Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/Pdho5Rsv5iIGbrwaPMq5SpKQI_0.roa
File:                     Pdho5Rsv5iIGbrwaPMq5SpKQI_0.roa (raw, json)
Hash identifier:          TJQcjLrSk+4v1GLsr2/Q9jqo1huGgVjfJZpc0SsCLXw=
Subject key identifier:   3D:D8:68:E5:1B:2F:E6:22:06:6E:BC:1A:3C:CA:B9:4A:92:90:23:FD
Certificate issuer:       /CN=9a233bbddfe438646f586f085e5df0d79bdfb9fc
Certificate serial:       018EC1FA087A8B050813406538C0E3DF176D
Authority key identifier: 9A:23:3B:BD:DF:E4:38:64:6F:58:6F:08:5E:5D:F0:D7:9B:DF:B9:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/Pdho5Rsv5iIGbrwaPMq5SpKQI_0.roa
Signing time:             Tue 09 Apr 2024 08:29:32 +0000
ROA not before:           Tue 09 Apr 2024 08:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202675
IP address blocks:        80.91.60.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c1:fa:08:7a:8b:05:08:13:40:65:38:c0:e3:df:17:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a233bbddfe438646f586f085e5df0d79bdfb9fc
        Validity
            Not Before: Apr  9 08:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3dd868e51b2fe622066ebc1a3ccab94a929023fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:46:ef:df:7c:b4:70:82:a6:52:ed:45:f6:b0:
                    9e:58:dc:67:b4:f1:01:84:05:99:4a:b0:e4:76:cb:
                    bd:bf:15:bc:d5:4b:84:0d:ed:a9:7f:ed:18:07:af:
                    d4:88:ff:94:b9:c5:b5:22:75:a0:58:76:77:c7:66:
                    fe:85:1b:d7:93:65:b3:79:10:9b:a3:fc:48:e2:13:
                    72:eb:37:61:65:08:b1:3c:9e:5b:83:7a:84:9c:85:
                    57:b7:43:3e:bb:5c:12:8e:c2:b7:0d:70:11:b2:b9:
                    6b:da:e5:a9:d3:41:87:6d:a8:e9:53:a1:78:86:a0:
                    75:47:d7:9c:99:8c:a2:cc:8a:66:5d:75:f1:32:83:
                    d1:ff:a7:5e:bd:11:6c:4e:32:6e:16:07:4b:e7:7a:
                    16:28:e5:5e:61:7e:80:4b:04:13:02:5c:79:a9:ac:
                    40:94:ae:6c:e0:39:da:e4:84:7e:40:ca:37:91:9e:
                    15:6a:6f:10:9a:53:19:78:17:ca:b3:94:7a:5f:e8:
                    a6:6a:bd:98:c5:38:6b:fe:8e:20:bd:e9:18:13:4f:
                    5f:e2:a4:1a:6f:45:4f:ae:5d:ba:e0:0f:29:9a:9b:
                    d9:aa:d9:86:59:e2:5c:d2:a3:0d:06:6c:bd:3e:cb:
                    3f:22:8a:d7:53:27:d1:92:02:d7:9f:94:04:43:6a:
                    0c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D8:68:E5:1B:2F:E6:22:06:6E:BC:1A:3C:CA:B9:4A:92:90:23:FD
            X509v3 Authority Key Identifier:
                keyid:9A:23:3B:BD:DF:E4:38:64:6F:58:6F:08:5E:5D:F0:D7:9B:DF:B9:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/miM7vd_kOGRvWG8IXl3w15vfufw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/Pdho5Rsv5iIGbrwaPMq5SpKQI_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/a5188d-a0ad-453c-ba82-3879bd703946/1/miM7vd_kOGRvWG8IXl3w15vfufw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:ee:25:26:5f:27:6a:10:c6:f9:cf:99:cf:4c:f5:54:35:61:
         06:9e:fb:71:65:98:6d:f4:52:9d:ef:5d:88:24:7b:c5:9c:62:
         7f:f9:1a:97:84:f3:f7:b3:81:a7:06:66:c8:6e:a4:9a:12:a5:
         4a:3c:ca:a2:a3:bb:8a:73:97:c2:01:3b:8f:32:95:5a:bf:b3:
         86:7e:02:2b:bb:db:78:b6:fe:eb:7d:14:35:08:8b:0f:c6:40:
         8c:f0:c2:6f:45:09:99:a4:1e:7b:7f:0d:6b:99:07:eb:a2:d9:
         62:df:f1:93:6b:ca:ec:ff:ad:93:c7:83:61:72:5c:e5:56:15:
         5d:27:6c:cf:1a:c9:2a:f0:90:f8:f8:25:5d:23:22:87:5e:f4:
         fb:82:47:f2:4d:12:a9:ec:ca:f4:56:3f:00:72:a3:ea:84:27:
         d9:75:d0:b1:83:4d:9f:79:f0:52:1a:5e:45:d3:48:30:ef:77:
         4e:46:6b:40:dc:3c:06:65:46:04:8e:3e:a4:1e:ff:df:99:a0:
         74:65:82:ec:c4:7a:07:2d:6f:d2:de:2e:9a:3b:8e:5e:b7:ba:
         7a:0c:00:8b:d0:aa:16:11:55:ef:95:df:db:e1:eb:e5:8d:aa:
         56:32:66:ae:7f:90:7d:c6:6e:2c:d1:af:5f:7d:3e:7c:a0:20:
         e2:2b:a3:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7B+gh6iwUIE0BlOMDj3xdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMjMzYmJkZGZlNDM4NjQ2ZjU4NmYwODVlNWRmMGQ3OWJk
ZmI5ZmMwHhcNMjQwNDA5MDgyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGQ4NjhlNTFiMmZlNjIyMDY2ZWJjMWEzY2NhYjk0YTkyOTAyM2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUbv33y0cIKmUu1F9rCeWNxntPEB
hAWZSrDkdsu9vxW81UuEDe2pf+0YB6/UiP+UucW1InWgWHZ3x2b+hRvXk2WzeRCb
o/xI4hNy6zdhZQixPJ5bg3qEnIVXt0M+u1wSjsK3DXARsrlr2uWp00GHbajpU6F4
hqB1R9ecmYyizIpmXXXxMoPR/6devRFsTjJuFgdL53oWKOVeYX6ASwQTAlx5qaxA
lK5s4Dna5IR+QMo3kZ4Vam8QmlMZeBfKs5R6X+imar2YxThr/o4gvekYE09f4qQa
b0VPrl264A8pmpvZqtmGWeJc0qMNBmy9Pss/IorXUyfRkgLXn5QEQ2oMDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3YaOUbL+YiBm68GjzKuUqSkCP9MB8GA1UdIwQY
MBaAFJojO73f5Dhkb1hvCF5d8Neb37n8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWlNN3ZkX2tPR1J2V0c4SVhsM3cxNXZmdWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hNTE4OGQtYTBhZC00NTNjLWJhODIt
Mzg3OWJkNzAzOTQ2LzEvUGRobzVSc3Y1aUlHYnJ3YVBNcTVTcEtRSV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hNTE4OGQtYTBhZC00NTNjLWJhODItMzg3OWJkNzAzOTQ2
LzEvbWlNN3ZkX2tPR1J2V0c4SVhsM3cxNXZmdWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUFs8MA0G
CSqGSIb3DQEBCwUAA4IBAQAk7iUmXydqEMb5z5nPTPVUNWEGnvtxZZht9FKd712I
JHvFnGJ/+RqXhPP3s4GnBmbIbqSaEqVKPMqio7uKc5fCATuPMpVav7OGfgIru9t4
tv7rfRQ1CIsPxkCM8MJvRQmZpB57fw1rmQfrotli3/GTa8rs/62Tx4NhclzlVhVd
J2zPGskq8JD4+CVdIyKHXvT7gkfyTRKp7Mr0Vj8AcqPqhCfZddCxg02fefBSGl5F
00gw73dORmtA3DwGZUYEjj6kHv/fmaB0ZYLsxHoHLW/S3i6aO45et7p6DACL0KoW
EVXvld/b4evljapWMmauf5B9xm4s0a9ffT58oCDiK6NR
-----END CERTIFICATE-----