Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/_HwnYOx8loE1jVo8nfivar_tdig.roa
File:                     _HwnYOx8loE1jVo8nfivar_tdig.roa (raw, json)
Hash identifier:          QhMEIV71/g1ejlZrBi4D/Eo8F39EvYYIljovFNhdaUA=
Subject key identifier:   FC:7C:27:60:EC:7C:96:81:35:8D:5A:3C:9D:F8:AF:6A:BF:ED:76:28
Certificate issuer:       /CN=9e459aa4602bffa2d2650ba66818458c89fc4582
Certificate serial:       019421B18D04005F6CCE40468E8B8E412F9E
Authority key identifier: 9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/_HwnYOx8loE1jVo8nfivar_tdig.roa
Signing time:             Wed 01 Jan 2025 11:47:51 +0000
ROA not before:           Wed 01 Jan 2025 11:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60509
IP address blocks:        84.247.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:8d:04:00:5f:6c:ce:40:46:8e:8b:8e:41:2f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e459aa4602bffa2d2650ba66818458c89fc4582
        Validity
            Not Before: Jan  1 11:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc7c2760ec7c9681358d5a3c9df8af6abfed7628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:13:51:a5:f5:f7:80:04:80:5d:c3:a3:66:00:
                    07:da:a8:0d:4e:52:4b:61:3c:08:42:75:b8:12:33:
                    d2:30:5a:9f:80:3b:66:54:28:c7:ad:5b:16:02:09:
                    35:0d:72:96:66:5f:12:58:2c:6d:b3:d6:a1:5b:b1:
                    62:72:78:1c:93:ba:3f:49:2c:6a:ec:5f:d3:f5:dc:
                    84:5f:03:40:6c:42:9a:50:db:e9:96:a5:a5:c9:bc:
                    99:60:1d:ba:6a:84:66:02:b1:4b:cc:66:aa:39:ed:
                    37:a5:44:64:48:fa:61:6d:36:c2:d3:f1:3d:29:c7:
                    3a:58:2c:d0:14:b8:0d:64:37:a7:b7:a5:2f:00:50:
                    4b:df:33:96:e6:b7:eb:5e:c6:50:77:b8:31:28:23:
                    cf:5b:c3:52:09:68:04:82:fa:7b:44:4f:c1:42:44:
                    43:30:9c:5b:2c:a3:cf:30:6a:c5:b3:37:f8:a3:76:
                    7f:2a:34:cb:d7:b0:2e:e6:de:36:d5:eb:42:11:b9:
                    e9:dc:80:89:01:32:05:8c:0c:11:e2:97:37:6c:74:
                    58:2e:8e:ef:53:f5:ea:e6:f9:c7:63:85:18:27:ac:
                    c3:4f:00:de:c4:d4:cd:4f:75:db:98:57:f8:ef:87:
                    78:ae:39:77:47:05:9c:f5:d6:eb:a9:a6:f0:b4:93:
                    7e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:7C:27:60:EC:7C:96:81:35:8D:5A:3C:9D:F8:AF:6A:BF:ED:76:28
            X509v3 Authority Key Identifier:
                keyid:9E:45:9A:A4:60:2B:FF:A2:D2:65:0B:A6:68:18:45:8C:89:FC:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nkWapGAr_6LSZQumaBhFjIn8RYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/_HwnYOx8loE1jVo8nfivar_tdig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/9cc333-68d5-4692-9c5b-28a841da0bfd/1/nkWapGAr_6LSZQumaBhFjIn8RYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.247.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:c3:2a:3e:2f:b8:82:af:c6:a8:0c:64:f4:49:fa:24:90:29:
         57:88:78:cf:e2:a9:fd:58:f2:50:83:21:73:9a:4b:bd:8a:a5:
         d0:a7:74:01:eb:4e:5d:6a:38:3c:a6:3d:42:db:91:43:78:9f:
         7e:89:dc:ee:1a:e2:c2:d9:91:53:52:e4:0d:a1:25:be:a9:17:
         23:24:29:15:e6:b9:9d:c2:87:d9:d7:99:73:9b:ac:7c:21:97:
         b8:f5:8c:93:6d:6d:6a:6a:98:06:6d:08:e9:2b:f1:ab:eb:d0:
         24:93:43:ec:e1:75:77:f5:c1:1f:e8:5e:85:f9:9e:f0:38:e5:
         a2:d0:26:49:cf:cf:bc:40:0c:63:24:85:cc:52:d1:d8:72:ee:
         5a:b2:f3:d2:f9:b2:34:55:88:9f:32:12:d7:7e:38:19:a0:81:
         a8:2b:5b:87:48:54:b1:a4:28:fc:9a:d5:99:86:ac:85:58:7f:
         9f:7e:41:5b:10:73:ab:9c:dc:7e:0b:05:59:24:bc:32:fa:2d:
         dc:2a:34:11:32:ac:28:9a:89:bf:a4:92:aa:6d:da:a9:c3:d7:
         1c:e1:a7:ee:d2:ae:81:68:ca:c1:85:a1:1d:fc:31:7b:a7:a9:
         8d:aa:a0:7b:b0:71:0d:24:21:b6:75:3a:80:8f:27:fd:56:7c:
         33:b8:9e:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsY0EAF9szkBGjouOQS+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNDU5YWE0NjAyYmZmYTJkMjY1MGJhNjY4MTg0NThjODlm
YzQ1ODIwHhcNMjUwMTAxMTE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzdjMjc2MGVjN2M5NjgxMzU4ZDVhM2M5ZGY4YWY2YWJmZWQ3NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBNRpfX3gASAXcOjZgAH2qgNTlJL
YTwIQnW4EjPSMFqfgDtmVCjHrVsWAgk1DXKWZl8SWCxts9ahW7Ficngck7o/SSxq
7F/T9dyEXwNAbEKaUNvplqWlybyZYB26aoRmArFLzGaqOe03pURkSPphbTbC0/E9
Kcc6WCzQFLgNZDent6UvAFBL3zOW5rfrXsZQd7gxKCPPW8NSCWgEgvp7RE/BQkRD
MJxbLKPPMGrFszf4o3Z/KjTL17Au5t421etCEbnp3ICJATIFjAwR4pc3bHRYLo7v
U/Xq5vnHY4UYJ6zDTwDexNTNT3XbmFf474d4rjl3RwWc9dbrqabwtJN+zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPx8J2DsfJaBNY1aPJ34r2q/7XYoMB8GA1UdIwQY
MBaAFJ5FmqRgK/+i0mULpmgYRYyJ/EWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWIt
MjhhODQxZGEwYmZkLzEvX0h3bllPeDhsb0UxalZvOG5maXZhcl90ZGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi85Y2MzMzMtNjhkNS00NjkyLTljNWItMjhhODQxZGEwYmZk
LzEvbmtXYXBHQXJfNkxTWlF1bWFCaEZqSW44UllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPd7MA0G
CSqGSIb3DQEBCwUAA4IBAQCBwyo+L7iCr8aoDGT0SfokkClXiHjP4qn9WPJQgyFz
mku9iqXQp3QB605dajg8pj1C25FDeJ9+idzuGuLC2ZFTUuQNoSW+qRcjJCkV5rmd
wofZ15lzm6x8IZe49YyTbW1qapgGbQjpK/Gr69Akk0Ps4XV39cEf6F6F+Z7wOOWi
0CZJz8+8QAxjJIXMUtHYcu5asvPS+bI0VYifMhLXfjgZoIGoK1uHSFSxpCj8mtWZ
hqyFWH+ffkFbEHOrnNx+CwVZJLwy+i3cKjQRMqwomom/pJKqbdqpw9cc4afu0q6B
aMrBhaEd/DF7p6mNqqB7sHENJCG2dTqAjyf9VnwzuJ6R
-----END CERTIFICATE-----