Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/9jMjkUsitPAofuoHvVZ0AhQMOcY.roa
File:                     9jMjkUsitPAofuoHvVZ0AhQMOcY.roa (raw, json)
Hash identifier:          EV4rPb9B/IggawB/zr5ukH0xI9fJgfxYyWFtYPyW588=
Subject key identifier:   F6:33:23:91:4B:22:B4:F0:28:7E:EA:07:BD:56:74:02:14:0C:39:C6
Certificate issuer:       /CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
Certificate serial:       019273560C875669735CE9AB3E776E753DB3
Authority key identifier: 8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/9jMjkUsitPAofuoHvVZ0AhQMOcY.roa
Signing time:             Wed 09 Oct 2024 22:11:12 +0000
ROA not before:           Wed 09 Oct 2024 22:11:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        193.134.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:73:56:0c:87:56:69:73:5c:e9:ab:3e:77:6e:75:3d:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
        Validity
            Not Before: Oct  9 22:11:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f63323914b22b4f0287eea07bd567402140c39c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0f:fe:f8:35:f9:c7:37:e2:22:22:2b:c6:b2:
                    23:93:ec:43:96:1e:df:33:57:58:3b:84:59:4a:5e:
                    13:9c:7c:e8:87:f3:14:8f:0f:c3:2c:e0:ac:71:33:
                    07:a6:ea:f6:03:a2:90:42:49:41:85:7d:e6:23:93:
                    33:8c:ea:2d:9b:97:51:a6:ba:22:51:1b:46:51:fe:
                    24:91:55:9b:02:ec:1f:2c:8f:34:a0:7b:aa:a0:07:
                    bc:a2:3c:b3:f5:78:c4:54:71:2c:18:60:a8:11:08:
                    8d:e7:4f:f9:77:f0:80:17:72:5e:19:e3:bf:26:22:
                    75:81:11:c4:33:c8:a3:60:71:d5:57:66:38:51:7e:
                    98:57:2d:03:fa:f3:e2:12:bd:46:9c:c3:d1:4d:bf:
                    e7:3a:81:45:00:f0:3b:73:ed:30:2e:1e:6f:34:4f:
                    65:25:81:b7:35:dd:47:c2:54:f1:19:07:4c:85:10:
                    68:8e:f0:8a:76:4c:95:8f:72:b6:22:63:9c:04:34:
                    bd:b4:f3:08:a1:b3:96:01:28:fe:6a:dc:b6:e9:c8:
                    59:45:e7:3b:5d:60:7d:7a:06:e8:e8:37:0c:1b:06:
                    a8:93:b2:7d:97:29:53:d2:1c:ba:12:0c:1b:b7:53:
                    29:cb:9e:9c:5b:c8:e2:37:7b:8e:e0:19:8f:a9:82:
                    3e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:33:23:91:4B:22:B4:F0:28:7E:EA:07:BD:56:74:02:14:0C:39:C6
            X509v3 Authority Key Identifier:
                keyid:8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/9jMjkUsitPAofuoHvVZ0AhQMOcY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:a2:f6:29:8f:07:9f:56:c9:70:40:14:ec:44:fb:81:dd:ba:
         d9:49:94:d1:a8:df:05:53:e4:4d:60:15:2d:36:54:f0:a2:df:
         cb:3b:f5:d1:1f:6c:30:33:de:f6:c5:88:ae:6f:d4:e9:da:f4:
         df:0d:dc:b3:51:51:3b:fd:e9:f3:52:0e:45:b6:f0:ab:5a:9d:
         9a:d1:e4:96:a9:a5:a5:e3:a9:2d:5f:65:b6:3f:06:41:61:d5:
         33:53:e7:fb:47:24:96:9f:fc:6b:74:63:d7:21:33:14:22:7d:
         f7:41:61:90:df:2f:a8:84:bb:4d:34:25:db:12:f8:0c:3b:e9:
         42:68:0e:75:82:1f:bd:0b:fb:ad:59:a8:f4:45:a4:17:0d:17:
         55:73:9d:ca:ed:2f:d1:08:fc:86:63:29:fb:1d:97:b2:a5:83:
         2f:16:9d:3d:d0:d8:ef:03:98:d0:b5:f6:03:14:02:fb:e8:17:
         b1:24:1f:45:28:2b:6d:38:c3:11:77:37:13:58:56:fc:e3:9b:
         1c:7e:fc:f4:23:98:8a:17:aa:68:3e:4c:60:b6:f0:26:8b:0f:
         b3:f7:6f:2d:2b:65:b7:11:33:d4:2a:d4:63:d5:85:cd:00:53:
         84:e7:12:71:b5:fa:1a:10:6c:a6:a7:f9:ac:0e:0b:d1:33:2e:
         4c:44:9e:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJzVgyHVmlzXOmrPndudT2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTg3MDM5YjNmM2IyZGI5YjI5OGFlMGQ4ZDBlYjM0ODk2
OWFkNjIwHhcNMjQxMDA5MjIxMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjMzMjM5MTRiMjJiNGYwMjg3ZWVhMDdiZDU2NzQwMjE0MGMzOWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQ/++DX5xzfiIiIrxrIjk+xDlh7f
M1dYO4RZSl4TnHzoh/MUjw/DLOCscTMHpur2A6KQQklBhX3mI5MzjOotm5dRproi
URtGUf4kkVWbAuwfLI80oHuqoAe8ojyz9XjEVHEsGGCoEQiN50/5d/CAF3JeGeO/
JiJ1gRHEM8ijYHHVV2Y4UX6YVy0D+vPiEr1GnMPRTb/nOoFFAPA7c+0wLh5vNE9l
JYG3Nd1HwlTxGQdMhRBojvCKdkyVj3K2ImOcBDS9tPMIobOWASj+aty26chZRec7
XWB9egbo6DcMGwaok7J9lylT0hy6Egwbt1Mpy56cW8jiN3uO4BmPqYI+JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYzI5FLIrTwKH7qB71WdAIUDDnGMB8GA1UdIwQY
MBaAFI6YcDmz87LbmymK4NjQ6zSJaa1iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQt
NTYzNjAwMzE5YTFmLzEvOWpNamtVc2l0UEFvZnVvSHZWWjBBaFFNT2NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQtNTYzNjAwMzE5YTFm
LzEvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYaXMA0G
CSqGSIb3DQEBCwUAA4IBAQAjovYpjwefVslwQBTsRPuB3brZSZTRqN8FU+RNYBUt
NlTwot/LO/XRH2wwM972xYiub9Tp2vTfDdyzUVE7/enzUg5FtvCrWp2a0eSWqaWl
46ktX2W2PwZBYdUzU+f7RySWn/xrdGPXITMUIn33QWGQ3y+ohLtNNCXbEvgMO+lC
aA51gh+9C/utWaj0RaQXDRdVc53K7S/RCPyGYyn7HZeypYMvFp090NjvA5jQtfYD
FAL76BexJB9FKCttOMMRdzcTWFb845scfvz0I5iKF6poPkxgtvAmiw+z928tK2W3
ETPUKtRj1YXNAFOE5xJxtfoaEGymp/msDgvRMy5MRJ7c
-----END CERTIFICATE-----