Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/q9B3qSQ_P4BZ0VIq0euaFDY-HK8.roa
File:                     q9B3qSQ_P4BZ0VIq0euaFDY-HK8.roa (raw, json)
Hash identifier:          4acEGp7jdbAK7q2x4l8ZLqBQPxdLC41LuYQz8O5VtZ0=
Subject key identifier:   AB:D0:77:A9:24:3F:3F:80:59:D1:52:2A:D1:EB:9A:14:36:3E:1C:AF
Certificate issuer:       /CN=26d38293f669db48b6d0bd1036adfdef6bd3d375
Certificate serial:       018CF360DF7CC3FE62EDF4AA185623556540
Authority key identifier: 26:D3:82:93:F6:69:DB:48:B6:D0:BD:10:36:AD:FD:EF:6B:D3:D3:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/q9B3qSQ_P4BZ0VIq0euaFDY-HK8.roa
Signing time:             Wed 10 Jan 2024 12:37:41 +0000
ROA not before:           Wed 10 Jan 2024 12:37:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60091
IP address blocks:        185.166.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:60:df:7c:c3:fe:62:ed:f4:aa:18:56:23:55:65:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26d38293f669db48b6d0bd1036adfdef6bd3d375
        Validity
            Not Before: Jan 10 12:37:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abd077a9243f3f8059d1522ad1eb9a14363e1caf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:94:b6:31:72:d9:2b:86:d6:c3:a5:db:cc:9c:
                    84:4f:2f:6a:42:36:7a:75:03:1d:03:fd:e3:c4:ce:
                    81:f6:3c:c5:80:ae:59:b8:d0:5b:c6:5d:19:e9:49:
                    36:9e:e6:46:1d:41:f2:6c:f6:87:d7:f8:79:6c:ba:
                    80:79:fe:00:94:23:c3:d3:cb:4d:ac:0b:29:f5:44:
                    83:f4:43:67:1c:fb:b3:38:08:40:78:9e:5b:71:dd:
                    eb:b0:2d:54:95:cb:80:b5:66:7d:15:2b:b7:da:30:
                    51:31:aa:19:bc:d0:34:30:8e:b8:0c:7f:d6:21:37:
                    ce:53:7d:28:34:12:1e:28:58:47:76:34:8a:9f:45:
                    70:b4:87:86:1f:5d:c2:9c:41:f6:0b:7f:be:40:c6:
                    2a:24:7c:41:1c:2c:c7:13:fe:d5:b2:a7:ae:c4:6d:
                    89:ab:f4:13:08:ef:62:7d:81:ea:a5:f8:48:9c:1d:
                    dc:a1:72:8e:a5:dd:1b:31:97:7d:62:eb:5b:e2:11:
                    b8:ca:9c:7a:57:c6:82:c9:1c:15:7a:e2:1c:eb:d9:
                    f9:ce:d2:f3:db:e7:2c:91:82:62:ba:5d:88:ba:56:
                    45:d6:b0:74:59:d8:6e:1a:c8:c6:ae:90:7d:85:ad:
                    f0:87:42:8f:e4:0b:bd:86:b4:0a:a3:c6:79:3d:3e:
                    bf:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D0:77:A9:24:3F:3F:80:59:D1:52:2A:D1:EB:9A:14:36:3E:1C:AF
            X509v3 Authority Key Identifier:
                keyid:26:D3:82:93:F6:69:DB:48:B6:D0:BD:10:36:AD:FD:EF:6B:D3:D3:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JtOCk_Zp20i20L0QNq3972vT03U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/q9B3qSQ_P4BZ0VIq0euaFDY-HK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/07cc25-8597-430b-bc52-448b9b95b09e/1/JtOCk_Zp20i20L0QNq3972vT03U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:9f:76:c0:65:0f:ad:bd:91:d8:2b:01:72:10:93:25:73:7d:
         c1:2f:9d:ce:a2:d5:e9:a1:1b:fc:35:61:51:c5:99:a6:8e:1d:
         2c:8f:ca:40:c4:d9:07:2d:87:39:c9:77:76:59:51:3a:34:50:
         50:e6:2c:1b:21:0d:b2:d2:03:e1:9d:c8:a2:d2:2d:15:61:b9:
         94:65:98:d7:8e:2b:33:cf:a9:ed:5d:a0:24:0a:8d:44:8d:78:
         a3:c1:62:ec:11:04:5d:e3:22:fe:e5:48:45:0d:8d:3d:4d:bf:
         a6:14:ee:cd:36:cb:49:23:21:7a:1c:c8:69:9b:bf:b8:7d:88:
         35:7a:fb:cc:80:00:8a:a8:7f:9c:25:69:c2:27:78:63:f1:f0:
         71:c9:6e:39:83:4d:fa:41:75:84:8b:00:35:26:2c:53:62:24:
         b8:83:60:6a:6f:6f:92:b2:49:ed:e4:75:92:2a:57:45:ea:84:
         e5:74:4b:ef:f4:31:9c:9c:8f:df:6f:b6:fc:32:79:1e:cd:ce:
         34:7e:01:c8:f1:d5:df:47:de:cd:ae:cc:a9:a3:82:3a:4a:cf:
         d7:b6:6d:71:d6:cb:ee:b7:76:d1:4b:a2:4c:48:2f:91:ef:28:
         d9:d3:45:5f:c0:55:df:58:ad:2d:cf:ee:70:e0:e4:53:2b:ec:
         46:a8:bb:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzzYN98w/5i7fSqGFYjVWVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZDM4MjkzZjY2OWRiNDhiNmQwYmQxMDM2YWRmZGVmNmJk
M2QzNzUwHhcNMjQwMTEwMTIzNzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQwNzdhOTI0M2YzZjgwNTlkMTUyMmFkMWViOWExNDM2M2UxY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5S2MXLZK4bWw6XbzJyETy9qQjZ6
dQMdA/3jxM6B9jzFgK5ZuNBbxl0Z6Uk2nuZGHUHybPaH1/h5bLqAef4AlCPD08tN
rAsp9USD9ENnHPuzOAhAeJ5bcd3rsC1UlcuAtWZ9FSu32jBRMaoZvNA0MI64DH/W
ITfOU30oNBIeKFhHdjSKn0VwtIeGH13CnEH2C3++QMYqJHxBHCzHE/7VsqeuxG2J
q/QTCO9ifYHqpfhInB3coXKOpd0bMZd9Yutb4hG4ypx6V8aCyRwVeuIc69n5ztLz
2+cskYJiul2IulZF1rB0WdhuGsjGrpB9ha3wh0KP5Au9hrQKo8Z5PT6/dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvQd6kkPz+AWdFSKtHrmhQ2PhyvMB8GA1UdIwQY
MBaAFCbTgpP2adtIttC9EDat/e9r09N1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnRPQ2tfWnAyMGkyMEwwUU5xMzk3MnZUMDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wN2NjMjUtODU5Ny00MzBiLWJjNTIt
NDQ4YjliOTViMDllLzEvcTlCM3FTUV9QNEJaMFZJcTBldWFGRFktSEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wN2NjMjUtODU5Ny00MzBiLWJjNTItNDQ4YjliOTViMDll
LzEvSnRPQ2tfWnAyMGkyMEwwUU5xMzk3MnZUMDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaYJMA0G
CSqGSIb3DQEBCwUAA4IBAQAzn3bAZQ+tvZHYKwFyEJMlc33BL53OotXpoRv8NWFR
xZmmjh0sj8pAxNkHLYc5yXd2WVE6NFBQ5iwbIQ2y0gPhncii0i0VYbmUZZjXjisz
z6ntXaAkCo1EjXijwWLsEQRd4yL+5UhFDY09Tb+mFO7NNstJIyF6HMhpm7+4fYg1
evvMgACKqH+cJWnCJ3hj8fBxyW45g036QXWEiwA1JixTYiS4g2Bqb2+Ssknt5HWS
KldF6oTldEvv9DGcnI/fb7b8Mnkezc40fgHI8dXfR97Nrsypo4I6Ss/Xtm1x1svu
t3bRS6JMSC+R7yjZ00VfwFXfWK0tz+5w4ORTK+xGqLvw
-----END CERTIFICATE-----