f8:3b:6b:5d:a9:d7:96:78:4a:69:15:b4:
                    af:bf:65:ea:fe:eb:3f:c8:71:32:fc:15:82:cb:5a:
                    a3:05:71:92:0e:75:9a:65:24:82:fb:90:4e:91:44:
                    81:34:2e:fd:44:94:8e:2f:c4:1b:ed:04:3f:cc:83:
                    54:83:31:1e:79:b0:a9:71:87:73:5c:a6:27:8f:d8:
                    19:ca:c2:38:b7:23:24:d7:09:ee:af:66:35:36:23:
                    fe:c9:3b:2b:fb:b6:9e:c2:a7:67:cb:ed:4e:c1:87:
                    6b:f4:8e:a8:ac:a7:61:3e:14:41:68:50:d4:91:41:
                    f9:d6:7c:30:bd:59:e1:44:9f:7e:ca:97:8c:86:f5:
                    d0:2d:09:b2:df:f8:f1:e7:c8:75:26:fd:b2:b2:4c:
                    0d:0e:cc:a9:c0:21:a5:c9:f7:85:c9:0a:3f:33:f1:
                    99:d0:c7:69:a4:4b:65:73:24:74:ed:20:6d:20:64:
                    44:18:00:bb:07:04:79:0b:2c:53:1f:f6:b6:c1:da:
                    0d:8b:ba:fd:e9:50:62:7d:77:0d:00:96:c6:98:6d:
                    34:3b:49:fb:29:0e:fe:59:72:20:07:fc:72:13:e8:
                    02:a9:66:9b:48:c1:e5:dd:03:a0:86:16:21:d4:82:
                    f6:4a:95:66:4a:9d:f0:63:00:1e:77:b9:11:68:5b:
                    ad:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:DA:6F:00:EB:C9:A3:75:37:CB:88:65:73:7E:6E:69:6E:A9:44:FD
            X509v3 Authority Key Identifier:
                keyid:B1:32:E9:35:A1:0F:9C:E2:16:E0:99:3A:E4:19:9C:96:F5:27:3A:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sTLpNaEPnOIW4Jk65BmclvUnOvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b38821-23f2-4e5e-941c-a8f0ee00b2ad/1/l9pvAOvJo3U3y4hlc35uaW6pRP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/b38821-23f2-4e5e-941c-a8f0ee00b2ad/1/sTLpNaEPnOIW4Jk65BmclvUnOvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:bf:8a:f6:2b:2b:2c:bc:ec:8d:46:16:aa:25:25:ee:1c:3c:
         0a:4d:0e:11:f1:33:6e:e2:c8:e0:30:b0:70:9a:0a:c7:f2:be:
         4a:b2:3b:44:b2:8f:52:a1:ba:55:a5:80:4b:b1:b5:41:97:f7:
         e9:7a:42:7c:53:2b:2f:3f:9d:c8:63:43:a7:dc:9c:0c:bd:0e:
         07:e3:05:e1:97:5f:bf:e8:71:1c:62:1b:f8:a4:c8:ba:cc:9f:
         33:b3:1e:3d:ad:3f:68:80:50:13:b8:53:29:c3:cb:56:0b:da:
         41:43:9f:9a:6a:72:6c:86:1c:aa:aa:e7:44:63:48:af:9b:0d:
         58:79:a8:b4:d5:1a:ef:c2:73:3e:9e:0e:20:19:a1:e4:ed:fd:
         87:c0:47:33:68:04:a4:ce:ec:17:4c:e7:ba:29:d4:32:c1:df:
         f4:0a:b6:06:38:da:2c:7c:16:ce:63:25:d2:6c:2d:e1:34:52:
         65:3c:af:1c:a3:c3:0a:b7:d6:bb:eb:8a:fa:58:fd:9f:a2:2f:
         ba:b7:ad:b5:ca:3f:60:97:71:d2:d6:e2:b0:ee:ac:e0:92:00:
         35:84:59:47:0f:1b:c1:fd:76:e3:24:f5:8a:6d:d9:76:8e:dc:
         a4:7b:bf:b4:75:2d:71:0d:4c:02:d1:d7:3c:7e:48:8f:4e:f7:
         ea:58:e6:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAW3cZtmKmCAqxJbOcGzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMzJlOTM1YTEwZjljZTIxNmUwOTkzYWU0MTk5Yzk2ZjUy
NzNhZjQwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2RhNmYwMGViYzlhMzc1MzdjYjg4NjU3MzdlNmU2OTZlYTk0NGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDr4O2tdqdeWeEppFbSvv2Xq/us/
yHEy/BWCy1qjBXGSDnWaZSSC+5BOkUSBNC79RJSOL8Qb7QQ/zINUgzEeebCpcYdz
XKYnj9gZysI4tyMk1wnur2Y1NiP+yTsr+7aewqdny+1OwYdr9I6orKdhPhRBaFDU
kUH51nwwvVnhRJ9+ypeMhvXQLQmy3/jx58h1Jv2yskwNDsypwCGlyfeFyQo/M/GZ
0MdppEtlcyR07SBtIGREGAC7BwR5CyxTH/a2wdoNi7r96VBifXcNAJbGmG00O0n7
KQ7+WXIgB/xyE+gCqWabSMHl3QOghhYh1IL2SpVmSp3wYwAed7kRaFutvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfabwDryaN1N8uIZXN+bmluqUT9MB8GA1UdIwQY
MBaAFLEy6TWhD5ziFuCZOuQZnJb1Jzr0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1RMcE5hRVBuT0lXNEprNjVCbWNsdlVuT3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9iMzg4MjEtMjNmMi00ZTVlLTk0MWMt
YThmMGVlMDBiMmFkLzEvbDlwdkFPdkpvM1UzeTRobGMzNXVhVzZwUlAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9iMzg4MjEtMjNmMi00ZTVlLTk0MWMtYThmMGVlMDBiMmFk
LzEvc1RMcE5hRVBuT0lXNEprNjVCbWNsdlVuT3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AYnMA0G
CSqGSIb3DQEBCwUAA4IBAQCLv4r2KyssvOyNRhaqJSXuHDwKTQ4R8TNu4sjgMLBw
mgrH8r5KsjtEso9SobpVpYBLsbVBl/fpekJ8UysvP53IY0On3JwMvQ4H4wXhl1+/
6HEcYhv4pMi6zJ8zsx49rT9ogFATuFMpw8tWC9pBQ5+aanJshhyqqudEY0ivmw1Y
eai01RrvwnM+ng4gGaHk7f2HwEczaASkzuwXTOe6KdQywd/0CrYGONosfBbOYyXS
bC3hNFJlPK8co8MKt9a764r6WP2foi+6t621yj9gl3HS1uKw7qzgkgA1hFlHDxvB
/XbjJPWKbdl2jtyke7+0dS1xDUwC0dc8fkiPTvfqWOb2
-----END CERTIFICATE-----