Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/h9r8rKuKxemO0h-lzekk1GlwCC4.roa
File:                     h9r8rKuKxemO0h-lzekk1GlwCC4.roa (raw, json)
Hash identifier:          ZMiEboEKtZkluXkkq2qzfaaur1sn2j419+kVQvDRW0U=
Subject key identifier:   87:DA:FC:AC:AB:8A:C5:E9:8E:D2:1F:A5:CD:E9:24:D4:69:70:08:2E
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CF2B89B732CDBEC6690CBE99183E1BC45
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/h9r8rKuKxemO0h-lzekk1GlwCC4.roa
Signing time:             Wed 10 Jan 2024 09:33:53 +0000
ROA not before:           Wed 10 Jan 2024 09:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198627
IP address blocks:        188.95.94.0/24 maxlen: 24
                          185.184.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f2:b8:9b:73:2c:db:ec:66:90:cb:e9:91:83:e1:bc:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan 10 09:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87dafcacab8ac5e98ed21fa5cde924d46970082e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:38:19:cc:ec:57:f8:7a:73:3a:25:24:9e:aa:
                    3a:a2:31:0e:ca:94:e3:7e:0c:85:52:6b:c6:07:c6:
                    03:31:1f:ed:54:59:62:4b:de:ac:71:f5:a6:b2:f6:
                    2c:4f:f7:7c:eb:92:41:78:a7:4c:33:d9:4f:85:97:
                    b5:b8:ac:b6:df:d1:3c:d7:fd:d3:a5:df:48:b0:d4:
                    9f:48:73:01:ac:b1:ad:56:0f:39:7f:6f:93:7f:3e:
                    f1:14:b0:40:38:3c:1a:db:74:56:d8:4b:7e:de:72:
                    07:9e:00:cb:95:ed:2f:85:91:95:2a:8a:4d:af:d0:
                    75:89:a3:35:f7:64:d6:f3:29:c6:07:19:a3:3f:d8:
                    12:67:68:32:f9:eb:37:7e:96:6f:99:cf:b2:53:43:
                    29:41:77:11:d0:a5:63:45:7b:e6:03:9e:6f:2b:1c:
                    a7:f9:4e:f9:74:e5:af:6c:be:46:38:99:d6:1a:9e:
                    62:27:e5:b8:fd:34:a5:ea:86:d3:72:53:7d:e8:2a:
                    25:33:25:65:7f:d7:2d:04:61:eb:5c:59:b1:b0:7f:
                    60:7d:92:4e:ad:92:4f:3a:c3:f2:4f:71:cc:bb:92:
                    24:56:8d:55:27:c1:65:1c:a3:37:a0:c0:62:49:7f:
                    b5:01:02:bc:a1:1b:51:9c:20:7b:18:3e:ff:d6:fb:
                    9d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:DA:FC:AC:AB:8A:C5:E9:8E:D2:1F:A5:CD:E9:24:D4:69:70:08:2E
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/h9r8rKuKxemO0h-lzekk1GlwCC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.254.0/24
                  188.95.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:7b:15:0e:36:53:3b:15:f1:15:6e:01:06:5a:9d:50:f7:7c:
         6c:a0:a6:55:da:e5:66:8c:19:ff:ea:c3:cf:be:5e:e9:6e:09:
         93:98:36:47:b2:c3:08:88:70:19:03:3e:63:58:d1:26:6f:e7:
         09:b8:2c:97:27:46:9e:77:18:1b:0e:74:56:14:0a:18:e5:eb:
         cb:97:f2:03:dd:93:ac:de:86:41:60:a1:dc:aa:9c:c3:14:da:
         7b:ee:b1:c9:0b:1c:2b:4f:88:d6:97:f3:a0:23:f1:52:9b:51:
         bf:48:a1:16:21:3e:cb:df:ea:d6:71:f8:f3:10:0b:49:4d:b5:
         cd:2a:b4:f9:e2:f3:80:51:e8:88:98:4b:bd:1e:69:32:9c:17:
         bf:5a:14:88:07:09:fd:a5:39:95:e7:b9:69:de:53:b2:0d:4f:
         f6:02:01:e8:6b:47:87:b5:88:db:5f:02:36:de:c2:f9:75:95:
         e6:12:7f:7f:5a:8f:1a:79:bb:ce:e4:78:22:53:c1:b7:12:69:
         12:11:11:8b:be:2f:60:53:86:b0:76:e0:83:4d:fc:d4:17:58:
         1c:de:a9:5f:5e:4a:9d:15:3d:51:68:f6:55:b9:f0:18:8e:32:
         d5:f1:ca:c6:6d:59:54:bc:1c:a4:b9:b9:c5:fd:13:3a:a0:de:
         90:1d:22:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzyuJtzLNvsZpDL6ZGD4bxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTEwMDkzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2RhZmNhY2FiOGFjNWU5OGVkMjFmYTVjZGU5MjRkNDY5NzAwODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzgZzOxX+HpzOiUknqo6ojEOypTj
fgyFUmvGB8YDMR/tVFliS96scfWmsvYsT/d865JBeKdMM9lPhZe1uKy239E81/3T
pd9IsNSfSHMBrLGtVg85f2+Tfz7xFLBAODwa23RW2Et+3nIHngDLle0vhZGVKopN
r9B1iaM192TW8ynGBxmjP9gSZ2gy+es3fpZvmc+yU0MpQXcR0KVjRXvmA55vKxyn
+U75dOWvbL5GOJnWGp5iJ+W4/TSl6obTclN96ColMyVlf9ctBGHrXFmxsH9gfZJO
rZJPOsPyT3HMu5IkVo1VJ8FlHKM3oMBiSX+1AQK8oRtRnCB7GD7/1vud7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIfa/KyrisXpjtIfpc3pJNRpcAguMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvaDlyOHJLdUt4ZW1PMGgtbHpla2sxR2x3Q0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubj+AwQA
vF9eMA0GCSqGSIb3DQEBCwUAA4IBAQAhexUONlM7FfEVbgEGWp1Q93xsoKZV2uVm
jBn/6sPPvl7pbgmTmDZHssMIiHAZAz5jWNEmb+cJuCyXJ0aedxgbDnRWFAoY5evL
l/ID3ZOs3oZBYKHcqpzDFNp77rHJCxwrT4jWl/OgI/FSm1G/SKEWIT7L3+rWcfjz
EAtJTbXNKrT54vOAUeiImEu9HmkynBe/WhSIBwn9pTmV57lp3lOyDU/2AgHoa0eH
tYjbXwI23sL5dZXmEn9/Wo8aebvO5HgiU8G3EmkSERGLvi9gU4awduCDTfzUF1gc
3qlfXkqdFT1RaPZVufAYjjLV8crGbVlUvBykubnF/RM6oN6QHSJA
-----END CERTIFICATE-----