Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/4cPQkZgue2nXQMjoJtLCRhz6yPU.roa
File:                     4cPQkZgue2nXQMjoJtLCRhz6yPU.roa (raw, json)
Hash identifier:          DIHbn8wN+GM5uhGWLqhrGb0HVOwqpEOppW3eu1LD1G0=
Subject key identifier:   E1:C3:D0:91:98:2E:7B:69:D7:40:C8:E8:26:D2:C2:46:1C:FA:C8:F5
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       018F0FB0FEB63892FC6F4ABCC1F7D3CDD76F
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/4cPQkZgue2nXQMjoJtLCRhz6yPU.roa
Signing time:             Wed 24 Apr 2024 10:40:08 +0000
ROA not before:           Wed 24 Apr 2024 10:40:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9087
IP address blocks:        194.59.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 11:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0f:b0:fe:b6:38:92:fc:6f:4a:bc:c1:f7:d3:cd:d7:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Apr 24 10:40:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1c3d091982e7b69d740c8e826d2c2461cfac8f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0a:6f:7e:01:45:72:11:e9:04:b1:a0:a1:6f:
                    fe:5d:7c:fa:f7:b7:4b:55:57:ba:00:3d:ff:5e:6f:
                    a2:2a:de:c2:02:b7:64:a5:54:7a:06:39:40:69:bc:
                    75:29:05:8d:96:5d:e8:9e:4b:ff:d2:42:1c:73:33:
                    c7:be:e0:f7:39:91:a1:9c:7b:94:31:d1:36:b7:aa:
                    d9:de:8b:ec:70:76:38:05:b7:a7:71:cd:3c:12:e5:
                    a6:11:62:d5:68:a1:29:02:67:2a:a0:5e:05:68:04:
                    63:0a:cf:04:e2:b6:c8:40:fe:2a:e8:91:e6:5d:ee:
                    44:f8:d5:b3:56:bd:55:9f:71:1c:ec:09:52:91:b5:
                    e4:67:ab:cf:8d:11:2c:4b:34:b0:86:1e:8e:63:73:
                    1d:3b:5d:87:b8:00:bf:6e:74:9e:65:20:b4:d3:17:
                    23:79:24:62:47:c9:56:a2:5b:30:72:63:de:93:e3:
                    68:14:ac:c0:40:0f:e2:65:37:d5:3e:75:e1:79:e5:
                    eb:e6:c2:0a:fa:f7:0f:e7:ad:e1:29:60:96:68:21:
                    9e:05:6f:97:4c:a2:18:7a:b3:ec:9c:b9:4d:e1:d6:
                    04:b1:7d:0d:d1:40:e3:78:03:1e:00:06:9e:4c:9d:
                    1d:57:4a:d2:18:b4:b9:c0:3a:70:84:e1:34:87:65:
                    2d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:C3:D0:91:98:2E:7B:69:D7:40:C8:E8:26:D2:C2:46:1C:FA:C8:F5
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/4cPQkZgue2nXQMjoJtLCRhz6yPU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:fc:f2:cc:f9:72:4e:1c:76:92:1d:e5:36:79:87:0e:00:d9:
         7b:9a:f6:dd:7d:92:ed:18:2c:89:2c:9c:c6:b0:92:87:d1:54:
         5d:85:41:32:ca:f2:0d:b4:69:bd:54:c4:11:58:25:42:7a:f2:
         27:7f:e6:27:9d:2a:f7:e5:65:7b:d6:5a:54:a2:91:ae:5b:62:
         85:5e:8f:bd:e0:be:87:a2:a3:20:cc:2c:60:bb:92:0a:6c:35:
         81:a5:cc:9c:d5:fb:18:7b:da:f3:11:94:5b:7d:f1:83:83:db:
         b3:38:c6:3f:04:ee:f9:cc:48:cd:ad:c9:f0:f9:bf:1d:be:f6:
         dd:e8:4a:a2:90:17:93:b0:a2:3f:ba:fc:b4:79:d0:d2:b0:3c:
         b7:cb:e3:19:30:12:6b:d6:fd:df:60:fd:fd:31:ef:2c:b9:ed:
         60:b1:2b:a6:b1:ff:e5:3f:0d:ac:b9:0c:e9:14:e8:02:ea:8a:
         69:2d:d0:3c:0f:17:f0:40:54:d2:41:76:7a:59:ee:6e:1d:32:
         ff:22:8f:68:b3:93:69:0a:57:6b:cc:4f:df:46:5b:12:f3:4a:
         98:ab:28:b8:31:b5:d9:0c:16:bc:4f:26:ac:ce:e4:a3:4b:7b:
         ac:31:49:be:ae:8d:ef:e4:bc:4e:d7:5a:9c:fa:1c:b3:a3:16:
         08:09:5e:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8PsP62OJL8b0q8wffTzddvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjQwNDI0MTA0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWMzZDA5MTk4MmU3YjY5ZDc0MGM4ZTgyNmQyYzI0NjFjZmFjOGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgpvfgFFchHpBLGgoW/+XXz697dL
VVe6AD3/Xm+iKt7CArdkpVR6BjlAabx1KQWNll3onkv/0kIcczPHvuD3OZGhnHuU
MdE2t6rZ3ovscHY4Bbencc08EuWmEWLVaKEpAmcqoF4FaARjCs8E4rbIQP4q6JHm
Xe5E+NWzVr1Vn3Ec7AlSkbXkZ6vPjREsSzSwhh6OY3MdO12HuAC/bnSeZSC00xcj
eSRiR8lWolswcmPek+NoFKzAQA/iZTfVPnXheeXr5sIK+vcP563hKWCWaCGeBW+X
TKIYerPsnLlN4dYEsX0N0UDjeAMeAAaeTJ0dV0rSGLS5wDpwhOE0h2UtwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHD0JGYLntp10DI6CbSwkYc+sj1MB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvNGNQUWtaZ3VlMm5YUU1qb0p0TENSaHo2eVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsJMA0G
CSqGSIb3DQEBCwUAA4IBAQAK/PLM+XJOHHaSHeU2eYcOANl7mvbdfZLtGCyJLJzG
sJKH0VRdhUEyyvINtGm9VMQRWCVCevInf+YnnSr35WV71lpUopGuW2KFXo+94L6H
oqMgzCxgu5IKbDWBpcyc1fsYe9rzEZRbffGDg9uzOMY/BO75zEjNrcnw+b8dvvbd
6EqikBeTsKI/uvy0edDSsDy3y+MZMBJr1v3fYP39Me8sue1gsSumsf/lPw2suQzp
FOgC6oppLdA8DxfwQFTSQXZ6We5uHTL/Io9os5NpCldrzE/fRlsS80qYqyi4MbXZ
DBa8TyaszuSjS3usMUm+ro3v5LxO11qc+hyzoxYICV5H
-----END CERTIFICATE-----