Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/1H9a_NsJYlDNpL-kDVigsOd3Kqk.roa
File:                     1H9a_NsJYlDNpL-kDVigsOd3Kqk.roa (raw, json)
Hash identifier:          Mqe8p0moQp03tsWwi0Vls56Jg6XlS9PrCWPPDIS3VvY=
Subject key identifier:   D4:7F:5A:FC:DB:09:62:50:CD:A4:BF:A4:0D:58:A0:B0:E7:77:2A:A9
Certificate issuer:       /CN=9546465ca5b86c25a02e52ecbf04c4cfbc07654d
Certificate serial:       0190066AB4C9838830D5F87B50C435630C8B
Authority key identifier: 95:46:46:5C:A5:B8:6C:25:A0:2E:52:EC:BF:04:C4:CF:BC:07:65:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/1H9a_NsJYlDNpL-kDVigsOd3Kqk.roa
Signing time:             Tue 11 Jun 2024 08:29:34 +0000
ROA not before:           Tue 11 Jun 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60893
IP address blocks:        109.94.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:6a:b4:c9:83:88:30:d5:f8:7b:50:c4:35:63:0c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9546465ca5b86c25a02e52ecbf04c4cfbc07654d
        Validity
            Not Before: Jun 11 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d47f5afcdb096250cda4bfa40d58a0b0e7772aa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d8:27:42:8b:ae:a5:00:22:08:11:98:4e:49:
                    70:1a:8f:c1:66:84:d7:5c:c4:cb:a6:11:b2:b5:5c:
                    7f:24:09:fb:89:73:17:3c:f2:3c:5e:3f:be:9b:fc:
                    e2:0e:f4:c9:0e:d1:90:88:c3:fe:f0:d5:14:ee:6f:
                    52:3c:8b:7f:c3:1c:59:43:e2:f3:b4:69:2d:24:a2:
                    35:6c:0f:df:d5:33:43:92:80:e6:50:e2:b1:c6:b3:
                    ff:7b:bc:ac:e3:d2:5d:45:ad:35:84:e9:2d:99:c0:
                    21:fd:a7:65:0f:d3:d5:08:bc:f8:95:81:73:b2:62:
                    57:72:b3:82:d3:3f:33:7d:5f:eb:a0:d6:a6:4c:ef:
                    7c:ca:b2:5b:33:23:4c:42:e7:49:d1:9e:74:66:4a:
                    84:58:f8:a0:b5:05:cf:e1:b4:b2:ef:25:c5:1d:36:
                    88:d1:35:52:97:e0:5c:d7:14:16:ef:65:b1:f1:55:
                    de:a7:f2:cf:29:de:01:87:0a:43:11:27:fd:e3:31:
                    38:a2:c1:98:70:e4:cd:27:4a:bf:79:e0:d8:36:76:
                    68:9f:91:d6:9f:05:52:5a:a5:64:e7:86:85:5b:d8:
                    47:86:48:89:e7:2e:2a:18:23:ef:de:36:10:73:e5:
                    7d:b8:dc:4b:ae:9f:13:bd:98:2a:0a:e3:84:e2:f5:
                    4d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7F:5A:FC:DB:09:62:50:CD:A4:BF:A4:0D:58:A0:B0:E7:77:2A:A9
            X509v3 Authority Key Identifier:
                keyid:95:46:46:5C:A5:B8:6C:25:A0:2E:52:EC:BF:04:C4:CF:BC:07:65:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/1H9a_NsJYlDNpL-kDVigsOd3Kqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f3:c9:dd:4e:da:49:9a:7e:e4:22:c0:f2:21:c1:77:7a:db:
         cb:2e:66:67:30:8d:ef:2c:9d:5c:21:54:7c:93:fb:92:27:fe:
         b2:dd:8a:a7:8b:5a:77:ab:84:3a:ef:9c:5c:f8:6c:ec:cd:bc:
         1c:df:95:ce:45:44:ea:f5:ad:5d:fd:5b:c8:36:0c:c8:58:97:
         f2:30:77:2a:15:17:bd:7f:b6:e7:a2:58:61:83:44:b0:97:ac:
         d8:79:2c:3f:6e:29:34:4e:18:e6:17:a6:99:40:dc:4b:d0:15:
         b9:e5:e3:df:0a:f7:3e:ec:7a:97:54:d4:7f:39:2e:91:78:fa:
         69:1d:3f:46:42:9f:c4:30:30:55:ac:02:31:ce:c1:72:ca:51:
         59:4a:dd:4d:dc:c9:14:36:e7:b1:11:93:4d:9d:47:e4:ad:d1:
         ce:f1:6d:d5:1f:b8:8f:06:03:89:f8:07:cf:c9:9c:15:c4:2d:
         48:68:d3:ff:73:b5:24:54:2f:82:19:2a:a5:05:07:34:78:1c:
         3d:3f:04:3e:c2:62:72:dc:8e:cb:98:3d:ac:ad:55:06:62:bc:
         e2:c5:86:16:d9:67:7d:99:b8:bb:91:1d:42:8c:12:ab:32:b3:
         fd:5a:72:76:a2:68:09:e7:1a:be:be:57:1f:0c:b3:fc:91:79:
         26:e0:66:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAGarTJg4gw1fh7UMQ1YwyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NDY0NjVjYTViODZjMjVhMDJlNTJlY2JmMDRjNGNmYmMw
NzY1NGQwHhcNMjQwNjExMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdmNWFmY2RiMDk2MjUwY2RhNGJmYTQwZDU4YTBiMGU3NzcyYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNgnQouupQAiCBGYTklwGo/BZoTX
XMTLphGytVx/JAn7iXMXPPI8Xj++m/ziDvTJDtGQiMP+8NUU7m9SPIt/wxxZQ+Lz
tGktJKI1bA/f1TNDkoDmUOKxxrP/e7ys49JdRa01hOktmcAh/adlD9PVCLz4lYFz
smJXcrOC0z8zfV/roNamTO98yrJbMyNMQudJ0Z50ZkqEWPigtQXP4bSy7yXFHTaI
0TVSl+Bc1xQW72Wx8VXep/LPKd4BhwpDESf94zE4osGYcOTNJ0q/eeDYNnZon5HW
nwVSWqVk54aFW9hHhkiJ5y4qGCPv3jYQc+V9uNxLrp8TvZgqCuOE4vVNxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNR/WvzbCWJQzaS/pA1YoLDndyqpMB8GA1UdIwQY
MBaAFJVGRlyluGwloC5S7L8ExM+8B2VNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVaR1hLVzRiQ1dnTGxMc3Z3VEV6N3dIWlUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9jNDhiNGMtMDIyMS00NjQ2LWJiNzIt
MDVjZjlkYjQzMGIzLzEvMUg5YV9Oc0pZbEROcEwta0RWaWdzT2QzS3FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9jNDhiNGMtMDIyMS00NjQ2LWJiNzItMDVjZjlkYjQzMGIz
LzEvbFVaR1hLVzRiQ1dnTGxMc3Z3VEV6N3dIWlUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV6gMA0G
CSqGSIb3DQEBCwUAA4IBAQBh88ndTtpJmn7kIsDyIcF3etvLLmZnMI3vLJ1cIVR8
k/uSJ/6y3Yqni1p3q4Q675xc+Gzszbwc35XORUTq9a1d/VvINgzIWJfyMHcqFRe9
f7bnolhhg0Swl6zYeSw/bik0ThjmF6aZQNxL0BW55ePfCvc+7HqXVNR/OS6RePpp
HT9GQp/EMDBVrAIxzsFyylFZSt1N3MkUNuexEZNNnUfkrdHO8W3VH7iPBgOJ+AfP
yZwVxC1IaNP/c7UkVC+CGSqlBQc0eBw9PwQ+wmJy3I7LmD2srVUGYrzixYYW2Wd9
mbi7kR1CjBKrMrP9WnJ2omgJ5xq+vlcfDLP8kXkm4GZ1
-----END CERTIFICATE-----