Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/9SD_lHNsufPrZnV2B1n1wYgxnpk.roa
File:                     9SD_lHNsufPrZnV2B1n1wYgxnpk.roa (raw, json)
Hash identifier:          Wbn5FtqIzyX5GZwgenOx6f+JCWxCxy1oGfKLF43I6UE=
Subject key identifier:   F5:20:FF:94:73:6C:B9:F3:EB:66:75:76:07:59:F5:C1:88:31:9E:99
Certificate issuer:       /CN=9b632edb635aa8f9c40a0495a7a63bb6539580bb
Certificate serial:       018CC26D876C925CD60737B3E2E23380C59A
Authority key identifier: 9B:63:2E:DB:63:5A:A8:F9:C4:0A:04:95:A7:A6:3B:B6:53:95:80:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/9SD_lHNsufPrZnV2B1n1wYgxnpk.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12437
IP address blocks:        212.62.79.0/24 maxlen: 24
                          84.201.96.0/24 maxlen: 24
                          81.89.224.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/m2Mu22NaqPnECgSVp6Y7tlOVgLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/m2Mu22NaqPnECgSVp6Y7tlOVgLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:87:6c:92:5c:d6:07:37:b3:e2:e2:33:80:c5:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b632edb635aa8f9c40a0495a7a63bb6539580bb
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f520ff94736cb9f3eb6675760759f5c188319e99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:a1:8d:14:76:e1:28:26:93:77:cf:19:e3:a1:
                    23:8c:a6:5c:39:3b:f7:69:e9:78:75:fa:96:78:7b:
                    7b:a2:12:73:9c:31:f0:e6:0f:58:4c:09:85:de:6d:
                    9f:51:80:75:84:60:81:48:ac:06:f0:9e:39:c1:35:
                    57:f3:13:19:ae:63:a7:c8:6a:eb:75:31:91:db:d9:
                    36:68:bc:d4:21:0e:da:bf:4e:c1:13:27:d5:b3:03:
                    ed:a6:87:53:46:53:ac:8e:3a:3b:00:ff:38:20:b8:
                    e4:93:80:69:11:c4:35:d6:bc:fe:dd:95:fe:bb:19:
                    de:31:e0:a0:42:d3:6a:29:5d:43:ac:48:22:54:97:
                    b1:48:62:43:1c:df:09:60:df:98:a2:87:8c:12:b0:
                    eb:69:2d:b9:05:a8:f9:76:ba:ce:af:be:bc:21:52:
                    b4:0d:c1:10:ef:12:a6:11:4e:10:d2:14:56:68:d9:
                    e0:97:33:13:84:76:8f:30:51:10:10:c0:39:06:3c:
                    52:e3:55:b1:32:b6:9b:16:51:9e:a5:62:eb:d7:02:
                    ce:91:a0:2f:b1:0e:77:58:c9:fa:7b:bb:58:1f:1c:
                    0d:b7:f3:64:f7:99:be:d2:74:e4:66:d1:14:49:85:
                    cf:c1:bf:82:28:22:28:2f:30:84:a7:b1:93:ae:b0:
                    06:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:20:FF:94:73:6C:B9:F3:EB:66:75:76:07:59:F5:C1:88:31:9E:99
            X509v3 Authority Key Identifier:
                keyid:9B:63:2E:DB:63:5A:A8:F9:C4:0A:04:95:A7:A6:3B:B6:53:95:80:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2Mu22NaqPnECgSVp6Y7tlOVgLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/9SD_lHNsufPrZnV2B1n1wYgxnpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d02983-b11c-4bf7-b4b5-e8c9ad5f051a/1/m2Mu22NaqPnECgSVp6Y7tlOVgLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.89.224.0/23
                  84.201.96.0/24
                  212.62.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:5a:83:04:fe:16:9e:60:11:3a:e8:f7:cc:77:34:0a:b0:99:
         8c:72:79:eb:fa:d5:ea:b6:3e:2b:34:24:57:a2:f7:ed:59:d7:
         af:b0:9e:8d:fc:7f:9d:e2:b2:5d:f1:66:1c:e0:6d:26:44:97:
         12:3c:f0:db:bf:36:6a:76:24:fe:aa:7b:f3:45:75:98:64:2a:
         a3:72:c2:28:80:5a:6b:d5:fa:9d:5e:8d:44:cd:84:a7:ea:12:
         3e:bc:d9:07:75:78:9e:a6:01:aa:34:09:cb:71:df:d5:0f:1c:
         a0:ba:11:f7:61:2d:0a:05:90:2d:21:03:87:4f:9b:5b:40:f8:
         57:af:a9:fb:01:3d:6f:2d:1f:2c:ce:ad:86:91:a4:d8:35:37:
         5a:7e:1e:cb:ea:3b:16:db:11:4a:f0:da:d2:f1:f2:b0:16:45:
         20:1c:99:f3:64:f9:d7:5b:fc:03:ed:5f:0b:eb:16:8a:bc:68:
         99:c4:84:b7:0c:8d:3f:68:f4:b4:b1:62:cc:75:45:7e:fe:75:
         4f:79:3a:98:2c:e3:55:b1:40:e1:29:f3:1f:da:3e:53:f7:0b:
         5a:9a:d6:b4:85:5b:ff:45:da:cd:55:e9:77:55:66:41:8e:88:
         2a:64:dd:41:6c:0d:50:14:5a:cc:11:c9:c9:3c:23:11:8b:de:
         0f:9f:10:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzCbYdsklzWBzez4uIzgMWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNjMyZWRiNjM1YWE4ZjljNDBhMDQ5NWE3YTYzYmI2NTM5
NTgwYmIwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTIwZmY5NDczNmNiOWYzZWI2Njc1NzYwNzU5ZjVjMTg4MzE5ZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKGNFHbhKCaTd88Z46EjjKZcOTv3
ael4dfqWeHt7ohJznDHw5g9YTAmF3m2fUYB1hGCBSKwG8J45wTVX8xMZrmOnyGrr
dTGR29k2aLzUIQ7av07BEyfVswPtpodTRlOsjjo7AP84ILjkk4BpEcQ11rz+3ZX+
uxneMeCgQtNqKV1DrEgiVJexSGJDHN8JYN+YooeMErDraS25Baj5drrOr768IVK0
DcEQ7xKmEU4Q0hRWaNnglzMThHaPMFEQEMA5BjxS41WxMrabFlGepWLr1wLOkaAv
sQ53WMn6e7tYHxwNt/Nk95m+0nTkZtEUSYXPwb+CKCIoLzCEp7GTrrAGZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPUg/5RzbLnz62Z1dgdZ9cGIMZ6ZMB8GA1UdIwQY
MBaAFJtjLttjWqj5xAoElaemO7ZTlYC7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTJNdTIyTmFxUG5FQ2dTVnA2WTd0bE9WZ0xzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kMDI5ODMtYjExYy00YmY3LWI0YjUt
ZThjOWFkNWYwNTFhLzEvOVNEX2xITnN1ZlByWm5WMkIxbjF3WWd4bnBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kMDI5ODMtYjExYy00YmY3LWI0YjUtZThjOWFkNWYwNTFh
LzEvbTJNdTIyTmFxUG5FQ2dTVnA2WTd0bE9WZ0xzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUVngAwQA
VMlgAwQA1D5PMA0GCSqGSIb3DQEBCwUAA4IBAQAIWoME/haeYBE66PfMdzQKsJmM
cnnr+tXqtj4rNCRXovftWdevsJ6N/H+d4rJd8WYc4G0mRJcSPPDbvzZqdiT+qnvz
RXWYZCqjcsIogFpr1fqdXo1EzYSn6hI+vNkHdXiepgGqNAnLcd/VDxyguhH3YS0K
BZAtIQOHT5tbQPhXr6n7AT1vLR8szq2GkaTYNTdafh7L6jsW2xFK8NrS8fKwFkUg
HJnzZPnXW/wD7V8L6xaKvGiZxIS3DI0/aPS0sWLMdUV+/nVPeTqYLONVsUDhKfMf
2j5T9wtamta0hVv/RdrNVel3VWZBjogqZN1BbA1QFFrMEcnJPCMRi94PnxDc
-----END CERTIFICATE-----