Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/bd9f3c-9a03-420d-8a29-d094dfa364d6/1/fSnkfyq6RrsbTGSsNyvfJ72_fNQ.roa
File:                     fSnkfyq6RrsbTGSsNyvfJ72_fNQ.roa (raw, json)
Hash identifier:          g+lxp7vgIC02QRbjWkjCDtca+POaZa+bTdSPRrqyLW4=
Subject key identifier:   7D:29:E4:7F:2A:BA:46:BB:1B:4C:64:AC:37:2B:DF:27:BD:BF:7C:D4
Certificate issuer:       /CN=c96c9e6d3233e2c24120b85d17179cfb5d334784
Certificate serial:       018CD9CA6174C128D0FDD7A769F8375612CA
Authority key identifier: C9:6C:9E:6D:32:33:E2:C2:41:20:B8:5D:17:17:9C:FB:5D:33:47:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yWyebTIz4sJBILhdFxec-10zR4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/bd9f3c-9a03-420d-8a29-d094dfa364d6/1/fSnkfyq6RrsbTGSsNyvfJ72_fNQ.roa
Signing time:             Fri 05 Jan 2024 13:22:48 +0000
ROA not before:           Fri 05 Jan 2024 13:22:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206002
IP address blocks:        185.187.28.0/22 maxlen: 24
                          2a0b:9380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/bd9f3c-9a03-420d-8a29-d094dfa364d6/1/yWyebTIz4sJBILhdFxec-10zR4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/bd9f3c-9a03-420d-8a29-d094dfa364d6/1/yWyebTIz4sJBILhdFxec-10zR4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yWyebTIz4sJBILhdFxec-10zR4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d9:ca:61:74:c1:28:d0:fd:d7:a7:69:f8:37:56:12:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c96c9e6d3233e2c24120b85d17179cfb5d334784
        Validity
            Not Before: Jan  5 13:22:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d29e47f2aba46bb1b4c64ac372bdf27bdbf7cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3e:59:8a:18:03:7a:73:ed:40:68:6a:2d:33:
                    ac:7d:64:35:f0:84:50:a4:e1:82:df:a2:b5:d8:15:
                    39:81:bd:93:dc:a7:ff:50:ac:62:55:2f:7e:55:0c:
                    18:b9:97:a4:17:d7:a8:45:ba:01:44:da:31:93:d8:
                    83:51:a9:76:51:e7:ef:1c:f2:ab:60:71:af:12:e8:
                    bc:3c:b8:57:7f:5f:56:63:5a:f4:9e:94:90:95:09:
                    6a:38:ed:e3:70:11:1a:9c:56:df:b2:a4:08:5a:55:
                    13:0a:93:76:22:fc:19:65:d7:61:48:2b:94:8c:5d:
                    76:bd:43:eb:53:49:c6:85:7b:57:52:21:95:35:1e:
                    3a:73:16:6d:5f:7e:fe:34:84:aa:ba:5c:49:a2:04:
                    e8:ad:90:3e:72:74:3a:66:be:85:da:6a:83:9c:bb:
                    57:fe:fa:b5:58:8e:86:a1:76:8f:8e:8b:2a:24:c5:
                    8d:38:10:9f:2d:29:9e:bc:fe:39:86:54:96:16:ec:
                    a5:fe:d6:a7:e2:51:83:77:a0:fd:1d:f8:6d:ba:34:
                    e7:33:28:45:b4:25:3d:67:08:29:fa:01:0d:74:43:
                    ed:85:b0:5a:0d:24:63:51:d8:92:3b:29:63:d1:55:
                    49:ca:c9:18:f0:8c:d3:1d:7e:cb:e3:cc:7a:91:f7:
                    40:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:29:E4:7F:2A:BA:46:BB:1B:4C:64:AC:37:2B:DF:27:BD:BF:7C:D4
            X509v3 Authority Key Identifier:
                keyid:C9:6C:9E:6D:32:33:E2:C2:41:20:B8:5D:17:17:9C:FB:5D:33:47:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yWyebTIz4sJBILhdFxec-10zR4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/bd9f3c-9a03-420d-8a29-d094dfa364d6/1/fSnkfyq6RrsbTGSsNyvfJ72_fNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/bd9f3c-9a03-420d-8a29-d094dfa364d6/1/yWyebTIz4sJBILhdFxec-10zR4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.28.0/22
                IPv6:
                  2a0b:9380::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:b5:68:07:9a:14:bd:c8:d2:5e:68:6b:d8:f1:76:27:47:56:
         7a:60:48:e8:69:c9:43:5c:73:ee:ef:86:9c:d5:c2:f5:58:ce:
         62:5d:59:99:3d:eb:4a:94:ab:a8:3c:5b:90:85:c7:d3:81:1c:
         b9:a0:24:e7:a5:c7:56:2e:66:32:81:67:e8:a8:28:0e:66:59:
         21:6a:74:88:c4:15:9c:d9:a9:ae:48:7a:1c:4d:af:59:bf:b9:
         1c:92:01:59:92:f4:20:5c:6e:62:9f:77:09:d8:00:36:c8:d9:
         21:7a:9b:da:8e:91:ad:a1:3b:15:2e:91:9c:c9:8b:ef:3e:c3:
         2b:66:f5:74:cd:75:15:cd:6b:47:15:29:7b:81:de:b9:7e:8a:
         f5:93:6b:76:e9:03:1b:81:8f:75:4c:6a:e2:51:aa:53:2f:e3:
         57:75:3a:27:a2:6e:b0:44:24:a2:81:4a:01:c3:eb:67:36:cc:
         81:b9:54:e5:dc:10:4e:dd:54:b0:95:ea:28:85:cf:68:ef:93:
         f0:10:1d:1d:a3:c1:70:33:e8:42:c1:6e:cb:19:23:29:a8:ce:
         25:74:49:70:3d:37:9d:87:ab:30:59:1c:ee:bd:37:b7:d3:02:
         03:0e:15:59:69:ff:98:c7:46:d4:e4:e6:ed:79:55:aa:c0:bf:
         75:58:58:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzZymF0wSjQ/denafg3VhLKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NmM5ZTZkMzIzM2UyYzI0MTIwYjg1ZDE3MTc5Y2ZiNWQz
MzQ3ODQwHhcNMjQwMTA1MTMyMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDI5ZTQ3ZjJhYmE0NmJiMWI0YzY0YWMzNzJiZGYyN2JkYmY3Y2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj5ZihgDenPtQGhqLTOsfWQ18IRQ
pOGC36K12BU5gb2T3Kf/UKxiVS9+VQwYuZekF9eoRboBRNoxk9iDUal2UefvHPKr
YHGvEui8PLhXf19WY1r0npSQlQlqOO3jcBEanFbfsqQIWlUTCpN2IvwZZddhSCuU
jF12vUPrU0nGhXtXUiGVNR46cxZtX37+NISqulxJogTorZA+cnQ6Zr6F2mqDnLtX
/vq1WI6GoXaPjosqJMWNOBCfLSmevP45hlSWFuyl/tan4lGDd6D9HfhtujTnMyhF
tCU9Zwgp+gENdEPthbBaDSRjUdiSOylj0VVJyskY8IzTHX7L48x6kfdAQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH0p5H8quka7G0xkrDcr3ye9v3zUMB8GA1UdIwQY
MBaAFMlsnm0yM+LCQSC4XRcXnPtdM0eEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVd5ZWJUSXo0c0pCSUxoZEZ4ZWMtMTB6UjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iZDlmM2MtOWEwMy00MjBkLThhMjkt
ZDA5NGRmYTM2NGQ2LzEvZlNua2Z5cTZScnNiVEdTc055dmZKNzJfZk5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iZDlmM2MtOWEwMy00MjBkLThhMjktZDA5NGRmYTM2NGQ2
LzEveVd5ZWJUSXo0c0pCSUxoZEZ4ZWMtMTB6UjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubscMA0E
AgACMAcDBQAqC5OAMA0GCSqGSIb3DQEBCwUAA4IBAQAftWgHmhS9yNJeaGvY8XYn
R1Z6YEjoaclDXHPu74ac1cL1WM5iXVmZPetKlKuoPFuQhcfTgRy5oCTnpcdWLmYy
gWfoqCgOZlkhanSIxBWc2amuSHocTa9Zv7kckgFZkvQgXG5in3cJ2AA2yNkhepva
jpGtoTsVLpGcyYvvPsMrZvV0zXUVzWtHFSl7gd65for1k2t26QMbgY91TGriUapT
L+NXdTonom6wRCSigUoBw+tnNsyBuVTl3BBO3VSwleoohc9o75PwEB0do8FwM+hC
wW7LGSMpqM4ldElwPTedh6swWRzuvTe30wIDDhVZaf+Yx0bU5ObteVWqwL91WFhs
-----END CERTIFICATE-----