Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/e197fc-7bf1-4ec5-ab4e-5cabe6d54c93/1/K9n3HPsbfXX8xXc_vuaxRy9_U88.roa
File:                     K9n3HPsbfXX8xXc_vuaxRy9_U88.roa (raw, json)
Hash identifier:          Sw8M4MiYLMbQo1w4h2FdOyOK3cAUoB3tou2UCEMEDBs=
Subject key identifier:   2B:D9:F7:1C:FB:1B:7D:75:FC:C5:77:3F:BE:E6:B1:47:2F:7F:53:CF
Certificate issuer:       /CN=f25b336456b47dfc0f39dc91a6b882a4aabbeab3
Certificate serial:       018CC26CEE5E6B034247DED2891605CCF1F9
Authority key identifier: F2:5B:33:64:56:B4:7D:FC:0F:39:DC:91:A6:B8:82:A4:AA:BB:EA:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8lszZFa0ffwPOdyRpriCpKq76rM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/e197fc-7bf1-4ec5-ab4e-5cabe6d54c93/1/K9n3HPsbfXX8xXc_vuaxRy9_U88.roa
Signing time:             Mon 01 Jan 2024 00:29:27 +0000
ROA not before:           Mon 01 Jan 2024 00:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209372
IP address blocks:        194.76.217.0/24 maxlen: 24
                          194.76.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/e197fc-7bf1-4ec5-ab4e-5cabe6d54c93/1/8lszZFa0ffwPOdyRpriCpKq76rM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/e197fc-7bf1-4ec5-ab4e-5cabe6d54c93/1/8lszZFa0ffwPOdyRpriCpKq76rM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8lszZFa0ffwPOdyRpriCpKq76rM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 13:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:ee:5e:6b:03:42:47:de:d2:89:16:05:cc:f1:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f25b336456b47dfc0f39dc91a6b882a4aabbeab3
        Validity
            Not Before: Jan  1 00:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bd9f71cfb1b7d75fcc5773fbee6b1472f7f53cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bc:d7:4b:df:50:2f:be:8a:d0:ef:43:f2:e0:
                    c1:30:a6:4d:dc:e9:f1:b6:13:ae:7f:d7:3b:2d:02:
                    6b:b3:01:42:a0:80:a4:7d:1a:ad:91:63:65:58:3e:
                    8e:b6:dd:62:e0:34:4f:75:89:13:8e:29:ba:d7:41:
                    2a:42:79:41:d6:7b:f8:3d:8b:0f:4f:16:6a:b0:f6:
                    e8:aa:e7:ce:8d:7e:70:8a:c0:57:93:85:3a:0d:a0:
                    e3:6b:51:4c:58:86:4c:bf:7a:6a:12:28:42:6c:a8:
                    70:a4:9f:f8:51:45:96:89:86:f9:35:67:86:38:83:
                    2d:29:39:69:c9:37:65:a1:6e:e9:93:58:58:64:8f:
                    2c:51:9a:12:06:40:58:32:26:f1:da:67:a5:b2:fa:
                    c8:c7:06:28:e1:66:c8:06:dc:47:a5:54:a5:3e:ff:
                    26:5d:6f:11:99:3f:78:47:e3:a4:b7:9c:82:b0:59:
                    fb:80:fc:e3:2c:ee:3e:61:6f:f4:b2:9a:a4:1a:77:
                    03:e7:e0:03:74:e1:31:56:66:cf:d0:6e:b1:8e:ed:
                    3e:18:33:7e:da:80:ad:dc:f0:e8:ef:51:a1:84:b0:
                    03:ea:8d:fe:7f:d0:ec:5f:e3:bd:30:ef:50:3e:f2:
                    65:fb:0e:b1:06:aa:f5:1d:51:8f:a4:bf:2c:bb:6a:
                    a2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D9:F7:1C:FB:1B:7D:75:FC:C5:77:3F:BE:E6:B1:47:2F:7F:53:CF
            X509v3 Authority Key Identifier:
                keyid:F2:5B:33:64:56:B4:7D:FC:0F:39:DC:91:A6:B8:82:A4:AA:BB:EA:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8lszZFa0ffwPOdyRpriCpKq76rM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e197fc-7bf1-4ec5-ab4e-5cabe6d54c93/1/K9n3HPsbfXX8xXc_vuaxRy9_U88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/e197fc-7bf1-4ec5-ab4e-5cabe6d54c93/1/8lszZFa0ffwPOdyRpriCpKq76rM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.217.0-194.76.218.255

    Signature Algorithm: sha256WithRSAEncryption
         8e:ea:62:f4:f2:c7:9f:9d:ce:59:81:e4:c7:20:3e:16:e0:a4:
         57:0d:77:f3:5d:d6:00:13:5a:aa:a8:58:c1:b6:54:b7:d3:8c:
         51:f0:4b:93:8b:45:52:05:ab:ca:eb:7e:af:93:e5:d7:6b:d9:
         39:cd:a7:85:ee:44:23:d1:d6:be:dd:c9:69:29:b9:31:3f:13:
         49:65:50:74:b6:1d:c7:fd:44:66:bb:e9:91:c5:a5:05:11:16:
         ab:b0:a5:8b:4b:0c:64:a1:3b:6a:6b:e0:ef:40:57:9d:d9:3c:
         bb:16:db:91:6a:2a:bc:15:d9:ed:9c:41:54:48:62:39:8a:78:
         c5:49:3a:9b:bd:0f:56:1c:53:ac:04:6c:4c:97:b7:96:75:b3:
         2c:b6:62:c4:1a:cd:02:58:ea:a1:ff:50:96:c6:6c:9d:df:02:
         37:e4:f9:a6:c3:6d:e8:dc:a7:82:31:7f:c3:b3:e4:f2:98:33:
         fb:44:71:0a:1e:ad:b4:7e:99:16:18:59:60:22:db:20:2c:15:
         56:22:1a:9c:94:60:92:89:9b:a6:e7:c5:ca:ad:4e:f0:f0:41:
         d1:cf:d1:ff:a6:67:f6:d8:90:6e:ef:c1:52:52:b5:93:91:13:
         09:eb:fb:20:33:20:c5:9a:6d:f4:60:01:3f:42:61:a8:8c:85:
         2c:6e:48:ce
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbO5eawNCR97SiRYFzPH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNWIzMzY0NTZiNDdkZmMwZjM5ZGM5MWE2Yjg4MmE0YWFi
YmVhYjMwHhcNMjQwMTAxMDAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQ5ZjcxY2ZiMWI3ZDc1ZmNjNTc3M2ZiZWU2YjE0NzJmN2Y1M2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLzXS99QL76K0O9D8uDBMKZN3Onx
thOuf9c7LQJrswFCoICkfRqtkWNlWD6Ott1i4DRPdYkTjim610EqQnlB1nv4PYsP
TxZqsPboqufOjX5wisBXk4U6DaDja1FMWIZMv3pqEihCbKhwpJ/4UUWWiYb5NWeG
OIMtKTlpyTdloW7pk1hYZI8sUZoSBkBYMibx2melsvrIxwYo4WbIBtxHpVSlPv8m
XW8RmT94R+Okt5yCsFn7gPzjLO4+YW/0spqkGncD5+ADdOExVmbP0G6xju0+GDN+
2oCt3PDo71GhhLAD6o3+f9DsX+O9MO9QPvJl+w6xBqr1HVGPpL8su2qiXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCvZ9xz7G311/MV3P77msUcvf1PPMB8GA1UdIwQY
MBaAFPJbM2RWtH38Dznckaa4gqSqu+qzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGxzelpGYTBmZndQT2R5UnByaUNwS3E3NnJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9lMTk3ZmMtN2JmMS00ZWM1LWFiNGUt
NWNhYmU2ZDU0YzkzLzEvSzluM0hQc2JmWFg4eFhjX3Z1YXhSeTlfVTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9lMTk3ZmMtN2JmMS00ZWM1LWFiNGUtNWNhYmU2ZDU0Yzkz
LzEvOGxzelpGYTBmZndQT2R5UnByaUNwS3E3NnJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCTNkD
BADCTNowDQYJKoZIhvcNAQELBQADggEBAI7qYvTyx5+dzlmB5McgPhbgpFcNd/Nd
1gATWqqoWMG2VLfTjFHwS5OLRVIFq8rrfq+T5ddr2TnNp4XuRCPR1r7dyWkpuTE/
E0llUHS2Hcf9RGa76ZHFpQURFquwpYtLDGShO2pr4O9AV53ZPLsW25FqKrwV2e2c
QVRIYjmKeMVJOpu9D1YcU6wEbEyXt5Z1syy2YsQazQJY6qH/UJbGbJ3fAjfk+abD
bejcp4Ixf8Oz5PKYM/tEcQoerbR+mRYYWWAi2yAsFVYiGpyUYJKJm6bnxcqtTvDw
QdHP0f+mZ/bYkG7vwVJStZOREwnr+yAzIMWabfRgAT9CYaiMhSxuSM4=
-----END CERTIFICATE-----