Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/rBKJ-mtKUe6ZHx6dE9Gpxs82CM4.roa
File:                     rBKJ-mtKUe6ZHx6dE9Gpxs82CM4.roa (raw, json)
Hash identifier:          Bqm6dXow5zvoorYo1Xf4P/nUYyhR12C/QDPdSfGXpRQ=
Subject key identifier:   AC:12:89:FA:6B:4A:51:EE:99:1F:1E:9D:13:D1:A9:C6:CF:36:08:CE
Certificate issuer:       /CN=9e441e9e705ada3f9c1e827cd276dbd097487608
Certificate serial:       018CC2DB0FA8B2BAD4FFA0139F54F4EB587E
Authority key identifier: 9E:44:1E:9E:70:5A:DA:3F:9C:1E:82:7C:D2:76:DB:D0:97:48:76:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/rBKJ-mtKUe6ZHx6dE9Gpxs82CM4.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28889
IP address blocks:        85.255.146.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0f:a8:b2:ba:d4:ff:a0:13:9f:54:f4:eb:58:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e441e9e705ada3f9c1e827cd276dbd097487608
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac1289fa6b4a51ee991f1e9d13d1a9c6cf3608ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5d:ca:28:2a:db:c9:09:b8:d7:fd:d8:c8:3d:
                    59:b7:5f:51:10:73:ce:9b:a4:b3:fc:78:6a:5f:54:
                    57:6d:38:39:62:69:6f:06:3d:6a:fd:35:a2:e3:0f:
                    f7:55:7a:20:3a:c6:06:a9:ec:11:d3:21:df:8a:f4:
                    a6:cb:f2:8a:0c:92:cb:be:d6:36:53:ac:11:01:28:
                    ff:bc:9c:fc:fa:b3:7a:6f:03:84:c6:67:ed:4d:dd:
                    6c:3f:cc:e0:8b:12:00:b9:1f:81:2c:70:69:17:9c:
                    fa:f7:c7:2b:a3:d5:9b:7e:70:4d:e3:9c:92:ce:4e:
                    f2:ea:aa:0e:9e:03:27:3a:db:8b:c3:5a:1e:5e:64:
                    48:22:14:1f:bf:3b:3e:9d:92:87:63:ba:94:64:1b:
                    62:93:89:76:29:ca:6c:29:f7:38:eb:99:55:bd:06:
                    8f:e0:42:ce:d8:fb:8d:41:b6:02:d0:f9:45:2d:5e:
                    e6:fd:b7:96:86:07:06:1a:13:6e:75:f0:41:cb:ab:
                    0c:94:70:fa:3e:00:0c:d7:c1:f5:b1:9d:6d:10:c3:
                    bf:b6:3d:85:2d:37:11:36:a1:22:ac:b3:c8:8a:96:
                    85:ba:4f:7a:ca:a5:50:db:a6:61:f9:88:f6:06:ba:
                    eb:82:c1:2c:2a:57:96:56:f2:b0:8d:94:c9:34:58:
                    9e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:12:89:FA:6B:4A:51:EE:99:1F:1E:9D:13:D1:A9:C6:CF:36:08:CE
            X509v3 Authority Key Identifier:
                keyid:9E:44:1E:9E:70:5A:DA:3F:9C:1E:82:7C:D2:76:DB:D0:97:48:76:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkQennBa2j-cHoJ80nbb0JdIdgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/rBKJ-mtKUe6ZHx6dE9Gpxs82CM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/ce16f7-b868-4b4c-9d9b-932d16b08df0/1/nkQennBa2j-cHoJ80nbb0JdIdgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:76:f7:5f:4f:f2:8b:0f:ba:26:51:72:42:c6:ae:10:2b:69:
         ab:21:f7:0b:62:9d:3f:c4:86:93:d9:cc:54:bb:34:8b:7e:95:
         8d:fd:7a:28:8e:00:0c:1d:32:f9:ed:b6:c2:3d:d3:95:60:7f:
         a2:01:e7:22:7c:60:a3:5b:94:28:d0:4e:e0:b5:38:c1:36:2d:
         9d:39:52:62:f0:8b:c6:79:84:67:52:8a:c6:d8:66:d1:e8:14:
         02:39:b1:e4:b1:08:0e:11:3f:ac:ad:c4:fc:2d:4f:3d:f4:53:
         dd:89:a2:00:ee:51:11:b6:62:9b:ae:86:63:02:b8:4f:cc:95:
         77:8d:ff:50:f2:78:3d:90:97:12:d8:63:00:f7:6e:d6:52:56:
         24:d5:50:2b:f7:74:1d:82:ac:7b:00:63:c6:64:0b:ff:5e:19:
         57:83:fd:f0:99:9c:3d:f3:11:fc:2f:b2:80:20:60:37:b1:d9:
         f7:89:72:89:90:c8:67:75:83:e0:5d:7f:3b:79:65:b5:97:86:
         bf:8b:8e:59:70:ce:e5:a8:68:6b:ce:d8:91:f9:d7:72:01:04:
         72:70:7d:c8:16:56:33:2e:6a:fd:7a:c0:9a:ff:c7:7d:1c:c6:
         01:99:13:6c:0e:63:4e:00:66:3c:48:9e:be:76:fb:ca:ad:19:
         90:af:bb:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2w+osrrU/6ATn1T061h+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDQxZTllNzA1YWRhM2Y5YzFlODI3Y2QyNzZkYmQwOTc0
ODc2MDgwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzEyODlmYTZiNGE1MWVlOTkxZjFlOWQxM2QxYTljNmNmMzYwOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAml3KKCrbyQm41/3YyD1Zt19REHPO
m6Sz/HhqX1RXbTg5YmlvBj1q/TWi4w/3VXogOsYGqewR0yHfivSmy/KKDJLLvtY2
U6wRASj/vJz8+rN6bwOExmftTd1sP8zgixIAuR+BLHBpF5z698cro9WbfnBN45yS
zk7y6qoOngMnOtuLw1oeXmRIIhQfvzs+nZKHY7qUZBtik4l2KcpsKfc465lVvQaP
4ELO2PuNQbYC0PlFLV7m/beWhgcGGhNudfBBy6sMlHD6PgAM18H1sZ1tEMO/tj2F
LTcRNqEirLPIipaFuk96yqVQ26Zh+Yj2BrrrgsEsKleWVvKwjZTJNFie+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwSifprSlHumR8enRPRqcbPNgjOMB8GA1UdIwQY
MBaAFJ5EHp5wWto/nB6CfNJ229CXSHYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtRZW5uQmEyai1jSG9KODBuYmIwSmRJZGdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9jZTE2ZjctYjg2OC00YjRjLTlkOWIt
OTMyZDE2YjA4ZGYwLzEvckJLSi1tdEtVZTZaSHg2ZEU5R3B4czgyQ000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9jZTE2ZjctYjg2OC00YjRjLTlkOWItOTMyZDE2YjA4ZGYw
LzEvbmtRZW5uQmEyai1jSG9KODBuYmIwSmRJZGdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVf+SMA0G
CSqGSIb3DQEBCwUAA4IBAQAUdvdfT/KLD7omUXJCxq4QK2mrIfcLYp0/xIaT2cxU
uzSLfpWN/XoojgAMHTL57bbCPdOVYH+iAecifGCjW5Qo0E7gtTjBNi2dOVJi8IvG
eYRnUorG2GbR6BQCObHksQgOET+srcT8LU899FPdiaIA7lERtmKbroZjArhPzJV3
jf9Q8ng9kJcS2GMA927WUlYk1VAr93Qdgqx7AGPGZAv/XhlXg/3wmZw98xH8L7KA
IGA3sdn3iXKJkMhndYPgXX87eWW1l4a/i45ZcM7lqGhrztiR+ddyAQRycH3IFlYz
Lmr9esCa/8d9HMYBmRNsDmNOAGY8SJ6+dvvKrRmQr7vk
-----END CERTIFICATE-----