Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/ccc73b-9c87-45d5-81c4-3f922b40168a/1/M23sJP-0XNq_aSYS_dCyaD4ZOu0.roa
File:                     M23sJP-0XNq_aSYS_dCyaD4ZOu0.roa (raw, json)
Hash identifier:          l6f//cq27N6Ee3rYT+ohAIt0v9ySzaAV1N7l3FRQHNw=
Subject key identifier:   33:6D:EC:24:FF:B4:5C:DA:BF:69:26:12:FD:D0:B2:68:3E:19:3A:ED
Certificate issuer:       /CN=c9f23c9b7b3ea0549142b701597706fc7a6385e7
Certificate serial:       018CC5005564E817301B73AB3388A1619EA7
Authority key identifier: C9:F2:3C:9B:7B:3E:A0:54:91:42:B7:01:59:77:06:FC:7A:63:85:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yfI8m3s-oFSRQrcBWXcG_Hpjhec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/ccc73b-9c87-45d5-81c4-3f922b40168a/1/M23sJP-0XNq_aSYS_dCyaD4ZOu0.roa
Signing time:             Mon 01 Jan 2024 12:29:42 +0000
ROA not before:           Mon 01 Jan 2024 12:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206959
IP address blocks:        185.170.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/ccc73b-9c87-45d5-81c4-3f922b40168a/1/yfI8m3s-oFSRQrcBWXcG_Hpjhec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/ccc73b-9c87-45d5-81c4-3f922b40168a/1/yfI8m3s-oFSRQrcBWXcG_Hpjhec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yfI8m3s-oFSRQrcBWXcG_Hpjhec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:55:64:e8:17:30:1b:73:ab:33:88:a1:61:9e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9f23c9b7b3ea0549142b701597706fc7a6385e7
        Validity
            Not Before: Jan  1 12:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=336dec24ffb45cdabf692612fdd0b2683e193aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ce:41:75:ec:65:84:9b:ac:ba:0d:7d:74:ef:
                    43:2c:81:00:1b:e2:ce:d7:d2:de:7d:39:ff:53:9c:
                    60:00:10:79:3b:9c:fb:8c:0e:f1:a5:1b:31:d4:ae:
                    ca:43:ba:2a:22:8e:c7:08:fd:09:67:9c:b3:73:96:
                    f0:63:18:96:94:2f:b7:f3:5c:40:aa:24:18:dd:69:
                    d3:3f:8c:62:94:7a:45:12:52:29:be:97:43:2c:db:
                    86:e2:e9:12:f8:ac:ae:51:9f:c0:62:ce:3f:17:a3:
                    84:f0:1f:96:db:bd:62:35:c1:78:11:e8:2a:07:03:
                    e3:9b:f9:17:21:e3:39:e7:6f:19:8f:2d:43:d0:17:
                    5e:d4:0f:07:7d:de:ff:98:f8:6b:32:0c:32:92:bd:
                    ec:2c:b1:44:28:e4:69:75:47:dd:01:58:8a:bf:0b:
                    30:2c:f6:88:90:77:02:e7:40:ae:2e:69:27:b0:ed:
                    a2:0e:94:e1:54:d5:ef:3e:0b:e8:17:d4:bc:9a:b7:
                    bd:0e:47:6e:34:29:57:6c:69:71:b1:25:ef:40:c1:
                    26:eb:b1:43:b8:24:4f:c0:c9:e6:f4:75:b2:a4:57:
                    d5:08:e9:ae:90:97:aa:31:b5:ae:5b:bb:11:f6:d7:
                    47:35:64:e4:65:62:21:3f:b3:f0:50:75:6d:fa:67:
                    cf:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:6D:EC:24:FF:B4:5C:DA:BF:69:26:12:FD:D0:B2:68:3E:19:3A:ED
            X509v3 Authority Key Identifier:
                keyid:C9:F2:3C:9B:7B:3E:A0:54:91:42:B7:01:59:77:06:FC:7A:63:85:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yfI8m3s-oFSRQrcBWXcG_Hpjhec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/ccc73b-9c87-45d5-81c4-3f922b40168a/1/M23sJP-0XNq_aSYS_dCyaD4ZOu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/ccc73b-9c87-45d5-81c4-3f922b40168a/1/yfI8m3s-oFSRQrcBWXcG_Hpjhec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:25:35:30:02:a8:19:eb:a8:f4:82:a1:cc:46:71:7b:3f:e7:
         a1:74:b3:1b:d3:5e:a7:b7:33:91:7a:ef:3d:21:10:5d:c5:02:
         3c:91:40:91:2f:bc:9d:0d:49:49:7f:c9:61:0b:9c:06:60:66:
         3a:90:f7:19:f2:1c:0c:22:9e:84:d5:ad:a0:b0:b0:55:05:ac:
         cd:42:68:c5:29:1b:7b:08:48:45:42:4b:26:21:ba:b9:c6:7c:
         3d:26:60:5e:84:d1:7b:d8:ad:cf:b5:be:6e:15:80:bd:6d:7f:
         58:00:46:2f:c6:84:68:8b:3d:f2:c7:d5:f9:05:5f:03:42:43:
         ed:dc:c7:9b:24:55:b0:d3:a3:46:08:1f:95:db:7c:a0:a3:28:
         25:69:2d:0b:99:a8:f7:4c:bf:d1:b6:9a:b1:85:4f:e6:3d:9d:
         65:a8:41:30:fc:e2:c8:7f:e6:47:72:64:b5:bb:ed:d0:7e:b3:
         f1:66:7f:09:dd:c4:a7:95:66:86:b8:e9:ba:bc:e6:55:f5:ae:
         fc:46:e6:0f:c5:3c:86:a3:1f:47:01:a0:3c:49:a0:15:43:a4:
         c1:a3:bc:c1:72:0a:6f:65:6b:8e:b0:b9:03:9a:f1:4b:da:3c:
         90:7b:a0:48:1c:09:e4:22:5f:a1:c1:c3:7b:a6:7c:26:16:c3:
         ed:75:57:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAFVk6BcwG3OrM4ihYZ6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZjIzYzliN2IzZWEwNTQ5MTQyYjcwMTU5NzcwNmZjN2E2
Mzg1ZTcwHhcNMjQwMTAxMTIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzZkZWMyNGZmYjQ1Y2RhYmY2OTI2MTJmZGQwYjI2ODNlMTkzYWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArc5BdexlhJusug19dO9DLIEAG+LO
19LefTn/U5xgABB5O5z7jA7xpRsx1K7KQ7oqIo7HCP0JZ5yzc5bwYxiWlC+381xA
qiQY3WnTP4xilHpFElIpvpdDLNuG4ukS+KyuUZ/AYs4/F6OE8B+W271iNcF4Eegq
BwPjm/kXIeM5528Zjy1D0Bde1A8Hfd7/mPhrMgwykr3sLLFEKORpdUfdAViKvwsw
LPaIkHcC50CuLmknsO2iDpThVNXvPgvoF9S8mre9DkduNClXbGlxsSXvQMEm67FD
uCRPwMnm9HWypFfVCOmukJeqMbWuW7sR9tdHNWTkZWIhP7PwUHVt+mfP3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNt7CT/tFzav2kmEv3Qsmg+GTrtMB8GA1UdIwQY
MBaAFMnyPJt7PqBUkUK3AVl3Bvx6Y4XnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWZJOG0zcy1vRlNSUXJjQldYY0dfSHBqaGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9jY2M3M2ItOWM4Ny00NWQ1LTgxYzQt
M2Y5MjJiNDAxNjhhLzEvTTIzc0pQLTBYTnFfYVNZU19kQ3lhRDRaT3UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9jY2M3M2ItOWM4Ny00NWQ1LTgxYzQtM2Y5MjJiNDAxNjhh
LzEveWZJOG0zcy1vRlNSUXJjQldYY0dfSHBqaGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaquMA0G
CSqGSIb3DQEBCwUAA4IBAQCoJTUwAqgZ66j0gqHMRnF7P+ehdLMb016ntzOReu89
IRBdxQI8kUCRL7ydDUlJf8lhC5wGYGY6kPcZ8hwMIp6E1a2gsLBVBazNQmjFKRt7
CEhFQksmIbq5xnw9JmBehNF72K3Ptb5uFYC9bX9YAEYvxoRoiz3yx9X5BV8DQkPt
3MebJFWw06NGCB+V23ygoyglaS0Lmaj3TL/RtpqxhU/mPZ1lqEEw/OLIf+ZHcmS1
u+3QfrPxZn8J3cSnlWaGuOm6vOZV9a78RuYPxTyGox9HAaA8SaAVQ6TBo7zBcgpv
ZWuOsLkDmvFL2jyQe6BIHAnkIl+hwcN7pnwmFsPtdVeN
-----END CERTIFICATE-----