Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/1-eD2pgWcZl-jONWfBsv1p6qYOSY.roa
File:                     1-eD2pgWcZl-jONWfBsv1p6qYOSY.roa (raw, json)
Hash identifier:          G7eaL/r6sGsGr8aStEvwIpHUacehcpKDxba2HG5G2gY=
Subject key identifier:   F9:E0:F6:A6:05:9C:66:5F:A3:38:D5:9F:06:CB:F5:A7:AA:98:39:26
Certificate issuer:       /CN=84a69fc568894cb3985edef22216bd99974de251
Certificate serial:       018CC64B4CAE91DD526B220AB93AD81A3DE5
Authority key identifier: 84:A6:9F:C5:68:89:4C:B3:98:5E:DE:F2:22:16:BD:99:97:4D:E2:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/1-eD2pgWcZl-jONWfBsv1p6qYOSY.roa
Signing time:             Mon 01 Jan 2024 18:31:12 +0000
ROA not before:           Mon 01 Jan 2024 18:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212489
IP address blocks:        91.243.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4c:ae:91:dd:52:6b:22:0a:b9:3a:d8:1a:3d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84a69fc568894cb3985edef22216bd99974de251
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9e0f6a6059c665fa338d59f06cbf5a7aa983926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a0:59:65:04:f9:a5:59:cf:f3:c5:75:d6:0c:
                    53:64:44:2a:58:80:1a:5d:26:37:f5:c2:d2:b3:b5:
                    99:07:cd:87:b7:f4:e3:99:90:e2:9f:a6:87:58:52:
                    ef:03:1b:f8:0e:cf:48:a3:01:be:9e:85:49:03:20:
                    0c:ae:13:d3:d3:78:fd:e9:de:34:f0:b0:71:5a:aa:
                    71:1d:58:c5:ba:a7:23:fd:4c:47:2a:c6:f5:a9:ec:
                    11:95:4e:13:a6:49:db:02:6d:90:94:dd:b3:0a:9e:
                    16:4b:ab:e7:ff:a0:70:ef:ad:d9:29:55:87:9a:8e:
                    e7:92:f9:ec:b6:cf:ca:1a:34:a2:30:f0:74:02:84:
                    1e:e1:95:6f:2b:c8:c8:b2:09:e5:c5:d1:98:63:96:
                    b8:03:f8:23:92:1c:fa:a2:95:9b:89:a4:b3:cb:07:
                    9a:cd:56:a7:1c:f8:e5:12:60:90:ac:4b:3d:c9:f2:
                    7d:b9:46:e2:82:04:50:13:5b:b3:3e:60:1b:a2:e6:
                    6e:3f:d8:05:fd:8e:6f:c8:80:9e:e3:37:22:ab:49:
                    c1:57:53:6b:8e:be:2e:71:d2:c4:03:7a:1a:28:83:
                    0e:d7:fb:cb:b1:e4:65:9b:4b:11:7f:bf:fe:44:52:
                    b1:9a:0f:36:e2:d2:a5:aa:c5:f0:41:dd:c3:04:97:
                    e1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E0:F6:A6:05:9C:66:5F:A3:38:D5:9F:06:CB:F5:A7:AA:98:39:26
            X509v3 Authority Key Identifier:
                keyid:84:A6:9F:C5:68:89:4C:B3:98:5E:DE:F2:22:16:BD:99:97:4D:E2:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/1-eD2pgWcZl-jONWfBsv1p6qYOSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:d1:99:e6:81:71:36:10:3c:8b:9d:d4:8f:c9:43:3d:b1:62:
         05:ad:50:3b:c6:fc:0f:38:4e:a7:a0:83:7a:f1:91:7c:f1:b6:
         ad:44:08:43:48:7c:1b:58:1d:95:b2:9a:9d:60:0a:80:4a:09:
         9e:c9:ef:b9:96:42:ca:e0:92:08:58:82:f9:96:cc:c8:7e:99:
         60:95:00:fd:6a:7d:5e:6b:db:d9:0d:bb:92:89:e9:45:e5:18:
         a7:a6:0d:fd:54:1e:1c:30:1d:2f:3d:8e:97:3b:4a:d7:f8:2d:
         f0:52:36:b1:cd:89:f6:82:f7:28:d3:61:26:ac:cd:aa:98:56:
         f5:67:35:d5:9e:de:52:eb:42:fc:c4:a1:67:f1:f3:17:2e:83:
         6f:27:7a:4b:a0:fb:b4:01:4b:df:c5:fd:22:2a:a4:c8:ba:8e:
         f0:db:1c:d4:7f:99:6a:7f:6b:54:95:1a:a8:83:e0:0f:e7:1c:
         f4:77:ef:18:6a:06:97:f9:71:7e:7e:2d:cd:ab:7a:73:13:10:
         fc:83:68:1b:1b:cd:ba:ff:7b:36:29:a0:fc:ee:80:4c:de:b6:
         ec:7d:39:f7:6d:f3:b7:22:3f:fe:40:99:1b:b6:3c:fc:ba:94:
         28:5c:4a:43:8b:41:35:8b:e2:6f:bf:35:23:96:0a:d9:04:8e:
         cc:58:7d:da
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGS0yukd1SayIKuTrYGj3lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTY5ZmM1Njg4OTRjYjM5ODVlZGVmMjIyMTZiZDk5OTc0
ZGUyNTEwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWUwZjZhNjA1OWM2NjVmYTMzOGQ1OWYwNmNiZjVhN2FhOTgzOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaBZZQT5pVnP88V11gxTZEQqWIAa
XSY39cLSs7WZB82Ht/TjmZDin6aHWFLvAxv4Ds9IowG+noVJAyAMrhPT03j96d40
8LBxWqpxHVjFuqcj/UxHKsb1qewRlU4TpknbAm2QlN2zCp4WS6vn/6Bw763ZKVWH
mo7nkvnsts/KGjSiMPB0AoQe4ZVvK8jIsgnlxdGYY5a4A/gjkhz6opWbiaSzywea
zVanHPjlEmCQrEs9yfJ9uUbiggRQE1uzPmAbouZuP9gF/Y5vyICe4zciq0nBV1Nr
jr4ucdLEA3oaKIMO1/vLseRlm0sRf7/+RFKxmg824tKlqsXwQd3DBJfhEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPng9qYFnGZfozjVnwbL9aeqmDkmMB8GA1UdIwQY
MBaAFISmn8VoiUyzmF7e8iIWvZmXTeJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEthZnhXaUpUTE9ZWHQ3eUloYTltWmRONGxFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9jNjBhMWUtOTA4MC00YjA4LTk1ZGEt
NDM3ZmU1MGJiNGY3LzEvMS1lRDJwZ1djWmwtak9OV2ZCc3YxcDZxWU9TWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGMvYzYwYTFlLTkwODAtNGIwOC05NWRhLTQzN2ZlNTBiYjRm
Ny8xL2hLYWZ4V2lKVExPWVh0N3lJaGE5bVpkTjRsRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvzdTAN
BgkqhkiG9w0BAQsFAAOCAQEA2NGZ5oFxNhA8i53Uj8lDPbFiBa1QO8b8DzhOp6CD
evGRfPG2rUQIQ0h8G1gdlbKanWAKgEoJnsnvuZZCyuCSCFiC+ZbMyH6ZYJUA/Wp9
Xmvb2Q27konpReUYp6YN/VQeHDAdLz2OlztK1/gt8FI2sc2J9oL3KNNhJqzNqphW
9Wc11Z7eUutC/MShZ/HzFy6Dbyd6S6D7tAFL38X9IiqkyLqO8Nsc1H+Zan9rVJUa
qIPgD+cc9HfvGGoGl/lxfn4tzat6cxMQ/INoGxvNuv97Nimg/O6ATN627H05923z
tyI//kCZG7Y8/LqUKFxKQ4tBNYvib781I5YK2QSOzFh92g==
-----END CERTIFICATE-----