Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/9nZ9jt_sUMib4bvyWXkud4C8lBA.roa
File:                     9nZ9jt_sUMib4bvyWXkud4C8lBA.roa (raw, json)
Hash identifier:          SkJMMC0Yfobf/xgaveiN7bniYt07nAI079p/6GMxnVk=
Subject key identifier:   F6:76:7D:8E:DF:EC:50:C8:9B:E1:BB:F2:59:79:2E:77:80:BC:94:10
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DEA392723D5EDBADB9B50848CAFDD
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/9nZ9jt_sUMib4bvyWXkud4C8lBA.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50040
IP address blocks:        109.73.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 12:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ea:39:27:23:d5:ed:ba:db:9b:50:84:8c:af:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6767d8edfec50c89be1bbf259792e7780bc9410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6f:e6:f5:2a:63:7f:6e:04:cc:c6:9c:c2:4f:
                    66:49:09:82:c3:d6:fc:60:3a:34:b2:0a:fd:c2:b7:
                    14:d2:ef:27:83:a3:50:b9:ca:9e:a2:f6:29:35:54:
                    29:25:91:87:0d:92:96:34:e8:95:2b:c4:bb:02:01:
                    86:99:f4:0a:e6:28:41:28:dd:7b:f7:2a:38:81:da:
                    d6:f2:59:10:b2:59:74:09:de:5c:87:7a:52:39:4d:
                    82:c8:c9:bb:25:01:06:0f:3f:33:5a:9c:76:4c:27:
                    73:9c:a5:d4:b2:50:a8:f3:f0:1c:af:0f:a5:13:c1:
                    b9:3a:ce:1d:0e:b3:0a:b0:7a:d7:8d:f5:69:72:dc:
                    1b:3f:b6:6b:06:86:70:b3:dd:d5:10:70:93:79:18:
                    cd:f8:b0:17:d5:9a:77:39:87:eb:3f:2e:65:e3:87:
                    3a:59:52:76:7e:e9:67:b0:e0:c6:0a:f6:fd:cc:cb:
                    1b:ea:1f:97:d1:c7:7d:34:60:50:ec:cb:76:22:05:
                    56:40:0d:3f:8c:59:e5:8e:57:88:02:25:09:7c:c2:
                    1c:26:46:a4:e1:cc:3e:f4:c8:da:f5:2c:c9:eb:b6:
                    5f:a6:ca:17:2a:ed:08:0b:c8:2a:09:33:da:4a:b4:
                    e9:8c:44:54:0f:b1:2b:46:f3:35:9b:92:d5:73:b1:
                    52:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:76:7D:8E:DF:EC:50:C8:9B:E1:BB:F2:59:79:2E:77:80:BC:94:10
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/9nZ9jt_sUMib4bvyWXkud4C8lBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.73.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:38:18:ec:30:a9:84:d8:db:ab:ff:76:68:1b:70:3a:32:8a:
         78:13:4a:34:46:38:93:1e:c6:e1:81:c0:cc:bf:de:63:d0:ce:
         99:c2:53:37:79:fb:d3:c8:1e:83:15:ef:f3:1b:89:1a:06:24:
         d6:dc:9e:b4:77:e8:7b:14:ab:f3:21:b1:d2:40:11:5d:16:e0:
         bc:b8:3b:df:56:4e:87:66:c9:c1:4f:d5:d6:b1:10:cd:55:c8:
         91:a9:61:43:27:e1:da:c4:8f:9c:d4:1b:f3:f0:02:31:43:5b:
         29:c5:5f:39:f6:1b:d4:63:25:0a:ea:b6:32:99:bf:be:5b:ce:
         f5:1f:33:99:ec:a2:04:c2:e3:f7:09:2b:36:85:18:23:79:34:
         58:e4:d3:ae:d1:7f:78:90:cd:26:51:70:b1:17:9d:d3:5c:41:
         a4:0b:ba:ea:64:f9:fe:b1:c8:76:1c:25:a8:ff:3d:02:f9:d6:
         ed:ac:1f:af:b8:6e:5b:84:b9:56:8c:12:36:2e:d7:1c:b2:eb:
         c8:28:d1:50:09:9e:0e:c8:52:f2:b4:74:cc:31:49:26:73:da:
         c6:d6:b6:70:49:e1:24:32:d3:a9:f5:d1:1a:17:e3:bc:f2:db:
         86:d4:ca:1f:30:45:bc:59:d7:f6:22:db:9d:61:d5:47:68:d3:
         b8:c9:2d:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeo5JyPV7brbm1CEjK/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjc2N2Q4ZWRmZWM1MGM4OWJlMWJiZjI1OTc5MmU3NzgwYmM5NDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqm/m9Spjf24EzMacwk9mSQmCw9b8
YDo0sgr9wrcU0u8ng6NQucqeovYpNVQpJZGHDZKWNOiVK8S7AgGGmfQK5ihBKN17
9yo4gdrW8lkQsll0Cd5ch3pSOU2CyMm7JQEGDz8zWpx2TCdznKXUslCo8/Acrw+l
E8G5Os4dDrMKsHrXjfVpctwbP7ZrBoZws93VEHCTeRjN+LAX1Zp3OYfrPy5l44c6
WVJ2fulnsODGCvb9zMsb6h+X0cd9NGBQ7Mt2IgVWQA0/jFnljleIAiUJfMIcJkak
4cw+9Mja9SzJ67ZfpsoXKu0IC8gqCTPaSrTpjERUD7ErRvM1m5LVc7FSMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZ2fY7f7FDIm+G78ll5LneAvJQQMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvOW5aOWp0X3NVTWliNGJ2eVdYa3VkNEM4bEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUkPMA0G
CSqGSIb3DQEBCwUAA4IBAQCKOBjsMKmE2Nur/3ZoG3A6Mop4E0o0RjiTHsbhgcDM
v95j0M6ZwlM3efvTyB6DFe/zG4kaBiTW3J60d+h7FKvzIbHSQBFdFuC8uDvfVk6H
ZsnBT9XWsRDNVciRqWFDJ+HaxI+c1Bvz8AIxQ1spxV859hvUYyUK6rYymb++W871
HzOZ7KIEwuP3CSs2hRgjeTRY5NOu0X94kM0mUXCxF53TXEGkC7rqZPn+sch2HCWo
/z0C+dbtrB+vuG5bhLlWjBI2LtccsuvIKNFQCZ4OyFLytHTMMUkmc9rG1rZwSeEk
MtOp9dEaF+O88tuG1MofMEW8Wdf2ItudYdVHaNO4yS0s
-----END CERTIFICATE-----