Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/6f952a-ad59-4b9f-b7c7-09aac0789b93/1/zn9Y2hoxDjQ__9-Xx4iabURrX3I.roa
File:                     zn9Y2hoxDjQ__9-Xx4iabURrX3I.roa (raw, json)
Hash identifier:          ssUvHV1dSIWPzImKLaJLKWhqM1RHpgA1wuBRintHTwc=
Subject key identifier:   CE:7F:58:DA:1A:31:0E:34:3F:FF:DF:97:C7:88:9A:6D:44:6B:5F:72
Certificate issuer:       /CN=2a734eabcfb5b6c2a4e48388edb3af8f506b1fab
Certificate serial:       01926C7751AA7691163E4056A29E0CD0ECBE
Authority key identifier: 2A:73:4E:AB:CF:B5:B6:C2:A4:E4:83:88:ED:B3:AF:8F:50:6B:1F:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KnNOq8-1tsKk5IOI7bOvj1BrH6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/6f952a-ad59-4b9f-b7c7-09aac0789b93/1/zn9Y2hoxDjQ__9-Xx4iabURrX3I.roa
Signing time:             Tue 08 Oct 2024 14:10:11 +0000
ROA not before:           Tue 08 Oct 2024 14:10:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12360
IP address blocks:        195.160.160.0/23 maxlen: 24
                          2001:67c:19ec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/6f952a-ad59-4b9f-b7c7-09aac0789b93/1/KnNOq8-1tsKk5IOI7bOvj1BrH6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/6f952a-ad59-4b9f-b7c7-09aac0789b93/1/KnNOq8-1tsKk5IOI7bOvj1BrH6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KnNOq8-1tsKk5IOI7bOvj1BrH6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:77:51:aa:76:91:16:3e:40:56:a2:9e:0c:d0:ec:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a734eabcfb5b6c2a4e48388edb3af8f506b1fab
        Validity
            Not Before: Oct  8 14:10:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce7f58da1a310e343fffdf97c7889a6d446b5f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:1b:45:2e:af:c3:c0:02:e4:b0:98:51:9b:c4:
                    28:5d:68:b8:5b:88:c1:d3:d9:45:31:bf:02:c5:79:
                    b7:a5:6c:13:a0:4f:07:ef:56:7d:bd:8f:d3:01:a6:
                    bb:48:75:50:9f:23:79:ab:ca:1a:cf:57:9b:88:fb:
                    ca:0f:ad:ee:9b:e0:fa:59:89:33:52:6f:15:1b:3a:
                    c6:3f:df:d1:4c:fa:52:d6:2a:93:c1:c5:ff:b6:c9:
                    8d:bc:f0:3e:32:74:32:44:14:a1:db:cf:86:54:a2:
                    ea:2a:b9:c8:fc:12:52:30:7a:2d:90:24:62:27:6c:
                    ab:eb:e7:bd:0d:c4:de:b7:7e:3d:bf:be:c5:05:6b:
                    6c:a3:2a:da:d9:38:3b:8b:ad:64:fe:78:bd:11:0b:
                    d6:6e:c4:87:8b:b1:00:0e:b5:c2:0b:7b:4f:00:b3:
                    cb:d0:ce:7a:33:df:a5:a2:7f:32:27:a6:f1:ff:c0:
                    25:fd:19:54:7a:9b:ba:1c:7c:00:cc:f8:2e:96:84:
                    3b:de:5c:57:eb:9e:34:32:1c:5e:cc:57:07:ea:5e:
                    af:2d:c7:de:22:9c:c1:44:4b:1a:41:7c:69:37:c6:
                    6b:8a:e7:48:a1:2e:20:48:81:c8:72:c0:80:1a:b0:
                    15:75:7e:42:9e:bb:04:d2:b7:5f:98:6f:a1:68:c2:
                    ba:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:7F:58:DA:1A:31:0E:34:3F:FF:DF:97:C7:88:9A:6D:44:6B:5F:72
            X509v3 Authority Key Identifier:
                keyid:2A:73:4E:AB:CF:B5:B6:C2:A4:E4:83:88:ED:B3:AF:8F:50:6B:1F:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KnNOq8-1tsKk5IOI7bOvj1BrH6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6f952a-ad59-4b9f-b7c7-09aac0789b93/1/zn9Y2hoxDjQ__9-Xx4iabURrX3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/6f952a-ad59-4b9f-b7c7-09aac0789b93/1/KnNOq8-1tsKk5IOI7bOvj1BrH6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.160.0/23
                IPv6:
                  2001:67c:19ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:e4:33:85:40:06:20:08:e2:95:e2:a4:06:8b:e6:7f:67:a1:
         58:e9:df:db:19:52:98:49:ea:cc:24:a9:fe:07:86:25:7f:7b:
         18:da:18:2e:d7:28:e0:5d:7f:ad:f8:f3:3e:63:59:b9:7a:86:
         ff:ce:0b:f6:28:ec:73:10:8f:fc:de:78:ee:22:ca:d8:2a:bc:
         44:ae:b0:8e:61:e2:b1:c1:41:bb:8c:dc:2f:35:dd:d7:75:0a:
         a2:86:29:ad:4b:9e:21:31:eb:10:95:8b:56:3c:34:70:fe:d0:
         13:15:1f:15:96:62:90:2c:da:6f:5e:39:d3:38:a5:22:6c:74:
         f8:be:ae:e3:e2:02:e5:da:a9:8d:c5:c5:5a:3f:37:5e:31:bb:
         74:e0:43:ba:03:79:0a:ba:fa:87:35:f0:2b:18:44:a0:b7:e6:
         5e:04:3d:99:21:f4:54:86:4a:e1:cf:1f:74:df:bc:3d:f0:0b:
         e7:4a:17:72:9e:e5:ce:73:a9:1b:2b:0d:7d:2f:3a:89:3b:fa:
         cc:5b:ed:01:59:5d:f9:66:be:3d:cc:54:70:67:45:55:1b:70:
         6a:6b:e1:ac:da:12:b9:b3:f6:97:2d:4b:5e:42:da:49:e1:d2:
         90:0c:a9:67:47:08:f1:5f:0f:d3:f3:e6:97:70:a0:76:2a:ab:
         9e:36:24:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZJsd1GqdpEWPkBWop4M0Oy+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNzM0ZWFiY2ZiNWI2YzJhNGU0ODM4OGVkYjNhZjhmNTA2
YjFmYWIwHhcNMjQxMDA4MTQxMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTdmNThkYTFhMzEwZTM0M2ZmZmRmOTdjNzg4OWE2ZDQ0NmI1ZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRtFLq/DwALksJhRm8QoXWi4W4jB
09lFMb8CxXm3pWwToE8H71Z9vY/TAaa7SHVQnyN5q8oaz1ebiPvKD63um+D6WYkz
Um8VGzrGP9/RTPpS1iqTwcX/tsmNvPA+MnQyRBSh28+GVKLqKrnI/BJSMHotkCRi
J2yr6+e9DcTet349v77FBWtsoyra2Tg7i61k/ni9EQvWbsSHi7EADrXCC3tPALPL
0M56M9+lon8yJ6bx/8Al/RlUepu6HHwAzPguloQ73lxX6540MhxezFcH6l6vLcfe
IpzBREsaQXxpN8ZriudIoS4gSIHIcsCAGrAVdX5CnrsE0rdfmG+haMK62wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFM5/WNoaMQ40P//fl8eImm1Ea19yMB8GA1UdIwQY
MBaAFCpzTqvPtbbCpOSDiO2zr49Qax+rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS25OT3E4LTF0c0trNUlPSTdiT3ZqMUJySDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS82Zjk1MmEtYWQ1OS00YjlmLWI3Yzct
MDlhYWMwNzg5YjkzLzEvem45WTJob3hEalFfXzktWHg0aWFiVVJyWDNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS82Zjk1MmEtYWQ1OS00YjlmLWI3YzctMDlhYWMwNzg5Yjkz
LzEvS25OT3E4LTF0c0trNUlPSTdiT3ZqMUJySDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw6CgMA8E
AgACMAkDBwAgAQZ8GewwDQYJKoZIhvcNAQELBQADggEBAHDkM4VABiAI4pXipAaL
5n9noVjp39sZUphJ6swkqf4HhiV/exjaGC7XKOBdf6348z5jWbl6hv/OC/Yo7HMQ
j/zeeO4iytgqvESusI5h4rHBQbuM3C813dd1CqKGKa1LniEx6xCVi1Y8NHD+0BMV
HxWWYpAs2m9eOdM4pSJsdPi+ruPiAuXaqY3FxVo/N14xu3TgQ7oDeQq6+oc18CsY
RKC35l4EPZkh9FSGSuHPH3TfvD3wC+dKF3Ke5c5zqRsrDX0vOok7+sxb7QFZXflm
vj3MVHBnRVUbcGpr4azaErmz9pctS15C2knh0pAMqWdHCPFfD9Pz5pdwoHYqq542
JDI=
-----END CERTIFICATE-----