Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/T6mR3-KFJeRRNbnjA0MdG-paCZM.roa
File:                     T6mR3-KFJeRRNbnjA0MdG-paCZM.roa (raw, json)
Hash identifier:          azKsQr1mx6zSrNZ5zF8QjQ+sG8Wu38uyyO9Q0GKkGN0=
Subject key identifier:   4F:A9:91:DF:E2:85:25:E4:51:35:B9:E3:03:43:1D:1B:EA:5A:09:93
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C4CA92F6D7EB21525A97DE741454
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/T6mR3-KFJeRRNbnjA0MdG-paCZM.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50530
IP address blocks:        109.125.180.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c4:ca:92:f6:d7:eb:21:52:5a:97:de:74:14:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fa991dfe28525e45135b9e303431d1bea5a0993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ca:a4:46:65:31:ac:9c:88:c9:38:c1:fc:1b:
                    ed:fb:74:3e:83:a9:34:9f:40:22:0f:69:eb:b7:a3:
                    b9:fe:87:a0:46:4f:af:3f:3b:7a:a7:73:58:d9:49:
                    f0:51:22:27:24:ed:61:d0:6e:e5:7b:69:04:d4:1a:
                    c3:90:2a:c9:86:08:bd:80:fe:66:f1:30:3c:43:10:
                    3c:e6:9c:7f:a8:b4:6c:7c:64:31:d2:92:69:e6:0d:
                    fe:15:8a:e7:1f:cf:36:fa:85:9f:e0:90:f2:5c:10:
                    73:1d:d6:51:47:24:55:e1:f6:57:eb:c7:49:29:db:
                    dc:ef:9c:81:7b:ad:20:4b:ca:d3:81:6e:71:a1:2f:
                    6e:77:e1:2a:d7:ea:0c:8a:10:41:a7:8d:2d:33:97:
                    0b:7a:49:14:2a:80:13:b4:a1:a1:44:2a:b8:ca:5f:
                    3c:35:19:f7:e5:88:39:dc:bb:83:4b:3d:09:a9:cf:
                    fc:83:fa:1e:f6:28:60:40:52:ff:dd:95:7a:71:46:
                    13:18:60:14:42:79:22:4f:6a:98:82:bc:37:fc:a3:
                    8b:8b:fd:2e:8d:c4:57:30:54:2d:bf:7c:ba:09:67:
                    3a:ad:55:b4:50:df:c1:0b:8f:48:d7:44:4e:7d:a6:
                    15:b7:c8:5f:84:fd:12:2e:f6:c7:61:0f:18:f2:6e:
                    cd:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:A9:91:DF:E2:85:25:E4:51:35:B9:E3:03:43:1D:1B:EA:5A:09:93
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/T6mR3-KFJeRRNbnjA0MdG-paCZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.125.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:96:d3:d4:f6:04:98:26:f6:45:2c:76:9d:76:c0:2b:24:1c:
         61:97:2d:39:db:d3:84:dd:d5:77:c7:61:5f:bc:95:e5:34:8f:
         e1:d7:7e:e9:92:e0:b9:57:73:fd:02:ba:b3:f9:ca:1f:7f:f9:
         1e:40:3c:a9:1a:f3:27:99:c3:65:c3:91:61:6d:8e:d4:1b:b2:
         48:8a:71:c3:13:7a:df:aa:db:16:00:b6:5a:dc:98:ec:8a:d9:
         ae:0b:64:0e:2b:72:28:5d:41:f1:1a:dc:43:59:d2:bd:c6:a3:
         ab:1a:87:fc:dd:03:6a:b2:51:49:68:9a:f6:27:a6:e4:39:09:
         39:38:03:7a:1d:45:88:41:82:7f:6c:31:e9:9f:6b:58:a0:b8:
         82:aa:a5:6f:c5:d9:16:75:1a:f5:94:8f:e5:d4:f3:34:06:a2:
         77:5b:f4:c8:45:5d:ae:59:32:ad:c2:66:38:08:b0:91:19:a7:
         b2:aa:bc:ea:c7:3d:27:6e:1c:15:d5:ee:72:c1:d5:d7:8f:de:
         9d:aa:3c:d2:07:7d:8b:f4:bc:fc:a1:40:08:74:44:04:37:8a:
         0d:32:6b:12:d1:91:a0:64:18:da:e2:8c:c4:67:52:2a:d2:04:
         7a:f4:d8:97:58:62:e5:be:f3:35:d1:34:3c:ee:94:b7:86:fc:
         99:56:5b:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMTKkvbX6yFSWpfedBRUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmE5OTFkZmUyODUyNWU0NTEzNWI5ZTMwMzQzMWQxYmVhNWEwOTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8qkRmUxrJyIyTjB/Bvt+3Q+g6k0
n0AiD2nrt6O5/oegRk+vPzt6p3NY2UnwUSInJO1h0G7le2kE1BrDkCrJhgi9gP5m
8TA8QxA85px/qLRsfGQx0pJp5g3+FYrnH882+oWf4JDyXBBzHdZRRyRV4fZX68dJ
Kdvc75yBe60gS8rTgW5xoS9ud+Eq1+oMihBBp40tM5cLekkUKoATtKGhRCq4yl88
NRn35Yg53LuDSz0Jqc/8g/oe9ihgQFL/3ZV6cUYTGGAUQnkiT2qYgrw3/KOLi/0u
jcRXMFQtv3y6CWc6rVW0UN/BC49I10ROfaYVt8hfhP0SLvbHYQ8Y8m7N/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+pkd/ihSXkUTW54wNDHRvqWgmTMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvVDZtUjMtS0ZKZVJSTmJuakEwTWRHLXBhQ1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbX20MA0G
CSqGSIb3DQEBCwUAA4IBAQCmltPU9gSYJvZFLHaddsArJBxhly0529OE3dV3x2Ff
vJXlNI/h137pkuC5V3P9Arqz+coff/keQDypGvMnmcNlw5FhbY7UG7JIinHDE3rf
qtsWALZa3JjsitmuC2QOK3IoXUHxGtxDWdK9xqOrGof83QNqslFJaJr2J6bkOQk5
OAN6HUWIQYJ/bDHpn2tYoLiCqqVvxdkWdRr1lI/l1PM0BqJ3W/TIRV2uWTKtwmY4
CLCRGaeyqrzqxz0nbhwV1e5ywdXXj96dqjzSB32L9Lz8oUAIdEQEN4oNMmsS0ZGg
ZBja4ozEZ1Iq0gR69NiXWGLlvvM10TQ87pS3hvyZVlsr
-----END CERTIFICATE-----