Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/09bSrwxi987RLWxKoIVu2ukFT5g.roa
File:                     09bSrwxi987RLWxKoIVu2ukFT5g.roa (raw, json)
Hash identifier:          ueU4ToQTv++p9TQgAM9KKdcomIWAjXDtIg3YI+RzNqY=
Subject key identifier:   D3:D6:D2:AF:0C:62:F7:CE:D1:2D:6C:4A:A0:85:6E:DA:E9:05:4F:98
Certificate issuer:       /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial:       018CC9BCC5E476410503FEDDFB197F43ECD8
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/09bSrwxi987RLWxKoIVu2ukFT5g.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206512
IP address blocks:        185.165.78.0/24 maxlen: 24
                          185.165.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c5:e4:76:41:05:03:fe:dd:fb:19:7f:43:ec:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3d6d2af0c62f7ced12d6c4aa0856edae9054f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:44:3a:d6:ca:09:e3:a4:4a:e3:d4:a5:89:
                    2d:af:2b:b2:37:60:7d:64:71:0e:5c:a1:0f:f4:eb:
                    25:0c:2a:21:c6:34:f0:fe:a0:f3:20:34:ba:1e:4d:
                    5d:ba:46:f3:e9:5a:c5:d5:9a:8b:52:02:a8:d7:4d:
                    aa:71:1a:d7:66:ca:85:af:a4:6c:b3:db:b3:1d:bf:
                    79:a4:22:02:cb:40:29:24:2f:42:93:ae:db:5f:5d:
                    8e:f3:3c:c6:26:24:6a:68:f2:6f:12:d4:d8:d3:f5:
                    26:f3:8c:a6:2f:e5:98:80:e6:2d:d4:8f:12:1c:74:
                    f1:d7:4c:d7:63:c8:ec:69:65:6b:e6:25:22:4e:cf:
                    40:7e:64:5a:9c:7b:5c:9e:1f:e0:fc:b1:dd:34:d4:
                    bf:c6:d8:6f:cf:d0:a6:ef:99:d3:0a:4a:5e:1b:5b:
                    48:fa:d1:0b:c1:a3:63:f9:ed:b2:a8:a3:b0:88:43:
                    90:7f:17:96:21:30:93:b0:5a:8d:78:50:5d:0c:45:
                    43:6a:c4:96:69:2c:ea:d4:8d:ac:e8:53:bd:97:c1:
                    a6:08:57:b7:1e:85:92:07:04:c1:6a:8d:e6:ed:48:
                    59:52:c0:8f:b6:c3:cc:ee:c6:af:76:3a:6f:b6:fa:
                    21:1a:1d:a4:0f:f6:d4:65:8d:29:8a:a4:7d:de:7f:
                    04:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D6:D2:AF:0C:62:F7:CE:D1:2D:6C:4A:A0:85:6E:DA:E9:05:4F:98
            X509v3 Authority Key Identifier:
                keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/09bSrwxi987RLWxKoIVu2ukFT5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:11:69:d7:a2:85:68:74:eb:df:4c:ce:e1:7b:f0:58:f6:fd:
         25:f7:f2:60:f0:02:aa:76:50:5b:64:f7:c6:de:2c:5a:26:65:
         2c:7d:3f:62:d0:da:01:9b:17:3b:35:d1:d5:ce:43:bc:c4:22:
         e3:73:c7:f3:11:47:f4:3d:f4:e9:04:8f:5e:0b:72:74:f8:87:
         b0:29:0a:e2:c4:2a:66:d1:27:3b:44:94:75:cb:63:07:b9:cc:
         e6:4f:bf:92:99:df:c1:be:54:62:a7:eb:ff:b3:8a:30:66:60:
         36:de:04:2e:f8:a2:e8:ad:3e:f0:11:70:d9:10:76:a8:81:b6:
         11:ce:cf:da:80:f0:20:ca:de:53:15:99:22:d6:ce:5c:7c:c9:
         6d:7c:68:a9:59:b5:4e:18:64:bf:33:c0:47:c1:dd:51:b0:f7:
         a8:05:ca:50:7a:74:3b:f7:34:f3:39:a7:9c:b0:f0:6a:f3:39:
         65:25:db:3e:8f:20:6d:d8:8a:58:1c:b9:d7:06:ea:c2:2b:da:
         b2:2f:4e:c0:b3:d7:9d:6e:a9:c3:c2:f2:4b:54:8b:70:de:c8:
         c0:7c:3e:22:29:f6:14:14:f0:ab:05:95:bc:f5:aa:52:46:d9:
         3c:3d:75:f7:2a:c9:1a:48:27:c4:08:c3:be:76:84:5e:8a:9f:
         d9:f5:19:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMXkdkEFA/7d+xl/Q+zYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Q2ZDJhZjBjNjJmN2NlZDEyZDZjNGFhMDg1NmVkYWU5MDU0Zjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL1EOtbKCeOkSuPUpYktryuyN2B9
ZHEOXKEP9OslDCohxjTw/qDzIDS6Hk1dukbz6VrF1ZqLUgKo102qcRrXZsqFr6Rs
s9uzHb95pCICy0ApJC9Ck67bX12O8zzGJiRqaPJvEtTY0/Um84ymL+WYgOYt1I8S
HHTx10zXY8jsaWVr5iUiTs9AfmRanHtcnh/g/LHdNNS/xthvz9Cm75nTCkpeG1tI
+tELwaNj+e2yqKOwiEOQfxeWITCTsFqNeFBdDEVDasSWaSzq1I2s6FO9l8GmCFe3
HoWSBwTBao3m7UhZUsCPtsPM7savdjpvtvohGh2kD/bUZY0piqR93n8ESQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPW0q8MYvfO0S1sSqCFbtrpBU+YMB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvMDliU3J3eGk5ODdSTFd4S29JVnUydWtGVDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaVOMA0G
CSqGSIb3DQEBCwUAA4IBAQB6EWnXooVodOvfTM7he/BY9v0l9/Jg8AKqdlBbZPfG
3ixaJmUsfT9i0NoBmxc7NdHVzkO8xCLjc8fzEUf0PfTpBI9eC3J0+IewKQrixCpm
0Sc7RJR1y2MHuczmT7+Smd/BvlRip+v/s4owZmA23gQu+KLorT7wEXDZEHaogbYR
zs/agPAgyt5TFZki1s5cfMltfGipWbVOGGS/M8BHwd1RsPeoBcpQenQ79zTzOaec
sPBq8zllJds+jyBt2IpYHLnXBurCK9qyL07As9edbqnDwvJLVItw3sjAfD4iKfYU
FPCrBZW89apSRtk8PXX3KskaSCfECMO+doReip/Z9Rka
-----END CERTIFICATE-----