Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/9-jvzduNcpnHeHAWOnE2TCzqUcU.roa
File:                     9-jvzduNcpnHeHAWOnE2TCzqUcU.roa (raw, json)
Hash identifier:          ijUxn3JoHMjcTGzNOK3LLYBiDUILQ25/TkPZxXl7a0A=
Subject key identifier:   F7:E8:EF:CD:DB:8D:72:99:C7:78:70:16:3A:71:36:4C:2C:EA:51:C5
Certificate issuer:       /CN=05e9fca0a8584feb1c12319071423061b08fe456
Certificate serial:       018CEE4757389568EC7B96821E9AD8D2B59D
Authority key identifier: 05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/9-jvzduNcpnHeHAWOnE2TCzqUcU.roa
Signing time:             Tue 09 Jan 2024 12:51:41 +0000
ROA not before:           Tue 09 Jan 2024 12:51:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216218
IP address blocks:        109.107.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 23:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ee:47:57:38:95:68:ec:7b:96:82:1e:9a:d8:d2:b5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05e9fca0a8584feb1c12319071423061b08fe456
        Validity
            Not Before: Jan  9 12:51:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7e8efcddb8d7299c77870163a71364c2cea51c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:34:b4:07:19:db:9b:c6:fb:c6:a8:ec:e8:47:
                    3f:3a:70:38:ad:0e:df:d0:48:ce:41:68:95:41:aa:
                    2d:0a:a1:68:44:56:f8:7b:d0:79:73:f1:4c:1a:c9:
                    ec:e4:7d:a9:21:f2:a4:70:eb:93:92:09:08:cd:8d:
                    91:fe:e7:e9:33:51:8f:08:70:02:b3:95:3d:fc:46:
                    34:1f:0f:87:d3:d2:f2:03:86:2e:47:e1:07:73:4f:
                    16:02:d0:44:18:95:b4:14:5a:af:b8:06:a9:6b:5f:
                    0a:52:a6:9d:ba:b2:92:26:48:b5:65:2f:2b:67:7a:
                    b0:b7:ad:08:a1:a4:c2:16:aa:d4:9a:65:65:71:5d:
                    0e:8d:1f:b1:1d:fd:d3:68:29:8a:0f:3f:cf:b1:18:
                    ac:27:e7:da:5d:2c:df:e5:38:98:71:1a:26:55:a5:
                    40:96:32:5a:8e:75:81:62:88:0a:bc:46:91:1f:b1:
                    5e:f2:a9:22:56:e2:92:fa:da:18:63:14:49:0c:72:
                    6c:4b:7a:d8:4a:d3:b6:53:bf:07:f6:c5:33:20:c0:
                    97:72:2a:9a:af:2b:c8:28:c9:2f:20:39:95:98:dd:
                    3b:99:28:31:89:7c:7f:09:3e:9e:1d:69:38:23:1e:
                    16:75:15:25:52:0b:e2:30:e0:ac:ac:9d:67:0e:bf:
                    2a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:E8:EF:CD:DB:8D:72:99:C7:78:70:16:3A:71:36:4C:2C:EA:51:C5
            X509v3 Authority Key Identifier:
                keyid:05:E9:FC:A0:A8:58:4F:EB:1C:12:31:90:71:42:30:61:B0:8F:E4:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ben8oKhYT-scEjGQcUIwYbCP5FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/9-jvzduNcpnHeHAWOnE2TCzqUcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/c7ee9e-b5bf-4c2d-a983-dee3ed497aee/1/Ben8oKhYT-scEjGQcUIwYbCP5FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:09:1a:5e:b5:3d:78:53:a6:70:98:55:ba:a8:c8:19:8e:cb:
         8e:69:0d:1c:62:5a:e3:1e:8c:4a:31:6e:b5:7a:1f:45:92:30:
         56:7c:79:03:e4:02:75:72:9f:73:f5:47:29:54:e3:1d:d1:d5:
         84:dd:2a:59:d0:e3:5d:4f:61:f9:24:2e:c8:f1:f8:e6:b7:f6:
         2c:ce:4e:c3:6f:1c:15:fa:a7:10:de:a2:74:5d:55:d9:01:3b:
         1f:82:20:1f:43:a8:2f:0e:ad:71:16:f3:a3:73:31:60:7f:a6:
         e0:2d:89:30:f7:1d:d1:2d:82:cb:65:fd:17:b2:8a:65:3b:f9:
         60:42:12:75:04:38:a7:46:ec:24:17:4f:13:2b:4d:25:6e:16:
         b4:5e:1c:f8:08:84:14:79:90:93:9a:4a:30:74:df:af:49:b3:
         11:e8:32:16:aa:3e:78:ca:47:ca:c7:8b:68:bf:b7:f9:ee:bd:
         a9:d4:4a:01:cf:50:5b:d7:2b:da:a5:d3:b7:dd:e8:61:d1:d9:
         88:f7:20:6a:72:1e:d7:9f:75:f4:eb:ff:de:5f:b1:eb:9f:7c:
         b4:32:34:cb:57:d5:83:67:21:07:7a:b2:90:94:2b:ab:f7:1d:
         ca:a1:94:ab:e3:74:ec:e9:36:06:8a:a7:df:47:20:5e:9e:d3:
         99:a0:9a:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzuR1c4lWjse5aCHprY0rWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZTlmY2EwYTg1ODRmZWIxYzEyMzE5MDcxNDIzMDYxYjA4
ZmU0NTYwHhcNMjQwMTA5MTI1MTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2U4ZWZjZGRiOGQ3Mjk5Yzc3ODcwMTYzYTcxMzY0YzJjZWE1MWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjS0Bxnbm8b7xqjs6Ec/OnA4rQ7f
0EjOQWiVQaotCqFoRFb4e9B5c/FMGsns5H2pIfKkcOuTkgkIzY2R/ufpM1GPCHAC
s5U9/EY0Hw+H09LyA4YuR+EHc08WAtBEGJW0FFqvuAapa18KUqadurKSJki1ZS8r
Z3qwt60IoaTCFqrUmmVlcV0OjR+xHf3TaCmKDz/PsRisJ+faXSzf5TiYcRomVaVA
ljJajnWBYogKvEaRH7Fe8qkiVuKS+toYYxRJDHJsS3rYStO2U78H9sUzIMCXciqa
ryvIKMkvIDmVmN07mSgxiXx/CT6eHWk4Ix4WdRUlUgviMOCsrJ1nDr8quQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfo783bjXKZx3hwFjpxNkws6lHFMB8GA1UdIwQY
MBaAFAXp/KCoWE/rHBIxkHFCMGGwj+RWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMt
ZGVlM2VkNDk3YWVlLzEvOS1qdnpkdU5jcG5IZUhBV09uRTJUQ3pxVWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jN2VlOWUtYjViZi00YzJkLWE5ODMtZGVlM2VkNDk3YWVl
LzEvQmVuOG9LaFlULXNjRWpHUWNVSXdZYkNQNUZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWu8MA0G
CSqGSIb3DQEBCwUAA4IBAQAwCRpetT14U6ZwmFW6qMgZjsuOaQ0cYlrjHoxKMW61
eh9FkjBWfHkD5AJ1cp9z9UcpVOMd0dWE3SpZ0ONdT2H5JC7I8fjmt/Yszk7DbxwV
+qcQ3qJ0XVXZATsfgiAfQ6gvDq1xFvOjczFgf6bgLYkw9x3RLYLLZf0XsoplO/lg
QhJ1BDinRuwkF08TK00lbha0Xhz4CIQUeZCTmkowdN+vSbMR6DIWqj54ykfKx4to
v7f57r2p1EoBz1Bb1yvapdO33ehh0dmI9yBqch7Xn3X06//eX7Hrn3y0MjTLV9WD
ZyEHerKQlCur9x3KoZSr43Ts6TYGiqffRyBentOZoJqE
-----END CERTIFICATE-----