Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/9aDd_Id1rurNt4oi5lmu7WIOHOg.roa
File:                     9aDd_Id1rurNt4oi5lmu7WIOHOg.roa (raw, json)
Hash identifier:          6FSb1fyspimYP02BJ4fvNwRZu6D3nENgwJJgoDnRlWk=
Subject key identifier:   F5:A0:DD:FC:87:75:AE:EA:CD:B7:8A:22:E6:59:AE:ED:62:0E:1C:E8
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018FF2F8E100F137758A0C76C8E48D6B862D
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/9aDd_Id1rurNt4oi5lmu7WIOHOg.roa
Signing time:             Fri 07 Jun 2024 13:52:27 +0000
ROA not before:           Fri 07 Jun 2024 13:52:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25502
IP address blocks:        94.131.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:f8:e1:00:f1:37:75:8a:0c:76:c8:e4:8d:6b:86:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jun  7 13:52:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5a0ddfc8775aeeacdb78a22e659aeed620e1ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:71:88:d1:5e:53:3c:8a:c9:d5:5b:b7:66:b2:
                    b9:2f:1f:d6:80:7f:0b:71:cc:1a:68:0d:2e:24:ab:
                    00:70:0c:c0:41:9e:cf:61:fd:aa:1b:95:5f:3b:e6:
                    58:e1:e0:10:c4:ad:fb:20:07:00:dd:1b:c5:d8:f5:
                    49:43:aa:42:3f:15:ca:59:22:cc:09:0c:23:d7:c6:
                    cd:c9:d1:96:14:9a:fc:f4:02:d8:d9:45:3f:01:ce:
                    1d:f9:b0:db:d7:79:9d:b6:bb:7e:34:88:a8:0d:ce:
                    50:25:51:4d:67:0d:91:9f:e3:10:aa:a2:76:58:3c:
                    82:cc:6a:2f:a3:7a:65:c8:22:06:d3:53:ad:c9:13:
                    52:9f:4d:1a:1c:a7:c8:97:af:ed:ae:87:e2:cf:4e:
                    2f:c6:48:8c:a2:cb:eb:0f:d4:59:fc:a3:b2:5d:a4:
                    ef:b4:0b:ed:a4:c9:fc:5c:3b:74:b2:ee:08:48:d1:
                    08:33:f3:ec:0a:d8:11:61:57:34:c7:ca:b3:31:14:
                    53:33:73:49:8b:12:c9:95:d1:a2:87:ce:09:23:13:
                    75:8a:2f:4e:3d:e8:5c:28:c8:19:06:9a:b2:4e:96:
                    9d:36:d8:be:54:aa:6c:4b:78:ae:2e:1b:ea:a2:3a:
                    60:4c:9d:44:16:3a:43:39:f0:e0:c6:01:75:10:00:
                    95:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A0:DD:FC:87:75:AE:EA:CD:B7:8A:22:E6:59:AE:ED:62:0E:1C:E8
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/9aDd_Id1rurNt4oi5lmu7WIOHOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:a9:b5:ef:af:e6:83:da:ea:65:c8:6c:83:c5:3a:84:0b:b4:
         af:f6:30:c4:6c:43:00:68:3c:41:64:fe:ae:14:5c:e2:89:7a:
         6f:27:32:fd:56:71:a5:80:f4:49:27:e8:ab:30:78:0a:33:2e:
         11:1d:d5:c1:cc:70:83:9a:39:8a:75:3f:c1:eb:08:dc:c9:bd:
         7c:cc:98:52:5a:35:48:50:23:d3:7a:31:93:b6:a4:7b:a0:b3:
         ae:66:73:20:9c:b6:4b:bf:36:37:50:a7:40:87:3e:ac:14:f5:
         ba:5b:09:d8:4b:cd:33:44:c6:38:95:33:9d:a7:e8:41:84:1d:
         b1:d8:55:7e:a5:84:85:b0:61:0a:ae:63:0c:94:07:a5:54:0a:
         b5:e0:c8:ca:9e:44:f2:86:2c:68:de:6e:d1:81:6d:e7:21:a4:
         14:f4:b4:e3:9f:e9:f1:c9:07:41:0f:8e:0e:54:3f:79:34:c7:
         af:de:9e:ed:0b:ea:35:19:1b:61:0a:66:97:77:60:0c:a6:fe:
         ba:55:78:ae:2d:36:78:d4:bf:4a:78:68:cc:17:1a:02:6b:03:
         37:06:e8:ec:1c:80:12:e3:08:13:1a:e3:fe:dc:41:0c:b2:95:
         a4:db:18:0a:35:6f:98:ba:8e:f2:5e:83:3a:98:0d:07:5d:4e:
         e4:21:6d:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/y+OEA8Td1igx2yOSNa4YtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNjA3MTM1MjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWEwZGRmYzg3NzVhZWVhY2RiNzhhMjJlNjU5YWVlZDYyMGUxY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHGI0V5TPIrJ1Vu3ZrK5Lx/WgH8L
ccwaaA0uJKsAcAzAQZ7PYf2qG5VfO+ZY4eAQxK37IAcA3RvF2PVJQ6pCPxXKWSLM
CQwj18bNydGWFJr89ALY2UU/Ac4d+bDb13mdtrt+NIioDc5QJVFNZw2Rn+MQqqJ2
WDyCzGovo3plyCIG01OtyRNSn00aHKfIl6/trofiz04vxkiMosvrD9RZ/KOyXaTv
tAvtpMn8XDt0su4ISNEIM/PsCtgRYVc0x8qzMRRTM3NJixLJldGih84JIxN1ii9O
PehcKMgZBpqyTpadNti+VKpsS3iuLhvqojpgTJ1EFjpDOfDgxgF1EACVaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWg3fyHda7qzbeKIuZZru1iDhzoMB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvOWFEZF9JZDFydXJOdDRvaTVsbXU3V0lPSE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXoPQMA0G
CSqGSIb3DQEBCwUAA4IBAQB9qbXvr+aD2uplyGyDxTqEC7Sv9jDEbEMAaDxBZP6u
FFziiXpvJzL9VnGlgPRJJ+irMHgKMy4RHdXBzHCDmjmKdT/B6wjcyb18zJhSWjVI
UCPTejGTtqR7oLOuZnMgnLZLvzY3UKdAhz6sFPW6WwnYS80zRMY4lTOdp+hBhB2x
2FV+pYSFsGEKrmMMlAelVAq14MjKnkTyhixo3m7RgW3nIaQU9LTjn+nxyQdBD44O
VD95NMev3p7tC+o1GRthCmaXd2AMpv66VXiuLTZ41L9KeGjMFxoCawM3BujsHIAS
4wgTGuP+3EEMspWk2xgKNW+Yuo7yXoM6mA0HXU7kIW2E
-----END CERTIFICATE-----