Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/ndiFI1AZJ1CRXuNVMCxrkR8m76o.roa
File:                     ndiFI1AZJ1CRXuNVMCxrkR8m76o.roa (raw, json)
Hash identifier:          dl0muu8j9J8nwfFBSxdu2YWQxDBpylXPyAOEfcLeHFc=
Subject key identifier:   9D:D8:85:23:50:19:27:50:91:5E:E3:55:30:2C:6B:91:1F:26:EF:AA
Certificate issuer:       /CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
Certificate serial:       018CC64AA70DA72139C36520B897FD783364
Authority key identifier: 12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/ndiFI1AZJ1CRXuNVMCxrkR8m76o.roa
Signing time:             Mon 01 Jan 2024 18:30:30 +0000
ROA not before:           Mon 01 Jan 2024 18:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31287
IP address blocks:        109.121.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:a7:0d:a7:21:39:c3:65:20:b8:97:fd:78:33:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12ef9e49fecf2509eb6769eee2cdd4a5253b71c5
        Validity
            Not Before: Jan  1 18:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dd8852350192750915ee355302c6b911f26efaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:32:7d:c3:e7:7e:58:2a:5c:8e:60:7a:aa:a8:
                    f8:66:19:45:4b:63:64:d5:db:f1:da:37:92:38:de:
                    8b:86:2a:40:2c:39:eb:84:9f:22:fd:c2:77:46:a0:
                    53:22:5e:b7:2b:6d:f1:d9:8c:47:a0:18:51:6c:89:
                    2e:37:b2:31:e6:82:22:84:28:69:05:fb:91:fc:b5:
                    c2:86:96:67:20:1d:fd:82:f4:67:a8:01:16:0a:f8:
                    2b:f9:d6:bb:1b:63:b4:79:86:8a:9b:e9:bf:4f:43:
                    2e:de:35:06:69:66:39:20:be:87:0d:4c:7e:3d:29:
                    3d:3d:e7:9a:38:56:4e:f5:8e:f4:98:ad:d1:63:40:
                    fb:51:f4:7c:39:d2:51:02:e2:cb:1a:3f:3c:9c:1c:
                    fe:8f:06:c7:f8:fc:9e:10:4e:54:d0:72:ad:d3:d4:
                    90:7b:45:62:a9:f9:96:33:4c:92:8f:4d:e2:6d:93:
                    33:e1:aa:fa:3f:89:bd:80:0b:bd:96:f1:1e:85:9f:
                    09:6e:d7:4e:57:ea:e4:a1:d6:56:f5:82:99:42:46:
                    3d:ee:6e:88:3b:c0:60:84:1e:14:3b:a1:a9:4b:7a:
                    5b:11:33:fd:0b:82:e9:40:04:df:9a:da:43:ea:b7:
                    ff:9c:79:ad:6e:cc:e2:f9:84:4c:c3:29:b3:81:34:
                    e8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:D8:85:23:50:19:27:50:91:5E:E3:55:30:2C:6B:91:1F:26:EF:AA
            X509v3 Authority Key Identifier:
                keyid:12:EF:9E:49:FE:CF:25:09:EB:67:69:EE:E2:CD:D4:A5:25:3B:71:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/ndiFI1AZJ1CRXuNVMCxrkR8m76o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9c27c2-fdbe-4e39-ba92-1d5d945a05a3/1/Eu-eSf7PJQnrZ2nu4s3UpSU7ccU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.121.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:5b:aa:ea:d8:d1:c5:d6:4f:48:5f:5f:19:44:a1:8e:5d:15:
         1c:09:e4:04:b9:54:3d:8a:30:32:e9:71:ee:c7:8a:ac:6f:04:
         b1:27:0f:f6:d8:ce:b9:85:ec:d5:16:78:ae:48:ca:14:f1:60:
         4e:fc:1f:44:b1:98:1a:6d:40:60:cf:cb:af:3d:a9:eb:51:dd:
         12:ed:d5:11:17:ac:99:fc:c9:2f:92:5b:3a:78:83:20:61:08:
         fd:ed:42:09:08:72:d3:1a:c8:06:0d:6d:5e:c3:92:c8:f3:51:
         f8:83:81:ac:9e:77:c4:85:1d:63:69:2f:7e:6b:a5:2c:74:49:
         37:14:19:2f:9c:fe:cf:52:98:f7:e1:95:7e:ed:d1:aa:1b:05:
         64:43:5a:d5:ff:43:1b:ec:b4:aa:72:98:d2:c9:71:73:34:f6:
         01:ba:2f:37:5e:c3:bb:a0:06:4f:b7:1a:4f:92:c3:86:0a:c2:
         63:d8:e2:10:a9:5b:94:ec:a1:6b:12:f7:75:37:8b:18:ff:c1:
         d4:1d:16:59:26:0f:25:9f:ad:f7:32:50:2d:c1:c8:14:e9:d7:
         dd:a0:05:4a:dd:3a:06:25:2f:5d:4a:5e:c0:d5:ea:a7:34:b4:
         59:81:cc:54:12:a1:95:50:6d:94:d9:48:ef:c2:6a:48:98:e2:
         8b:4c:dd:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSqcNpyE5w2UguJf9eDNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZWY5ZTQ5ZmVjZjI1MDllYjY3NjllZWUyY2RkNGE1MjUz
YjcxYzUwHhcNMjQwMTAxMTgzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGQ4ODUyMzUwMTkyNzUwOTE1ZWUzNTUzMDJjNmI5MTFmMjZlZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTJ9w+d+WCpcjmB6qqj4ZhlFS2Nk
1dvx2jeSON6LhipALDnrhJ8i/cJ3RqBTIl63K23x2YxHoBhRbIkuN7Ix5oIihChp
BfuR/LXChpZnIB39gvRnqAEWCvgr+da7G2O0eYaKm+m/T0Mu3jUGaWY5IL6HDUx+
PSk9PeeaOFZO9Y70mK3RY0D7UfR8OdJRAuLLGj88nBz+jwbH+PyeEE5U0HKt09SQ
e0ViqfmWM0ySj03ibZMz4ar6P4m9gAu9lvEehZ8JbtdOV+rkodZW9YKZQkY97m6I
O8BghB4UO6GpS3pbETP9C4LpQATfmtpD6rf/nHmtbszi+YRMwymzgTToWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3YhSNQGSdQkV7jVTAsa5EfJu+qMB8GA1UdIwQY
MBaAFBLvnkn+zyUJ62dp7uLN1KUlO3HFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTIt
MWQ1ZDk0NWEwNWEzLzEvbmRpRkkxQVpKMUNSWHVOVk1DeHJrUjhtNzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85YzI3YzItZmRiZS00ZTM5LWJhOTItMWQ1ZDk0NWEwNWEz
LzEvRXUtZVNmN1BKUW5yWjJudTRzM1VwU1U3Y2NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXmZMA0G
CSqGSIb3DQEBCwUAA4IBAQAuW6rq2NHF1k9IX18ZRKGOXRUcCeQEuVQ9ijAy6XHu
x4qsbwSxJw/22M65hezVFniuSMoU8WBO/B9EsZgabUBgz8uvPanrUd0S7dURF6yZ
/Mkvkls6eIMgYQj97UIJCHLTGsgGDW1ew5LI81H4g4GsnnfEhR1jaS9+a6UsdEk3
FBkvnP7PUpj34ZV+7dGqGwVkQ1rV/0Mb7LSqcpjSyXFzNPYBui83XsO7oAZPtxpP
ksOGCsJj2OIQqVuU7KFrEvd1N4sY/8HUHRZZJg8ln633MlAtwcgU6dfdoAVK3ToG
JS9dSl7A1eqnNLRZgcxUEqGVUG2U2UjvwmpImOKLTN0t
-----END CERTIFICATE-----