Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/9XALqMOzq5V6XkztFuuUKL45HKA.roa
File:                     9XALqMOzq5V6XkztFuuUKL45HKA.roa (raw, json)
Hash identifier:          x8VytDNk2rtZzO6FfqDiCkD/r/mAlJro2up8lIjfTwA=
Subject key identifier:   F5:70:0B:A8:C3:B3:AB:95:7A:5E:4C:ED:16:EB:94:28:BE:39:1C:A0
Certificate issuer:       /CN=7ca04cc67ef96d9022f3d0bfc51eadb4a4b63ee6
Certificate serial:       018CC56DE05BA4178F392E51D5D8E1408130
Authority key identifier: 7C:A0:4C:C6:7E:F9:6D:90:22:F3:D0:BF:C5:1E:AD:B4:A4:B6:3E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKBMxn75bZAi89C_xR6ttKS2PuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/9XALqMOzq5V6XkztFuuUKL45HKA.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197792
IP address blocks:        159.255.40.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/fKBMxn75bZAi89C_xR6ttKS2PuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/fKBMxn75bZAi89C_xR6ttKS2PuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKBMxn75bZAi89C_xR6ttKS2PuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e0:5b:a4:17:8f:39:2e:51:d5:d8:e1:40:81:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca04cc67ef96d9022f3d0bfc51eadb4a4b63ee6
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5700ba8c3b3ab957a5e4ced16eb9428be391ca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c1:58:35:a8:06:78:6e:cd:9d:d2:79:e8:9b:
                    e0:3a:02:66:a8:5f:66:5d:4e:be:eb:82:47:6f:05:
                    2a:c7:fd:d9:fd:25:f7:94:97:21:f8:ec:55:23:f0:
                    6a:0c:a8:49:0e:1e:1b:c1:7a:58:68:f6:d3:a7:7d:
                    a8:d9:31:11:f3:f5:21:e9:fb:3a:a2:55:e3:03:8e:
                    51:48:cb:77:9c:e7:a0:85:3b:49:82:0a:be:57:57:
                    e5:24:62:6c:8c:65:8b:3a:1c:43:98:7d:74:ca:1a:
                    05:b0:12:ad:c7:8e:af:4a:54:8f:25:6d:fe:a7:64:
                    5d:73:e9:69:f2:5f:4e:b1:fb:15:fe:96:45:7e:d0:
                    41:bf:4b:69:b0:69:40:2e:d8:36:24:d8:f0:56:77:
                    99:72:eb:83:49:5d:c3:4d:02:54:7d:90:85:1b:71:
                    bf:41:f2:99:d5:8b:c7:a3:1c:8a:57:b7:fe:1b:91:
                    ad:0b:46:2a:dc:35:8d:6a:a6:54:8b:70:12:f4:1e:
                    18:7f:c9:02:65:e8:63:e3:ed:14:3d:3d:36:d4:3e:
                    e1:3a:08:27:b8:c7:4f:a7:a2:c9:6b:dd:66:c4:e6:
                    b0:e9:64:88:ac:3e:39:17:a9:24:24:f4:f4:b8:2f:
                    f9:64:16:42:29:63:54:a2:58:97:cb:e1:e2:02:a9:
                    aa:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:70:0B:A8:C3:B3:AB:95:7A:5E:4C:ED:16:EB:94:28:BE:39:1C:A0
            X509v3 Authority Key Identifier:
                keyid:7C:A0:4C:C6:7E:F9:6D:90:22:F3:D0:BF:C5:1E:AD:B4:A4:B6:3E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKBMxn75bZAi89C_xR6ttKS2PuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/9XALqMOzq5V6XkztFuuUKL45HKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/9b94e2-d21d-4d81-8aea-a5568e0fbb6d/1/fKBMxn75bZAi89C_xR6ttKS2PuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:ea:9e:b4:7f:a8:04:ab:73:b6:f2:7b:c9:4b:a2:ff:fb:27:
         8e:62:3d:c8:2a:18:30:79:72:92:91:7e:b3:09:13:21:9c:80:
         83:b9:ff:c4:a8:9e:79:9b:4d:cd:ee:bd:cf:a7:48:c0:1d:25:
         16:0f:ab:d8:a2:97:77:c8:7d:8b:b9:94:55:9b:f5:e9:cc:1b:
         51:91:f8:a6:46:1f:6f:9e:b8:29:09:93:68:62:eb:d7:10:95:
         2c:a7:46:3f:27:e0:48:7d:e7:c5:da:31:36:5f:0d:a7:d7:1a:
         b7:e7:fc:1f:44:e0:47:79:70:4a:a8:d9:a5:52:9c:07:02:b5:
         7d:1c:fc:87:b8:ad:03:58:9c:74:a6:95:97:d7:4d:be:6a:fb:
         ef:a6:be:82:c9:9e:a8:b1:4c:6f:68:43:f6:18:21:48:c2:ca:
         94:c3:ab:78:a3:3a:81:c3:d6:a5:e7:bd:32:b7:82:dd:9c:80:
         95:0c:a2:b6:a4:29:52:f1:f5:1c:2d:01:62:02:c1:c9:98:ab:
         c9:45:9e:09:13:d3:31:c6:7a:e4:be:07:8a:9d:9f:2d:af:1f:
         0d:65:5c:e9:52:7b:94:77:75:40:ca:d1:fe:71:63:f5:f9:3f:
         90:32:8b:2d:d3:2f:6b:e4:1f:02:38:11:f8:f7:9c:1e:e0:63:
         84:bd:39:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeBbpBePOS5R1djhQIEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTA0Y2M2N2VmOTZkOTAyMmYzZDBiZmM1MWVhZGI0YTRi
NjNlZTYwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTcwMGJhOGMzYjNhYjk1N2E1ZTRjZWQxNmViOTQyOGJlMzkxY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cFYNagGeG7NndJ56JvgOgJmqF9m
XU6+64JHbwUqx/3Z/SX3lJch+OxVI/BqDKhJDh4bwXpYaPbTp32o2TER8/Uh6fs6
olXjA45RSMt3nOeghTtJggq+V1flJGJsjGWLOhxDmH10yhoFsBKtx46vSlSPJW3+
p2Rdc+lp8l9OsfsV/pZFftBBv0tpsGlALtg2JNjwVneZcuuDSV3DTQJUfZCFG3G/
QfKZ1YvHoxyKV7f+G5GtC0Yq3DWNaqZUi3AS9B4Yf8kCZehj4+0UPT021D7hOggn
uMdPp6LJa91mxOaw6WSIrD45F6kkJPT0uC/5ZBZCKWNUoliXy+HiAqmqzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVwC6jDs6uVel5M7RbrlCi+ORygMB8GA1UdIwQY
MBaAFHygTMZ++W2QIvPQv8UerbSktj7mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktCTXhuNzViWkFpODlDX3hSNnR0S1MyUHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi85Yjk0ZTItZDIxZC00ZDgxLThhZWEt
YTU1NjhlMGZiYjZkLzEvOVhBTHFNT3pxNVY2WGt6dEZ1dVVLTDQ1SEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi85Yjk0ZTItZDIxZC00ZDgxLThhZWEtYTU1NjhlMGZiYjZk
LzEvZktCTXhuNzViWkFpODlDX3hSNnR0S1MyUHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDn/8oMA0G
CSqGSIb3DQEBCwUAA4IBAQB76p60f6gEq3O28nvJS6L/+yeOYj3IKhgweXKSkX6z
CRMhnICDuf/EqJ55m03N7r3Pp0jAHSUWD6vYopd3yH2LuZRVm/XpzBtRkfimRh9v
nrgpCZNoYuvXEJUsp0Y/J+BIfefF2jE2Xw2n1xq35/wfROBHeXBKqNmlUpwHArV9
HPyHuK0DWJx0ppWX102+avvvpr6CyZ6osUxvaEP2GCFIwsqUw6t4ozqBw9al570y
t4LdnICVDKK2pClS8fUcLQFiAsHJmKvJRZ4JE9MxxnrkvgeKnZ8trx8NZVzpUnuU
d3VAytH+cWP1+T+QMost0y9r5B8COBH495we4GOEvTkP
-----END CERTIFICATE-----