Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/jmJ0ZbkXTkuCtZJKX4Z5UD3y6zo.roa
File:                     jmJ0ZbkXTkuCtZJKX4Z5UD3y6zo.roa (raw, json)
Hash identifier:          0yAlLaN/EDGoVnL8yhDmP0qj6cUeLlE1u7WiMFxbNvU=
Subject key identifier:   8E:62:74:65:B9:17:4E:4B:82:B5:92:4A:5F:86:79:50:3D:F2:EB:3A
Certificate issuer:       /CN=c9d57447e3420b853875b6fa40372aade3192ca2
Certificate serial:       018F538FB050A47C52138F86F1C18F02CEB1
Authority key identifier: C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/jmJ0ZbkXTkuCtZJKX4Z5UD3y6zo.roa
Signing time:             Tue 07 May 2024 14:57:56 +0000
ROA not before:           Tue 07 May 2024 14:57:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207983
IP address blocks:        78.135.109.0/24 maxlen: 24
                          188.132.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:8f:b0:50:a4:7c:52:13:8f:86:f1:c1:8f:02:ce:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d57447e3420b853875b6fa40372aade3192ca2
        Validity
            Not Before: May  7 14:57:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e627465b9174e4b82b5924a5f8679503df2eb3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3d:76:3e:23:b0:8e:bb:1c:1a:8a:fd:1b:7f:
                    7e:e8:de:3d:b1:2a:08:a7:65:45:57:c3:99:c6:f8:
                    ad:b2:49:1d:56:1f:4e:32:fa:3e:44:8d:8f:4a:9c:
                    1a:6e:28:19:b3:b9:01:75:3d:b3:b9:15:27:fe:2d:
                    4d:3c:ef:10:bd:f7:16:4a:ba:b7:8c:a3:06:f3:53:
                    15:ef:b3:7a:d0:36:12:f5:dd:fe:9b:99:e3:f5:a8:
                    cd:8b:8a:a9:af:f2:12:71:54:cf:30:98:4b:b9:5c:
                    4f:26:9e:1b:73:e8:e0:b3:3c:64:8a:c7:68:da:01:
                    74:af:f0:ce:f6:83:25:f0:cf:f7:7d:b2:32:db:7c:
                    cb:0b:13:8c:15:27:f9:cb:30:4e:ff:8c:a7:85:c5:
                    8c:40:27:4b:64:c5:cf:f6:6a:e6:d8:a8:9a:4e:e3:
                    1f:6f:23:59:66:f7:60:40:54:7c:28:7c:4f:89:e7:
                    70:32:bd:a1:e5:00:95:c8:a5:d9:3a:b8:b5:f9:ad:
                    94:ce:88:ad:84:0f:9d:f5:4e:53:54:05:76:98:54:
                    e1:be:03:19:02:08:1d:25:79:44:3a:5f:79:c7:3b:
                    de:39:50:e4:25:fa:75:85:34:83:bc:5c:cb:57:d5:
                    1d:4d:3c:94:8e:ff:f9:67:eb:fe:fd:e2:83:f4:01:
                    7c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:62:74:65:B9:17:4E:4B:82:B5:92:4A:5F:86:79:50:3D:F2:EB:3A
            X509v3 Authority Key Identifier:
                keyid:C9:D5:74:47:E3:42:0B:85:38:75:B6:FA:40:37:2A:AD:E3:19:2C:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydV0R-NCC4U4dbb6QDcqreMZLKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/jmJ0ZbkXTkuCtZJKX4Z5UD3y6zo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/1586fd-fd2c-41f8-8fe9-4e198f0a6013/1/ydV0R-NCC4U4dbb6QDcqreMZLKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.135.109.0/24
                  188.132.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:f9:ab:98:39:96:35:f4:61:6e:02:aa:c6:67:c8:95:e0:94:
         d9:14:9b:33:f9:c9:24:5f:f5:79:ba:35:37:86:7d:42:f6:04:
         26:a3:00:ef:5d:39:2c:31:a8:8a:02:a3:fa:d3:5f:c6:24:70:
         54:5e:d4:1b:85:d4:9c:6a:1f:56:44:69:4d:d5:ba:19:bd:19:
         69:35:b3:04:6f:2f:4b:51:9a:5c:fd:18:4b:34:b0:52:0d:80:
         08:d4:b8:aa:c0:3a:60:52:62:7b:e2:49:92:33:25:69:82:94:
         46:eb:8a:24:4c:52:c9:bf:f0:c1:09:a5:0f:4d:66:91:ff:64:
         3d:1c:35:da:58:ad:27:bd:5d:1a:b0:3b:89:f4:1f:9c:0f:06:
         34:f3:d5:c1:df:90:2a:b2:6c:aa:85:0c:01:68:95:e5:f2:d3:
         15:b8:71:5c:76:29:bb:75:a1:a2:bd:e9:3c:77:fb:34:84:32:
         68:f4:3e:d8:29:f8:4f:40:6e:87:bf:e2:94:49:7f:1d:7c:5b:
         27:85:34:db:13:01:c5:fe:94:68:58:62:4d:11:62:2b:24:ac:
         27:6a:33:6b:4d:eb:37:6a:ac:1b:89:05:e1:c2:23:d1:67:0f:
         eb:ad:9f:b1:1f:24:8c:33:25:8f:38:58:ac:27:2f:6e:72:ac:
         d9:8b:ed:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9Tj7BQpHxSE4+G8cGPAs6xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDU3NDQ3ZTM0MjBiODUzODc1YjZmYTQwMzcyYWFkZTMx
OTJjYTIwHhcNMjQwNTA3MTQ1NzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTYyNzQ2NWI5MTc0ZTRiODJiNTkyNGE1Zjg2Nzk1MDNkZjJlYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5T12PiOwjrscGor9G39+6N49sSoI
p2VFV8OZxvitskkdVh9OMvo+RI2PSpwabigZs7kBdT2zuRUn/i1NPO8QvfcWSrq3
jKMG81MV77N60DYS9d3+m5nj9ajNi4qpr/IScVTPMJhLuVxPJp4bc+jgszxkisdo
2gF0r/DO9oMl8M/3fbIy23zLCxOMFSf5yzBO/4ynhcWMQCdLZMXP9mrm2KiaTuMf
byNZZvdgQFR8KHxPiedwMr2h5QCVyKXZOri1+a2UzoithA+d9U5TVAV2mFThvgMZ
AggdJXlEOl95xzveOVDkJfp1hTSDvFzLV9UdTTyUjv/5Z+v+/eKD9AF8ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI5idGW5F05LgrWSSl+GeVA98us6MB8GA1UdIwQY
MBaAFMnVdEfjQguFOHW2+kA3Kq3jGSyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTkt
NGUxOThmMGE2MDEzLzEvam1KMFpia1hUa3VDdFpKS1g0WjVVRDN5NnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8xNTg2ZmQtZmQyYy00MWY4LThmZTktNGUxOThmMGE2MDEz
LzEveWRWMFItTkNDNFU0ZGJiNlFEY3FyZU1aTEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATodtAwQA
vITjMA0GCSqGSIb3DQEBCwUAA4IBAQBy+auYOZY19GFuAqrGZ8iV4JTZFJsz+ckk
X/V5ujU3hn1C9gQmowDvXTksMaiKAqP601/GJHBUXtQbhdScah9WRGlN1boZvRlp
NbMEby9LUZpc/RhLNLBSDYAI1LiqwDpgUmJ74kmSMyVpgpRG64okTFLJv/DBCaUP
TWaR/2Q9HDXaWK0nvV0asDuJ9B+cDwY089XB35AqsmyqhQwBaJXl8tMVuHFcdim7
daGivek8d/s0hDJo9D7YKfhPQG6Hv+KUSX8dfFsnhTTbEwHF/pRoWGJNEWIrJKwn
ajNrTes3aqwbiQXhwiPRZw/rrZ+xHySMMyWPOFisJy9ucqzZi+3D
-----END CERTIFICATE-----