Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/1fDLN_MyUhTvDaxzFSRI6jq7IVM.roa
File:                     1fDLN_MyUhTvDaxzFSRI6jq7IVM.roa (raw, json)
Hash identifier:          BX9PvrpNKwJN1596bs5P4BJPJub0UvMag1Wg6OxrRKs=
Subject key identifier:   D5:F0:CB:37:F3:32:52:14:EF:0D:AC:73:15:24:48:EA:3A:BB:21:53
Certificate issuer:       /CN=d9c9baf46d6c94d27ce128da3b65b5a3b06db38b
Certificate serial:       018E0F7AAB58B556DAB79CE779DACF31059C
Authority key identifier: D9:C9:BA:F4:6D:6C:94:D2:7C:E1:28:DA:3B:65:B5:A3:B0:6D:B3:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2cm69G1slNJ84SjaO2W1o7Bts4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/1fDLN_MyUhTvDaxzFSRI6jq7IVM.roa
Signing time:             Tue 05 Mar 2024 16:38:01 +0000
ROA not before:           Tue 05 Mar 2024 16:38:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208324
IP address blocks:        185.228.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/2cm69G1slNJ84SjaO2W1o7Bts4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/2cm69G1slNJ84SjaO2W1o7Bts4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2cm69G1slNJ84SjaO2W1o7Bts4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0f:7a:ab:58:b5:56:da:b7:9c:e7:79:da:cf:31:05:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9c9baf46d6c94d27ce128da3b65b5a3b06db38b
        Validity
            Not Before: Mar  5 16:38:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5f0cb37f3325214ef0dac73152448ea3abb2153
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:84:9b:d3:8c:97:a0:f2:3f:d2:70:82:bb:7d:
                    4b:36:66:ce:99:f6:73:40:85:9d:4e:05:9a:64:92:
                    c5:66:11:c8:58:33:94:67:44:ac:7b:c8:e3:4f:21:
                    24:cd:f8:4c:b0:6d:99:93:21:1c:5c:4a:4b:87:65:
                    5f:fd:a1:a7:17:29:ad:fe:a4:89:b8:9d:6f:84:e2:
                    c7:04:72:c0:7e:8b:7d:a1:5f:4e:7b:1c:9b:d7:6c:
                    e4:54:33:07:b7:46:94:a8:5f:29:a1:8a:1d:83:42:
                    70:a7:8c:a0:f1:ba:3c:a3:fc:28:d2:d6:3b:b2:94:
                    bc:44:c5:2e:e7:24:92:6a:c4:6b:5a:a1:dd:5c:c3:
                    a3:d2:8c:b4:a7:2b:51:76:c7:c1:ab:6a:4b:06:d0:
                    ef:e8:2b:b4:fc:94:44:58:9b:bc:5b:3b:f2:4a:37:
                    d8:39:b4:2f:31:8e:3d:8f:1a:8e:2a:9f:93:ed:f0:
                    17:7d:b1:b0:17:5c:45:e2:f2:b4:2b:37:31:2b:9b:
                    a9:90:e2:d9:af:92:d5:50:64:3b:d3:76:13:39:18:
                    4d:14:c2:12:db:7f:f6:05:c9:a3:d7:b6:ac:19:63:
                    f0:1f:f9:00:24:a8:07:16:95:de:7a:47:d3:ae:cf:
                    c1:a2:94:4e:94:53:9a:fa:90:ec:9e:d8:37:13:3b:
                    71:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F0:CB:37:F3:32:52:14:EF:0D:AC:73:15:24:48:EA:3A:BB:21:53
            X509v3 Authority Key Identifier:
                keyid:D9:C9:BA:F4:6D:6C:94:D2:7C:E1:28:DA:3B:65:B5:A3:B0:6D:B3:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2cm69G1slNJ84SjaO2W1o7Bts4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/1fDLN_MyUhTvDaxzFSRI6jq7IVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/2cm69G1slNJ84SjaO2W1o7Bts4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f0:00:a2:d3:41:0a:2d:b4:ec:10:ea:ae:9c:7d:53:67:2e:
         76:70:f3:9b:f9:ea:d0:8b:1e:17:db:7a:81:47:b1:94:09:14:
         1f:3a:3e:39:5f:9b:68:fe:64:1e:b0:c5:78:5e:9c:57:7c:91:
         c3:29:89:ac:8e:e6:a3:3e:cb:3c:e3:0b:68:9e:29:34:3a:87:
         7f:9c:4a:f0:94:19:93:54:c0:11:d0:e6:bb:85:d4:24:2a:54:
         80:c4:40:74:92:81:d0:e4:82:92:52:9f:1c:8e:1a:ef:2e:fc:
         46:3c:1b:f9:fc:c9:72:d6:16:8e:ad:fc:21:ad:17:57:13:94:
         26:00:2a:58:3a:3a:5d:71:07:85:b0:4d:1b:b6:92:e1:71:aa:
         24:6b:d8:71:ee:4c:61:35:39:de:8c:c8:46:c9:66:91:86:a5:
         27:2e:13:16:86:0b:81:25:f9:b0:44:60:02:46:71:5a:e5:2e:
         ed:bf:6f:a4:e7:fe:63:c2:b3:f6:c6:2b:ef:74:03:03:3c:ab:
         c7:6c:ce:bc:a6:eb:19:bd:69:b5:68:4f:2e:16:a0:5d:94:15:
         7c:22:29:37:7c:2c:f1:33:7e:af:50:f0:ef:c2:5b:ff:76:65:
         b8:c4:9e:3b:a0:01:80:b2:67:85:84:9c:27:b7:5f:87:1f:56:
         74:79:8c:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4PeqtYtVbat5znedrPMQWcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YzliYWY0NmQ2Yzk0ZDI3Y2UxMjhkYTNiNjViNWEzYjA2
ZGIzOGIwHhcNMjQwMzA1MTYzODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWYwY2IzN2YzMzI1MjE0ZWYwZGFjNzMxNTI0NDhlYTNhYmIyMTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4Sb04yXoPI/0nCCu31LNmbOmfZz
QIWdTgWaZJLFZhHIWDOUZ0Sse8jjTyEkzfhMsG2ZkyEcXEpLh2Vf/aGnFymt/qSJ
uJ1vhOLHBHLAfot9oV9Oexyb12zkVDMHt0aUqF8poYodg0Jwp4yg8bo8o/wo0tY7
spS8RMUu5ySSasRrWqHdXMOj0oy0pytRdsfBq2pLBtDv6Cu0/JREWJu8WzvySjfY
ObQvMY49jxqOKp+T7fAXfbGwF1xF4vK0KzcxK5upkOLZr5LVUGQ703YTORhNFMIS
23/2Bcmj17asGWPwH/kAJKgHFpXeekfTrs/BopROlFOa+pDsntg3EztxOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXwyzfzMlIU7w2scxUkSOo6uyFTMB8GA1UdIwQY
MBaAFNnJuvRtbJTSfOEo2jtltaOwbbOLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmNtNjlHMXNsTko4NFNqYU8yVzFvN0J0czRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NGY5OGMtYzFkMS00ZmUyLTlhZGMt
YTAxMGQ4ZTRmYWYwLzEvMWZETE5fTXlVaFR2RGF4ekZTUkk2anE3SVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NGY5OGMtYzFkMS00ZmUyLTlhZGMtYTAxMGQ4ZTRmYWYw
LzEvMmNtNjlHMXNsTko4NFNqYU8yVzFvN0J0czRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueT5MA0G
CSqGSIb3DQEBCwUAA4IBAQAW8ACi00EKLbTsEOqunH1TZy52cPOb+erQix4X23qB
R7GUCRQfOj45X5to/mQesMV4XpxXfJHDKYmsjuajPss84wtonik0Ood/nErwlBmT
VMAR0Oa7hdQkKlSAxEB0koHQ5IKSUp8cjhrvLvxGPBv5/Mly1haOrfwhrRdXE5Qm
ACpYOjpdcQeFsE0btpLhcaoka9hx7kxhNTnejMhGyWaRhqUnLhMWhguBJfmwRGAC
RnFa5S7tv2+k5/5jwrP2xivvdAMDPKvHbM68pusZvWm1aE8uFqBdlBV8Iik3fCzx
M36vUPDvwlv/dmW4xJ47oAGAsmeFhJwnt1+HH1Z0eYwc
-----END CERTIFICATE-----