Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/9440a4-0b42-4a58-900a-e99f22772624/1/d97FjABW90CroEJanDvGUqTE40E.roa
File:                     d97FjABW90CroEJanDvGUqTE40E.roa (raw, json)
Hash identifier:          ZcfktDHA5frHUV5m9DfpcJXEU0rFABj/FDnGJTBAcQo=
Subject key identifier:   77:DE:C5:8C:00:56:F7:40:AB:A0:42:5A:9C:3B:C6:52:A4:C4:E3:41
Certificate issuer:       /CN=f69a0a5d1e8d54248e87667e9883c902f175e2e7
Certificate serial:       018CC86F25B61E9229ADFC1377886A2589A5
Authority key identifier: F6:9A:0A:5D:1E:8D:54:24:8E:87:66:7E:98:83:C9:02:F1:75:E2:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9poKXR6NVCSOh2Z-mIPJAvF14uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/9440a4-0b42-4a58-900a-e99f22772624/1/d97FjABW90CroEJanDvGUqTE40E.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        141.67.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/9440a4-0b42-4a58-900a-e99f22772624/1/9poKXR6NVCSOh2Z-mIPJAvF14uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/9440a4-0b42-4a58-900a-e99f22772624/1/9poKXR6NVCSOh2Z-mIPJAvF14uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9poKXR6NVCSOh2Z-mIPJAvF14uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:25:b6:1e:92:29:ad:fc:13:77:88:6a:25:89:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f69a0a5d1e8d54248e87667e9883c902f175e2e7
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77dec58c0056f740aba0425a9c3bc652a4c4e341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3e:4d:f0:23:c0:20:03:86:f2:d1:d1:53:db:
                    d4:f0:81:75:84:53:1f:d0:f4:ed:d9:70:35:63:f4:
                    e8:e0:05:bb:04:a9:b8:e3:66:51:b1:e7:ed:5e:ca:
                    26:2d:65:1c:4d:3b:f6:7b:da:34:ef:c1:1a:80:dd:
                    da:7e:c5:da:52:81:de:7b:91:ad:7e:3a:e4:a1:5d:
                    75:14:38:31:b6:cb:63:92:de:4a:6b:de:9e:bd:c4:
                    ce:1e:97:73:8e:30:ce:16:35:ee:76:38:1c:53:74:
                    ce:40:20:cb:89:15:7a:c2:db:8c:ce:ab:94:f5:20:
                    6e:0b:67:c1:f5:d9:36:92:cd:3a:65:8c:40:e0:15:
                    0c:61:8f:b4:51:1b:3a:93:6d:67:c8:c4:34:a6:5e:
                    70:86:77:04:d7:d6:d9:8e:2e:90:63:31:01:b9:40:
                    39:16:d8:01:06:d4:a8:b5:fd:f1:b1:49:79:0a:2a:
                    4e:d6:f9:36:a4:d0:73:da:e4:bb:2e:0b:e6:66:d2:
                    ef:7d:82:b2:6e:59:a0:96:db:30:1b:15:a0:4b:b3:
                    89:27:fb:be:01:9f:59:1c:0c:c0:5b:60:ad:22:6b:
                    ff:5f:91:a6:87:e8:50:ef:e8:36:68:76:44:5e:7f:
                    36:36:f9:2f:cb:ec:0a:e5:80:cc:77:a5:5c:da:c1:
                    92:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:DE:C5:8C:00:56:F7:40:AB:A0:42:5A:9C:3B:C6:52:A4:C4:E3:41
            X509v3 Authority Key Identifier:
                keyid:F6:9A:0A:5D:1E:8D:54:24:8E:87:66:7E:98:83:C9:02:F1:75:E2:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9poKXR6NVCSOh2Z-mIPJAvF14uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/9440a4-0b42-4a58-900a-e99f22772624/1/d97FjABW90CroEJanDvGUqTE40E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/9440a4-0b42-4a58-900a-e99f22772624/1/9poKXR6NVCSOh2Z-mIPJAvF14uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.67.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         06:b6:0a:cd:0f:10:cf:29:d7:ec:f4:07:b1:67:ff:b1:a6:60:
         7d:d6:7b:c4:f2:52:9c:43:a0:91:2b:88:40:20:44:aa:c0:66:
         01:90:99:7a:a8:81:51:70:68:03:02:ae:21:7b:0c:75:b3:cc:
         9a:57:47:79:e3:5d:9d:08:cc:b4:d8:3c:99:8b:6b:00:a8:09:
         ec:b2:a6:f8:10:3d:a7:84:45:c2:20:cc:2a:34:1c:57:63:7c:
         57:c4:c3:b5:a4:18:33:ab:06:e6:6b:df:5f:77:fb:fd:0e:47:
         f6:52:82:77:b0:03:73:8e:b1:a0:c0:25:c4:14:a8:5c:af:85:
         72:d4:5f:54:68:66:f8:be:0a:ae:82:d5:d9:af:8e:54:95:4e:
         0c:fc:16:e6:ff:33:2d:19:ca:9a:2c:ea:45:19:0f:d4:b6:ab:
         79:a2:c0:9b:5f:14:72:8d:73:95:30:0f:48:d3:bd:fa:26:26:
         b6:1d:f8:9a:fe:aa:d6:52:a6:a0:8e:39:ee:e8:90:38:ce:6e:
         be:de:fa:70:89:a8:54:d6:7e:5f:1c:fc:1c:91:98:1d:77:c7:
         76:e4:26:7c:d6:e4:6b:69:07:cd:1e:81:87:54:30:e3:4c:6d:
         17:ff:ac:21:c1:47:a6:3a:75:f1:9b:ed:4f:ea:98:68:23:0f:
         7a:a6:58:48
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIbyW2HpIprfwTd4hqJYmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OWEwYTVkMWU4ZDU0MjQ4ZTg3NjY3ZTk4ODNjOTAyZjE3
NWUyZTcwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2RlYzU4YzAwNTZmNzQwYWJhMDQyNWE5YzNiYzY1MmE0YzRlMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmj5N8CPAIAOG8tHRU9vU8IF1hFMf
0PTt2XA1Y/To4AW7BKm442ZRseftXsomLWUcTTv2e9o078EagN3afsXaUoHee5Gt
fjrkoV11FDgxtstjkt5Ka96evcTOHpdzjjDOFjXudjgcU3TOQCDLiRV6wtuMzquU
9SBuC2fB9dk2ks06ZYxA4BUMYY+0URs6k21nyMQ0pl5whncE19bZji6QYzEBuUA5
FtgBBtSotf3xsUl5CipO1vk2pNBz2uS7LgvmZtLvfYKyblmgltswGxWgS7OJJ/u+
AZ9ZHAzAW2CtImv/X5Gmh+hQ7+g2aHZEXn82Nvkvy+wK5YDMd6Vc2sGS0wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHfexYwAVvdAq6BCWpw7xlKkxONBMB8GA1UdIwQY
MBaAFPaaCl0ejVQkjodmfpiDyQLxdeLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXBvS1hSNk5WQ1NPaDJaLW1JUEpBdkYxNHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS85NDQwYTQtMGI0Mi00YTU4LTkwMGEt
ZTk5ZjIyNzcyNjI0LzEvZDk3RmpBQlc5MENyb0VKYW5EdkdVcVRFNDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS85NDQwYTQtMGI0Mi00YTU4LTkwMGEtZTk5ZjIyNzcyNjI0
LzEvOXBvS1hSNk5WQ1NPaDJaLW1JUEpBdkYxNHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjUMwDQYJ
KoZIhvcNAQELBQADggEBAAa2Cs0PEM8p1+z0B7Fn/7GmYH3We8TyUpxDoJEriEAg
RKrAZgGQmXqogVFwaAMCriF7DHWzzJpXR3njXZ0IzLTYPJmLawCoCeyypvgQPaeE
RcIgzCo0HFdjfFfEw7WkGDOrBuZr3193+/0OR/ZSgnewA3OOsaDAJcQUqFyvhXLU
X1RoZvi+Cq6C1dmvjlSVTgz8Fub/My0Zypos6kUZD9S2q3miwJtfFHKNc5UwD0jT
vfomJrYd+Jr+qtZSpqCOOe7okDjObr7e+nCJqFTWfl8c/ByRmB13x3bkJnzW5Gtp
B80egYdUMONMbRf/rCHBR6Y6dfGb7U/qmGgjD3qmWEg=
-----END CERTIFICATE-----