Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/C9rdaCclOasZbXZzNm9jL2wgXHM.roa
File:                     C9rdaCclOasZbXZzNm9jL2wgXHM.roa (raw, json)
Hash identifier:          emMcDORDT6ZocFxUfQcnpsNvabkXdnpF6UibalEXHKs=
Subject key identifier:   0B:DA:DD:68:27:25:39:AB:19:6D:76:73:36:6F:63:2F:6C:20:5C:73
Certificate issuer:       /CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
Certificate serial:       018CC5001C519241F43C35D44C73F5E96844
Authority key identifier: E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/C9rdaCclOasZbXZzNm9jL2wgXHM.roa
Signing time:             Mon 01 Jan 2024 12:29:27 +0000
ROA not before:           Mon 01 Jan 2024 12:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197324
IP address blocks:        46.17.120.0/21 maxlen: 24
                          185.157.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1c:51:92:41:f4:3c:35:d4:4c:73:f5:e9:68:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9b1320fbc24d6f4366cb64fcf5ed2d7b1b6bdf7
        Validity
            Not Before: Jan  1 12:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bdadd68272539ab196d7673366f632f6c205c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:0b:34:fe:51:cb:79:fc:0a:3f:b3:b1:90:1e:
                    46:0f:f2:56:aa:8c:58:a9:22:21:a4:50:e2:d7:10:
                    73:db:f2:d9:7c:19:36:a8:ae:6c:19:18:e5:29:58:
                    08:3b:54:f7:70:23:41:ac:72:9b:b9:6e:50:e5:67:
                    9a:87:bb:7f:3a:7f:66:2a:23:b1:08:89:dc:c7:a0:
                    43:40:f8:9b:cf:cb:c8:c3:58:d0:59:79:b4:5c:58:
                    c2:2a:3f:79:d0:5c:e6:bc:b8:60:72:25:d2:9a:0b:
                    03:79:98:0c:8d:41:a7:d1:5c:2c:c7:95:59:65:b1:
                    23:8a:6f:65:42:ed:91:09:ef:51:54:c0:31:c6:d1:
                    b9:34:b6:4e:66:af:11:2b:7e:65:45:54:4d:d9:25:
                    c2:28:5a:62:e8:97:26:5a:b2:e1:9e:9f:2e:36:ff:
                    28:a8:99:61:4d:f8:c5:1d:19:09:16:fe:fc:fd:0a:
                    85:3a:83:46:bd:1d:57:4e:89:97:27:69:f2:22:42:
                    ff:b5:17:c5:6f:21:4b:b6:1f:ab:c7:58:b9:88:2b:
                    98:13:fa:b7:45:3b:35:d4:09:2c:e0:bc:b5:6f:b2:
                    7b:45:4a:d0:51:2a:2e:26:e6:2d:c5:d9:e0:2d:ed:
                    bd:a9:fe:7a:73:af:fd:96:6e:1e:49:a8:2a:5f:53:
                    87:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:DA:DD:68:27:25:39:AB:19:6D:76:73:36:6F:63:2F:6C:20:5C:73
            X509v3 Authority Key Identifier:
                keyid:E9:B1:32:0F:BC:24:D6:F4:36:6C:B6:4F:CF:5E:D2:D7:B1:B6:BD:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6bEyD7wk1vQ2bLZPz17S17G2vfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/C9rdaCclOasZbXZzNm9jL2wgXHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/df1cb5-5f48-46a0-a76e-d3e2800bd640/1/6bEyD7wk1vQ2bLZPz17S17G2vfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.120.0/21
                  185.157.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:62:49:70:81:d0:cd:26:68:a2:68:e8:a2:41:9e:1b:48:ee:
         23:75:81:fd:f0:af:a1:bd:73:01:03:38:bd:38:59:5b:d8:38:
         3f:d5:57:f5:05:bd:9a:d8:5f:d5:6d:cc:1c:21:bd:e1:f7:ae:
         36:49:e8:4e:a0:8d:2f:1d:02:09:d4:98:39:c5:c1:50:d6:48:
         4f:20:4e:22:2c:7a:7e:c1:d4:29:27:a4:21:f3:e6:c2:e5:b5:
         07:31:c0:ec:99:4c:0f:1f:e3:47:d6:45:d9:7c:3b:e5:86:f3:
         75:58:ca:15:66:51:82:2c:64:6b:d7:0a:53:3b:fb:29:25:87:
         93:79:a1:b2:09:93:34:09:53:a9:88:43:69:89:50:69:49:a5:
         99:cd:6a:ba:67:37:09:f3:70:9f:38:6e:3d:17:75:29:23:15:
         96:01:2e:fa:63:5e:11:d1:d4:5d:82:98:31:84:88:cc:0c:af:
         b6:b3:2e:92:ae:5f:76:b9:e6:27:9a:03:a0:f7:77:09:1c:1a:
         be:56:b6:c2:b2:b9:d1:18:82:3d:dc:d0:96:59:5b:a8:a0:08:
         25:91:5a:db:8c:00:c3:20:75:24:8c:5c:d0:b6:51:47:01:e5:
         22:29:6f:bf:2a:fe:38:11:47:50:02:78:75:e9:a6:63:02:cc:
         39:1c:2e:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFABxRkkH0PDXUTHP16WhEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YjEzMjBmYmMyNGQ2ZjQzNjZjYjY0ZmNmNWVkMmQ3YjFi
NmJkZjcwHhcNMjQwMTAxMTIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmRhZGQ2ODI3MjUzOWFiMTk2ZDc2NzMzNjZmNjMyZjZjMjA1YzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7As0/lHLefwKP7OxkB5GD/JWqoxY
qSIhpFDi1xBz2/LZfBk2qK5sGRjlKVgIO1T3cCNBrHKbuW5Q5Weah7t/On9mKiOx
CIncx6BDQPibz8vIw1jQWXm0XFjCKj950FzmvLhgciXSmgsDeZgMjUGn0Vwsx5VZ
ZbEjim9lQu2RCe9RVMAxxtG5NLZOZq8RK35lRVRN2SXCKFpi6JcmWrLhnp8uNv8o
qJlhTfjFHRkJFv78/QqFOoNGvR1XTomXJ2nyIkL/tRfFbyFLth+rx1i5iCuYE/q3
RTs11Aks4Ly1b7J7RUrQUSouJuYtxdngLe29qf56c6/9lm4eSagqX1OH8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAva3WgnJTmrGW12czZvYy9sIFxzMB8GA1UdIwQY
MBaAFOmxMg+8JNb0Nmy2T89e0textr33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUt
ZDNlMjgwMGJkNjQwLzEvQzlyZGFDY2xPYXNaYlhaek5tOWpMMndnWEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kZjFjYjUtNWY0OC00NmEwLWE3NmUtZDNlMjgwMGJkNjQw
LzEvNmJFeUQ3d2sxdlEyYkxaUHoxN1MxN0cydmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLhF4AwQC
uZ1oMA0GCSqGSIb3DQEBCwUAA4IBAQCUYklwgdDNJmiiaOiiQZ4bSO4jdYH98K+h
vXMBAzi9OFlb2Dg/1Vf1Bb2a2F/VbcwcIb3h9642SehOoI0vHQIJ1Jg5xcFQ1khP
IE4iLHp+wdQpJ6Qh8+bC5bUHMcDsmUwPH+NH1kXZfDvlhvN1WMoVZlGCLGRr1wpT
O/spJYeTeaGyCZM0CVOpiENpiVBpSaWZzWq6ZzcJ83CfOG49F3UpIxWWAS76Y14R
0dRdgpgxhIjMDK+2sy6Srl92ueYnmgOg93cJHBq+VrbCsrnRGII93NCWWVuooAgl
kVrbjADDIHUkjFzQtlFHAeUiKW+/Kv44EUdQAnh16aZjAsw5HC6g
-----END CERTIFICATE-----