Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/1f5feb-7acf-4c1d-8e9f-1f262d9c9b07/1/9ApvgXCmagV1_PZol44OPuWzwK4.roa
File:                     9ApvgXCmagV1_PZol44OPuWzwK4.roa (raw, json)
Hash identifier:          6NBMJN7LQPs4pvYpmJG+/Fnkl9DSCCVY7gQAgynhe/I=
Subject key identifier:   F4:0A:6F:81:70:A6:6A:05:75:FC:F6:68:97:8E:0E:3E:E5:B3:C0:AE
Certificate issuer:       /CN=24a918f1b10ec1d660b1cfcb1bfe196c2feb06bf
Certificate serial:       018CC79437D210D1C22CAE69411E9228D2F0
Authority key identifier: 24:A9:18:F1:B1:0E:C1:D6:60:B1:CF:CB:1B:FE:19:6C:2F:EB:06:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JKkY8bEOwdZgsc_LG_4ZbC_rBr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/1f5feb-7acf-4c1d-8e9f-1f262d9c9b07/1/9ApvgXCmagV1_PZol44OPuWzwK4.roa
Signing time:             Tue 02 Jan 2024 00:30:28 +0000
ROA not before:           Tue 02 Jan 2024 00:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.16.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/1f5feb-7acf-4c1d-8e9f-1f262d9c9b07/1/JKkY8bEOwdZgsc_LG_4ZbC_rBr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/1f5feb-7acf-4c1d-8e9f-1f262d9c9b07/1/JKkY8bEOwdZgsc_LG_4ZbC_rBr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JKkY8bEOwdZgsc_LG_4ZbC_rBr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:37:d2:10:d1:c2:2c:ae:69:41:1e:92:28:d2:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24a918f1b10ec1d660b1cfcb1bfe196c2feb06bf
        Validity
            Not Before: Jan  2 00:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f40a6f8170a66a0575fcf668978e0e3ee5b3c0ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:55:73:fe:c1:32:21:ea:ff:cd:77:9c:4e:44:
                    e4:b1:c2:d8:30:5b:e3:05:7f:1c:38:ca:d2:68:4a:
                    a1:74:7b:b7:b8:02:71:e0:71:21:22:18:5c:86:90:
                    67:31:32:d6:8b:35:50:81:87:b3:33:82:5c:0c:88:
                    64:4c:b0:a2:d9:20:a6:f1:4b:47:3d:8a:d2:cc:9e:
                    a1:b1:79:27:bd:ab:b0:09:cf:96:34:6e:17:32:d5:
                    81:6a:83:17:e0:38:6d:32:de:17:17:a5:d8:3f:86:
                    f6:ab:f7:3c:b0:27:de:bc:89:21:d3:df:ad:a7:d6:
                    03:92:d9:14:07:ff:e8:ea:3f:fe:bd:3c:66:66:c8:
                    4b:0d:18:2d:6d:7d:82:42:3a:6c:03:6e:67:a4:1a:
                    e2:57:3e:eb:63:69:56:6e:0c:6d:b9:13:4a:df:52:
                    91:5c:6f:06:33:5e:55:40:8f:43:34:89:20:a1:d3:
                    54:6b:91:36:1c:42:7f:c5:e1:26:c0:e1:4c:a4:bf:
                    49:5f:0c:a3:92:9e:31:f6:26:79:a0:fb:29:fd:9e:
                    fb:c6:98:f2:57:2f:6f:4e:c2:30:40:dc:00:71:28:
                    23:65:85:49:15:17:b7:08:d2:14:5a:01:c8:2e:ee:
                    d1:5f:d9:f9:80:b9:03:58:71:77:f9:af:04:b4:2c:
                    5a:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:0A:6F:81:70:A6:6A:05:75:FC:F6:68:97:8E:0E:3E:E5:B3:C0:AE
            X509v3 Authority Key Identifier:
                keyid:24:A9:18:F1:B1:0E:C1:D6:60:B1:CF:CB:1B:FE:19:6C:2F:EB:06:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JKkY8bEOwdZgsc_LG_4ZbC_rBr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/1f5feb-7acf-4c1d-8e9f-1f262d9c9b07/1/9ApvgXCmagV1_PZol44OPuWzwK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/1f5feb-7acf-4c1d-8e9f-1f262d9c9b07/1/JKkY8bEOwdZgsc_LG_4ZbC_rBr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:7d:d7:e2:e0:1a:5c:60:d0:80:01:70:a2:3e:a0:9d:75:12:
         24:19:34:1c:06:d2:be:a2:47:32:f8:85:7f:42:07:b9:74:20:
         d3:a0:83:7b:18:59:e0:35:ac:bb:62:e8:88:ce:d0:fc:d1:55:
         a0:ea:0d:b6:06:c3:8d:b3:31:4a:1e:29:b7:49:4f:da:d3:08:
         9a:da:42:18:f7:0b:1e:22:6f:93:00:73:09:ae:d3:6d:57:39:
         63:5e:4e:0b:36:df:4f:94:62:4f:a2:41:20:1f:34:b6:7d:4c:
         57:02:8f:3b:93:24:73:01:c5:a7:f4:7a:43:27:7e:1e:91:59:
         45:f1:6d:91:3d:8a:99:cb:41:26:10:90:9b:fe:1c:7d:9f:40:
         4e:03:2e:a6:4d:c3:c2:e9:e4:7f:45:9d:b7:ea:8a:db:b3:f8:
         77:93:65:e7:23:33:5e:44:05:1b:7c:39:cb:59:e4:23:aa:77:
         ab:71:a4:fd:ec:bf:d0:27:02:4c:ab:1b:13:40:d2:48:36:1d:
         b2:77:ce:a4:40:4a:05:8d:17:05:ed:c7:17:89:38:6b:c2:24:
         76:7d:cc:99:90:f2:09:33:6e:2f:b4:8d:68:dc:87:aa:e1:f3:
         8b:6c:82:b4:06:83:02:ea:2c:af:67:8b:af:d7:70:83:e5:1d:
         1b:70:5a:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDfSENHCLK5pQR6SKNLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0YTkxOGYxYjEwZWMxZDY2MGIxY2ZjYjFiZmUxOTZjMmZl
YjA2YmYwHhcNMjQwMTAyMDAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDBhNmY4MTcwYTY2YTA1NzVmY2Y2Njg5NzhlMGUzZWU1YjNjMGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1Vz/sEyIer/zXecTkTkscLYMFvj
BX8cOMrSaEqhdHu3uAJx4HEhIhhchpBnMTLWizVQgYezM4JcDIhkTLCi2SCm8UtH
PYrSzJ6hsXknvauwCc+WNG4XMtWBaoMX4DhtMt4XF6XYP4b2q/c8sCfevIkh09+t
p9YDktkUB//o6j/+vTxmZshLDRgtbX2CQjpsA25npBriVz7rY2lWbgxtuRNK31KR
XG8GM15VQI9DNIkgodNUa5E2HEJ/xeEmwOFMpL9JXwyjkp4x9iZ5oPsp/Z77xpjy
Vy9vTsIwQNwAcSgjZYVJFRe3CNIUWgHILu7RX9n5gLkDWHF3+a8EtCxaIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQKb4FwpmoFdfz2aJeODj7ls8CuMB8GA1UdIwQY
MBaAFCSpGPGxDsHWYLHPyxv+GWwv6wa/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSktrWThiRU93ZFpnc2NfTEdfNFpiQ19yQnI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xZjVmZWItN2FjZi00YzFkLThlOWYt
MWYyNjJkOWM5YjA3LzEvOUFwdmdYQ21hZ1YxX1Bab2w0NE9QdVd6d0s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xZjVmZWItN2FjZi00YzFkLThlOWYtMWYyNjJkOWM5YjA3
LzEvSktrWThiRU93ZFpnc2NfTEdfNFpiQ19yQnI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRAWMA0G
CSqGSIb3DQEBCwUAA4IBAQCXfdfi4BpcYNCAAXCiPqCddRIkGTQcBtK+okcy+IV/
Qge5dCDToIN7GFngNay7YuiIztD80VWg6g22BsONszFKHim3SU/a0wia2kIY9wse
Im+TAHMJrtNtVzljXk4LNt9PlGJPokEgHzS2fUxXAo87kyRzAcWn9HpDJ34ekVlF
8W2RPYqZy0EmEJCb/hx9n0BOAy6mTcPC6eR/RZ236orbs/h3k2XnIzNeRAUbfDnL
WeQjqnercaT97L/QJwJMqxsTQNJINh2yd86kQEoFjRcF7ccXiThrwiR2fcyZkPIJ
M24vtI1o3Ieq4fOLbIK0BoMC6iyvZ4uv13CD5R0bcFqH
-----END CERTIFICATE-----