Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/o9-acoxGDsnpXEW5s_4hQGxFxg0.roa
File:                     o9-acoxGDsnpXEW5s_4hQGxFxg0.roa (raw, json)
Hash identifier:          1BsGFw0gntuGOP7zoXcO5QdK8HK1Rw9fOYEQvr9H56c=
Subject key identifier:   A3:DF:9A:72:8C:46:0E:C9:E9:5C:45:B9:B3:FE:21:40:6C:45:C6:0D
Certificate issuer:       /CN=f416539e74934d23a0572f6625dbfdb54e820873
Certificate serial:       018CC8706B8B119C2431AA4D335564DB54AE
Authority key identifier: F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/o9-acoxGDsnpXEW5s_4hQGxFxg0.roa
Signing time:             Tue 02 Jan 2024 04:30:59 +0000
ROA not before:           Tue 02 Jan 2024 04:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56782
IP address blocks:        95.107.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:6b:8b:11:9c:24:31:aa:4d:33:55:64:db:54:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f416539e74934d23a0572f6625dbfdb54e820873
        Validity
            Not Before: Jan  2 04:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3df9a728c460ec9e95c45b9b3fe21406c45c60d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b4:57:cf:b6:9a:5a:56:91:a6:a4:be:7e:ad:
                    72:4f:41:7d:1f:2a:f9:92:61:66:0b:52:8c:1c:f4:
                    97:61:32:6f:95:c3:0b:4b:74:1e:f6:e9:70:b5:b9:
                    7a:c7:88:53:be:b7:1e:f1:d4:6e:4b:d2:f3:f1:03:
                    18:d8:00:c1:43:91:d6:1c:b6:c6:6e:c5:64:2d:03:
                    0f:a4:1c:1c:d7:6d:ac:dd:c8:98:e0:31:b5:e2:a9:
                    0b:e7:d9:0e:53:c7:49:56:49:f7:a4:03:9b:29:df:
                    5b:e2:d1:b3:fc:28:63:3d:26:3b:8f:8c:0b:42:26:
                    4b:cc:91:fe:ca:b9:2e:85:7d:f6:ac:89:00:fd:70:
                    7a:b7:68:05:ef:65:95:80:b7:cf:c5:91:9a:b6:cd:
                    d7:10:40:04:92:46:26:f3:1a:29:4e:a4:31:d0:9a:
                    cc:7a:a5:b6:a7:83:38:75:bf:71:45:46:96:b9:ba:
                    a6:51:2e:72:c3:e9:b0:3b:ad:64:99:38:49:25:7f:
                    fa:31:85:c2:87:28:34:3b:46:ba:08:56:78:9f:07:
                    67:ea:3c:71:50:64:6b:f7:90:6a:b3:c9:4b:ec:33:
                    d9:10:1a:5d:d2:da:14:a8:5b:df:aa:82:d4:55:ea:
                    7b:38:58:8e:1a:e1:a3:cb:96:db:82:cc:e5:3f:52:
                    14:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:DF:9A:72:8C:46:0E:C9:E9:5C:45:B9:B3:FE:21:40:6C:45:C6:0D
            X509v3 Authority Key Identifier:
                keyid:F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/o9-acoxGDsnpXEW5s_4hQGxFxg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.107.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:9f:24:c8:a9:d5:bc:7a:58:87:3f:34:52:9f:29:ec:e1:93:
         49:18:19:f3:d6:4b:43:36:46:7b:8d:a7:7c:03:78:78:d9:3a:
         61:57:5b:de:07:f5:7c:ae:2b:e5:7c:4e:18:a5:95:7d:26:44:
         18:e8:5d:4b:b4:6d:10:73:70:6f:46:69:2c:99:a1:b4:cc:50:
         2c:d1:f2:65:e7:04:46:76:6d:b6:15:5c:ab:62:8e:60:fd:c4:
         83:45:58:a6:b3:ba:1f:62:5f:6e:e3:3c:4d:57:f5:59:0e:3c:
         09:ab:0e:69:1c:c6:7c:e8:1b:bc:09:e6:35:64:d5:c9:a3:bd:
         5d:59:b9:d4:63:82:02:9c:74:41:11:27:5e:a1:d5:7d:dd:5c:
         5f:8d:b1:45:dc:1d:6a:17:1f:80:57:36:69:01:a8:e2:28:30:
         0b:49:e6:98:16:23:f0:3e:2e:8d:c0:7b:4e:9f:81:b3:e5:e2:
         41:bb:a4:36:97:0c:89:2f:4f:2a:86:94:05:b2:3d:32:bd:ef:
         7f:db:a5:b5:26:25:90:c6:21:da:67:cf:15:d2:42:40:f7:9d:
         d8:40:70:46:96:4c:24:89:14:ec:93:87:c6:41:9b:51:63:45:
         c5:9e:3f:ad:3b:d5:50:3e:39:06:73:22:d0:37:64:4f:24:31:
         16:a2:c8:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcGuLEZwkMapNM1Vk21SuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MTY1MzllNzQ5MzRkMjNhMDU3MmY2NjI1ZGJmZGI1NGU4
MjA4NzMwHhcNMjQwMTAyMDQzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2RmOWE3MjhjNDYwZWM5ZTk1YzQ1YjliM2ZlMjE0MDZjNDVjNjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7RXz7aaWlaRpqS+fq1yT0F9Hyr5
kmFmC1KMHPSXYTJvlcMLS3Qe9ulwtbl6x4hTvrce8dRuS9Lz8QMY2ADBQ5HWHLbG
bsVkLQMPpBwc122s3ciY4DG14qkL59kOU8dJVkn3pAObKd9b4tGz/ChjPSY7j4wL
QiZLzJH+yrkuhX32rIkA/XB6t2gF72WVgLfPxZGats3XEEAEkkYm8xopTqQx0JrM
eqW2p4M4db9xRUaWubqmUS5yw+mwO61kmThJJX/6MYXChyg0O0a6CFZ4nwdn6jxx
UGRr95Bqs8lL7DPZEBpd0toUqFvfqoLUVep7OFiOGuGjy5bbgszlP1IUjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKPfmnKMRg7J6VxFubP+IUBsRcYNMB8GA1UdIwQY
MBaAFPQWU550k00joFcvZiXb/bVOgghzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODkt
ZDY3YTYxZDU0MTZkLzEvbzktYWNveEdEc25wWEVXNXNfNGhRR3hGeGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODktZDY3YTYxZDU0MTZk
LzEvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX2uvMA0G
CSqGSIb3DQEBCwUAA4IBAQBAnyTIqdW8eliHPzRSnyns4ZNJGBnz1ktDNkZ7jad8
A3h42TphV1veB/V8rivlfE4YpZV9JkQY6F1LtG0Qc3BvRmksmaG0zFAs0fJl5wRG
dm22FVyrYo5g/cSDRVims7ofYl9u4zxNV/VZDjwJqw5pHMZ86Bu8CeY1ZNXJo71d
WbnUY4ICnHRBESdeodV93VxfjbFF3B1qFx+AVzZpAajiKDALSeaYFiPwPi6NwHtO
n4Gz5eJBu6Q2lwyJL08qhpQFsj0yve9/26W1JiWQxiHaZ88V0kJA953YQHBGlkwk
iRTsk4fGQZtRY0XFnj+tO9VQPjkGcyLQN2RPJDEWoshQ
-----END CERTIFICATE-----