Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/9_u3B0LA54k_6x5l19EojjqpK58.roa
File:                     9_u3B0LA54k_6x5l19EojjqpK58.roa (raw, json)
Hash identifier:          /S207BoRlfSvTkpqC8YLXvKwte4gEex2LCqGVjYUKdE=
Subject key identifier:   F7:FB:B7:07:42:C0:E7:89:3F:EB:1E:65:D7:D1:28:8E:3A:A9:2B:9F
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC5988944C45016E39D9FC0728A6D
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/9_u3B0LA54k_6x5l19EojjqpK58.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59631
IP address blocks:        176.121.64.0/21 maxlen: 24
                          185.83.104.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c5:98:89:44:c4:50:16:e3:9d:9f:c0:72:8a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7fbb70742c0e7893feb1e65d7d1288e3aa92b9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:75:00:8d:eb:56:b3:fa:55:45:d2:d7:4e:9c:
                    28:3f:bf:18:51:eb:d5:64:d1:6f:31:f0:20:d4:be:
                    c2:62:c4:47:a7:2d:62:24:ce:35:36:4a:30:3f:bb:
                    c4:f2:a4:d2:a4:b8:c1:12:c9:7a:59:33:50:47:7c:
                    10:99:a5:7e:39:8c:a0:a0:36:4d:12:cf:e1:21:0f:
                    d1:12:95:03:48:0c:68:1d:d2:ff:15:98:af:f0:64:
                    27:16:c6:d1:7e:06:9a:4d:81:a3:c0:32:a2:18:33:
                    3d:12:4b:2a:2e:46:34:b4:16:28:d1:01:d5:c9:39:
                    69:88:16:b3:49:c4:8f:ca:f5:a0:fc:31:c6:84:23:
                    03:62:1a:3f:7c:57:a9:f8:19:91:d4:03:35:bc:75:
                    13:de:83:9a:81:18:f3:50:19:bf:fc:79:eb:3c:2e:
                    6c:06:80:5c:67:4a:db:a1:79:83:1c:88:9b:80:9e:
                    f5:fc:05:3f:90:80:65:27:af:71:0a:d3:58:fd:3b:
                    03:5c:37:44:61:04:f1:93:19:db:e2:5c:0b:10:32:
                    ab:6b:ca:6f:74:02:1f:43:d1:a5:58:7e:93:e7:19:
                    79:44:9f:c0:8d:7e:ad:c6:22:e5:34:f2:a9:f9:d8:
                    ab:9b:dd:16:f6:a8:40:5c:fd:9f:a1:35:d3:3e:8e:
                    06:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:FB:B7:07:42:C0:E7:89:3F:EB:1E:65:D7:D1:28:8E:3A:A9:2B:9F
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/9_u3B0LA54k_6x5l19EojjqpK58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.64.0/21
                  185.83.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:56:e3:9e:fa:1a:b6:c0:36:8f:4c:28:9b:b2:34:61:d6:e6:
         48:5a:30:3a:ba:01:01:74:76:52:f2:79:b5:0a:86:23:56:bb:
         01:58:99:ad:bc:cf:9a:bb:65:e4:0b:05:a9:b0:6c:d4:2f:08:
         e1:32:6c:74:6e:96:ed:f9:ea:bc:30:b8:5f:6b:fc:dc:5a:bb:
         40:9e:67:ad:2c:f6:94:4b:4c:98:13:12:28:fc:cf:aa:da:ef:
         7b:2f:8b:d8:42:fe:66:a9:c2:70:21:45:8b:ae:63:21:b3:5f:
         da:d5:64:ed:94:42:52:36:f6:f2:73:2a:7d:9d:2e:a5:2b:66:
         c1:3a:7f:01:4e:d1:58:cb:1e:02:05:a5:ab:ac:b8:7b:50:8d:
         40:c5:22:67:0c:fd:57:d5:b1:4a:33:47:d0:7d:5a:6e:d2:90:
         af:d8:3c:6d:ec:cb:6b:dc:6a:4a:64:54:e7:83:f4:e8:62:ff:
         0a:6c:39:48:30:e3:1a:11:de:0f:41:48:bf:b7:ad:dd:14:1b:
         4f:85:f1:ad:26:62:bc:8c:30:63:7d:c8:a0:e6:54:cb:83:c4:
         8c:20:e4:1d:67:a6:3a:ac:97:4b:2b:7b:40:98:a6:3e:81:b1:
         7d:0e:eb:45:54:b9:98:d9:b9:1b:be:5c:46:bc:a7:30:d8:bc:
         c4:bf:e9:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2sWYiUTEUBbjnZ/AcoptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2ZiYjcwNzQyYzBlNzg5M2ZlYjFlNjVkN2QxMjg4ZTNhYTkyYjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHUAjetWs/pVRdLXTpwoP78YUevV
ZNFvMfAg1L7CYsRHpy1iJM41NkowP7vE8qTSpLjBEsl6WTNQR3wQmaV+OYygoDZN
Es/hIQ/REpUDSAxoHdL/FZiv8GQnFsbRfgaaTYGjwDKiGDM9EksqLkY0tBYo0QHV
yTlpiBazScSPyvWg/DHGhCMDYho/fFep+BmR1AM1vHUT3oOagRjzUBm//HnrPC5s
BoBcZ0rboXmDHIibgJ71/AU/kIBlJ69xCtNY/TsDXDdEYQTxkxnb4lwLEDKra8pv
dAIfQ9GlWH6T5xl5RJ/AjX6txiLlNPKp+dirm90W9qhAXP2foTXTPo4GtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPf7twdCwOeJP+seZdfRKI46qSufMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvOV91M0IwTEE1NGtfNng1bDE5RW9qanFwSzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDsHlAAwQC
uVNoMA0GCSqGSIb3DQEBCwUAA4IBAQBpVuOe+hq2wDaPTCibsjRh1uZIWjA6ugEB
dHZS8nm1CoYjVrsBWJmtvM+au2XkCwWpsGzULwjhMmx0bpbt+eq8MLhfa/zcWrtA
nmetLPaUS0yYExIo/M+q2u97L4vYQv5mqcJwIUWLrmMhs1/a1WTtlEJSNvbycyp9
nS6lK2bBOn8BTtFYyx4CBaWrrLh7UI1AxSJnDP1X1bFKM0fQfVpu0pCv2Dxt7Mtr
3GpKZFTng/ToYv8KbDlIMOMaEd4PQUi/t63dFBtPhfGtJmK8jDBjfcig5lTLg8SM
IOQdZ6Y6rJdLK3tAmKY+gbF9DutFVLmY2bkbvlxGvKcw2LzEv+l4
-----END CERTIFICATE-----