Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/9758eb-4108-4087-a818-50ea67327cd1/1/09jBWQnUu2FhfopcjWwVB4IlyZA.roa
File:                     09jBWQnUu2FhfopcjWwVB4IlyZA.roa (raw, json)
Hash identifier:          K2acK/fprQKlYX7+zu/ub1cwUV0vdUiqjLhGh/5ydgM=
Subject key identifier:   D3:D8:C1:59:09:D4:BB:61:61:7E:8A:5C:8D:6C:15:07:82:25:C9:90
Certificate issuer:       /CN=d85022282e34699fe548b7528519a25a50d9133a
Certificate serial:       018CC424E5A79DC1046B8C49084B73597530
Authority key identifier: D8:50:22:28:2E:34:69:9F:E5:48:B7:52:85:19:A2:5A:50:D9:13:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2FAiKC40aZ_lSLdShRmiWlDZEzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/9758eb-4108-4087-a818-50ea67327cd1/1/09jBWQnUu2FhfopcjWwVB4IlyZA.roa
Signing time:             Mon 01 Jan 2024 08:30:01 +0000
ROA not before:           Mon 01 Jan 2024 08:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48943
IP address blocks:        193.27.40.0/24 maxlen: 24
                          193.25.98.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/9758eb-4108-4087-a818-50ea67327cd1/1/2FAiKC40aZ_lSLdShRmiWlDZEzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/9758eb-4108-4087-a818-50ea67327cd1/1/2FAiKC40aZ_lSLdShRmiWlDZEzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2FAiKC40aZ_lSLdShRmiWlDZEzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 19:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e5:a7:9d:c1:04:6b:8c:49:08:4b:73:59:75:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d85022282e34699fe548b7528519a25a50d9133a
        Validity
            Not Before: Jan  1 08:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3d8c15909d4bb61617e8a5c8d6c15078225c990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:36:5b:e6:55:aa:42:19:f1:a9:c8:72:8f:ad:
                    c0:35:98:1a:5b:2c:ee:42:53:e2:09:c5:62:a6:79:
                    7d:41:6f:dc:42:f3:52:80:8e:70:e4:a1:67:3d:aa:
                    9d:6f:71:a8:0a:d6:31:b7:11:2a:79:88:ba:ff:f9:
                    b3:13:c2:86:52:e8:9b:36:73:bc:01:16:f4:e3:9c:
                    87:4c:7d:0c:8c:c3:65:a4:e7:3c:74:e8:bc:bb:49:
                    f6:de:80:36:1b:21:d3:e8:91:27:76:a3:6c:6d:7d:
                    e6:9d:7a:f4:70:8d:de:4d:46:c2:dd:65:d9:60:69:
                    30:20:83:f1:87:c4:f7:56:6a:70:2f:64:a0:8b:ad:
                    6d:1b:cd:7a:e4:e6:f1:a6:91:36:80:bd:a1:e4:53:
                    c9:b0:c3:2e:f5:52:4e:c2:e9:9e:0e:97:a1:20:c1:
                    2f:80:73:23:33:9c:6b:e6:a7:3f:b9:a7:01:02:9c:
                    ba:c4:fa:a5:51:f8:11:53:16:98:d4:bb:f6:68:0a:
                    3c:52:25:d9:3e:bd:61:26:5b:c4:dc:18:94:fe:34:
                    ca:4f:02:d5:5f:ab:4f:b9:f8:79:a4:f9:c2:73:f5:
                    d1:6c:4f:95:71:d8:e4:c8:97:58:39:b2:28:a6:ff:
                    47:fc:1a:62:a1:f7:f7:c5:8b:61:1a:8b:cb:ef:41:
                    35:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D8:C1:59:09:D4:BB:61:61:7E:8A:5C:8D:6C:15:07:82:25:C9:90
            X509v3 Authority Key Identifier:
                keyid:D8:50:22:28:2E:34:69:9F:E5:48:B7:52:85:19:A2:5A:50:D9:13:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2FAiKC40aZ_lSLdShRmiWlDZEzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/9758eb-4108-4087-a818-50ea67327cd1/1/09jBWQnUu2FhfopcjWwVB4IlyZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/9758eb-4108-4087-a818-50ea67327cd1/1/2FAiKC40aZ_lSLdShRmiWlDZEzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.98.0/23
                  193.27.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:aa:a9:d4:b3:c5:b5:36:b3:de:d4:cb:cf:dc:4f:83:ab:ab:
         cf:ae:40:0c:83:8b:32:09:56:68:76:f4:b3:70:dd:43:6a:0e:
         58:61:49:6e:7e:e0:75:38:03:8a:86:8c:ac:49:f8:75:7b:b0:
         30:28:21:17:4d:e8:a7:a6:67:5a:ca:4e:65:c9:b5:65:26:3d:
         82:3d:53:38:3c:83:41:a5:8a:16:02:a8:78:d3:51:22:51:de:
         9b:00:b4:46:a0:c3:1a:b4:fa:87:22:3a:dc:e5:c1:54:d9:44:
         ba:9b:a1:16:10:5e:64:4e:0a:f3:7c:27:d8:b7:74:b6:f5:75:
         b5:00:2d:15:ca:9b:75:19:33:8c:7c:f7:92:5d:c8:d1:ea:ec:
         c7:bb:ab:3b:a5:d2:00:52:0a:c3:97:5e:3f:a4:17:8f:25:45:
         60:7f:b3:99:2e:04:3d:2a:26:85:17:4e:8c:45:6a:9e:aa:7a:
         72:10:7b:d9:ea:14:42:76:c4:57:a1:3c:35:15:9d:89:93:9e:
         f8:b3:0c:a1:d8:db:00:87:16:27:24:7a:26:02:88:47:da:6f:
         18:ac:49:3a:83:45:1c:19:e9:c9:75:81:f5:07:5a:a9:22:7d:
         0a:c1:a3:3c:ff:76:87:a1:73:d8:39:1c:23:6c:41:81:50:e4:
         df:f1:1a:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJOWnncEEa4xJCEtzWXUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NTAyMjI4MmUzNDY5OWZlNTQ4Yjc1Mjg1MTlhMjVhNTBk
OTEzM2EwHhcNMjQwMTAxMDgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Q4YzE1OTA5ZDRiYjYxNjE3ZThhNWM4ZDZjMTUwNzgyMjVjOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jZb5lWqQhnxqchyj63ANZgaWyzu
QlPiCcVipnl9QW/cQvNSgI5w5KFnPaqdb3GoCtYxtxEqeYi6//mzE8KGUuibNnO8
ARb045yHTH0MjMNlpOc8dOi8u0n23oA2GyHT6JEndqNsbX3mnXr0cI3eTUbC3WXZ
YGkwIIPxh8T3VmpwL2Sgi61tG8165ObxppE2gL2h5FPJsMMu9VJOwumeDpehIMEv
gHMjM5xr5qc/uacBApy6xPqlUfgRUxaY1Lv2aAo8UiXZPr1hJlvE3BiU/jTKTwLV
X6tPufh5pPnCc/XRbE+VcdjkyJdYObIopv9H/Bpioff3xYthGovL70E1rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNPYwVkJ1LthYX6KXI1sFQeCJcmQMB8GA1UdIwQY
MBaAFNhQIiguNGmf5Ui3UoUZolpQ2RM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkZBaUtDNDBhWl9sU0xkU2hSbWlXbERaRXpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy85NzU4ZWItNDEwOC00MDg3LWE4MTgt
NTBlYTY3MzI3Y2QxLzEvMDlqQldRblV1MkZoZm9wY2pXd1ZCNElseVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy85NzU4ZWItNDEwOC00MDg3LWE4MTgtNTBlYTY3MzI3Y2Qx
LzEvMkZBaUtDNDBhWl9sU0xkU2hSbWlXbERaRXpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwRliAwQA
wRsoMA0GCSqGSIb3DQEBCwUAA4IBAQC0qqnUs8W1NrPe1MvP3E+Dq6vPrkAMg4sy
CVZodvSzcN1Dag5YYUlufuB1OAOKhoysSfh1e7AwKCEXTeinpmdayk5lybVlJj2C
PVM4PINBpYoWAqh401EiUd6bALRGoMMatPqHIjrc5cFU2US6m6EWEF5kTgrzfCfY
t3S29XW1AC0Vypt1GTOMfPeSXcjR6uzHu6s7pdIAUgrDl14/pBePJUVgf7OZLgQ9
KiaFF06MRWqeqnpyEHvZ6hRCdsRXoTw1FZ2Jk574swyh2NsAhxYnJHomAohH2m8Y
rEk6g0UcGenJdYH1B1qpIn0KwaM8/3aHoXPYORwjbEGBUOTf8Roa
-----END CERTIFICATE-----