Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/9b71u3GAoyQDrhpM8oh9S_GMm8E.roa
File:                     9b71u3GAoyQDrhpM8oh9S_GMm8E.roa (raw, json)
Hash identifier:          u3R3mjXDmlljfZOIyRCTQ9LVv2mI21eJ7N+7yvuKIT0=
Subject key identifier:   F5:BE:F5:BB:71:80:A3:24:03:AE:1A:4C:F2:88:7D:4B:F1:8C:9B:C1
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       01913205778D6A8736D7E365340B5F30CE2A
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/9b71u3GAoyQDrhpM8oh9S_GMm8E.roa
Signing time:             Thu 08 Aug 2024 12:45:04 +0000
ROA not before:           Thu 08 Aug 2024 12:45:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        93.114.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:32:05:77:8d:6a:87:36:d7:e3:65:34:0b:5f:30:ce:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug  8 12:45:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5bef5bb7180a32403ae1a4cf2887d4bf18c9bc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ef:b9:c4:08:10:2c:14:73:17:99:06:ad:4b:
                    d5:2c:6f:62:87:a3:c8:61:f7:c9:c6:3c:1a:13:48:
                    b9:f3:5d:cc:59:1f:2a:92:03:cc:59:ad:ce:9c:a5:
                    20:4b:9e:cf:a5:08:12:ec:06:93:93:70:26:ea:45:
                    f6:8e:ef:6c:b4:01:1b:2e:8c:72:60:c7:6c:1a:c8:
                    59:2e:23:be:93:f8:a9:da:22:44:d3:2d:38:3b:e0:
                    f9:bb:3a:62:6c:8c:1f:64:ed:64:da:00:92:eb:d8:
                    87:66:a7:6e:25:e7:68:25:d8:1f:8f:a1:c8:0c:77:
                    75:dd:f2:9b:28:61:31:3a:eb:8b:7b:c3:5a:20:03:
                    37:ab:d7:bd:0d:5a:34:14:35:76:3b:8e:11:4b:0f:
                    52:55:73:21:ac:8d:80:99:f7:31:7f:22:e5:d8:86:
                    80:49:10:d0:ec:1e:83:6e:d2:b7:29:b4:f4:0c:56:
                    5b:e6:5f:c8:b0:93:7a:22:c7:be:a1:7e:b9:84:2b:
                    b1:b1:01:2e:da:4d:5d:f8:75:e1:be:a5:0b:28:1c:
                    86:f2:c0:d5:a9:92:f3:cc:e6:4c:56:0b:06:a0:c5:
                    14:4f:09:8f:b5:4e:98:c4:df:34:c1:04:af:24:6a:
                    ad:a1:af:23:90:0f:04:ab:9c:2f:65:21:4e:e1:53:
                    f2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:BE:F5:BB:71:80:A3:24:03:AE:1A:4C:F2:88:7D:4B:F1:8C:9B:C1
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/9b71u3GAoyQDrhpM8oh9S_GMm8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:51:07:fc:d6:c9:67:37:f7:ee:a0:d7:33:5e:31:b7:e6:fe:
         93:08:76:79:ad:57:47:3c:cf:65:25:d9:3b:81:06:02:a0:3d:
         38:f1:87:16:6c:ae:96:75:61:60:ea:2f:64:5f:50:5f:08:53:
         24:26:36:e0:98:80:b0:01:52:f6:a7:a8:1a:5f:13:3a:dc:7e:
         08:d2:73:57:e6:85:cd:b2:5e:2f:8e:f6:86:c1:ce:78:7c:46:
         51:c2:9b:99:7e:f1:70:42:82:5f:b4:36:51:f5:74:4c:3e:19:
         a5:e5:3d:18:9d:ef:71:44:07:29:0f:ec:d8:04:e6:02:aa:33:
         91:87:89:57:43:89:54:34:19:eb:a5:cf:4b:4f:09:21:a3:9d:
         2f:cc:20:46:3c:c7:d4:eb:b5:b0:33:9d:95:a6:cf:57:66:cc:
         35:11:61:0f:c8:75:c6:74:6e:6a:43:03:69:72:4d:67:37:8d:
         9c:f0:12:eb:50:60:56:4b:98:76:58:20:c9:a5:bf:37:9c:07:
         fa:19:bf:51:9b:1d:1c:60:dc:ed:45:37:2d:28:be:7a:73:a3:
         cc:3b:fe:97:23:16:ff:81:88:fb:be:97:d6:f0:f9:92:d2:5a:
         0e:e4:5f:05:7a:85:99:57:19:6e:81:9a:cc:90:18:c0:3b:d7:
         d2:c6:0a:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEyBXeNaoc21+NlNAtfMM4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwODA4MTI0NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWJlZjViYjcxODBhMzI0MDNhZTFhNGNmMjg4N2Q0YmYxOGM5YmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu+5xAgQLBRzF5kGrUvVLG9ih6PI
YffJxjwaE0i5813MWR8qkgPMWa3OnKUgS57PpQgS7AaTk3Am6kX2ju9stAEbLoxy
YMdsGshZLiO+k/ip2iJE0y04O+D5uzpibIwfZO1k2gCS69iHZqduJedoJdgfj6HI
DHd13fKbKGExOuuLe8NaIAM3q9e9DVo0FDV2O44RSw9SVXMhrI2AmfcxfyLl2IaA
SRDQ7B6DbtK3KbT0DFZb5l/IsJN6Ise+oX65hCuxsQEu2k1d+HXhvqULKByG8sDV
qZLzzOZMVgsGoMUUTwmPtU6YxN80wQSvJGqtoa8jkA8Eq5wvZSFO4VPyKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPW+9btxgKMkA64aTPKIfUvxjJvBMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvOWI3MXUzR0FveVFEcmhwTThvaDlTX0dNbThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXK2MA0G
CSqGSIb3DQEBCwUAA4IBAQBoUQf81slnN/fuoNczXjG35v6TCHZ5rVdHPM9lJdk7
gQYCoD048YcWbK6WdWFg6i9kX1BfCFMkJjbgmICwAVL2p6gaXxM63H4I0nNX5oXN
sl4vjvaGwc54fEZRwpuZfvFwQoJftDZR9XRMPhml5T0Yne9xRAcpD+zYBOYCqjOR
h4lXQ4lUNBnrpc9LTwkho50vzCBGPMfU67WwM52Vps9XZsw1EWEPyHXGdG5qQwNp
ck1nN42c8BLrUGBWS5h2WCDJpb83nAf6Gb9Rmx0cYNztRTctKL56c6PMO/6XIxb/
gYj7vpfW8PmS0loO5F8FeoWZVxlugZrMkBjAO9fSxgqD
-----END CERTIFICATE-----