Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/l9rXlP79Lqf98c_kSuaTcQtvkMU.roa
File:                     l9rXlP79Lqf98c_kSuaTcQtvkMU.roa (raw, json)
Hash identifier:          4W25I6PGXTyTpC4WeSTZLYQg46htBAfk4OI/VN4l/SY=
Subject key identifier:   97:DA:D7:94:FE:FD:2E:A7:FD:F1:CF:E4:4A:E6:93:71:0B:6F:90:C5
Certificate issuer:       /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial:       018CC86F27068B5990A80349417F04C09B21
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/l9rXlP79Lqf98c_kSuaTcQtvkMU.roa
Signing time:             Tue 02 Jan 2024 04:29:36 +0000
ROA not before:           Tue 02 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43944
IP address blocks:        185.96.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:27:06:8b:59:90:a8:03:49:41:7f:04:c0:9b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
        Validity
            Not Before: Jan  2 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97dad794fefd2ea7fdf1cfe44ae693710b6f90c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5f:89:2e:10:9e:29:1a:af:f2:c5:c1:5b:ad:
                    2e:db:b9:62:80:41:d0:64:60:5c:76:ee:62:c5:f4:
                    d9:76:13:9d:72:e0:37:8d:00:19:d2:aa:21:6b:38:
                    ef:15:96:17:dd:9f:fe:df:f7:ee:19:d8:2d:35:9e:
                    c5:82:23:f4:64:fb:ba:3c:a6:ee:ee:20:96:9b:58:
                    21:68:ca:ae:7f:d1:1f:b4:03:c7:61:77:51:24:dc:
                    df:07:d1:2e:90:71:3a:d5:0c:37:5b:c2:0a:dd:94:
                    8a:ee:da:37:db:fd:37:69:14:00:cf:ff:1a:8d:72:
                    9b:00:f1:fe:38:f9:62:7f:b2:6c:4f:71:9b:04:83:
                    0d:c4:52:35:7d:28:d0:d1:8f:5b:3f:ac:59:14:6c:
                    82:39:21:12:f8:ce:39:78:0b:88:58:bf:f0:07:76:
                    8c:cf:da:4d:52:e3:e7:51:6d:6e:11:17:33:4b:5d:
                    05:d9:a4:5c:51:69:ff:02:5e:ce:7e:84:19:fc:f2:
                    fc:75:c9:1c:2c:f7:48:88:3f:22:98:10:35:dc:c7:
                    81:d3:03:dc:91:f9:ac:39:a1:4f:72:0f:86:f4:dc:
                    d3:c3:ea:52:2a:6d:68:94:fd:78:ee:a1:14:69:6c:
                    ab:31:20:3b:13:18:00:bd:6b:7a:76:b7:69:da:bd:
                    be:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:DA:D7:94:FE:FD:2E:A7:FD:F1:CF:E4:4A:E6:93:71:0B:6F:90:C5
            X509v3 Authority Key Identifier:
                keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/l9rXlP79Lqf98c_kSuaTcQtvkMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:31:71:b5:2f:0f:81:75:1b:69:30:bd:16:9b:a0:35:ac:73:
         fd:59:bf:12:6d:df:dd:7d:2e:4a:2b:f9:69:c2:9b:75:b5:bc:
         c9:da:bd:af:0a:ce:59:6b:21:7f:7a:1f:9a:48:3a:42:da:ab:
         2f:17:70:8b:41:4b:8d:92:12:24:ee:c5:48:4c:4f:9d:f0:d9:
         f4:93:bf:38:f8:bf:d3:af:0d:87:c4:fc:7e:28:22:b0:a3:39:
         0c:e0:c6:ef:3a:7d:db:09:24:56:68:67:6d:61:28:80:0d:20:
         9d:0a:da:b2:9c:4f:67:ff:bb:32:4e:b4:e3:55:a4:9f:be:e1:
         68:cf:59:aa:0d:72:f5:25:98:a6:ac:ab:c2:62:b8:4f:a0:b2:
         e2:3b:10:5e:73:8e:cf:e7:23:a3:0d:03:d4:df:48:17:eb:66:
         04:9f:12:ad:97:cc:a9:d8:15:ad:42:f4:40:9b:c4:cf:ff:a1:
         4f:6d:43:6d:db:22:bc:1c:6a:d7:78:76:90:47:5c:0d:a3:e1:
         92:74:71:3e:4d:55:b0:ad:b6:18:f0:d9:35:3f:d1:16:03:02:
         e0:e6:d2:8e:32:6e:46:4a:1e:7b:6a:4e:1b:4c:f0:19:9a:8f:
         24:65:44:6b:48:35:af:f7:69:aa:8d:34:81:b1:dd:14:5c:60:
         03:86:4a:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbycGi1mQqANJQX8EwJshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjQwMTAyMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2RhZDc5NGZlZmQyZWE3ZmRmMWNmZTQ0YWU2OTM3MTBiNmY5MGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1+JLhCeKRqv8sXBW60u27ligEHQ
ZGBcdu5ixfTZdhOdcuA3jQAZ0qohazjvFZYX3Z/+3/fuGdgtNZ7FgiP0ZPu6PKbu
7iCWm1ghaMquf9EftAPHYXdRJNzfB9EukHE61Qw3W8IK3ZSK7to32/03aRQAz/8a
jXKbAPH+OPlif7JsT3GbBIMNxFI1fSjQ0Y9bP6xZFGyCOSES+M45eAuIWL/wB3aM
z9pNUuPnUW1uERczS10F2aRcUWn/Al7OfoQZ/PL8dckcLPdIiD8imBA13MeB0wPc
kfmsOaFPcg+G9NzTw+pSKm1olP147qEUaWyrMSA7ExgAvWt6drdp2r2+pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJfa15T+/S6n/fHP5Ermk3ELb5DFMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvbDlyWGxQNzlMcWY5OGNfa1N1YVRjUXR2a01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWD+MA0G
CSqGSIb3DQEBCwUAA4IBAQA2MXG1Lw+BdRtpML0Wm6A1rHP9Wb8Sbd/dfS5KK/lp
wpt1tbzJ2r2vCs5ZayF/eh+aSDpC2qsvF3CLQUuNkhIk7sVITE+d8Nn0k784+L/T
rw2HxPx+KCKwozkM4MbvOn3bCSRWaGdtYSiADSCdCtqynE9n/7syTrTjVaSfvuFo
z1mqDXL1JZimrKvCYrhPoLLiOxBec47P5yOjDQPU30gX62YEnxKtl8yp2BWtQvRA
m8TP/6FPbUNt2yK8HGrXeHaQR1wNo+GSdHE+TVWwrbYY8Nk1P9EWAwLg5tKOMm5G
Sh57ak4bTPAZmo8kZURrSDWv92mqjTSBsd0UXGADhkrE
-----END CERTIFICATE-----