Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9HsEk_R2alFX3Sz2n__gX0Wc93k.roa
File:                     9HsEk_R2alFX3Sz2n__gX0Wc93k.roa (raw, json)
Hash identifier:          c5QYgjNaVOFx/8Fvu2RBHqahaM2N2CxPM5byQKG6bcU=
Subject key identifier:   F4:7B:04:93:F4:76:6A:51:57:DD:2C:F6:9F:FF:E0:5F:45:9C:F7:79
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276D0C3B90C52F797B2CDC336A71FF
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9HsEk_R2alFX3Sz2n__gX0Wc93k.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203689
IP address blocks:        157.25.130.0/23 maxlen: 23
                          157.25.174.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6d:0c:3b:90:c5:2f:79:7b:2c:dc:33:6a:71:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f47b0493f4766a5157dd2cf69fffe05f459cf779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:74:39:c1:61:98:cc:7c:fb:b2:4b:3d:01:50:
                    2a:d3:66:70:70:75:39:0a:f5:39:7b:e1:d5:c7:de:
                    6b:ac:7c:3e:29:dc:17:b6:ea:2e:15:80:1f:78:e3:
                    f0:7b:3c:72:ff:e4:b1:d7:ee:ce:cc:a5:6e:2d:36:
                    62:87:fb:ab:90:00:4f:ec:a1:de:cc:78:29:4a:a9:
                    09:b7:cc:95:f8:f7:62:dd:3c:0a:fe:eb:d8:0e:8d:
                    c3:d7:d6:de:39:42:72:29:b9:e6:30:c4:8e:ad:56:
                    f4:20:bd:58:d6:86:f5:8b:84:43:43:4b:82:79:d9:
                    c0:19:f3:c4:c5:77:cb:65:2b:f8:d4:df:51:31:c0:
                    4c:5f:52:f0:6a:94:9e:80:86:af:34:2f:17:64:ed:
                    d0:0f:ed:c7:db:4a:e6:91:1b:e8:3c:4c:e6:1d:6e:
                    52:29:a8:0c:b4:28:e3:55:c2:25:97:3d:76:db:e5:
                    28:67:cd:71:72:0d:2e:37:e4:69:f5:a9:f1:fd:dd:
                    98:34:fa:3f:d2:52:61:14:76:db:ce:05:f9:1a:0d:
                    b3:5b:fa:83:81:6e:33:83:cf:bb:92:e4:38:8f:3c:
                    87:c7:a7:72:cc:2a:7d:24:41:38:aa:5e:67:44:d5:
                    78:72:cd:b5:3e:68:e5:1d:14:18:e4:2a:c6:d7:2d:
                    02:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:7B:04:93:F4:76:6A:51:57:DD:2C:F6:9F:FF:E0:5F:45:9C:F7:79
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9HsEk_R2alFX3Sz2n__gX0Wc93k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.130.0/23
                  157.25.174.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:d8:fe:fd:f4:8c:1a:5c:cf:54:0c:73:3a:45:4d:c2:82:9d:
         01:27:1d:3b:32:fa:b8:fd:8c:dd:d8:2e:6e:8f:71:08:57:2c:
         0b:f6:8b:09:47:e6:f5:6e:97:5c:ea:ac:f1:b7:d0:35:39:e4:
         d3:32:0b:49:77:09:43:df:ac:34:c2:9f:25:34:d2:35:cc:04:
         ff:bf:db:20:9b:46:a2:ef:fe:23:8c:93:91:a3:dd:28:c5:c7:
         1c:3f:93:e3:c8:4a:db:4b:6a:55:8d:e4:8d:dd:97:2e:66:97:
         0b:a9:e6:ab:4d:37:69:2f:bc:b3:93:ab:b6:c3:89:f2:49:c6:
         38:b3:1b:b0:54:3e:d8:a7:02:60:a2:21:e6:65:f9:ae:8b:25:
         fd:2a:4e:05:fb:1f:7b:c6:48:0c:51:dc:8c:11:74:71:b6:4a:
         9f:1a:bd:6f:3c:cd:15:2e:d2:cc:8b:44:45:9d:3e:a2:62:6b:
         d3:26:57:85:b3:35:b9:d4:d8:66:af:fc:08:b3:49:cf:36:96:
         b9:80:6e:84:08:fb:98:5f:d5:f9:03:c8:27:01:3a:40:1c:34:
         62:e1:ae:b3:d3:42:e0:dc:93:44:9f:92:7e:90:f0:c6:04:22:
         e1:48:c7:ac:cf:3c:c5:e9:06:66:9c:4a:af:4a:77:fd:47:c2:
         f1:ce:a5:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJ20MO5DFL3l7LNwzanH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDdiMDQ5M2Y0NzY2YTUxNTdkZDJjZjY5ZmZmZTA1ZjQ1OWNmNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXQ5wWGYzHz7sks9AVAq02ZwcHU5
CvU5e+HVx95rrHw+KdwXtuouFYAfeOPwezxy/+Sx1+7OzKVuLTZih/urkABP7KHe
zHgpSqkJt8yV+Pdi3TwK/uvYDo3D19beOUJyKbnmMMSOrVb0IL1Y1ob1i4RDQ0uC
ednAGfPExXfLZSv41N9RMcBMX1LwapSegIavNC8XZO3QD+3H20rmkRvoPEzmHW5S
KagMtCjjVcIllz122+UoZ81xcg0uN+Rp9anx/d2YNPo/0lJhFHbbzgX5Gg2zW/qD
gW4zg8+7kuQ4jzyHx6dyzCp9JEE4ql5nRNV4cs21PmjlHRQY5CrG1y0CpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPR7BJP0dmpRV90s9p//4F9FnPd5MB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvOUhzRWtfUjJhbEZYM1N6Mm5fX2dYMFdjOTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBnRmCAwQB
nRmuMA0GCSqGSIb3DQEBCwUAA4IBAQCQ2P799IwaXM9UDHM6RU3Cgp0BJx07Mvq4
/Yzd2C5uj3EIVywL9osJR+b1bpdc6qzxt9A1OeTTMgtJdwlD36w0wp8lNNI1zAT/
v9sgm0ai7/4jjJORo90oxcccP5PjyErbS2pVjeSN3ZcuZpcLqearTTdpL7yzk6u2
w4nyScY4sxuwVD7YpwJgoiHmZfmuiyX9Kk4F+x97xkgMUdyMEXRxtkqfGr1vPM0V
LtLMi0RFnT6iYmvTJleFszW51Nhmr/wIs0nPNpa5gG6ECPuYX9X5A8gnATpAHDRi
4a6z00Lg3JNEn5J+kPDGBCLhSMeszzzF6QZmnEqvSnf9R8LxzqVY
-----END CERTIFICATE-----