Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/9765b7-be44-465c-9755-c202f717d447/1/9nR9XgGkvlFqiAuH1wN7ug7WYzI.roa
File:                     9nR9XgGkvlFqiAuH1wN7ug7WYzI.roa (raw, json)
Hash identifier:          9Q27ajwb8pWSsYx2J7Nn7F1OuuNbfJO4GMi8LjA7fHU=
Subject key identifier:   F6:74:7D:5E:01:A4:BE:51:6A:88:0B:87:D7:03:7B:BA:0E:D6:63:32
Certificate issuer:       /CN=1c2b2b36fb722509465ed9d948c2bf891160cd0e
Certificate serial:       018CC56E177AE633E9427586DCFB7688595B
Authority key identifier: 1C:2B:2B:36:FB:72:25:09:46:5E:D9:D9:48:C2:BF:89:11:60:CD:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HCsrNvtyJQlGXtnZSMK_iRFgzQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/9765b7-be44-465c-9755-c202f717d447/1/9nR9XgGkvlFqiAuH1wN7ug7WYzI.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8412
IP address blocks:        91.232.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/9765b7-be44-465c-9755-c202f717d447/1/HCsrNvtyJQlGXtnZSMK_iRFgzQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/9765b7-be44-465c-9755-c202f717d447/1/HCsrNvtyJQlGXtnZSMK_iRFgzQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HCsrNvtyJQlGXtnZSMK_iRFgzQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:17:7a:e6:33:e9:42:75:86:dc:fb:76:88:59:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c2b2b36fb722509465ed9d948c2bf891160cd0e
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6747d5e01a4be516a880b87d7037bba0ed66332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:85:29:8a:b4:bf:da:e2:40:74:c9:70:1e:8a:
                    06:dc:50:6c:e0:56:9a:8a:ab:5c:02:2a:93:7c:9e:
                    bc:e3:c5:21:52:6a:8f:20:80:78:24:62:aa:e3:29:
                    17:b5:87:d3:82:67:4a:36:a1:49:4b:7a:50:ee:e6:
                    60:ff:37:40:4a:45:a8:b5:a7:53:75:bb:b2:d6:9a:
                    30:6e:38:d3:d5:63:7c:cf:1f:2b:98:bf:ef:03:d2:
                    9d:3d:21:4c:8b:b1:88:c2:11:cd:ad:a2:19:85:28:
                    93:00:05:d1:fd:3b:4d:0b:8f:8b:8b:1e:69:bd:e3:
                    c3:da:38:02:80:56:9d:c5:d0:ae:b4:9b:15:a0:6b:
                    45:d6:ff:45:6d:84:7b:7f:29:07:c0:80:73:3d:8b:
                    19:ce:98:af:35:04:e7:85:4b:1b:e2:c2:09:ed:89:
                    2c:16:70:d8:9e:60:12:40:68:71:46:8c:24:c2:ef:
                    da:1f:81:38:d1:70:9e:cb:76:4f:75:50:b0:bf:76:
                    cd:f1:20:a3:69:1b:d7:20:52:de:2a:56:d1:b8:42:
                    75:f3:d2:ed:50:4d:b8:be:6c:a6:c7:38:45:3e:3c:
                    0a:eb:1b:b6:42:b4:93:7f:be:d7:4b:3a:5c:de:60:
                    16:2d:3f:5a:eb:4a:62:7c:8c:90:29:19:d2:64:c4:
                    5a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:74:7D:5E:01:A4:BE:51:6A:88:0B:87:D7:03:7B:BA:0E:D6:63:32
            X509v3 Authority Key Identifier:
                keyid:1C:2B:2B:36:FB:72:25:09:46:5E:D9:D9:48:C2:BF:89:11:60:CD:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HCsrNvtyJQlGXtnZSMK_iRFgzQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/9765b7-be44-465c-9755-c202f717d447/1/9nR9XgGkvlFqiAuH1wN7ug7WYzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/9765b7-be44-465c-9755-c202f717d447/1/HCsrNvtyJQlGXtnZSMK_iRFgzQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:9a:f1:76:89:88:73:de:95:b7:a0:07:06:9b:c2:d0:37:18:
         aa:e9:31:1c:8b:2d:20:f5:ff:b1:86:08:e0:2b:67:a2:16:ca:
         2f:02:b5:d3:a0:38:e7:88:f7:49:a9:fd:48:d3:d7:78:1b:df:
         bc:b7:c0:65:60:b8:f6:61:8e:37:ab:ac:02:fc:6f:31:1d:50:
         2c:c0:a6:d5:b3:46:1a:8a:4c:29:60:fb:20:3e:fe:5d:94:41:
         13:fd:cd:d7:41:c6:59:57:4f:6f:b1:dc:14:56:bf:66:64:87:
         3f:50:15:31:27:18:65:9f:22:60:84:d5:22:9e:ff:c1:d5:eb:
         49:c6:d2:5e:00:d5:01:6f:b9:7f:73:b2:3e:6b:87:67:31:a2:
         eb:9b:7a:38:ce:1d:84:fa:ec:20:c0:70:a1:82:17:37:88:6b:
         d8:5c:d1:02:6c:43:a6:41:87:5f:7d:a9:83:42:c9:80:e0:1f:
         43:ce:d5:35:3e:03:e5:65:13:06:8a:45:77:0f:87:3d:80:71:
         33:55:98:bf:1f:4c:8c:7f:54:bb:65:2a:5f:e5:c1:1c:31:f0:
         68:10:d0:1a:92:e4:ad:9a:e7:48:39:9a:d8:ac:53:66:14:cb:
         6f:c3:ab:3e:77:47:e0:73:04:92:19:47:9d:7d:fb:4e:4c:6c:
         1e:2b:bd:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhd65jPpQnWG3Pt2iFlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMmIyYjM2ZmI3MjI1MDk0NjVlZDlkOTQ4YzJiZjg5MTE2
MGNkMGUwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjc0N2Q1ZTAxYTRiZTUxNmE4ODBiODdkNzAzN2JiYTBlZDY2MzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYUpirS/2uJAdMlwHooG3FBs4Faa
iqtcAiqTfJ6848UhUmqPIIB4JGKq4ykXtYfTgmdKNqFJS3pQ7uZg/zdASkWotadT
dbuy1powbjjT1WN8zx8rmL/vA9KdPSFMi7GIwhHNraIZhSiTAAXR/TtNC4+Lix5p
vePD2jgCgFadxdCutJsVoGtF1v9FbYR7fykHwIBzPYsZzpivNQTnhUsb4sIJ7Yks
FnDYnmASQGhxRowkwu/aH4E40XCey3ZPdVCwv3bN8SCjaRvXIFLeKlbRuEJ189Lt
UE24vmymxzhFPjwK6xu2QrSTf77XSzpc3mAWLT9a60pifIyQKRnSZMRaFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPZ0fV4BpL5RaogLh9cDe7oO1mMyMB8GA1UdIwQY
MBaAFBwrKzb7ciUJRl7Z2UjCv4kRYM0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSENzck52dHlKUWxHWHRuWlNNS19pUkZnelE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC85NzY1YjctYmU0NC00NjVjLTk3NTUt
YzIwMmY3MTdkNDQ3LzEvOW5SOVhnR2t2bEZxaUF1SDF3Tjd1ZzdXWXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC85NzY1YjctYmU0NC00NjVjLTk3NTUtYzIwMmY3MTdkNDQ3
LzEvSENzck52dHlKUWxHWHRuWlNNS19pUkZnelE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+ijMA0G
CSqGSIb3DQEBCwUAA4IBAQDDmvF2iYhz3pW3oAcGm8LQNxiq6TEciy0g9f+xhgjg
K2eiFsovArXToDjniPdJqf1I09d4G9+8t8BlYLj2YY43q6wC/G8xHVAswKbVs0Ya
ikwpYPsgPv5dlEET/c3XQcZZV09vsdwUVr9mZIc/UBUxJxhlnyJghNUinv/B1etJ
xtJeANUBb7l/c7I+a4dnMaLrm3o4zh2E+uwgwHChghc3iGvYXNECbEOmQYdffamD
QsmA4B9DztU1PgPlZRMGikV3D4c9gHEzVZi/H0yMf1S7ZSpf5cEcMfBoENAakuSt
mudIOZrYrFNmFMtvw6s+d0fgcwSSGUedfftOTGweK70N
-----END CERTIFICATE-----