Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/1-bj56GHubSOiQoddHwR6hN1xenU.roa
File:                     1-bj56GHubSOiQoddHwR6hN1xenU.roa (raw, json)
Hash identifier:          HlnubmBjKWWEJWWLZpONafU2TsselJZrYoMiZDrU4H4=
Subject key identifier:   F9:B8:F9:E8:61:EE:6D:23:A2:42:87:5D:1F:04:7A:84:DD:71:7A:75
Certificate issuer:       /CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
Certificate serial:       018CC500DED4C3C6CCEAD2ACF9037889EB10
Authority key identifier: FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/1-bj56GHubSOiQoddHwR6hN1xenU.roa
Signing time:             Mon 01 Jan 2024 12:30:17 +0000
ROA not before:           Mon 01 Jan 2024 12:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8947
IP address blocks:        37.140.208.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:de:d4:c3:c6:cc:ea:d2:ac:f9:03:78:89:eb:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe3b0385260ac66f21c43f5ab78bac682e8ce54f
        Validity
            Not Before: Jan  1 12:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9b8f9e861ee6d23a242875d1f047a84dd717a75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9b:1a:b7:48:b1:57:17:f5:c0:3c:55:9a:52:
                    34:65:a6:04:23:65:71:c0:58:b6:a0:81:d9:0b:a1:
                    68:1b:b8:cb:68:95:a0:4a:ff:b7:2d:5a:22:b8:02:
                    dc:1a:df:45:1e:8a:27:d9:95:24:e8:2f:1b:de:92:
                    2e:00:ce:9c:80:6a:18:ef:69:1b:a6:6f:ae:55:00:
                    4a:80:32:51:70:3c:3c:19:8f:15:18:48:97:4b:1a:
                    7e:97:0b:07:a4:4b:fb:5f:2e:75:d4:2f:5b:17:bd:
                    a0:53:8b:11:6e:e4:00:40:c7:a8:df:b4:e1:50:40:
                    2a:e3:80:32:ad:32:80:18:bf:7a:26:50:29:3e:51:
                    d1:1b:bf:6d:6d:f7:19:8d:a4:9c:83:7b:8b:b9:17:
                    b0:27:3c:ef:21:1c:2d:e1:4e:f7:ae:30:3c:ab:cd:
                    dc:27:50:f7:cc:b5:8b:8c:0e:e7:6e:8d:1f:d1:84:
                    ad:c8:7f:3e:54:40:10:63:0f:4d:f6:9b:a0:23:fa:
                    7d:de:84:f6:26:2d:42:35:74:b5:cf:7d:3a:e4:f4:
                    42:56:01:1a:0e:df:22:ee:84:15:0e:9b:8e:a3:7f:
                    78:8f:43:52:1e:61:8c:77:15:59:03:2e:39:a3:8e:
                    c6:d5:5a:c9:1c:7c:cb:be:aa:7e:85:6c:93:36:6d:
                    c5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B8:F9:E8:61:EE:6D:23:A2:42:87:5D:1F:04:7A:84:DD:71:7A:75
            X509v3 Authority Key Identifier:
                keyid:FE:3B:03:85:26:0A:C6:6F:21:C4:3F:5A:B7:8B:AC:68:2E:8C:E5:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_jsDhSYKxm8hxD9at4usaC6M5U8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/1-bj56GHubSOiQoddHwR6hN1xenU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a2ffd9-745d-4e7d-b2b2-75033f8f7210/1/_jsDhSYKxm8hxD9at4usaC6M5U8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:bb:10:78:bf:5f:08:b7:20:e8:54:fb:87:0a:28:fb:a4:96:
         9a:5b:f4:e1:c9:7c:d0:54:23:87:6b:18:3a:2f:f9:1a:da:f6:
         3c:75:d7:99:5c:9c:13:7a:99:a8:64:93:f4:fd:77:76:59:25:
         b3:d8:fd:b7:83:17:86:76:df:8a:7d:73:1d:c6:c5:46:b1:63:
         34:48:d0:13:e2:8b:4f:99:f7:e4:1e:a2:0a:ef:ee:38:12:1e:
         2b:ee:4a:12:66:f9:59:d0:1b:ca:05:28:f2:87:c4:58:31:60:
         ee:36:9f:26:8c:74:88:cc:80:66:d6:c9:b0:8f:9d:c9:8c:b6:
         07:d1:81:58:8d:2e:f7:88:e0:41:10:4d:b9:36:c6:28:2f:bb:
         de:4c:90:c7:29:ea:90:7f:e9:9c:88:1d:74:50:03:ba:ef:19:
         ea:bd:0f:2e:e2:67:23:1b:eb:28:2e:8f:eb:d4:e0:37:81:27:
         1f:f1:5c:e2:c5:1a:e7:3e:76:64:b9:7a:b6:b4:a0:0a:fa:17:
         29:0e:18:6e:cc:ff:39:08:78:c9:84:d7:89:34:3f:4e:4c:6e:
         78:74:f7:38:d6:1b:ae:cb:b8:01:0a:2f:e6:52:35:03:81:6e:
         b3:ae:6f:3f:30:75:d2:59:d7:92:e9:74:ab:76:5b:9f:7f:e4:
         c9:94:80:74
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAN7Uw8bM6tKs+QN4iesQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlM2IwMzg1MjYwYWM2NmYyMWM0M2Y1YWI3OGJhYzY4MmU4
Y2U1NGYwHhcNMjQwMTAxMTIzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWI4ZjllODYxZWU2ZDIzYTI0Mjg3NWQxZjA0N2E4NGRkNzE3YTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppsat0ixVxf1wDxVmlI0ZaYEI2Vx
wFi2oIHZC6FoG7jLaJWgSv+3LVoiuALcGt9FHoon2ZUk6C8b3pIuAM6cgGoY72kb
pm+uVQBKgDJRcDw8GY8VGEiXSxp+lwsHpEv7Xy511C9bF72gU4sRbuQAQMeo37Th
UEAq44AyrTKAGL96JlApPlHRG79tbfcZjaScg3uLuRewJzzvIRwt4U73rjA8q83c
J1D3zLWLjA7nbo0f0YStyH8+VEAQYw9N9pugI/p93oT2Ji1CNXS1z3065PRCVgEa
Dt8i7oQVDpuOo394j0NSHmGMdxVZAy45o47G1VrJHHzLvqp+hWyTNm3FuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPm4+ehh7m0jokKHXR8EeoTdcXp1MB8GA1UdIwQY
MBaAFP47A4UmCsZvIcQ/WreLrGgujOVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2pzRGhTWUt4bThoeEQ5YXQ0dXNhQzZNNVU4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hMmZmZDktNzQ1ZC00ZTdkLWIyYjIt
NzUwMzNmOGY3MjEwLzEvMS1iajU2R0h1YlNPaVFvZGRId1I2aE4xeGVuVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjkvYTJmZmQ5LTc0NWQtNGU3ZC1iMmIyLTc1MDMzZjhmNzIx
MC8xL19qc0RoU1lLeG04aHhEOWF0NHVzYUM2TTVVOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEASWM0DAN
BgkqhkiG9w0BAQsFAAOCAQEAOrsQeL9fCLcg6FT7hwoo+6SWmlv04cl80FQjh2sY
Oi/5Gtr2PHXXmVycE3qZqGST9P13dlkls9j9t4MXhnbfin1zHcbFRrFjNEjQE+KL
T5n35B6iCu/uOBIeK+5KEmb5WdAbygUo8ofEWDFg7jafJox0iMyAZtbJsI+dyYy2
B9GBWI0u94jgQRBNuTbGKC+73kyQxynqkH/pnIgddFADuu8Z6r0PLuJnIxvrKC6P
69TgN4EnH/Fc4sUa5z52ZLl6trSgCvoXKQ4Ybsz/OQh4yYTXiTQ/TkxueHT3ONYb
rsu4AQov5lI1A4Fus65vPzB10lnXkul0q3Zbn3/kyZSAdA==
-----END CERTIFICATE-----