Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/31fa99-c853-4d02-b53d-d250e45b1620/1/p9D85ySquyu5x1So2RawvfuC_K4.roa
File:                     p9D85ySquyu5x1So2RawvfuC_K4.roa (raw, json)
Hash identifier:          3tSLRDkVW4whvM93wPZM4M/Xg1J95ItXLrHMd/Eg3WA=
Subject key identifier:   A7:D0:FC:E7:24:AA:BB:2B:B9:C7:54:A8:D9:16:B0:BD:FB:82:FC:AE
Certificate issuer:       /CN=972c33aed8efb269d3744813d28c536092e7cf38
Certificate serial:       018CC500C228FDA80FC6E5306D95584D7930
Authority key identifier: 97:2C:33:AE:D8:EF:B2:69:D3:74:48:13:D2:8C:53:60:92:E7:CF:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lywzrtjvsmnTdEgT0oxTYJLnzzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/31fa99-c853-4d02-b53d-d250e45b1620/1/p9D85ySquyu5x1So2RawvfuC_K4.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199031
IP address blocks:        194.126.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/31fa99-c853-4d02-b53d-d250e45b1620/1/lywzrtjvsmnTdEgT0oxTYJLnzzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/31fa99-c853-4d02-b53d-d250e45b1620/1/lywzrtjvsmnTdEgT0oxTYJLnzzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lywzrtjvsmnTdEgT0oxTYJLnzzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c2:28:fd:a8:0f:c6:e5:30:6d:95:58:4d:79:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=972c33aed8efb269d3744813d28c536092e7cf38
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7d0fce724aabb2bb9c754a8d916b0bdfb82fcae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:db:e7:a1:8a:ae:1f:da:bd:d2:89:79:b0:c8:
                    a0:97:f0:19:a7:c8:08:ff:c3:c3:26:c0:24:a6:67:
                    b8:d0:b1:5d:72:6b:73:16:69:51:e9:2a:8f:0c:21:
                    d4:04:48:a3:e8:9a:e6:2e:74:96:a8:4b:6b:0c:26:
                    2b:1d:08:a5:68:49:b1:89:a1:77:64:cf:c3:07:63:
                    6b:42:96:3f:3e:5a:3f:c0:a4:6f:0e:ce:9f:78:65:
                    7f:6b:f3:38:d2:50:41:c3:62:23:29:9c:8d:59:aa:
                    0b:e0:41:ce:3e:15:bc:7f:93:b2:b5:6a:25:ec:b7:
                    a9:99:e7:a4:af:2f:45:4f:39:2f:5e:fb:b0:f6:da:
                    7e:69:3d:13:a4:13:45:cb:6c:02:72:42:03:25:58:
                    06:e3:84:dc:82:e7:c8:db:37:22:80:41:18:33:b1:
                    c1:75:8e:58:47:18:ed:07:20:8c:13:e2:9e:89:04:
                    18:55:68:a8:9c:11:b5:61:a1:70:a0:6b:81:31:e9:
                    dd:31:af:80:2c:bd:82:90:9b:7c:b1:59:d9:0f:0e:
                    fb:ee:0b:9a:d7:94:de:a4:96:61:b6:26:e0:42:2e:
                    80:bb:ec:93:77:3f:92:d0:3e:23:e4:be:ef:d4:6e:
                    bf:d2:7b:5e:f8:54:37:53:ce:dc:8a:a1:db:ad:e8:
                    d8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:D0:FC:E7:24:AA:BB:2B:B9:C7:54:A8:D9:16:B0:BD:FB:82:FC:AE
            X509v3 Authority Key Identifier:
                keyid:97:2C:33:AE:D8:EF:B2:69:D3:74:48:13:D2:8C:53:60:92:E7:CF:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lywzrtjvsmnTdEgT0oxTYJLnzzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/31fa99-c853-4d02-b53d-d250e45b1620/1/p9D85ySquyu5x1So2RawvfuC_K4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/31fa99-c853-4d02-b53d-d250e45b1620/1/lywzrtjvsmnTdEgT0oxTYJLnzzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:11:fd:c2:7c:0f:b8:28:97:1c:70:63:6b:b0:9d:4f:75:a3:
         d2:6c:2b:6f:aa:56:fe:9d:07:fe:f8:af:6a:16:4b:4a:af:c7:
         44:4a:9a:bd:cf:6c:70:90:d2:bf:ba:0a:1a:39:c5:3a:cc:b7:
         11:68:02:21:db:ce:c5:d3:79:43:7a:43:aa:ae:d2:7d:fc:2b:
         7e:63:eb:98:3f:d0:45:32:99:af:28:83:8f:0b:40:54:5b:20:
         d1:c7:72:34:64:77:ea:ca:37:d5:aa:8d:18:3b:e8:42:03:4e:
         bd:34:64:d3:a3:66:7f:71:70:e5:3e:c8:a3:56:b5:fb:a4:e8:
         42:80:c5:47:6d:92:b6:bd:6a:86:3e:60:82:25:ae:09:74:87:
         49:60:7c:d0:64:a8:10:d6:9f:77:80:fa:ff:71:bd:04:0e:15:
         f9:fa:53:2c:5c:fb:92:68:28:b6:8d:4f:5d:09:c6:88:a8:0f:
         b7:27:bb:43:13:1a:ec:9e:f9:bb:ea:6b:f3:f5:7a:0d:ea:18:
         6b:d1:71:29:fa:9f:89:ec:78:70:0c:e5:e9:26:8f:5e:3e:99:
         c8:4f:60:d1:8d:ba:ca:b4:5e:39:26:a5:28:25:75:cd:7a:67:
         1d:63:04:bb:90:28:65:98:0a:d2:f6:37:60:b7:d2:86:fa:69:
         b9:19:fc:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAMIo/agPxuUwbZVYTXkwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MmMzM2FlZDhlZmIyNjlkMzc0NDgxM2QyOGM1MzYwOTJl
N2NmMzgwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2QwZmNlNzI0YWFiYjJiYjljNzU0YThkOTE2YjBiZGZiODJmY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtvnoYquH9q90ol5sMigl/AZp8gI
/8PDJsAkpme40LFdcmtzFmlR6SqPDCHUBEij6JrmLnSWqEtrDCYrHQilaEmxiaF3
ZM/DB2NrQpY/Plo/wKRvDs6feGV/a/M40lBBw2IjKZyNWaoL4EHOPhW8f5OytWol
7Lepmeekry9FTzkvXvuw9tp+aT0TpBNFy2wCckIDJVgG44TcgufI2zcigEEYM7HB
dY5YRxjtByCME+KeiQQYVWionBG1YaFwoGuBMendMa+ALL2CkJt8sVnZDw777gua
15TepJZhtibgQi6Au+yTdz+S0D4j5L7v1G6/0nte+FQ3U87ciqHbrejYpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKfQ/OckqrsrucdUqNkWsL37gvyuMB8GA1UdIwQY
MBaAFJcsM67Y77Jp03RIE9KMU2CS5884MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHl3enJ0anZzbW5UZEVnVDBveFRZSkxuenpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zMWZhOTktYzg1My00ZDAyLWI1M2Qt
ZDI1MGU0NWIxNjIwLzEvcDlEODV5U3F1eXU1eDFTbzJSYXd2ZnVDX0s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zMWZhOTktYzg1My00ZDAyLWI1M2QtZDI1MGU0NWIxNjIw
LzEvbHl3enJ0anZzbW5UZEVnVDBveFRZSkxuenpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7HMA0G
CSqGSIb3DQEBCwUAA4IBAQA0Ef3CfA+4KJcccGNrsJ1PdaPSbCtvqlb+nQf++K9q
FktKr8dESpq9z2xwkNK/ugoaOcU6zLcRaAIh287F03lDekOqrtJ9/Ct+Y+uYP9BF
MpmvKIOPC0BUWyDRx3I0ZHfqyjfVqo0YO+hCA069NGTTo2Z/cXDlPsijVrX7pOhC
gMVHbZK2vWqGPmCCJa4JdIdJYHzQZKgQ1p93gPr/cb0EDhX5+lMsXPuSaCi2jU9d
CcaIqA+3J7tDExrsnvm76mvz9XoN6hhr0XEp+p+J7HhwDOXpJo9ePpnIT2DRjbrK
tF45JqUoJXXNemcdYwS7kChlmArS9jdgt9KG+mm5GfwH
-----END CERTIFICATE-----