Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/msMFq9XuUMlMmahqeI-gH_15n_U.roa
File:                     msMFq9XuUMlMmahqeI-gH_15n_U.roa (raw, json)
Hash identifier:          Ex3SDnr3hjKbx4+TZ3Z/Ww0HnteJBsYlQq64EvYvxZA=
Subject key identifier:   9A:C3:05:AB:D5:EE:50:C9:4C:99:A8:6A:78:8F:A0:1F:FD:79:9F:F5
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       018D0410B81921B9F0A0F3C60677BEE9E4CA
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/msMFq9XuUMlMmahqeI-gH_15n_U.roa
Signing time:             Sat 13 Jan 2024 18:23:40 +0000
ROA not before:           Sat 13 Jan 2024 18:23:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211975
IP address blocks:        109.72.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:04:10:b8:19:21:b9:f0:a0:f3:c6:06:77:be:e9:e4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan 13 18:23:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ac305abd5ee50c94c99a86a788fa01ffd799ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:21:15:c5:98:b3:14:5c:c8:8a:cd:7d:8a:4f:
                    76:16:b9:be:8f:27:b1:27:5e:59:93:5c:ed:01:28:
                    65:7c:60:4b:0e:d7:fb:72:6c:a8:fa:5c:b5:2c:ec:
                    d1:23:90:48:bb:d0:ec:86:f3:5f:58:1f:41:56:86:
                    ff:d2:8d:46:8f:19:df:44:2f:ad:af:58:5b:cb:db:
                    df:69:54:05:74:22:16:51:43:b4:38:e3:04:4e:0c:
                    e1:0f:30:33:87:9b:02:fd:99:2f:38:0f:e1:7a:00:
                    ef:88:96:82:38:11:40:32:71:1b:0e:80:df:3e:27:
                    f0:90:fc:80:0c:51:c0:05:2c:7f:eb:6c:53:4d:28:
                    e8:00:62:42:4d:57:89:0d:22:cc:ec:e3:30:19:d2:
                    8f:1d:cf:71:20:4d:0b:be:bf:3f:14:0b:5f:e7:48:
                    d0:07:da:fe:ae:9e:14:f1:10:8d:e5:e3:47:dc:78:
                    16:14:11:d6:2d:59:17:79:f8:5e:05:04:eb:79:db:
                    4e:b4:0c:2f:db:12:4f:6b:7e:af:d3:21:9b:73:7d:
                    2f:46:b3:fb:d1:fb:23:66:0b:7e:d9:7d:1a:fc:27:
                    84:87:a9:7b:20:73:19:f1:89:8e:08:5e:59:53:19:
                    de:04:fa:06:d7:6b:57:db:37:a6:72:69:c2:8b:aa:
                    15:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C3:05:AB:D5:EE:50:C9:4C:99:A8:6A:78:8F:A0:1F:FD:79:9F:F5
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/msMFq9XuUMlMmahqeI-gH_15n_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:b1:44:f3:46:61:05:7d:d4:f9:77:65:56:07:e9:9b:46:4c:
         e7:cd:81:83:66:8c:e9:8d:1c:5a:86:c8:29:60:4c:5b:a1:2d:
         00:f2:26:a5:b8:7b:ab:32:35:7e:90:28:25:19:7c:d4:e4:04:
         82:c2:1f:67:07:8e:62:e7:03:47:06:ba:45:ee:45:1d:a4:37:
         29:da:2b:24:86:c5:1b:ac:9e:31:e0:de:46:20:64:87:e1:4f:
         21:4b:02:c5:73:b1:d0:7f:8e:c7:37:f5:01:a5:58:d8:44:8b:
         24:4a:dc:b2:d9:e9:2f:a8:2a:8a:44:13:c6:80:af:65:f8:e9:
         6d:46:72:da:2c:04:45:d8:13:49:80:90:3a:74:f3:bd:99:f8:
         6f:f9:7e:a5:2a:d6:0a:49:52:80:41:d5:de:16:a5:a4:1a:5f:
         8f:90:af:8e:9e:1c:f5:11:13:9b:5c:d4:87:eb:51:dd:19:e5:
         27:ec:2d:83:cc:96:ad:6c:98:b0:a6:f6:36:4f:32:37:a2:32:
         ea:13:d4:d9:0c:8f:e2:51:61:88:a8:c2:3c:fa:c0:66:62:1a:
         e6:98:34:3f:e7:ee:24:fc:01:76:da:71:14:57:40:8b:e6:a7:
         88:e4:e9:d6:97:05:df:ae:3f:3b:ef:ab:ff:bf:ae:49:7c:fb:
         34:06:47:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0EELgZIbnwoPPGBne+6eTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjQwMTEzMTgyMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWMzMDVhYmQ1ZWU1MGM5NGM5OWE4NmE3ODhmYTAxZmZkNzk5ZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCEVxZizFFzIis19ik92Frm+jyex
J15Zk1ztAShlfGBLDtf7cmyo+ly1LOzRI5BIu9DshvNfWB9BVob/0o1GjxnfRC+t
r1hby9vfaVQFdCIWUUO0OOMETgzhDzAzh5sC/ZkvOA/hegDviJaCOBFAMnEbDoDf
PifwkPyADFHABSx/62xTTSjoAGJCTVeJDSLM7OMwGdKPHc9xIE0Lvr8/FAtf50jQ
B9r+rp4U8RCN5eNH3HgWFBHWLVkXefheBQTredtOtAwv2xJPa36v0yGbc30vRrP7
0fsjZgt+2X0a/CeEh6l7IHMZ8YmOCF5ZUxneBPoG12tX2zemcmnCi6oVFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrDBavV7lDJTJmoaniPoB/9eZ/1MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvbXNNRnE5WHVVTWxNbWFocWVJLWdIXzE1bl9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUhxMA0G
CSqGSIb3DQEBCwUAA4IBAQA5sUTzRmEFfdT5d2VWB+mbRkznzYGDZozpjRxahsgp
YExboS0A8ialuHurMjV+kCglGXzU5ASCwh9nB45i5wNHBrpF7kUdpDcp2iskhsUb
rJ4x4N5GIGSH4U8hSwLFc7HQf47HN/UBpVjYRIskStyy2ekvqCqKRBPGgK9l+Olt
RnLaLARF2BNJgJA6dPO9mfhv+X6lKtYKSVKAQdXeFqWkGl+PkK+Onhz1ERObXNSH
61HdGeUn7C2DzJatbJiwpvY2TzI3ojLqE9TZDI/iUWGIqMI8+sBmYhrmmDQ/5+4k
/AF22nEUV0CL5qeI5OnWlwXfrj8776v/v65JfPs0BkdO
-----END CERTIFICATE-----