Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/9H3_e57M-2X8NzBH_qsaNkaaX7I.roa
File:                     9H3_e57M-2X8NzBH_qsaNkaaX7I.roa (raw, json)
Hash identifier:          C8TOPCzA/mLq38FsLRecTo6A/5bYraYVWGwTRDzacLY=
Subject key identifier:   F4:7D:FF:7B:9E:CC:FB:65:FC:37:30:47:FE:AB:1A:36:46:9A:5F:B2
Certificate issuer:       /CN=4c1b0c40969080957fccee1fb8a3fb4bb38bf5dc
Certificate serial:       018D1C46658DC68E50DF8529B4DF359E7D6F
Authority key identifier: 4C:1B:0C:40:96:90:80:95:7F:CC:EE:1F:B8:A3:FB:4B:B3:8B:F5:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/9H3_e57M-2X8NzBH_qsaNkaaX7I.roa
Signing time:             Thu 18 Jan 2024 11:13:11 +0000
ROA not before:           Thu 18 Jan 2024 11:13:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.27.116.0/22 maxlen: 22
                          185.27.117.0/24 maxlen: 24
                          2a04:2ec0::/29 maxlen: 29
                          2a04:2ec0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/TBsMQJaQgJV_zO4fuKP7S7OL9dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/TBsMQJaQgJV_zO4fuKP7S7OL9dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:46:65:8d:c6:8e:50:df:85:29:b4:df:35:9e:7d:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c1b0c40969080957fccee1fb8a3fb4bb38bf5dc
        Validity
            Not Before: Jan 18 11:13:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f47dff7b9eccfb65fc373047feab1a36469a5fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3d:77:78:78:a9:e6:95:c9:e0:d9:00:ec:c1:
                    bd:cb:2b:70:2e:a7:e0:78:4f:f2:87:a1:00:d8:12:
                    5d:ff:1b:5e:e7:68:eb:b6:65:5a:e3:09:da:ea:9a:
                    97:6d:cf:1e:c4:8c:e3:ff:87:c8:f4:ab:89:5f:ea:
                    c7:48:cb:7a:bc:c4:64:4f:e3:9b:94:84:86:2e:34:
                    ed:96:d6:96:9e:55:b6:43:99:f6:4c:2d:e0:49:7b:
                    eb:12:7c:32:e8:5e:ac:a5:30:7e:2d:58:b2:83:d0:
                    79:2b:0f:2a:40:cf:4c:ed:57:ac:ab:43:7f:a5:e4:
                    49:8a:9c:92:8f:29:2b:69:59:d1:68:8d:7f:53:83:
                    a5:50:e3:2c:f7:f1:f8:42:c9:3b:0e:a9:0a:2e:b4:
                    db:21:df:e2:60:c1:59:05:9b:87:9d:d6:4c:4a:4f:
                    a8:06:89:a0:bb:bd:bc:19:94:65:12:49:f3:d7:c6:
                    0e:b8:44:76:49:54:5a:de:39:7e:14:07:96:ff:bd:
                    2d:02:c4:db:5e:2c:8c:7a:e0:db:ed:7d:77:a2:e6:
                    a1:84:01:60:95:c2:f2:1a:8f:a4:3a:a1:12:18:a0:
                    cf:cd:e4:b1:6f:f3:78:a0:d0:1d:53:68:5e:bd:7a:
                    1b:25:0c:1e:d1:76:21:05:7f:ef:f5:3c:fd:5a:7d:
                    72:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:7D:FF:7B:9E:CC:FB:65:FC:37:30:47:FE:AB:1A:36:46:9A:5F:B2
            X509v3 Authority Key Identifier:
                keyid:4C:1B:0C:40:96:90:80:95:7F:CC:EE:1F:B8:A3:FB:4B:B3:8B:F5:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/9H3_e57M-2X8NzBH_qsaNkaaX7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/TBsMQJaQgJV_zO4fuKP7S7OL9dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.116.0/22
                IPv6:
                  2a04:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:b2:38:64:d1:09:49:aa:7a:63:dd:a5:c6:1a:07:c6:a9:ae:
         69:1a:77:cb:67:39:d0:09:92:78:7a:d4:fa:40:b0:03:8b:9b:
         2a:de:a5:c3:84:1f:93:7c:84:87:0b:ac:29:d9:31:4b:a9:5f:
         cc:3a:38:aa:95:f5:74:37:e5:f7:68:18:b6:9b:c3:02:fa:aa:
         af:65:8d:1f:1e:59:e6:b8:56:03:77:fc:e8:5f:48:cf:34:51:
         4e:63:3c:de:ba:b6:e4:d3:a8:2a:75:a9:57:ed:53:33:a4:a5:
         99:b2:7c:4f:df:63:b5:e5:00:c7:a5:99:f4:f8:30:7d:65:d9:
         59:66:ed:1d:56:26:75:78:77:17:50:10:ba:2e:83:bc:b4:af:
         fa:f9:80:b5:a7:7b:5e:97:39:7c:55:10:f1:02:0e:bd:9e:be:
         96:66:14:4a:a0:5d:52:ac:fa:60:34:cb:a8:8c:33:be:db:cb:
         38:7b:fc:50:8c:8e:6f:aa:0e:5f:63:c9:31:45:bb:7d:0a:d5:
         92:50:69:18:cd:a6:b6:81:c4:e2:21:9f:02:ec:6e:36:47:37:
         50:66:b8:bd:ca:ce:d1:56:c6:65:04:62:da:fe:e4:50:99:95:
         94:3c:14:b7:2b:87:a1:1e:e6:2f:2e:93:27:46:7c:7e:05:03:
         38:39:a9:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY0cRmWNxo5Q34UptN81nn1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMWIwYzQwOTY5MDgwOTU3ZmNjZWUxZmI4YTNmYjRiYjM4
YmY1ZGMwHhcNMjQwMTE4MTExMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDdkZmY3YjllY2NmYjY1ZmMzNzMwNDdmZWFiMWEzNjQ2OWE1ZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD13eHip5pXJ4NkA7MG9yytwLqfg
eE/yh6EA2BJd/xte52jrtmVa4wna6pqXbc8exIzj/4fI9KuJX+rHSMt6vMRkT+Ob
lISGLjTtltaWnlW2Q5n2TC3gSXvrEnwy6F6spTB+LViyg9B5Kw8qQM9M7Vesq0N/
peRJipySjykraVnRaI1/U4OlUOMs9/H4Qsk7DqkKLrTbId/iYMFZBZuHndZMSk+o
Bomgu728GZRlEknz18YOuER2SVRa3jl+FAeW/70tAsTbXiyMeuDb7X13ouahhAFg
lcLyGo+kOqESGKDPzeSxb/N4oNAdU2hevXobJQwe0XYhBX/v9Tz9Wn1yAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPR9/3uezPtl/DcwR/6rGjZGml+yMB8GA1UdIwQY
MBaAFEwbDECWkICVf8zuH7ij+0uzi/XcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJzTVFKYVFnSlZfek80ZnVLUDdTN09MOWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9lZTI5YTYtNjkxZC00YjBjLWFkNjMt
OTRjODI1NGJkM2I3LzEvOUgzX2U1N00tMlg4TnpCSF9xc2FOa2FhWDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9lZTI5YTYtNjkxZC00YjBjLWFkNjMtOTRjODI1NGJkM2I3
LzEvVEJzTVFKYVFnSlZfek80ZnVLUDdTN09MOWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRt0MA0E
AgACMAcDBQMqBC7AMA0GCSqGSIb3DQEBCwUAA4IBAQCMsjhk0QlJqnpj3aXGGgfG
qa5pGnfLZznQCZJ4etT6QLADi5sq3qXDhB+TfISHC6wp2TFLqV/MOjiqlfV0N+X3
aBi2m8MC+qqvZY0fHlnmuFYDd/zoX0jPNFFOYzzeurbk06gqdalX7VMzpKWZsnxP
32O15QDHpZn0+DB9ZdlZZu0dViZ1eHcXUBC6LoO8tK/6+YC1p3telzl8VRDxAg69
nr6WZhRKoF1SrPpgNMuojDO+28s4e/xQjI5vqg5fY8kxRbt9CtWSUGkYzaa2gcTi
IZ8C7G42RzdQZri9ys7RVsZlBGLa/uRQmZWUPBS3K4ehHuYvLpMnRnx+BQM4Oamm
-----END CERTIFICATE-----