Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/nTnCm9KTHVHV28qEkmz_WyNeDCE.roa
File:                     nTnCm9KTHVHV28qEkmz_WyNeDCE.roa (raw, json)
Hash identifier:          fCgdtVWlO0IJDLwgHRAS3Wo9IPBdMJPjQW6+hymNx6o=
Subject key identifier:   9D:39:C2:9B:D2:93:1D:51:D5:DB:CA:84:92:6C:FF:5B:23:5E:0C:21
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018CC348C50E03955B6B59EDF9EFCED4EE87
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/nTnCm9KTHVHV28qEkmz_WyNeDCE.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56466
IP address blocks:        185.155.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c5:0e:03:95:5b:6b:59:ed:f9:ef:ce:d4:ee:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d39c29bd2931d51d5dbca84926cff5b235e0c21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cd:b9:f9:56:60:aa:e7:0d:be:58:37:83:ba:
                    e5:74:04:4f:50:b4:50:fc:f2:59:1c:06:36:6a:6d:
                    a9:cf:b2:d9:5c:fc:00:e7:ae:7f:13:96:d1:c0:2d:
                    70:e5:e0:ed:54:de:ba:c5:af:1f:ac:35:5e:45:9c:
                    cf:ed:68:4c:24:e3:1f:59:3c:b8:77:b4:3f:95:8f:
                    05:9e:0b:46:d9:a0:99:d5:3e:f9:5d:d3:3e:a9:8f:
                    63:30:b8:67:09:f0:9e:4b:89:cb:b2:af:f8:78:a9:
                    85:78:6b:39:37:36:9e:0a:c6:e8:10:bc:bd:83:ec:
                    c6:9b:92:4a:48:f3:bd:b9:38:5e:3c:60:34:a9:3c:
                    a8:70:4d:e3:32:84:97:24:c2:e5:03:b5:e2:83:42:
                    d4:e3:33:9a:f8:87:48:05:fa:b7:b6:03:9b:25:77:
                    4e:4e:99:f8:7b:90:4f:62:e3:ef:1d:23:e2:96:ff:
                    54:33:bc:5b:46:d7:e2:23:42:65:e0:da:b8:62:9a:
                    ba:71:2f:22:f8:c3:3e:a5:53:40:55:c7:78:08:65:
                    17:f7:98:f7:b9:48:85:a2:b7:bc:83:5d:aa:4d:b1:
                    28:2d:3a:eb:8a:f4:31:13:af:55:29:a0:9e:85:32:
                    ce:96:a0:55:55:3c:25:49:a5:9a:37:c0:98:f7:10:
                    0c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:39:C2:9B:D2:93:1D:51:D5:DB:CA:84:92:6C:FF:5B:23:5E:0C:21
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/nTnCm9KTHVHV28qEkmz_WyNeDCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ed:bc:cf:a1:e4:13:73:4b:4a:7f:dd:47:5f:2b:ad:c2:e4:
         c3:e4:1a:fc:93:d7:1c:99:76:62:a7:47:57:57:d5:fd:c2:c9:
         d7:4f:c7:74:a4:de:92:b0:4f:dc:1b:8a:06:dd:9a:8c:d3:96:
         cf:99:fc:df:7c:7b:e5:2a:96:e0:39:c1:28:15:f2:f4:ad:0d:
         d9:a7:8c:f8:42:a4:05:91:29:43:d7:bb:b1:82:d5:9e:c2:2c:
         3a:6a:54:38:d7:2a:91:7f:91:06:91:14:8f:6c:9b:1c:04:71:
         02:97:a8:b6:7e:f6:c9:13:ce:31:26:38:bb:73:b3:ad:e8:0f:
         70:dd:09:2a:8d:80:96:ea:2e:52:7c:60:26:be:54:6a:a7:ba:
         6f:c4:e0:37:f0:23:49:7c:18:53:aa:f1:e9:54:64:2c:f6:2f:
         95:0f:f1:9a:b1:f8:be:ff:56:e2:41:32:dd:03:bf:63:4c:7e:
         1a:b8:bd:91:63:64:ea:be:5a:da:3c:63:b8:98:37:6a:18:85:
         80:0e:23:97:49:98:0c:b7:6e:7d:a9:19:4c:4b:2f:87:2c:55:
         38:10:01:ba:04:4d:4c:80:15:83:49:d2:be:b9:dc:7d:f8:f3:
         66:5c:79:1d:b3:28:f9:c4:11:24:67:3b:74:ef:70:70:2d:63:
         1f:a2:52:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMUOA5Vba1nt+e/O1O6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDM5YzI5YmQyOTMxZDUxZDVkYmNhODQ5MjZjZmY1YjIzNWUwYzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc25+VZgqucNvlg3g7rldARPULRQ
/PJZHAY2am2pz7LZXPwA565/E5bRwC1w5eDtVN66xa8frDVeRZzP7WhMJOMfWTy4
d7Q/lY8FngtG2aCZ1T75XdM+qY9jMLhnCfCeS4nLsq/4eKmFeGs5NzaeCsboELy9
g+zGm5JKSPO9uThePGA0qTyocE3jMoSXJMLlA7Xig0LU4zOa+IdIBfq3tgObJXdO
Tpn4e5BPYuPvHSPilv9UM7xbRtfiI0Jl4Nq4Ypq6cS8i+MM+pVNAVcd4CGUX95j3
uUiFore8g12qTbEoLTrrivQxE69VKaCehTLOlqBVVTwlSaWaN8CY9xAMSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ05wpvSkx1R1dvKhJJs/1sjXgwhMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvblRuQ205S1RIVkhWMjhxRWttel9XeU5lRENFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZsJMA0G
CSqGSIb3DQEBCwUAA4IBAQBz7bzPoeQTc0tKf91HXyutwuTD5Br8k9ccmXZip0dX
V9X9wsnXT8d0pN6SsE/cG4oG3ZqM05bPmfzffHvlKpbgOcEoFfL0rQ3Zp4z4QqQF
kSlD17uxgtWewiw6alQ41yqRf5EGkRSPbJscBHECl6i2fvbJE84xJji7c7Ot6A9w
3QkqjYCW6i5SfGAmvlRqp7pvxOA38CNJfBhTqvHpVGQs9i+VD/Gasfi+/1biQTLd
A79jTH4auL2RY2TqvlraPGO4mDdqGIWADiOXSZgMt259qRlMSy+HLFU4EAG6BE1M
gBWDSdK+udx9+PNmXHkdsyj5xBEkZzt073BwLWMfolLo
-----END CERTIFICATE-----