Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/9uTVW4FFNgfEHsWlG4Ssx4PvRfs.roa
File:                     9uTVW4FFNgfEHsWlG4Ssx4PvRfs.roa (raw, json)
Hash identifier:          H6V1V+s3B+7vbKQry2Kf1E0UYWSSuxFcdN+RzkrifDY=
Subject key identifier:   F6:E4:D5:5B:81:45:36:07:C4:1E:C5:A5:1B:84:AC:C7:83:EF:45:FB
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAC4E90C12DACEE8EBA9281222B1D3
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/9uTVW4FFNgfEHsWlG4Ssx4PvRfs.roa
Signing time:             Mon 01 Jan 2024 02:29:26 +0000
ROA not before:           Mon 01 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51487
IP address blocks:        185.138.92.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c4:e9:0c:12:da:ce:e8:eb:a9:28:12:22:b1:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6e4d55b81453607c41ec5a51b84acc783ef45fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:27:71:0e:0e:4d:6b:4d:78:15:04:67:69:51:
                    eb:07:70:1c:e6:cd:9c:c8:2f:40:b1:cd:4e:6b:38:
                    2f:82:16:d5:14:d5:5f:7b:00:88:03:49:57:c5:af:
                    3e:63:88:6c:b5:36:05:ed:f7:82:a7:72:d0:35:b1:
                    87:87:e8:4c:cf:27:33:f5:8a:9a:c0:0d:70:44:d3:
                    8a:99:4d:83:4f:33:0d:1a:09:4b:1a:a5:ee:72:af:
                    50:ef:23:a6:ed:e4:06:6e:08:5b:5b:ba:36:a5:a3:
                    6a:9b:95:fd:b4:36:27:52:d2:20:4e:21:fc:80:73:
                    a6:96:40:aa:d7:7e:5a:87:c4:71:16:a5:fe:e3:3b:
                    72:4b:ac:af:1f:54:7f:c8:39:51:e6:3c:2f:ff:fb:
                    b7:cf:b2:a7:77:6c:8d:eb:62:e7:d2:50:1b:46:43:
                    18:12:3f:97:16:1e:2f:8a:59:1d:be:68:3d:78:7c:
                    ca:a0:85:bb:9b:71:67:31:cc:9a:c3:89:cb:e0:c9:
                    bb:1c:70:f5:7b:a2:50:08:ee:2e:ef:3b:6a:62:71:
                    24:0b:10:0d:70:cb:ba:e2:45:b3:9b:6c:b9:22:c6:
                    73:ea:f9:d2:32:3a:89:42:44:9a:6b:15:9e:74:fa:
                    8d:84:83:f3:77:16:54:a0:ac:ac:73:c8:0e:5c:eb:
                    a3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E4:D5:5B:81:45:36:07:C4:1E:C5:A5:1B:84:AC:C7:83:EF:45:FB
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/9uTVW4FFNgfEHsWlG4Ssx4PvRfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:73:bb:38:05:57:df:8c:ef:f1:f0:be:ae:65:36:9f:74:43:
         32:7f:da:1c:75:c4:ef:90:eb:17:f8:9b:e6:19:7a:c4:ab:aa:
         1a:be:70:e3:56:e4:7e:45:45:63:30:e2:e4:88:4b:65:63:63:
         22:8b:33:71:ec:ad:87:34:73:d6:40:da:32:82:63:d1:e9:58:
         a1:1f:22:af:7c:6c:75:f7:bf:bc:f5:c2:3a:44:b4:b7:ea:35:
         9e:9a:e2:6a:08:e7:b5:ad:46:ab:9e:53:59:7f:ce:56:b1:62:
         c1:14:b3:d7:7e:1d:2b:0c:b2:9c:49:b9:0f:6d:13:eb:8e:ae:
         ad:3a:ed:3a:68:60:ed:9b:67:e6:8c:6c:17:70:dd:fb:02:81:
         98:d8:df:63:a4:9c:a6:c5:72:68:8b:70:dd:61:6b:74:ff:5c:
         43:e6:75:38:24:fc:d0:72:ee:65:75:dc:70:61:a9:5c:88:37:
         e7:17:e1:35:0c:98:73:d6:2e:31:04:12:3c:de:a2:a0:d1:45:
         7a:86:12:94:b0:a7:4d:3e:89:e5:ab:3a:da:0e:f2:7f:63:2d:
         10:42:3d:df:cd:63:ff:cf:77:4a:c5:7d:25:be:a5:c8:59:86:
         19:18:b3:74:b5:f8:49:95:19:db:86:67:66:ff:b2:0c:04:b7:
         28:e6:e4:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sTpDBLazujrqSgSIrHTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmU0ZDU1YjgxNDUzNjA3YzQxZWM1YTUxYjg0YWNjNzgzZWY0NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCdxDg5Na014FQRnaVHrB3Ac5s2c
yC9Asc1OazgvghbVFNVfewCIA0lXxa8+Y4hstTYF7feCp3LQNbGHh+hMzycz9Yqa
wA1wRNOKmU2DTzMNGglLGqXucq9Q7yOm7eQGbghbW7o2paNqm5X9tDYnUtIgTiH8
gHOmlkCq135ah8RxFqX+4ztyS6yvH1R/yDlR5jwv//u3z7Knd2yN62Ln0lAbRkMY
Ej+XFh4vilkdvmg9eHzKoIW7m3FnMcyaw4nL4Mm7HHD1e6JQCO4u7ztqYnEkCxAN
cMu64kWzm2y5IsZz6vnSMjqJQkSaaxWedPqNhIPzdxZUoKysc8gOXOuj1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbk1VuBRTYHxB7FpRuErMeD70X7MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvOXVUVlc0RkZOZ2ZFSHNXbEc0U3N4NFB2UmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYpcMA0G
CSqGSIb3DQEBCwUAA4IBAQBkc7s4BVffjO/x8L6uZTafdEMyf9ocdcTvkOsX+Jvm
GXrEq6oavnDjVuR+RUVjMOLkiEtlY2MiizNx7K2HNHPWQNoygmPR6VihHyKvfGx1
97+89cI6RLS36jWemuJqCOe1rUarnlNZf85WsWLBFLPXfh0rDLKcSbkPbRPrjq6t
Ou06aGDtm2fmjGwXcN37AoGY2N9jpJymxXJoi3DdYWt0/1xD5nU4JPzQcu5lddxw
YalciDfnF+E1DJhz1i4xBBI83qKg0UV6hhKUsKdNPonlqzraDvJ/Yy0QQj3fzWP/
z3dKxX0lvqXIWYYZGLN0tfhJlRnbhmdm/7IMBLco5uSo
-----END CERTIFICATE-----