Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/v9OdVdG0pjZFRz7CCjg79iu3tzc.roa
File:                     v9OdVdG0pjZFRz7CCjg79iu3tzc.roa (raw, json)
Hash identifier:          8yyRcn8eY9bY2rRNJIkiFHQXg7jmfXRclrC68W7ix4o=
Subject key identifier:   BF:D3:9D:55:D1:B4:A6:36:45:47:3E:C2:0A:38:3B:F6:2B:B7:B7:37
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC794432926707D10DA69006E25A35588
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/v9OdVdG0pjZFRz7CCjg79iu3tzc.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24693
IP address blocks:        85.95.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:43:29:26:70:7d:10:da:69:00:6e:25:a3:55:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bfd39d55d1b4a63645473ec20a383bf62bb7b737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:be:cd:9a:b6:89:72:df:84:8c:93:85:5c:9b:
                    a6:a5:3b:6f:10:75:c5:f0:1d:b7:90:89:7a:fa:c7:
                    e9:17:44:4e:4c:aa:d1:5c:51:49:cb:42:11:b1:46:
                    94:bb:3c:37:61:2c:d6:2e:ad:3b:be:c0:72:92:5c:
                    52:60:35:7e:16:03:6d:dc:63:38:52:67:3e:1b:92:
                    42:39:a6:e9:4d:80:e0:d2:f0:9c:3e:77:5a:54:e4:
                    5b:e5:6a:38:7a:8d:03:fe:f9:c6:81:92:94:04:d7:
                    bf:2b:cc:fa:8c:f9:d6:d6:1f:aa:f8:a3:a7:cb:9c:
                    03:a9:06:97:7b:8c:5b:9d:ef:de:de:0e:a6:03:c5:
                    1e:f2:e0:4d:ec:a2:ac:a7:bd:d4:22:55:d1:25:b5:
                    2b:3c:0b:bf:ea:4e:10:26:4e:51:73:ed:82:45:05:
                    d2:1e:2a:6c:b5:1e:35:85:48:0c:f6:ad:22:f7:d1:
                    62:5d:54:f4:8a:0a:34:f1:ff:70:b1:ac:9e:b4:18:
                    fe:ee:3a:22:9c:3f:85:4f:25:88:95:65:07:b2:ce:
                    3e:86:af:fc:eb:35:24:24:7a:cc:63:0d:a0:86:64:
                    a3:9c:48:db:43:44:35:21:4b:e0:09:88:be:d6:f5:
                    03:e2:c1:43:80:c3:0c:75:c7:1b:d4:68:58:3e:48:
                    dd:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D3:9D:55:D1:B4:A6:36:45:47:3E:C2:0A:38:3B:F6:2B:B7:B7:37
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/v9OdVdG0pjZFRz7CCjg79iu3tzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.95.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:a9:8d:8b:8d:ff:d6:b1:47:6f:50:b3:e3:6a:8c:07:65:46:
         a5:60:7c:31:21:1e:61:d3:1a:83:6d:60:6e:6c:79:db:a6:c0:
         e0:fd:d6:06:ff:0c:71:e3:ac:18:e6:28:79:e4:21:3d:b4:fe:
         86:68:23:e2:b9:36:05:6e:c9:2e:e3:dc:c0:e1:f5:a9:a4:d4:
         cf:15:a5:25:ad:d9:0b:e5:d9:d5:32:e1:e7:a9:92:4b:94:e4:
         a1:1b:f1:50:a9:ad:c1:9d:50:ff:86:84:47:b9:8c:fa:88:95:
         70:8e:fa:23:26:67:fd:d8:76:d5:1f:c2:05:93:63:d4:89:51:
         2f:14:38:49:c3:7f:d2:8d:a1:f7:bc:71:37:f6:77:b9:15:1f:
         e8:d5:a1:4d:ae:db:dc:e4:75:30:5a:7b:82:e3:6f:1a:8c:6f:
         c6:72:f8:6a:62:4b:93:1c:a9:4c:31:56:93:96:23:cd:e4:1e:
         ca:7f:30:4d:28:91:54:1f:0a:74:5a:e0:c5:9f:9e:a2:bf:1a:
         44:83:93:19:70:64:56:dd:c8:46:5d:ce:eb:6d:c2:d7:f7:3e:
         e6:5f:9b:24:8f:5d:58:7c:56:77:f7:a8:25:18:6a:50:f6:b4:
         89:c5:21:c5:27:31:6a:14:bd:45:a5:33:92:c6:0e:60:c0:b6:
         69:f0:8d:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlEMpJnB9ENppAG4lo1WIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQzOWQ1NWQxYjRhNjM2NDU0NzNlYzIwYTM4M2JmNjJiYjdiNzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo77NmraJct+EjJOFXJumpTtvEHXF
8B23kIl6+sfpF0ROTKrRXFFJy0IRsUaUuzw3YSzWLq07vsByklxSYDV+FgNt3GM4
Umc+G5JCOabpTYDg0vCcPndaVORb5Wo4eo0D/vnGgZKUBNe/K8z6jPnW1h+q+KOn
y5wDqQaXe4xbne/e3g6mA8Ue8uBN7KKsp73UIlXRJbUrPAu/6k4QJk5Rc+2CRQXS
HipstR41hUgM9q0i99FiXVT0igo08f9wsayetBj+7joinD+FTyWIlWUHss4+hq/8
6zUkJHrMYw2ghmSjnEjbQ0Q1IUvgCYi+1vUD4sFDgMMMdccb1GhYPkjd0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/TnVXRtKY2RUc+wgo4O/Yrt7c3MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvdjlPZFZkRzBwalpGUno3Q0NqZzc5aXUzdHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVV9QMA0G
CSqGSIb3DQEBCwUAA4IBAQANqY2Ljf/WsUdvULPjaowHZUalYHwxIR5h0xqDbWBu
bHnbpsDg/dYG/wxx46wY5ih55CE9tP6GaCPiuTYFbsku49zA4fWppNTPFaUlrdkL
5dnVMuHnqZJLlOShG/FQqa3BnVD/hoRHuYz6iJVwjvojJmf92HbVH8IFk2PUiVEv
FDhJw3/SjaH3vHE39ne5FR/o1aFNrtvc5HUwWnuC428ajG/GcvhqYkuTHKlMMVaT
liPN5B7KfzBNKJFUHwp0WuDFn56ivxpEg5MZcGRW3chGXc7rbcLX9z7mX5skj11Y
fFZ396glGGpQ9rSJxSHFJzFqFL1FpTOSxg5gwLZp8I0x
-----END CERTIFICATE-----