Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/d9j1EMOBh9SOoAk-ogDtxStSdGU.roa
File:                     d9j1EMOBh9SOoAk-ogDtxStSdGU.roa (raw, json)
Hash identifier:          2g4QmgtO0VYsEUKUN5vAFlt52kJOeZ0EoQz0xecJOnA=
Subject key identifier:   77:D8:F5:10:C3:81:87:D4:8E:A0:09:3E:A2:00:ED:C5:2B:52:74:65
Certificate issuer:       /CN=4c3e9da3bf593802cc833fe5d947a52696f58c8d
Certificate serial:       018CC64B77BF4A3D0A0C0FE04D98047F5084
Authority key identifier: 4C:3E:9D:A3:BF:59:38:02:CC:83:3F:E5:D9:47:A5:26:96:F5:8C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TD6do79ZOALMgz_l2UelJpb1jI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/d9j1EMOBh9SOoAk-ogDtxStSdGU.roa
Signing time:             Mon 01 Jan 2024 18:31:23 +0000
ROA not before:           Mon 01 Jan 2024 18:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39122
IP address blocks:        193.203.126.0/24 maxlen: 24
                          2a0d:1f00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/TD6do79ZOALMgz_l2UelJpb1jI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/TD6do79ZOALMgz_l2UelJpb1jI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TD6do79ZOALMgz_l2UelJpb1jI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:77:bf:4a:3d:0a:0c:0f:e0:4d:98:04:7f:50:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3e9da3bf593802cc833fe5d947a52696f58c8d
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77d8f510c38187d48ea0093ea200edc52b527465
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:00:de:40:a5:1c:86:f4:78:44:16:85:06:dd:
                    f5:52:af:e1:e6:60:52:dd:27:73:6d:9c:3c:75:27:
                    50:90:2c:cb:7b:b4:b8:57:ea:7f:2a:91:8d:97:21:
                    9d:f1:80:b4:a1:50:d0:f1:e5:a2:03:e8:26:c9:5a:
                    87:08:5c:d4:7a:e9:2d:fd:57:a7:c8:7b:06:a5:6d:
                    09:27:35:ce:b2:65:f1:7f:09:2e:e3:74:83:70:d6:
                    35:96:9b:bf:c8:17:e2:8f:63:66:29:c5:1d:1a:90:
                    ee:01:c1:d7:09:b9:fd:c3:44:ca:83:54:8d:77:2f:
                    c6:62:fe:dd:88:1f:27:15:05:a5:64:bd:25:7e:20:
                    6a:8d:29:6d:76:15:2d:a6:bc:1b:f3:3d:c1:35:88:
                    26:da:fb:b3:e6:ec:dc:10:49:c4:9e:88:4c:69:3b:
                    3c:f9:ed:0d:b8:34:f5:62:09:b1:b4:5e:16:03:cf:
                    b0:b8:63:fc:79:65:c6:4d:05:6f:3d:2a:87:4b:eb:
                    d2:cf:cd:fd:08:bc:98:ba:a5:dc:62:9d:b3:e5:5a:
                    d8:e4:9e:33:5e:f2:24:51:e0:c0:3f:a2:94:ad:14:
                    db:74:25:1c:0e:60:fd:8a:4b:c9:2d:17:22:45:47:
                    aa:fd:fc:2f:a3:b1:0f:d6:25:a6:2e:08:bc:2c:d0:
                    5d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D8:F5:10:C3:81:87:D4:8E:A0:09:3E:A2:00:ED:C5:2B:52:74:65
            X509v3 Authority Key Identifier:
                keyid:4C:3E:9D:A3:BF:59:38:02:CC:83:3F:E5:D9:47:A5:26:96:F5:8C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TD6do79ZOALMgz_l2UelJpb1jI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/d9j1EMOBh9SOoAk-ogDtxStSdGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b9a830-6992-49c6-8973-eacb4965fe38/1/TD6do79ZOALMgz_l2UelJpb1jI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.126.0/24
                IPv6:
                  2a0d:1f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:5f:56:e0:21:7d:e5:a8:6d:69:1b:ae:dc:7e:65:df:70:59:
         43:88:b7:b6:b1:df:65:cc:56:2b:2e:99:78:bc:39:ab:c5:a4:
         cd:cc:8a:50:f4:dd:c1:22:fc:c3:0f:df:f5:e3:21:3e:b2:a3:
         23:9f:6b:96:45:db:36:c1:f5:b8:0e:3e:ac:bf:1b:88:11:7d:
         a5:90:6a:26:81:aa:3e:85:d0:e5:12:1e:1f:58:de:cf:c8:16:
         01:06:76:03:7b:01:32:c0:87:5e:56:08:48:1b:2f:01:28:85:
         24:f6:0a:4e:ca:c9:71:a2:81:b3:bc:77:f9:1a:cb:5d:09:1e:
         16:65:b6:a0:a9:84:ee:b2:ea:4a:4a:9f:79:dd:1a:b8:1d:1f:
         d1:55:f9:4b:c8:03:d8:39:82:f4:26:43:6a:22:bd:46:9b:2b:
         70:87:53:19:d0:5c:64:21:29:5d:ba:53:1a:0d:be:82:f2:36:
         3a:1c:10:dd:51:8e:a9:9f:22:59:33:6c:a0:e1:56:ba:96:cc:
         fa:9a:19:bd:79:42:2a:6f:23:5d:b3:b1:55:c4:a0:47:6f:72:
         70:f8:6d:38:88:0b:1c:0d:1d:57:73:d8:aa:6b:6e:62:81:44:
         2a:67:96:5a:1c:34:e9:a6:ee:80:03:a9:dc:ec:09:12:05:86:
         87:89:36:06
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGS3e/Sj0KDA/gTZgEf1CEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjM2U5ZGEzYmY1OTM4MDJjYzgzM2ZlNWQ5NDdhNTI2OTZm
NThjOGQwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2Q4ZjUxMGMzODE4N2Q0OGVhMDA5M2VhMjAwZWRjNTJiNTI3NDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwDeQKUchvR4RBaFBt31Uq/h5mBS
3SdzbZw8dSdQkCzLe7S4V+p/KpGNlyGd8YC0oVDQ8eWiA+gmyVqHCFzUeukt/Ven
yHsGpW0JJzXOsmXxfwku43SDcNY1lpu/yBfij2NmKcUdGpDuAcHXCbn9w0TKg1SN
dy/GYv7diB8nFQWlZL0lfiBqjSltdhUtprwb8z3BNYgm2vuz5uzcEEnEnohMaTs8
+e0NuDT1YgmxtF4WA8+wuGP8eWXGTQVvPSqHS+vSz839CLyYuqXcYp2z5VrY5J4z
XvIkUeDAP6KUrRTbdCUcDmD9ikvJLRciRUeq/fwvo7EP1iWmLgi8LNBdIwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHfY9RDDgYfUjqAJPqIA7cUrUnRlMB8GA1UdIwQY
MBaAFEw+naO/WTgCzIM/5dlHpSaW9YyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEQ2ZG83OVpPQUxNZ3pfbDJVZWxKcGIxakkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iOWE4MzAtNjk5Mi00OWM2LTg5NzMt
ZWFjYjQ5NjVmZTM4LzEvZDlqMUVNT0JoOVNPb0FrLW9nRHR4U3RTZEdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iOWE4MzAtNjk5Mi00OWM2LTg5NzMtZWFjYjQ5NjVmZTM4
LzEvVEQ2ZG83OVpPQUxNZ3pfbDJVZWxKcGIxakkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwct+MA0E
AgACMAcDBQMqDR8AMA0GCSqGSIb3DQEBCwUAA4IBAQBeX1bgIX3lqG1pG67cfmXf
cFlDiLe2sd9lzFYrLpl4vDmrxaTNzIpQ9N3BIvzDD9/14yE+sqMjn2uWRds2wfW4
Dj6svxuIEX2lkGomgao+hdDlEh4fWN7PyBYBBnYDewEywIdeVghIGy8BKIUk9gpO
yslxooGzvHf5GstdCR4WZbagqYTusupKSp953Rq4HR/RVflLyAPYOYL0JkNqIr1G
mytwh1MZ0FxkISldulMaDb6C8jY6HBDdUY6pnyJZM2yg4Va6lsz6mhm9eUIqbyNd
s7FVxKBHb3Jw+G04iAscDR1Xc9iqa25igUQqZ5ZaHDTppu6AA6nc7AkSBYaHiTYG
-----END CERTIFICATE-----