Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/n_9NrYoIL-zXPcKVU6ikgMlC_gI.roa
File:                     n_9NrYoIL-zXPcKVU6ikgMlC_gI.roa (raw, json)
Hash identifier:          c/eQASpirAM6ikVBP/qTnfBSh4hhO5umYI7S5x4k+60=
Subject key identifier:   9F:FF:4D:AD:8A:08:2F:EC:D7:3D:C2:95:53:A8:A4:80:C9:42:FE:02
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       0191B2DE038C1560D3A3119D287094CB2D65
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/n_9NrYoIL-zXPcKVU6ikgMlC_gI.roa
Signing time:             Mon 02 Sep 2024 13:12:59 +0000
ROA not before:           Mon 02 Sep 2024 13:12:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.117.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:de:03:8c:15:60:d3:a3:11:9d:28:70:94:cb:2d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Sep  2 13:12:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fff4dad8a082fecd73dc29553a8a480c942fe02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:96:15:26:4c:37:75:32:07:fb:90:0b:a8:f3:
                    29:8d:d6:35:19:88:12:e8:de:e4:3a:bc:52:cc:4b:
                    20:d7:e0:2e:d0:44:ab:20:17:a0:a2:33:fe:a6:01:
                    14:02:32:a8:72:69:73:93:93:66:05:2d:8a:36:7b:
                    63:78:de:1e:71:d8:f4:64:55:c8:a1:55:2b:b0:16:
                    39:e7:89:48:fb:71:64:7a:6d:3d:1b:22:69:48:f9:
                    8c:5d:16:23:d8:44:11:4f:b1:18:91:c4:27:c9:5f:
                    d0:62:4d:2c:10:3d:64:cf:a8:b7:f4:b7:02:9a:b6:
                    9c:5a:31:14:81:58:70:16:82:eb:35:c3:51:53:aa:
                    e8:4d:49:23:44:b6:58:d2:88:63:86:09:11:b2:0b:
                    cb:bf:4d:7f:fb:a7:8c:e6:fc:17:28:55:9c:6d:7a:
                    cb:84:cc:6b:da:bb:9e:cf:2c:ad:42:25:e8:1c:83:
                    e6:80:3f:0b:24:d9:56:4f:a7:8f:0c:b9:db:3c:fb:
                    fb:30:f8:77:5d:3a:f6:12:b0:90:70:a8:86:8f:dc:
                    76:ec:52:57:36:92:8c:90:da:25:a4:41:3a:e3:46:
                    0a:5d:c5:f3:e6:19:4b:b4:e8:3c:7e:22:23:81:85:
                    87:1f:35:2f:13:d2:5f:e5:8b:8b:45:af:5b:41:d8:
                    8d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:FF:4D:AD:8A:08:2F:EC:D7:3D:C2:95:53:A8:A4:80:C9:42:FE:02
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/n_9NrYoIL-zXPcKVU6ikgMlC_gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:b6:ab:f1:af:37:27:1c:d0:c2:29:00:0e:ed:d5:f6:06:6a:
         8b:c1:4b:e2:3c:a4:69:cb:d8:f7:de:6c:d7:02:f8:19:85:b5:
         e3:c0:6a:41:ea:31:e8:83:55:d0:2b:46:a7:70:9c:09:85:db:
         ac:7c:34:f3:da:55:f9:41:37:de:8b:8a:00:06:29:90:61:1f:
         63:dd:dc:d5:ab:6c:d1:69:ee:65:ea:91:61:6c:2f:d9:82:87:
         ca:b3:fd:81:11:ef:76:7b:4e:c5:9a:4c:11:e9:3e:81:d3:eb:
         2e:72:58:19:3c:f8:57:75:94:a6:2b:1e:09:79:67:52:93:48:
         30:77:1f:aa:11:ea:c3:f6:17:82:82:37:a2:05:9f:f2:d4:73:
         77:b3:f6:54:e0:b5:a6:73:0e:60:3b:81:14:6c:5c:fe:87:bb:
         5c:4b:07:68:68:8b:52:30:b8:3a:16:96:9b:b8:49:59:45:8e:
         2d:20:9f:0f:0a:91:05:68:a8:a2:e1:d9:1d:07:d2:6c:e2:71:
         ce:fe:e2:ec:1a:88:9e:d0:c8:be:fd:d6:46:a3:75:84:d9:6f:
         a2:d5:94:12:fb:79:79:aa:a7:44:c6:81:aa:7a:ae:da:29:bc:
         3c:7d:a0:eb:45:a8:1f:1c:5b:f1:7a:42:59:95:7e:e2:e6:ad:
         1f:e2:22:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGy3gOMFWDToxGdKHCUyy1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjQwOTAyMTMxMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmZmNGRhZDhhMDgyZmVjZDczZGMyOTU1M2E4YTQ4MGM5NDJmZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5YVJkw3dTIH+5ALqPMpjdY1GYgS
6N7kOrxSzEsg1+Au0ESrIBegojP+pgEUAjKocmlzk5NmBS2KNntjeN4ecdj0ZFXI
oVUrsBY554lI+3Fkem09GyJpSPmMXRYj2EQRT7EYkcQnyV/QYk0sED1kz6i39LcC
mracWjEUgVhwFoLrNcNRU6roTUkjRLZY0ohjhgkRsgvLv01/+6eM5vwXKFWcbXrL
hMxr2ruezyytQiXoHIPmgD8LJNlWT6ePDLnbPPv7MPh3XTr2ErCQcKiGj9x27FJX
NpKMkNolpEE640YKXcXz5hlLtOg8fiIjgYWHHzUvE9Jf5YuLRa9bQdiNTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ//Ta2KCC/s1z3ClVOopIDJQv4CMB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvbl85TnJZb0lMLXpYUGNLVlU2aWtnTWxDX2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnXvMA0G
CSqGSIb3DQEBCwUAA4IBAQBXtqvxrzcnHNDCKQAO7dX2BmqLwUviPKRpy9j33mzX
AvgZhbXjwGpB6jHog1XQK0ancJwJhdusfDTz2lX5QTfei4oABimQYR9j3dzVq2zR
ae5l6pFhbC/ZgofKs/2BEe92e07FmkwR6T6B0+suclgZPPhXdZSmKx4JeWdSk0gw
dx+qEerD9heCgjeiBZ/y1HN3s/ZU4LWmcw5gO4EUbFz+h7tcSwdoaItSMLg6Fpab
uElZRY4tIJ8PCpEFaKii4dkdB9Js4nHO/uLsGoie0Mi+/dZGo3WE2W+i1ZQS+3l5
qqdExoGqeq7aKbw8faDrRagfHFvxekJZlX7i5q0f4iIZ
-----END CERTIFICATE-----