Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/w9-I21vs_lohfqSvTej74vIQ4pc.roa
File:                     w9-I21vs_lohfqSvTej74vIQ4pc.roa (raw, json)
Hash identifier:          QfgaY9zuBSEd0KM+D4OCTjuoVcRcqjP9a8iNi9wak48=
Subject key identifier:   C3:DF:88:DB:5B:EC:FE:5A:21:7E:A4:AF:4D:E8:FB:E2:F2:10:E2:97
Certificate issuer:       /CN=53d9c969675a27d515d8fab2c63cde0ed056491e
Certificate serial:       018F3A40AD57F8C135C4477BF7FC9BD0FCA6
Authority key identifier: 53:D9:C9:69:67:5A:27:D5:15:D8:FA:B2:C6:3C:DE:0E:D0:56:49:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/w9-I21vs_lohfqSvTej74vIQ4pc.roa
Signing time:             Thu 02 May 2024 17:01:08 +0000
ROA not before:           Thu 02 May 2024 17:01:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201749
IP address blocks:        195.85.223.0/24 maxlen: 24
                          195.85.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3a:40:ad:57:f8:c1:35:c4:47:7b:f7:fc:9b:d0:fc:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d9c969675a27d515d8fab2c63cde0ed056491e
        Validity
            Not Before: May  2 17:01:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3df88db5becfe5a217ea4af4de8fbe2f210e297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:85:dc:f4:05:9c:71:42:46:6c:c4:35:3b:fd:
                    e7:04:09:37:5d:5a:e5:fd:a7:c7:5d:12:18:f2:9a:
                    a9:b6:a5:37:2c:1b:a0:ad:73:7d:17:6c:86:f0:f0:
                    6c:4b:90:59:f2:28:4a:d7:fc:84:b7:4c:6e:a6:3f:
                    97:ec:a8:03:08:70:43:62:e8:e2:a1:3b:f8:39:fd:
                    e2:32:91:7e:c5:74:a0:f0:29:12:4a:50:51:01:45:
                    fd:89:64:15:03:26:6f:53:5f:74:cb:50:87:11:46:
                    a2:0e:76:63:93:75:37:b2:08:01:21:1f:28:98:85:
                    c5:5e:f6:c5:4d:6e:14:a9:c9:c3:d0:1d:4c:9b:89:
                    79:40:0b:77:f4:04:f4:43:ef:42:48:66:43:57:17:
                    13:00:7e:d0:ef:c0:05:03:69:ff:ab:33:f3:e9:15:
                    40:2d:3e:38:24:bc:4e:ed:86:f8:b8:46:1a:7e:1b:
                    c6:a2:41:ad:a9:4c:02:fb:3f:3a:ca:11:cc:d7:98:
                    44:d9:9f:69:9c:ee:d5:15:9f:e6:93:5e:c3:a7:bb:
                    7a:4c:04:5c:c8:0e:dc:68:5f:bf:12:98:41:ae:67:
                    e7:05:72:bb:fc:06:dc:99:56:d3:25:dd:ee:7f:83:
                    e7:c2:09:06:a2:27:06:7f:a2:13:27:99:b3:16:35:
                    41:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:DF:88:DB:5B:EC:FE:5A:21:7E:A4:AF:4D:E8:FB:E2:F2:10:E2:97
            X509v3 Authority Key Identifier:
                keyid:53:D9:C9:69:67:5A:27:D5:15:D8:FA:B2:C6:3C:DE:0E:D0:56:49:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/w9-I21vs_lohfqSvTej74vIQ4pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/99107a-3b1b-4b5e-ae15-f95c60b466a0/1/U9nJaWdaJ9UV2PqyxjzeDtBWSR4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.85.223.0/24
                  195.85.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:da:77:d9:3b:ee:65:83:69:8c:32:d0:0d:7c:6f:09:1f:07:
         a9:08:81:89:41:a6:55:03:70:1a:c2:0f:50:51:64:d9:b9:c3:
         17:1d:c4:93:cc:a2:ad:f5:1d:52:31:c0:06:d3:71:c5:38:46:
         7f:f7:b9:f4:e4:d7:d4:98:61:f6:5f:5b:20:0e:8a:fb:b2:90:
         1e:7a:7f:a8:0d:5d:d9:75:a4:7a:74:d5:23:78:03:07:79:60:
         4e:3b:fa:4e:91:39:4a:76:fb:ae:38:68:fb:f3:ae:04:c2:05:
         ca:fe:de:66:8f:3a:c5:e0:cd:02:b4:cb:e3:ca:bb:07:1d:78:
         ea:d2:01:b6:54:98:b7:68:06:4a:8b:b0:3b:7f:36:7a:b3:d3:
         73:7d:b6:01:ce:7c:97:c9:f7:dc:7f:f9:f8:20:18:cd:fe:f0:
         14:e2:2b:2c:1a:d0:f1:bf:8d:0b:4e:6a:98:3f:e5:7c:a9:0d:
         f0:4f:4d:bf:c5:83:77:83:12:20:71:7a:09:b6:75:6a:04:4d:
         10:d8:79:91:d1:6c:c3:3e:7c:ec:d8:b3:07:c0:7a:ea:33:c0:
         48:07:d2:bd:3f:cf:b2:1c:c6:c6:6a:a0:15:3f:b5:2c:a8:ab:
         58:0c:af:c7:b1:e6:f1:94:09:8a:7f:84:d5:62:72:a0:ce:7c:
         20:c9:b6:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY86QK1X+ME1xEd79/yb0PymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDljOTY5Njc1YTI3ZDUxNWQ4ZmFiMmM2M2NkZTBlZDA1
NjQ5MWUwHhcNMjQwNTAyMTcwMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2RmODhkYjViZWNmZTVhMjE3ZWE0YWY0ZGU4ZmJlMmYyMTBlMjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYXc9AWccUJGbMQ1O/3nBAk3XVrl
/afHXRIY8pqptqU3LBugrXN9F2yG8PBsS5BZ8ihK1/yEt0xupj+X7KgDCHBDYuji
oTv4Of3iMpF+xXSg8CkSSlBRAUX9iWQVAyZvU190y1CHEUaiDnZjk3U3sggBIR8o
mIXFXvbFTW4UqcnD0B1Mm4l5QAt39AT0Q+9CSGZDVxcTAH7Q78AFA2n/qzPz6RVA
LT44JLxO7Yb4uEYafhvGokGtqUwC+z86yhHM15hE2Z9pnO7VFZ/mk17Dp7t6TARc
yA7caF+/EphBrmfnBXK7/AbcmVbTJd3uf4PnwgkGoicGf6ITJ5mzFjVBPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMPfiNtb7P5aIX6kr03o++LyEOKXMB8GA1UdIwQY
MBaAFFPZyWlnWifVFdj6ssY83g7QVkkeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTluSmFXZGFKOVVWMlBxeXhqemVEdEJXU1I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC85OTEwN2EtM2IxYi00YjVlLWFlMTUt
Zjk1YzYwYjQ2NmEwLzEvdzktSTIxdnNfbG9oZnFTdlRlajc0dklRNHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC85OTEwN2EtM2IxYi00YjVlLWFlMTUtZjk1YzYwYjQ2NmEw
LzEvVTluSmFXZGFKOVVWMlBxeXhqemVEdEJXU1I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1XfAwQA
w1XiMA0GCSqGSIb3DQEBCwUAA4IBAQCj2nfZO+5lg2mMMtANfG8JHwepCIGJQaZV
A3Aawg9QUWTZucMXHcSTzKKt9R1SMcAG03HFOEZ/97n05NfUmGH2X1sgDor7spAe
en+oDV3ZdaR6dNUjeAMHeWBOO/pOkTlKdvuuOGj7864EwgXK/t5mjzrF4M0CtMvj
yrsHHXjq0gG2VJi3aAZKi7A7fzZ6s9NzfbYBznyXyffcf/n4IBjN/vAU4issGtDx
v40LTmqYP+V8qQ3wT02/xYN3gxIgcXoJtnVqBE0Q2HmR0WzDPnzs2LMHwHrqM8BI
B9K9P8+yHMbGaqAVP7UsqKtYDK/HsebxlAmKf4TVYnKgznwgybYj
-----END CERTIFICATE-----