Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/M9_05SPVHfox6llCEdplE9nfU_8.roa
File:                     M9_05SPVHfox6llCEdplE9nfU_8.roa (raw, json)
Hash identifier:          FJs4ma/oXB8tcXPcuM+sqmFFECg4EeAaZMuBMxqyjGE=
Subject key identifier:   33:DF:F4:E5:23:D5:1D:FA:31:EA:59:42:11:DA:65:13:D9:DF:53:FF
Certificate issuer:       /CN=e8df3e9cb69cca58ac702a2d5e9135c3bcab7200
Certificate serial:       018CC2DB3BFB88AA103145D71FDA205D8989
Authority key identifier: E8:DF:3E:9C:B6:9C:CA:58:AC:70:2A:2D:5E:91:35:C3:BC:AB:72:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6N8-nLacyliscCotXpE1w7yrcgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/M9_05SPVHfox6llCEdplE9nfU_8.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24631
IP address blocks:        185.162.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/6N8-nLacyliscCotXpE1w7yrcgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/6N8-nLacyliscCotXpE1w7yrcgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6N8-nLacyliscCotXpE1w7yrcgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3b:fb:88:aa:10:31:45:d7:1f:da:20:5d:89:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8df3e9cb69cca58ac702a2d5e9135c3bcab7200
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33dff4e523d51dfa31ea594211da6513d9df53ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c5:df:ed:47:89:1a:25:6c:e0:76:ff:c0:3c:
                    2c:19:21:23:95:17:64:b7:5f:17:67:a1:00:69:20:
                    e9:2b:55:45:01:73:10:a6:05:9b:82:61:f6:f4:1e:
                    0b:96:d6:d8:78:7a:87:6a:a5:f0:00:dc:7c:b4:92:
                    01:b8:ac:d1:45:c0:3c:e0:39:19:c4:5f:ea:10:fe:
                    98:17:76:f6:ba:8d:ff:dd:82:9c:26:41:43:3a:10:
                    d6:9a:58:90:2b:23:52:28:7f:70:d8:c7:21:3f:50:
                    f0:7a:f8:14:68:86:6d:12:82:cd:4d:e3:a4:83:d3:
                    59:0a:69:dc:01:39:dd:b7:49:8d:e9:a9:f9:f1:36:
                    62:a6:93:98:4d:88:fd:10:c4:ab:db:ca:b3:d8:7b:
                    89:18:ad:02:66:c5:dd:d3:29:4f:8c:c8:eb:91:e9:
                    21:37:f0:b8:f5:23:c0:2a:ff:4e:59:0b:13:2d:6c:
                    68:f3:9a:b6:61:85:5f:c0:9c:47:09:f2:41:40:f0:
                    aa:a2:bd:89:91:c1:ce:9e:26:fe:f7:85:a6:70:2c:
                    20:01:d5:51:66:af:32:5d:70:d1:1a:b6:6b:0b:39:
                    d9:ac:2c:0d:d1:6b:78:ca:d3:ac:40:f2:bc:ed:50:
                    82:f8:d2:4a:30:e2:70:d2:4d:35:c6:c5:ea:03:5b:
                    1f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DF:F4:E5:23:D5:1D:FA:31:EA:59:42:11:DA:65:13:D9:DF:53:FF
            X509v3 Authority Key Identifier:
                keyid:E8:DF:3E:9C:B6:9C:CA:58:AC:70:2A:2D:5E:91:35:C3:BC:AB:72:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6N8-nLacyliscCotXpE1w7yrcgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/M9_05SPVHfox6llCEdplE9nfU_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/e5dfe2-a967-4712-bee6-32187e24889f/1/6N8-nLacyliscCotXpE1w7yrcgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:0e:ed:b2:f1:39:ad:ef:e3:5f:7b:01:e6:3c:7f:fd:04:b0:
         1a:d4:f2:dd:4b:5a:b6:f9:c1:f5:6e:35:19:95:13:85:fe:f4:
         e5:f9:2c:97:fc:55:f4:7c:b1:6d:5b:c6:05:76:f0:a1:99:72:
         74:ef:02:31:f0:2b:f9:92:c3:f6:ae:41:88:ef:80:ee:02:29:
         01:f3:d7:54:e0:a5:f1:e5:fb:73:4d:61:e0:be:2e:ed:ea:ac:
         7a:58:53:38:ab:b9:f0:99:6c:b8:61:2a:a4:45:d9:83:ff:d4:
         3a:c2:d9:97:62:4a:17:37:d3:d2:00:dc:6c:15:4f:45:34:b8:
         ce:27:fe:60:6b:23:7b:49:02:c0:29:b8:cf:11:07:e8:92:ab:
         9c:dc:76:93:5c:51:6c:bf:25:c4:88:b7:c7:73:98:db:ae:f8:
         40:5c:49:62:a6:5f:7a:c0:d8:2a:32:74:1a:ba:6c:9f:66:db:
         9e:ed:c8:83:7c:67:9d:1f:e7:4a:f4:f7:cb:8a:bb:a4:18:76:
         ea:73:7d:29:2d:bf:15:19:5e:23:0c:6b:16:3f:57:dd:6a:e0:
         94:4d:ea:46:bb:a4:99:2a:2d:84:9f:fa:dd:e2:ed:42:42:39:
         92:27:cf:37:49:df:73:83:ae:57:69:4e:2f:5c:d0:1b:d9:10:
         84:74:e9:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zv7iKoQMUXXH9ogXYmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZGYzZTljYjY5Y2NhNThhYzcwMmEyZDVlOTEzNWMzYmNh
YjcyMDAwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2RmZjRlNTIzZDUxZGZhMzFlYTU5NDIxMWRhNjUxM2Q5ZGY1M2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsXf7UeJGiVs4Hb/wDwsGSEjlRdk
t18XZ6EAaSDpK1VFAXMQpgWbgmH29B4LltbYeHqHaqXwANx8tJIBuKzRRcA84DkZ
xF/qEP6YF3b2uo3/3YKcJkFDOhDWmliQKyNSKH9w2MchP1DwevgUaIZtEoLNTeOk
g9NZCmncATndt0mN6an58TZippOYTYj9EMSr28qz2HuJGK0CZsXd0ylPjMjrkekh
N/C49SPAKv9OWQsTLWxo85q2YYVfwJxHCfJBQPCqor2JkcHOnib+94WmcCwgAdVR
Zq8yXXDRGrZrCznZrCwN0Wt4ytOsQPK87VCC+NJKMOJw0k01xsXqA1sfEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPf9OUj1R36MepZQhHaZRPZ31P/MB8GA1UdIwQY
MBaAFOjfPpy2nMpYrHAqLV6RNcO8q3IAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk44LW5MYWN5bGlzY0NvdFhwRTF3N3lyY2dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lNWRmZTItYTk2Ny00NzEyLWJlZTYt
MzIxODdlMjQ4ODlmLzEvTTlfMDVTUFZIZm94NmxsQ0VkcGxFOW5mVV84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lNWRmZTItYTk2Ny00NzEyLWJlZTYtMzIxODdlMjQ4ODlm
LzEvNk44LW5MYWN5bGlzY0NvdFhwRTF3N3lyY2dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaLYMA0G
CSqGSIb3DQEBCwUAA4IBAQAqDu2y8Tmt7+NfewHmPH/9BLAa1PLdS1q2+cH1bjUZ
lROF/vTl+SyX/FX0fLFtW8YFdvChmXJ07wIx8Cv5ksP2rkGI74DuAikB89dU4KXx
5ftzTWHgvi7t6qx6WFM4q7nwmWy4YSqkRdmD/9Q6wtmXYkoXN9PSANxsFU9FNLjO
J/5gayN7SQLAKbjPEQfokquc3HaTXFFsvyXEiLfHc5jbrvhAXElipl96wNgqMnQa
umyfZtue7ciDfGedH+dK9PfLirukGHbqc30pLb8VGV4jDGsWP1fdauCUTepGu6SZ
Ki2En/rd4u1CQjmSJ883Sd9zg65XaU4vXNAb2RCEdOkD
-----END CERTIFICATE-----