Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/Q9kZ7ilJffm6E3-ffhmyJP3WXBA.roa
File:                     Q9kZ7ilJffm6E3-ffhmyJP3WXBA.roa (raw, json)
Hash identifier:          pAc8+7lwpht1pZlvINvycWuILb1k8JqWiXW8n9Q8CUo=
Subject key identifier:   43:D9:19:EE:29:49:7D:F9:BA:13:7F:9F:7E:19:B2:24:FD:D6:5C:10
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018CC94DB3E3F18C247DB9B57461ED6D2C1A
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/Q9kZ7ilJffm6E3-ffhmyJP3WXBA.roa
Signing time:             Tue 02 Jan 2024 08:32:41 +0000
ROA not before:           Tue 02 Jan 2024 08:32:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202491
IP address blocks:        84.236.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:b3:e3:f1:8c:24:7d:b9:b5:74:61:ed:6d:2c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan  2 08:32:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43d919ee29497df9ba137f9f7e19b224fdd65c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:6c:ca:7f:42:e0:e1:1a:23:c1:a1:86:7f:13:
                    3b:bf:13:39:12:27:af:80:d8:9d:9d:40:78:69:46:
                    31:b3:41:ad:8b:17:1b:86:f3:e1:81:1c:c1:22:1f:
                    e6:bc:e6:c4:c0:8c:4e:7a:e5:48:40:3d:d8:74:7e:
                    58:8c:0b:01:42:73:a3:50:88:89:11:63:a6:74:09:
                    9c:f3:1b:c4:7d:28:5b:9f:f6:41:d9:4f:75:9d:bf:
                    13:cb:1c:02:b0:b4:01:ba:40:d7:02:be:0b:26:11:
                    90:16:14:52:e3:35:ff:a0:9f:81:57:ac:ad:ea:04:
                    23:ef:37:3b:b2:0b:41:df:38:19:56:6b:28:3e:18:
                    b5:b7:a8:5a:aa:92:de:30:39:5a:58:81:3d:01:8c:
                    13:f2:30:bc:de:24:e6:72:ea:38:a5:af:ea:23:25:
                    cb:e4:d2:b6:b4:7b:22:18:75:26:aa:1c:bb:2c:58:
                    1c:aa:79:00:49:93:28:22:27:a2:61:1b:a3:ee:dd:
                    f6:d6:a0:30:9a:8e:35:f2:e4:de:3a:7b:d5:0f:b3:
                    3e:f0:6f:93:fc:d2:63:03:fd:56:3d:4c:89:ea:8a:
                    59:1e:de:f1:f6:f4:5d:66:29:99:2d:73:45:fb:e3:
                    2a:40:e2:f3:1a:4f:67:c7:bd:eb:4a:3a:9a:33:26:
                    f2:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:D9:19:EE:29:49:7D:F9:BA:13:7F:9F:7E:19:B2:24:FD:D6:5C:10
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/Q9kZ7ilJffm6E3-ffhmyJP3WXBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.236.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:f8:6c:6b:85:aa:7b:02:c8:34:e7:b0:70:1b:48:28:eb:88:
         7c:16:0f:fd:be:0c:c3:25:73:6d:2f:eb:8b:89:bd:11:8d:75:
         8c:c4:6f:ae:da:bc:1d:88:3d:0e:ab:98:9e:96:50:3e:1b:84:
         c5:7f:18:d4:41:df:f9:30:15:ca:5a:df:e8:9c:e7:e8:b5:64:
         99:7c:77:98:8e:4c:0b:73:f8:15:52:0f:9b:cc:bf:00:5d:10:
         80:6f:23:7d:34:a3:7a:6b:01:dd:04:a8:e4:3e:27:2d:32:7e:
         23:b2:54:91:74:a2:1d:dd:49:41:71:e8:17:58:47:a7:5b:26:
         15:26:91:d1:d4:5a:c4:0a:1e:31:a1:8d:06:89:0e:b8:f7:28:
         a0:1e:96:89:e3:c0:3e:c2:9b:df:8f:f9:43:eb:e1:e4:6a:a2:
         7b:8d:9b:57:2d:0d:c8:0f:11:9d:58:83:e2:2c:58:34:a3:dc:
         8b:18:78:94:72:3e:8b:e7:59:62:5e:10:f2:64:e0:9b:d4:f9:
         37:81:76:e1:21:98:52:39:29:0e:d5:c1:35:6d:9c:b6:11:d6:
         6b:3c:21:56:99:4d:10:40:a9:75:66:a7:66:de:a5:ba:2b:04:
         9c:53:96:86:de:7b:ef:62:74:e3:1f:be:f3:3c:6e:94:fb:c4:
         5c:d2:3c:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTbPj8Ywkfbm1dGHtbSwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTAyMDgzMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Q5MTllZTI5NDk3ZGY5YmExMzdmOWY3ZTE5YjIyNGZkZDY1YzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmzKf0Lg4RojwaGGfxM7vxM5Eiev
gNidnUB4aUYxs0GtixcbhvPhgRzBIh/mvObEwIxOeuVIQD3YdH5YjAsBQnOjUIiJ
EWOmdAmc8xvEfShbn/ZB2U91nb8TyxwCsLQBukDXAr4LJhGQFhRS4zX/oJ+BV6yt
6gQj7zc7sgtB3zgZVmsoPhi1t6haqpLeMDlaWIE9AYwT8jC83iTmcuo4pa/qIyXL
5NK2tHsiGHUmqhy7LFgcqnkASZMoIieiYRuj7t321qAwmo418uTeOnvVD7M+8G+T
/NJjA/1WPUyJ6opZHt7x9vRdZimZLXNF++MqQOLzGk9nx73rSjqaMybyuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPZGe4pSX35uhN/n34ZsiT91lwQMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvUTlrWjdpbEpmZm02RTMtZmZobXlKUDNXWEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVOyJMA0G
CSqGSIb3DQEBCwUAA4IBAQBm+Gxrhap7Asg057BwG0go64h8Fg/9vgzDJXNtL+uL
ib0RjXWMxG+u2rwdiD0Oq5iellA+G4TFfxjUQd/5MBXKWt/onOfotWSZfHeYjkwL
c/gVUg+bzL8AXRCAbyN9NKN6awHdBKjkPictMn4jslSRdKId3UlBcegXWEenWyYV
JpHR1FrECh4xoY0GiQ649yigHpaJ48A+wpvfj/lD6+HkaqJ7jZtXLQ3IDxGdWIPi
LFg0o9yLGHiUcj6L51liXhDyZOCb1Pk3gXbhIZhSOSkO1cE1bZy2EdZrPCFWmU0Q
QKl1Zqdm3qW6KwScU5aG3nvvYnTjH77zPG6U+8Rc0jwf
-----END CERTIFICATE-----