Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/KR9uzDZWMSFMmHpV5pdZC-NXjcA.roa
File:                     KR9uzDZWMSFMmHpV5pdZC-NXjcA.roa (raw, json)
Hash identifier:          dbov7HMxo440g/aizrB3ZgoiQYVvCVjULboJAdvyWIM=
Subject key identifier:   29:1F:6E:CC:36:56:31:21:4C:98:7A:55:E6:97:59:0B:E3:57:8D:C0
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC795509BA8A28CF75F971B74B8451A6F
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/KR9uzDZWMSFMmHpV5pdZC-NXjcA.roa
Signing time:             Tue 02 Jan 2024 00:31:40 +0000
ROA not before:           Tue 02 Jan 2024 00:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49023
IP address blocks:        93.114.80.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 04:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:50:9b:a8:a2:8c:f7:5f:97:1b:74:b8:45:1a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=291f6ecc365631214c987a55e697590be3578dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2b:2d:6d:90:c9:ec:80:e4:dc:81:65:21:91:
                    55:7a:bc:58:28:5f:df:a4:aa:61:90:ba:ee:98:90:
                    35:88:c6:2b:2d:d1:9c:3f:b9:4e:be:9c:39:11:a0:
                    0c:b9:72:c1:0e:09:38:61:8e:27:ce:5e:5a:65:f2:
                    a0:9f:56:92:e8:62:0f:40:b2:43:d1:de:f5:b4:28:
                    0f:a7:73:8c:27:7a:bb:71:13:a3:d8:20:f0:e2:85:
                    9d:21:d9:83:f4:9e:f4:c5:57:95:64:28:2b:b1:c6:
                    ed:85:7a:6a:e1:a5:6f:79:7e:61:7f:2e:ef:32:90:
                    4a:2d:fe:a3:78:d4:a5:78:11:1f:88:11:14:54:5b:
                    65:2e:d4:4b:34:61:1f:54:2d:25:09:8c:f0:19:52:
                    68:8e:57:1b:a1:33:34:5a:29:86:85:d8:1a:29:ad:
                    bb:ac:28:c5:94:12:3f:de:88:7d:f5:36:08:83:2d:
                    14:4d:33:87:28:cf:78:b5:21:33:f6:13:05:f0:6c:
                    24:db:72:3e:7b:c9:76:b0:76:74:df:bf:c8:ea:19:
                    67:d2:4d:d1:ba:a2:8a:86:ea:59:94:ce:68:40:ec:
                    33:07:ca:d1:8b:73:46:19:65:d9:3d:90:17:8a:ab:
                    d3:f7:1a:a4:41:f7:b2:0d:b4:10:d4:e8:d5:a6:1c:
                    91:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:1F:6E:CC:36:56:31:21:4C:98:7A:55:E6:97:59:0B:E3:57:8D:C0
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/KR9uzDZWMSFMmHpV5pdZC-NXjcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:b7:0b:4a:ac:f4:6d:b0:6f:fe:53:8c:69:36:cd:19:ce:56:
         4b:51:c9:c4:b5:d2:c7:4d:69:29:1e:30:28:50:f3:5f:d5:df:
         a9:9e:3d:8e:b6:fe:9c:79:9c:ff:5f:4a:83:e3:a7:4d:aa:ad:
         8f:24:2f:a6:a5:f3:5a:d0:18:66:e5:68:5f:20:bf:f6:16:22:
         0c:1e:a2:ab:81:bb:74:9f:b2:0a:b6:5b:c1:c4:bb:1c:62:cb:
         90:5c:17:64:cb:47:3b:12:91:c2:0b:33:f2:83:35:24:73:d8:
         02:d5:fe:be:bb:0f:ae:d5:f2:60:e7:47:f7:9c:1e:a4:0f:f7:
         44:db:25:70:0a:26:2f:5b:a8:44:29:d2:d4:85:bc:1b:5a:85:
         6a:93:4e:77:9d:1a:ad:e2:e7:d8:1f:ba:24:02:70:7f:23:28:
         f7:79:ec:e3:46:6a:26:91:23:a5:4a:97:84:5e:f8:e3:65:4d:
         1d:86:53:b8:9d:75:4e:ff:d3:09:62:ac:36:49:8e:94:c6:df:
         0d:37:91:c1:b5:01:f9:71:99:93:ca:f6:49:d2:4c:ad:22:d0:
         31:3a:c8:8d:39:3f:ff:3b:5e:96:7b:9a:91:1c:f4:b4:9e:0f:
         6a:9e:00:96:06:ff:35:c9:49:21:ab:9a:67:57:88:ad:1a:50:
         10:49:e3:e6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVCbqKKM91+XG3S4RRpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTFmNmVjYzM2NTYzMTIxNGM5ODdhNTVlNjk3NTkwYmUzNTc4ZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsystbZDJ7IDk3IFlIZFVerxYKF/f
pKphkLrumJA1iMYrLdGcP7lOvpw5EaAMuXLBDgk4YY4nzl5aZfKgn1aS6GIPQLJD
0d71tCgPp3OMJ3q7cROj2CDw4oWdIdmD9J70xVeVZCgrscbthXpq4aVveX5hfy7v
MpBKLf6jeNSleBEfiBEUVFtlLtRLNGEfVC0lCYzwGVJojlcboTM0WimGhdgaKa27
rCjFlBI/3oh99TYIgy0UTTOHKM94tSEz9hMF8Gwk23I+e8l2sHZ037/I6hln0k3R
uqKKhupZlM5oQOwzB8rRi3NGGWXZPZAXiqvT9xqkQfeyDbQQ1OjVphyRAQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCkfbsw2VjEhTJh6VeaXWQvjV43AMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0tSOXV6RFpXTVNGTW1IcFY1cGRaQy1OWGpjQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFdclAw
DQYJKoZIhvcNAQELBQADggEBAEC3C0qs9G2wb/5TjGk2zRnOVktRycS10sdNaSke
MChQ81/V36mePY62/px5nP9fSoPjp02qrY8kL6al81rQGGblaF8gv/YWIgweoquB
u3Sfsgq2W8HEuxxiy5BcF2TLRzsSkcILM/KDNSRz2ALV/r67D67V8mDnR/ecHqQP
90TbJXAKJi9bqEQp0tSFvBtahWqTTnedGq3i59gfuiQCcH8jKPd57ONGaiaRI6VK
l4Re+ONlTR2GU7iddU7/0wlirDZJjpTG3w03kcG1AflxmZPK9knSTK0i0DE6yI05
P/87XpZ7mpEc9LSeD2qeAJYG/zXJSSGrmmdXiK0aUBBJ4+Y=
-----END CERTIFICATE-----