Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/p0e9AeXOTDWL3drMN6lwi_LLOSU.roa
File:                     p0e9AeXOTDWL3drMN6lwi_LLOSU.roa (raw, json)
Hash identifier:          uMK6pF7z1zI1fkX039/LevAdJ7mNOIoF37gSl021s14=
Subject key identifier:   A7:47:BD:01:E5:CE:4C:35:8B:DD:DA:CC:37:A9:70:8B:F2:CB:39:25
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       018CC94DB160A9301510AD115B8E0764FB2F
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/p0e9AeXOTDWL3drMN6lwi_LLOSU.roa
Signing time:             Tue 02 Jan 2024 08:32:41 +0000
ROA not before:           Tue 02 Jan 2024 08:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.138.233.0/24 maxlen: 24
                          185.138.235.0/24 maxlen: 24
                          91.239.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b1:60:a9:30:15:10:ad:11:5b:8e:07:64:fb:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  2 08:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a747bd01e5ce4c358bdddacc37a9708bf2cb3925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7c:c6:80:7f:83:f3:b3:86:f8:60:13:3a:bd:
                    91:8b:0a:62:a7:ec:38:e1:52:12:02:fb:19:4f:41:
                    59:61:5c:5e:1e:c3:77:d8:7b:96:4b:93:65:e7:ce:
                    4e:44:07:df:52:24:d6:49:a7:6d:21:95:45:e0:09:
                    61:0d:73:f3:80:30:27:dc:7a:f0:45:5a:bb:9f:9c:
                    36:90:71:81:48:b7:2d:ec:dd:4b:78:57:6c:17:5c:
                    00:34:d2:2c:6a:c4:46:8b:a7:f3:82:09:4c:db:d6:
                    37:25:42:78:f0:27:51:8e:8b:d7:45:2c:7c:0b:97:
                    3f:13:4c:e9:a8:45:1a:a0:0a:96:2d:74:9a:be:9f:
                    60:6a:96:c5:0f:cb:60:fc:62:55:5b:ec:e6:eb:ab:
                    7a:09:41:f6:1b:3a:4b:09:ef:08:d2:de:d1:25:20:
                    73:47:d7:0f:23:47:6a:4f:03:48:77:83:e7:b8:b8:
                    c9:6b:3b:17:e2:e6:8b:87:76:73:7b:6c:f6:a9:54:
                    6b:aa:f8:8a:3f:03:51:c1:16:e0:85:a5:63:63:1f:
                    04:d6:bf:bf:6e:3a:4d:90:29:3a:b4:74:1f:63:de:
                    99:b2:bf:81:92:f6:49:52:c7:87:82:2f:df:9a:37:
                    86:19:f3:74:c0:08:0d:5e:68:59:5c:47:6b:64:18:
                    4c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:47:BD:01:E5:CE:4C:35:8B:DD:DA:CC:37:A9:70:8B:F2:CB:39:25
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/p0e9AeXOTDWL3drMN6lwi_LLOSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.62.0/24
                  185.138.233.0/24
                  185.138.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ab:51:54:4f:19:e1:c9:95:f9:fe:ba:90:27:46:ec:d0:2b:
         7a:c0:93:d0:03:6a:82:36:b9:8a:51:04:7c:ef:d3:68:d4:e5:
         49:72:76:b1:c4:60:4f:b0:d4:d7:6d:c4:ca:03:a7:a8:c9:66:
         07:93:97:9d:40:f4:cf:2b:34:48:38:3c:c7:af:c7:f0:f4:e9:
         32:37:cd:54:db:c3:fc:a7:54:6d:bf:22:ba:67:06:b6:81:3c:
         41:99:e7:1c:47:f9:85:81:cc:49:0f:4b:3b:a5:e4:28:fa:1f:
         14:e2:ac:bb:e7:07:22:64:f2:4e:21:90:bf:3d:19:fb:ab:3d:
         fc:3a:80:8e:55:76:90:c2:33:cc:22:a6:89:bc:a6:db:22:3e:
         83:b4:1f:74:e5:df:d2:e7:75:75:be:fd:34:5c:e7:48:53:4a:
         fd:fb:06:cc:a6:93:15:cf:8a:2d:dc:33:4b:bf:a8:66:be:35:
         02:f9:fb:62:ef:a2:2d:94:42:cf:d9:36:ad:02:5f:4c:fb:c4:
         2e:f5:76:35:a6:2d:7e:40:5c:06:a2:97:34:93:67:b5:80:cb:
         3f:24:c2:87:bc:cb:36:12:0f:cd:e1:00:3e:84:ec:5c:b9:da:
         fd:ee:81:54:b7:83:eb:0c:f0:d8:09:cb:59:a4:3a:be:dd:d7:
         ea:20:a8:4d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJTbFgqTAVEK0RW44HZPsvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjQwMTAyMDgzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQ3YmQwMWU1Y2U0YzM1OGJkZGRhY2MzN2E5NzA4YmYyY2IzOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3zGgH+D87OG+GATOr2Riwpip+w4
4VISAvsZT0FZYVxeHsN32HuWS5Nl585ORAffUiTWSadtIZVF4AlhDXPzgDAn3Hrw
RVq7n5w2kHGBSLct7N1LeFdsF1wANNIsasRGi6fzgglM29Y3JUJ48CdRjovXRSx8
C5c/E0zpqEUaoAqWLXSavp9gapbFD8tg/GJVW+zm66t6CUH2GzpLCe8I0t7RJSBz
R9cPI0dqTwNId4PnuLjJazsX4uaLh3Zze2z2qVRrqviKPwNRwRbghaVjYx8E1r+/
bjpNkCk6tHQfY96Zsr+BkvZJUseHgi/fmjeGGfN0wAgNXmhZXEdrZBhMuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKdHvQHlzkw1i93azDepcIvyyzklMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvcDBlOUFlWE9URFdMM2RyTU42bHdpX0xMT1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+8+AwQA
uYrpAwQAuYrrMA0GCSqGSIb3DQEBCwUAA4IBAQAbq1FUTxnhyZX5/rqQJ0bs0Ct6
wJPQA2qCNrmKUQR879No1OVJcnaxxGBPsNTXbcTKA6eoyWYHk5edQPTPKzRIODzH
r8fw9OkyN81U28P8p1RtvyK6Zwa2gTxBmeccR/mFgcxJD0s7peQo+h8U4qy75wci
ZPJOIZC/PRn7qz38OoCOVXaQwjPMIqaJvKbbIj6DtB905d/S53V1vv00XOdIU0r9
+wbMppMVz4ot3DNLv6hmvjUC+fti76ItlELP2TatAl9M+8Qu9XY1pi1+QFwGopc0
k2e1gMs/JMKHvMs2Eg/N4QA+hOxcudr97oFUt4PrDPDYCctZpDq+3dfqIKhN
-----END CERTIFICATE-----