Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/12ennUn6KAsQnfP5BlaRdWNzakA.roa
File:                     12ennUn6KAsQnfP5BlaRdWNzakA.roa (raw, json)
Hash identifier:          drOIIoczZi1R+wEqtqUOjdfVyXt3K+J/hWJojCFIQD4=
Subject key identifier:   D7:67:A7:9D:49:FA:28:0B:10:9D:F3:F9:06:56:91:75:63:73:6A:40
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       018CC86F1B2ECA8CA61F6DBC328965111FF2
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/12ennUn6KAsQnfP5BlaRdWNzakA.roa
Signing time:             Tue 02 Jan 2024 04:29:33 +0000
ROA not before:           Tue 02 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135330
IP address blocks:        74.119.193.0/24 maxlen: 24
                          2a09:7c45::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1b:2e:ca:8c:a6:1f:6d:bc:32:89:65:11:1f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Jan  2 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d767a79d49fa280b109df3f90656917563736a40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:eb:d1:77:4e:08:98:5c:2f:30:03:79:be:6c:
                    34:fd:ff:a8:3f:95:85:56:3c:93:0f:bc:6f:04:21:
                    57:c8:db:7b:71:f9:7d:d4:0e:42:c8:8f:da:5e:b6:
                    33:58:c2:74:84:13:25:71:1d:f5:6c:4e:0f:3b:3d:
                    64:45:db:64:71:b1:3b:ca:c9:77:c5:80:41:89:9c:
                    b4:4f:92:f7:93:9d:3d:22:17:b3:a9:0b:ba:86:c8:
                    4a:4a:8d:40:2c:d3:fd:7a:36:62:54:ff:fc:74:aa:
                    f0:72:5d:e3:70:e7:2f:c5:5e:7d:84:5d:ca:e5:5d:
                    59:ab:56:9a:2c:4d:5b:7e:ae:3c:4e:27:ee:1b:32:
                    d5:37:5c:31:83:ef:3a:66:cb:00:fb:bb:33:48:3e:
                    9d:38:cc:6b:9b:71:fe:f7:28:68:bf:63:21:2d:eb:
                    6c:c9:06:b9:92:f3:ba:b5:6c:b1:68:c6:8d:15:d4:
                    f7:37:08:e8:b5:ff:c1:ec:2a:f9:73:7f:c9:53:c8:
                    60:56:be:e5:44:49:51:3a:97:a2:a2:83:6f:47:65:
                    75:2c:3d:a6:62:28:56:07:cf:f6:27:03:18:bc:d7:
                    fd:ef:70:00:29:1c:d3:45:b6:cd:ca:09:64:23:9e:
                    58:79:b1:b5:3a:66:17:ba:ee:9a:07:e2:53:38:2c:
                    06:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:67:A7:9D:49:FA:28:0B:10:9D:F3:F9:06:56:91:75:63:73:6A:40
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/12ennUn6KAsQnfP5BlaRdWNzakA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.119.193.0/24
                IPv6:
                  2a09:7c45::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:62:ea:e4:f0:47:86:20:c4:2c:77:27:0c:9c:89:8e:30:9f:
         88:8d:bf:2b:d1:49:a8:8a:a4:b5:bd:e7:9b:08:73:30:c4:56:
         e9:a1:81:7e:cb:04:26:11:95:f7:c6:8c:a5:c6:a9:56:e7:c5:
         de:40:13:c1:98:31:44:36:6b:30:2f:e8:3c:7b:14:1d:bc:ab:
         37:be:6c:c4:6a:49:04:53:cd:d2:2b:2a:fa:b0:6e:40:fa:03:
         c5:f4:a9:50:b3:ad:33:00:72:52:0a:a3:1e:6e:44:94:e5:86:
         ca:6b:b1:7d:8f:85:35:bd:1c:e8:fd:a7:f7:f2:88:d8:b2:58:
         d3:4a:87:c8:de:7b:b9:ff:27:8f:b6:32:07:26:30:87:58:41:
         76:d2:07:e0:52:92:8e:bb:55:65:59:5c:b2:ec:3b:1f:80:63:
         89:90:b9:d2:c0:5b:a3:fd:1d:78:55:2f:24:59:7b:38:87:4f:
         1a:a5:70:fa:cc:1a:c2:19:94:d4:9b:28:c8:cf:0a:e5:d6:2c:
         1d:20:aa:de:56:15:24:42:ce:6d:b8:bb:fc:6f:1b:95:6b:ce:
         c5:98:1d:be:ca:b1:44:ab:50:67:e6:da:68:02:de:6e:0c:0c:
         29:35:ae:af:ee:d6:a8:1e:b8:14:27:b3:d5:7e:61:fb:d9:50:
         7a:56:eb:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbxsuyoymH228MollER/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjQwMTAyMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzY3YTc5ZDQ5ZmEyODBiMTA5ZGYzZjkwNjU2OTE3NTYzNzM2YTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsevRd04ImFwvMAN5vmw0/f+oP5WF
VjyTD7xvBCFXyNt7cfl91A5CyI/aXrYzWMJ0hBMlcR31bE4POz1kRdtkcbE7ysl3
xYBBiZy0T5L3k509IhezqQu6hshKSo1ALNP9ejZiVP/8dKrwcl3jcOcvxV59hF3K
5V1Zq1aaLE1bfq48TifuGzLVN1wxg+86ZssA+7szSD6dOMxrm3H+9yhov2MhLets
yQa5kvO6tWyxaMaNFdT3Nwjotf/B7Cr5c3/JU8hgVr7lRElROpeiooNvR2V1LD2m
YihWB8/2JwMYvNf973AAKRzTRbbNyglkI55YebG1OmYXuu6aB+JTOCwGiQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNdnp51J+igLEJ3z+QZWkXVjc2pAMB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvMTJlbm5VbjZLQXNRbmZQNUJsYVJkV056YWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQASnfBMA0E
AgACMAcDBQAqCXxFMA0GCSqGSIb3DQEBCwUAA4IBAQAkYurk8EeGIMQsdycMnImO
MJ+Ijb8r0UmoiqS1veebCHMwxFbpoYF+ywQmEZX3xoylxqlW58XeQBPBmDFENmsw
L+g8exQdvKs3vmzEakkEU83SKyr6sG5A+gPF9KlQs60zAHJSCqMebkSU5YbKa7F9
j4U1vRzo/af38ojYsljTSofI3nu5/yePtjIHJjCHWEF20gfgUpKOu1VlWVyy7Dsf
gGOJkLnSwFuj/R14VS8kWXs4h08apXD6zBrCGZTUmyjIzwrl1iwdIKreVhUkQs5t
uLv8bxuVa87FmB2+yrFEq1Bn5tpoAt5uDAwpNa6v7taoHrgUJ7PVfmH72VB6Vuv6
-----END CERTIFICATE-----