Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/cMKquuX8Jl9j8IC3Jp_7Gvudiuo.roa
File:                     cMKquuX8Jl9j8IC3Jp_7Gvudiuo.roa (raw, json)
Hash identifier:          x5qp4wA457EkOdZCr+IlIpsuqHrDIxLn8Z+g0r5K8S4=
Subject key identifier:   70:C2:AA:BA:E5:FC:26:5F:63:F0:80:B7:26:9F:FB:1A:FB:9D:8A:EA
Certificate issuer:       /CN=d9c9baf46d6c94d27ce128da3b65b5a3b06db38b
Certificate serial:       018CC649AACB44893F36A75E1E340D9CE1C2
Authority key identifier: D9:C9:BA:F4:6D:6C:94:D2:7C:E1:28:DA:3B:65:B5:A3:B0:6D:B3:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2cm69G1slNJ84SjaO2W1o7Bts4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/cMKquuX8Jl9j8IC3Jp_7Gvudiuo.roa
Signing time:             Mon 01 Jan 2024 18:29:25 +0000
ROA not before:           Mon 01 Jan 2024 18:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210162
IP address blocks:        185.228.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/2cm69G1slNJ84SjaO2W1o7Bts4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/2cm69G1slNJ84SjaO2W1o7Bts4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2cm69G1slNJ84SjaO2W1o7Bts4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:aa:cb:44:89:3f:36:a7:5e:1e:34:0d:9c:e1:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9c9baf46d6c94d27ce128da3b65b5a3b06db38b
        Validity
            Not Before: Jan  1 18:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70c2aabae5fc265f63f080b7269ffb1afb9d8aea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2b:5e:16:15:e5:17:fe:61:44:8e:6d:31:84:
                    03:c4:d6:45:fd:15:f9:43:46:5a:b9:a9:91:a7:9f:
                    fc:02:24:ad:21:7d:aa:55:5c:1c:97:d6:d3:98:2e:
                    20:64:f0:18:13:05:78:94:0b:5b:c6:6f:51:3e:b9:
                    22:85:e3:38:d3:bb:51:ae:1a:c6:31:cf:c2:bc:a3:
                    69:55:8b:15:17:54:d3:42:d3:f1:a4:1f:88:5d:86:
                    43:d7:53:a2:be:62:0f:1a:3c:39:e5:0e:0a:4f:5c:
                    c6:30:08:24:40:d4:29:45:03:04:f3:08:b4:95:9c:
                    5e:ec:29:5d:6d:dd:34:92:be:99:62:61:94:38:ce:
                    f5:09:40:a2:b9:8e:c0:b1:90:81:53:77:b0:89:3a:
                    9e:c4:2d:b5:5e:c8:21:df:b2:b3:26:ca:8d:94:cd:
                    4a:b2:af:2e:3e:1c:53:83:5e:43:2d:f4:79:7b:90:
                    92:05:c2:c2:fc:52:5d:c4:f1:d3:de:8b:08:1c:fa:
                    64:b5:50:3c:6e:0e:da:cd:9d:a4:6e:d3:c1:12:5b:
                    2f:88:29:f1:49:c2:a0:34:2d:f5:40:4d:a6:2c:cb:
                    53:de:c0:65:af:db:8e:bd:1a:e6:ce:fb:d6:fc:92:
                    f7:3f:be:43:10:3c:bb:62:1b:ae:9c:47:f8:19:e8:
                    d2:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:C2:AA:BA:E5:FC:26:5F:63:F0:80:B7:26:9F:FB:1A:FB:9D:8A:EA
            X509v3 Authority Key Identifier:
                keyid:D9:C9:BA:F4:6D:6C:94:D2:7C:E1:28:DA:3B:65:B5:A3:B0:6D:B3:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2cm69G1slNJ84SjaO2W1o7Bts4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/cMKquuX8Jl9j8IC3Jp_7Gvudiuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/94f98c-c1d1-4fe2-9adc-a010d8e4faf0/1/2cm69G1slNJ84SjaO2W1o7Bts4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:63:13:e3:7f:1f:96:b3:88:3b:9d:dd:ee:b4:ff:8a:06:53:
         21:5d:3b:3e:0f:4a:fe:67:41:8f:77:2a:ea:a3:4d:d4:ea:f6:
         71:dc:08:56:70:37:0f:86:77:91:2a:21:41:d5:4a:7d:8e:91:
         e2:df:fb:35:0a:e3:a8:1d:cc:36:10:b7:6a:0e:d8:6d:ce:5a:
         18:c8:08:56:46:48:f4:ba:b2:50:a0:81:b2:0d:27:de:9b:e8:
         02:d6:79:bb:dd:dc:0a:76:47:ff:2f:25:25:85:12:54:a3:73:
         36:14:98:a8:95:38:9e:01:45:09:6c:3a:2f:d8:b1:97:f5:f0:
         c7:d9:66:ee:f5:2d:45:25:c0:ce:10:b5:b3:47:1c:fa:1d:0f:
         1d:7a:49:22:11:bf:0a:a4:7f:49:99:54:eb:15:80:f2:98:f8:
         ab:3d:0b:75:ef:bf:b9:19:b5:59:a0:ad:ea:25:d8:25:c7:89:
         12:a2:e8:70:55:8c:9d:25:f9:32:17:4d:c9:02:3f:5c:f0:b2:
         6e:81:e9:f8:67:97:4d:6f:ba:0c:26:35:ea:14:3c:6f:e4:62:
         3c:ff:c9:36:ce:7b:ac:d5:fc:6a:45:94:35:d8:31:f9:a4:5d:
         e4:08:a5:e2:00:89:4c:ce:34:7c:82:80:9b:cb:27:e9:e3:a5:
         e0:31:25:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSarLRIk/NqdeHjQNnOHCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YzliYWY0NmQ2Yzk0ZDI3Y2UxMjhkYTNiNjViNWEzYjA2
ZGIzOGIwHhcNMjQwMTAxMTgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGMyYWFiYWU1ZmMyNjVmNjNmMDgwYjcyNjlmZmIxYWZiOWQ4YWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryteFhXlF/5hRI5tMYQDxNZF/RX5
Q0ZauamRp5/8AiStIX2qVVwcl9bTmC4gZPAYEwV4lAtbxm9RPrkiheM407tRrhrG
Mc/CvKNpVYsVF1TTQtPxpB+IXYZD11OivmIPGjw55Q4KT1zGMAgkQNQpRQME8wi0
lZxe7Cldbd00kr6ZYmGUOM71CUCiuY7AsZCBU3ewiTqexC21Xsgh37KzJsqNlM1K
sq8uPhxTg15DLfR5e5CSBcLC/FJdxPHT3osIHPpktVA8bg7azZ2kbtPBElsviCnx
ScKgNC31QE2mLMtT3sBlr9uOvRrmzvvW/JL3P75DEDy7YhuunEf4GejSvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDCqrrl/CZfY/CAtyaf+xr7nYrqMB8GA1UdIwQY
MBaAFNnJuvRtbJTSfOEo2jtltaOwbbOLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmNtNjlHMXNsTko4NFNqYU8yVzFvN0J0czRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NGY5OGMtYzFkMS00ZmUyLTlhZGMt
YTAxMGQ4ZTRmYWYwLzEvY01LcXV1WDhKbDlqOElDM0pwXzdHdnVkaXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NGY5OGMtYzFkMS00ZmUyLTlhZGMtYTAxMGQ4ZTRmYWYw
LzEvMmNtNjlHMXNsTko4NFNqYU8yVzFvN0J0czRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueT5MA0G
CSqGSIb3DQEBCwUAA4IBAQDHYxPjfx+Ws4g7nd3utP+KBlMhXTs+D0r+Z0GPdyrq
o03U6vZx3AhWcDcPhneRKiFB1Up9jpHi3/s1CuOoHcw2ELdqDthtzloYyAhWRkj0
urJQoIGyDSfem+gC1nm73dwKdkf/LyUlhRJUo3M2FJiolTieAUUJbDov2LGX9fDH
2Wbu9S1FJcDOELWzRxz6HQ8dekkiEb8KpH9JmVTrFYDymPirPQt177+5GbVZoK3q
Jdglx4kSouhwVYydJfkyF03JAj9c8LJugen4Z5dNb7oMJjXqFDxv5GI8/8k2znus
1fxqRZQ12DH5pF3kCKXiAIlMzjR8goCbyyfp46XgMSXf
-----END CERTIFICATE-----