Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/L9fcRSRPuEHQWHz1015EQgR0UC4.roa
File:                     L9fcRSRPuEHQWHz1015EQgR0UC4.roa (raw, json)
Hash identifier:          Il9yw4vcO3l9/ivXndN6IBJ4nXjn31vW7nyQ8OMU1Sc=
Subject key identifier:   2F:D7:DC:45:24:4F:B8:41:D0:58:7C:F5:D3:5E:44:42:04:74:50:2E
Certificate issuer:       /CN=7b385e86167d5ccc22fd85892560ae760b5f2898
Certificate serial:       018CC3488BD5908C92572817A090D8842EA2
Authority key identifier: 7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/L9fcRSRPuEHQWHz1015EQgR0UC4.roa
Signing time:             Mon 01 Jan 2024 04:29:20 +0000
ROA not before:           Mon 01 Jan 2024 04:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31673
IP address blocks:        185.226.136.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:8b:d5:90:8c:92:57:28:17:a0:90:d8:84:2e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b385e86167d5ccc22fd85892560ae760b5f2898
        Validity
            Not Before: Jan  1 04:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fd7dc45244fb841d0587cf5d35e44420474502e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8c:ff:80:fc:e4:57:ab:70:78:19:83:43:3e:
                    7d:da:d3:5c:22:3f:28:dc:20:cd:f2:21:28:10:88:
                    69:d2:bd:4a:e9:d6:56:04:38:ea:61:c2:8e:d3:56:
                    a7:9f:fc:3b:dc:78:4f:0a:a0:01:62:53:8b:4f:d9:
                    f8:f4:11:3b:91:8e:f8:90:a1:92:08:95:fe:f3:51:
                    06:e0:d2:98:ee:8f:b8:81:c1:ac:38:37:83:c2:85:
                    61:c5:89:8f:41:19:3d:f3:13:84:9a:fc:68:99:ec:
                    5b:16:8e:55:d8:22:88:ce:53:eb:68:b2:a2:b3:da:
                    ce:90:d7:5e:2e:fe:72:2e:23:b1:fe:0c:98:e2:25:
                    45:73:bb:0a:f7:d6:d4:51:bd:8a:b4:2c:88:7e:f0:
                    41:f9:75:55:1d:50:39:40:28:51:a5:f8:7b:7a:43:
                    75:2f:4e:76:19:b3:c0:96:8e:a4:f1:44:10:85:20:
                    9d:40:9f:b9:a5:60:a1:e6:e6:6b:10:e7:81:c2:0a:
                    4e:51:34:d3:3a:24:ad:80:96:49:78:1d:5a:b6:1e:
                    c3:4c:fe:a6:68:0d:eb:b3:87:8d:72:9a:8d:7e:d6:
                    79:c4:21:c3:8a:fb:a0:51:ff:ea:7b:e5:d7:f5:c1:
                    77:69:23:27:80:ee:40:21:36:7e:3f:17:52:56:a5:
                    4e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:D7:DC:45:24:4F:B8:41:D0:58:7C:F5:D3:5E:44:42:04:74:50:2E
            X509v3 Authority Key Identifier:
                keyid:7B:38:5E:86:16:7D:5C:CC:22:FD:85:89:25:60:AE:76:0B:5F:28:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ezhehhZ9XMwi_YWJJWCudgtfKJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/L9fcRSRPuEHQWHz1015EQgR0UC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b459f1-6499-4e14-acfb-ea788ad3296a/1/ezhehhZ9XMwi_YWJJWCudgtfKJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e0:8d:bf:6e:28:df:ca:e4:1b:83:d2:60:b0:33:74:f8:6f:8a:
         6e:cf:5f:c9:56:cf:17:e2:39:4b:4d:f5:58:28:57:d5:d0:54:
         66:8e:06:b1:5d:84:ae:7a:4a:df:b5:e3:a4:4b:f9:66:12:d1:
         2c:5d:82:55:a0:8a:ee:a8:9d:6b:e1:09:1a:e6:e2:21:9e:0c:
         55:47:eb:3e:cd:d2:10:6e:3a:b4:e6:6f:94:dc:58:53:2e:7d:
         7c:b9:36:22:88:ff:9a:e7:7c:45:6c:5b:39:d6:66:6f:a7:b3:
         12:ba:ae:cf:57:49:90:30:81:1a:13:7d:30:bc:70:fb:d6:00:
         66:f7:d0:ca:e4:71:61:4b:41:c3:92:7c:85:60:69:6b:b4:72:
         07:b7:87:a7:27:1f:ca:9c:67:65:ec:cc:b4:d4:f2:81:4a:a2:
         4f:c0:76:15:34:6c:22:93:cf:d1:42:6c:a7:39:a8:00:4a:c4:
         c8:60:98:0e:f2:1a:e6:43:01:67:61:72:aa:a0:ce:0a:ce:d3:
         eb:c2:64:a5:24:1b:97:b9:34:46:24:97:19:1e:bd:1d:48:d9:
         c5:d1:14:ba:b8:49:81:72:1f:38:8c:50:97:a3:95:81:f4:a4:
         d1:24:8f:f2:9c:18:ef:4c:4d:40:1c:e2:92:32:d8:94:43:9d:
         fa:fe:02:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSIvVkIySVygXoJDYhC6iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMzg1ZTg2MTY3ZDVjY2MyMmZkODU4OTI1NjBhZTc2MGI1
ZjI4OTgwHhcNMjQwMTAxMDQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmQ3ZGM0NTI0NGZiODQxZDA1ODdjZjVkMzVlNDQ0MjA0NzQ1MDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIz/gPzkV6tweBmDQz592tNcIj8o
3CDN8iEoEIhp0r1K6dZWBDjqYcKO01ann/w73HhPCqABYlOLT9n49BE7kY74kKGS
CJX+81EG4NKY7o+4gcGsODeDwoVhxYmPQRk98xOEmvxomexbFo5V2CKIzlPraLKi
s9rOkNdeLv5yLiOx/gyY4iVFc7sK99bUUb2KtCyIfvBB+XVVHVA5QChRpfh7ekN1
L052GbPAlo6k8UQQhSCdQJ+5pWCh5uZrEOeBwgpOUTTTOiStgJZJeB1ath7DTP6m
aA3rs4eNcpqNftZ5xCHDivugUf/qe+XX9cF3aSMngO5AITZ+PxdSVqVOvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/X3EUkT7hB0Fh89dNeREIEdFAuMB8GA1UdIwQY
MBaAFHs4XoYWfVzMIv2FiSVgrnYLXyiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXpoZWhoWjlYTXdpX1lXSkpXQ3VkZ3RmS0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iNDU5ZjEtNjQ5OS00ZTE0LWFjZmIt
ZWE3ODhhZDMyOTZhLzEvTDlmY1JTUlB1RUhRV0h6MTAxNUVRZ1IwVUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9iNDU5ZjEtNjQ5OS00ZTE0LWFjZmItZWE3ODhhZDMyOTZh
LzEvZXpoZWhoWjlYTXdpX1lXSkpXQ3VkZ3RmS0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBueKIMA0G
CSqGSIb3DQEBCwUAA4IBAQDgjb9uKN/K5BuD0mCwM3T4b4puz1/JVs8X4jlLTfVY
KFfV0FRmjgaxXYSuekrfteOkS/lmEtEsXYJVoIruqJ1r4Qka5uIhngxVR+s+zdIQ
bjq05m+U3FhTLn18uTYiiP+a53xFbFs51mZvp7MSuq7PV0mQMIEaE30wvHD71gBm
99DK5HFhS0HDknyFYGlrtHIHt4enJx/KnGdl7My01PKBSqJPwHYVNGwik8/RQmyn
OagASsTIYJgO8hrmQwFnYXKqoM4KztPrwmSlJBuXuTRGJJcZHr0dSNnF0RS6uEmB
ch84jFCXo5WB9KTRJI/ynBjvTE1AHOKSMtiUQ536/gKw
-----END CERTIFICATE-----