Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/fdb398-3fb5-4b6a-a003-cfc4a676d6e0/1/Y_jx5z12O7fWB2qp-TrEAR869VM.roa
File:                     Y_jx5z12O7fWB2qp-TrEAR869VM.roa (raw, json)
Hash identifier:          BGoLR8z/dA/fmzRkbaoYLagfkumnGJQTC4zxdCidp1Y=
Subject key identifier:   63:F8:F1:E7:3D:76:3B:B7:D6:07:6A:A9:F9:3A:C4:01:1F:3A:F5:53
Certificate issuer:       /CN=0395add86baf6b2d06ff41f5526d347f71eeb410
Certificate serial:       018CC94ADE0F747BE93C874B5B80536D5853
Authority key identifier: 03:95:AD:D8:6B:AF:6B:2D:06:FF:41:F5:52:6D:34:7F:71:EE:B4:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A5Wt2Guvay0G_0H1Um00f3HutBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/fdb398-3fb5-4b6a-a003-cfc4a676d6e0/1/Y_jx5z12O7fWB2qp-TrEAR869VM.roa
Signing time:             Tue 02 Jan 2024 08:29:36 +0000
ROA not before:           Tue 02 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        163.9.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/fdb398-3fb5-4b6a-a003-cfc4a676d6e0/1/A5Wt2Guvay0G_0H1Um00f3HutBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/fdb398-3fb5-4b6a-a003-cfc4a676d6e0/1/A5Wt2Guvay0G_0H1Um00f3HutBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A5Wt2Guvay0G_0H1Um00f3HutBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:de:0f:74:7b:e9:3c:87:4b:5b:80:53:6d:58:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0395add86baf6b2d06ff41f5526d347f71eeb410
        Validity
            Not Before: Jan  2 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63f8f1e73d763bb7d6076aa9f93ac4011f3af553
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f1:e8:e1:5c:df:eb:03:51:f1:23:86:29:76:
                    5e:16:1c:94:8f:ba:19:33:76:59:02:b7:73:ec:f5:
                    3c:5c:a3:5f:19:e2:a0:9c:1c:63:a7:c3:4c:c7:3e:
                    20:be:8a:e2:0f:1b:e6:da:ef:e8:c1:c8:1a:9e:df:
                    75:69:7a:bd:8f:50:c8:90:76:af:10:11:4c:71:67:
                    34:d3:92:8a:ee:1c:6b:00:f8:17:31:6c:8d:06:8d:
                    92:0f:ab:c7:21:b3:eb:4a:fd:92:a5:09:cc:e8:05:
                    be:8a:07:77:0c:37:67:33:a4:84:7f:5f:af:1b:32:
                    f3:ce:95:3f:84:06:32:32:2e:41:bb:18:ca:ea:53:
                    3d:63:4d:9f:6c:9f:0e:d5:9b:53:30:82:fb:97:49:
                    12:5e:da:45:99:0d:5a:31:3e:c8:9f:74:ce:2f:fe:
                    49:0f:0c:8d:33:95:4d:b3:3e:13:83:42:c8:ea:81:
                    39:34:a9:7a:7f:24:53:57:12:91:b9:70:e4:20:db:
                    0a:d5:42:1b:1e:79:a3:a8:ea:d7:01:a0:41:3c:14:
                    ef:24:76:27:56:46:b5:86:4b:0a:f3:b2:b4:0c:2f:
                    d7:8f:39:4b:88:38:79:54:17:28:c7:81:62:89:be:
                    4b:a6:ed:ad:5b:81:5a:1d:ed:2d:67:1b:64:75:0c:
                    49:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F8:F1:E7:3D:76:3B:B7:D6:07:6A:A9:F9:3A:C4:01:1F:3A:F5:53
            X509v3 Authority Key Identifier:
                keyid:03:95:AD:D8:6B:AF:6B:2D:06:FF:41:F5:52:6D:34:7F:71:EE:B4:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A5Wt2Guvay0G_0H1Um00f3HutBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/fdb398-3fb5-4b6a-a003-cfc4a676d6e0/1/Y_jx5z12O7fWB2qp-TrEAR869VM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/fdb398-3fb5-4b6a-a003-cfc4a676d6e0/1/A5Wt2Guvay0G_0H1Um00f3HutBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.9.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2e:fa:5c:ca:5f:58:a8:56:52:2d:f3:af:58:2c:d0:fa:37:bd:
         12:da:5f:e8:29:9b:ff:d4:58:1f:60:ae:e9:07:69:39:b6:e6:
         cf:f1:00:18:81:c1:68:04:00:11:fd:74:da:6a:21:bd:e0:bf:
         15:1a:6c:95:53:27:d2:54:ca:31:7b:ad:7a:50:a3:83:da:85:
         90:70:46:9e:42:5b:14:e6:d7:2f:09:8d:39:f7:1f:af:2b:d4:
         4d:42:40:51:c5:98:db:2f:3f:04:1c:0b:2c:90:ff:d5:57:e7:
         f3:ac:b0:b0:38:ce:85:49:07:64:a2:c2:9b:54:d0:03:48:a5:
         7d:fb:d6:73:d2:c3:fd:11:16:53:3b:79:2b:b7:69:f8:32:53:
         04:5b:be:b8:7b:b7:49:c2:41:0b:d3:d3:e0:51:78:e3:ab:16:
         34:dd:5b:ba:a2:29:90:7b:9f:b4:aa:dd:e5:bf:37:e7:61:28:
         9e:8a:a6:54:e0:1f:51:b8:03:8a:c8:66:0d:ab:5e:6b:ca:b5:
         9d:7d:11:6a:62:77:91:42:92:34:59:b1:c3:56:32:0f:a8:bd:
         40:53:92:b6:87:27:a1:09:ca:04:3a:f4:ad:0f:ef:83:af:df:
         7b:89:92:aa:8d:ba:11:73:75:20:ac:f6:5c:61:21:f5:78:1f:
         bd:85:e9:c0
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJSt4PdHvpPIdLW4BTbVhTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOTVhZGQ4NmJhZjZiMmQwNmZmNDFmNTUyNmQzNDdmNzFl
ZWI0MTAwHhcNMjQwMTAyMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Y4ZjFlNzNkNzYzYmI3ZDYwNzZhYTlmOTNhYzQwMTFmM2FmNTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPHo4Vzf6wNR8SOGKXZeFhyUj7oZ
M3ZZArdz7PU8XKNfGeKgnBxjp8NMxz4gvoriDxvm2u/owcgant91aXq9j1DIkHav
EBFMcWc005KK7hxrAPgXMWyNBo2SD6vHIbPrSv2SpQnM6AW+igd3DDdnM6SEf1+v
GzLzzpU/hAYyMi5BuxjK6lM9Y02fbJ8O1ZtTMIL7l0kSXtpFmQ1aMT7In3TOL/5J
DwyNM5VNsz4Tg0LI6oE5NKl6fyRTVxKRuXDkINsK1UIbHnmjqOrXAaBBPBTvJHYn
Vka1hksK87K0DC/XjzlLiDh5VBcox4Fiib5Lpu2tW4FaHe0tZxtkdQxJ5wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGP48ec9dju31gdqqfk6xAEfOvVTMB8GA1UdIwQY
MBaAFAOVrdhrr2stBv9B9VJtNH9x7rQQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTVXdDJHdXZheTBHXzBIMVVtMDBmM0h1dEJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9mZGIzOTgtM2ZiNS00YjZhLWEwMDMt
Y2ZjNGE2NzZkNmUwLzEvWV9qeDV6MTJPN2ZXQjJxcC1UckVBUjg2OVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9mZGIzOTgtM2ZiNS00YjZhLWEwMDMtY2ZjNGE2NzZkNmUw
LzEvQTVXdDJHdXZheTBHXzBIMVVtMDBmM0h1dEJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAowkwDQYJ
KoZIhvcNAQELBQADggEBAC76XMpfWKhWUi3zr1gs0Po3vRLaX+gpm//UWB9grukH
aTm25s/xABiBwWgEABH9dNpqIb3gvxUabJVTJ9JUyjF7rXpQo4PahZBwRp5CWxTm
1y8JjTn3H68r1E1CQFHFmNsvPwQcCyyQ/9VX5/OssLA4zoVJB2SiwptU0ANIpX37
1nPSw/0RFlM7eSu3afgyUwRbvrh7t0nCQQvT0+BReOOrFjTdW7qiKZB7n7Sq3eW/
N+dhKJ6KplTgH1G4A4rIZg2rXmvKtZ19EWpid5FCkjRZscNWMg+ovUBTkraHJ6EJ
ygQ69K0P74Ov33uJkqqNuhFzdSCs9lxhIfV4H72F6cA=
-----END CERTIFICATE-----