Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/V9mKfQuesGhFqG9kLm0TlWxMFNs.roa
File:                     V9mKfQuesGhFqG9kLm0TlWxMFNs.roa (raw, json)
Hash identifier:          kCz/MHD5l+BKBNbCZS/7Pmw0Z5mXIFBiTqK65QEdCJg=
Subject key identifier:   57:D9:8A:7D:0B:9E:B0:68:45:A8:6F:64:2E:6D:13:95:6C:4C:14:DB
Certificate issuer:       /CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
Certificate serial:       018CC94D7C9097163FC1F217E538BC586018
Authority key identifier: 23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/V9mKfQuesGhFqG9kLm0TlWxMFNs.roa
Signing time:             Tue 02 Jan 2024 08:32:27 +0000
ROA not before:           Tue 02 Jan 2024 08:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210987
IP address blocks:        195.230.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7c:90:97:16:3f:c1:f2:17:e5:38:bc:58:60:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2378a4a9c52325a85920809ba1a4d89e21c02f17
        Validity
            Not Before: Jan  2 08:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57d98a7d0b9eb06845a86f642e6d13956c4c14db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:95:34:fb:36:6c:b8:d6:e1:69:88:4e:f3:10:
                    86:1b:82:73:9a:90:aa:28:ad:a1:0a:2a:03:d4:02:
                    cc:9e:5a:5d:d1:47:59:77:f7:09:1e:5d:d9:fc:df:
                    89:1c:7c:dd:1d:19:a0:9f:4e:85:ea:f4:95:73:13:
                    3f:9b:cf:56:5c:ea:77:ea:c5:e2:a7:3a:77:8b:d4:
                    47:c5:eb:75:b7:19:7f:8e:0b:fc:57:58:86:e3:4b:
                    9f:fb:6a:f3:a2:1a:9b:87:cd:f6:55:65:9c:9f:40:
                    5a:4f:81:05:9c:ca:83:f6:1a:da:7e:87:c4:d8:fa:
                    03:8c:8b:76:76:d2:d1:c4:82:0e:dc:9d:77:aa:c5:
                    de:9d:70:aa:92:c0:2c:f9:1b:a3:19:9c:5d:fd:cd:
                    36:b3:8b:ee:00:9a:cf:f8:ab:3d:0c:c6:8c:55:a1:
                    40:55:0f:24:3c:0d:6c:8c:ba:80:ab:e7:a2:55:83:
                    5b:34:a5:f7:02:d8:c0:78:a0:e0:db:3b:4b:0b:47:
                    8c:ae:af:75:bf:e8:4d:8f:d4:e8:91:1a:ef:c5:36:
                    12:d5:a1:ea:08:73:9c:0c:7f:24:09:67:2f:1e:ae:
                    db:8f:64:e6:0a:81:f3:be:31:12:49:ee:f6:e7:5a:
                    be:91:08:e3:67:7d:eb:18:4d:fd:73:c8:e6:f5:1d:
                    e5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:D9:8A:7D:0B:9E:B0:68:45:A8:6F:64:2E:6D:13:95:6C:4C:14:DB
            X509v3 Authority Key Identifier:
                keyid:23:78:A4:A9:C5:23:25:A8:59:20:80:9B:A1:A4:D8:9E:21:C0:2F:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I3ikqcUjJahZIICboaTYniHALxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/V9mKfQuesGhFqG9kLm0TlWxMFNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/d654be-174e-41f7-9cfb-937e27ee1b5b/1/I3ikqcUjJahZIICboaTYniHALxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.230.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:68:41:7b:f9:62:3e:11:1b:0a:52:cc:14:c9:ca:e1:cf:81:
         0f:61:31:00:54:78:e2:7d:9c:b0:9b:cc:11:74:09:a5:1b:ee:
         c9:d6:c9:7a:42:26:78:78:b4:47:75:4b:03:92:a7:89:bb:69:
         e3:b5:f2:ae:ce:f7:59:a4:e0:37:40:5c:d9:00:1f:19:0e:e4:
         71:fd:3d:77:24:3d:b2:2f:89:5c:6c:2f:81:7b:f9:57:5c:9c:
         7c:c7:72:33:23:e0:82:e3:2f:7f:9e:7b:08:bd:fd:1a:54:57:
         b5:41:be:82:ff:2d:4e:2b:ba:56:60:18:c0:1c:c5:a3:34:6e:
         e4:92:92:a8:3f:b5:f8:e5:0c:9b:35:e4:a5:aa:ab:a8:76:07:
         e6:ec:81:fd:c5:73:dd:cd:28:c8:b7:93:e9:99:49:1e:e9:9e:
         1b:d6:37:da:f2:b5:03:0c:01:22:25:78:e7:58:d0:8e:35:7d:
         e1:96:68:da:a0:44:3e:f0:d9:11:72:f6:40:da:36:79:39:87:
         e9:9d:27:19:e3:60:85:b2:2a:ac:f1:93:90:88:6e:cb:9e:a9:
         9d:81:5e:42:42:da:6a:73:f3:bd:9c:fa:09:87:e1:e3:53:e3:
         73:60:57:10:e0:d0:dd:43:72:12:4b:ac:a7:cf:b2:1c:e3:98:
         a9:96:db:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXyQlxY/wfIX5Ti8WGAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNzhhNGE5YzUyMzI1YTg1OTIwODA5YmExYTRkODllMjFj
MDJmMTcwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2Q5OGE3ZDBiOWViMDY4NDVhODZmNjQyZTZkMTM5NTZjNGMxNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5U0+zZsuNbhaYhO8xCGG4JzmpCq
KK2hCioD1ALMnlpd0UdZd/cJHl3Z/N+JHHzdHRmgn06F6vSVcxM/m89WXOp36sXi
pzp3i9RHxet1txl/jgv8V1iG40uf+2rzohqbh832VWWcn0BaT4EFnMqD9hrafofE
2PoDjIt2dtLRxIIO3J13qsXenXCqksAs+RujGZxd/c02s4vuAJrP+Ks9DMaMVaFA
VQ8kPA1sjLqAq+eiVYNbNKX3AtjAeKDg2ztLC0eMrq91v+hNj9TokRrvxTYS1aHq
CHOcDH8kCWcvHq7bj2TmCoHzvjESSe7251q+kQjjZ33rGE39c8jm9R3lzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfZin0LnrBoRahvZC5tE5VsTBTbMB8GA1UdIwQY
MBaAFCN4pKnFIyWoWSCAm6Gk2J4hwC8XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmIt
OTM3ZTI3ZWUxYjViLzEvVjltS2ZRdWVzR2hGcUc5a0xtMFRsV3hNRk5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9kNjU0YmUtMTc0ZS00MWY3LTljZmItOTM3ZTI3ZWUxYjVi
LzEvSTNpa3FjVWpKYWhaSUlDYm9hVFluaUhBTHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw+aIMA0G
CSqGSIb3DQEBCwUAA4IBAQAiaEF7+WI+ERsKUswUycrhz4EPYTEAVHjifZywm8wR
dAmlG+7J1sl6QiZ4eLRHdUsDkqeJu2njtfKuzvdZpOA3QFzZAB8ZDuRx/T13JD2y
L4lcbC+Be/lXXJx8x3IzI+CC4y9/nnsIvf0aVFe1Qb6C/y1OK7pWYBjAHMWjNG7k
kpKoP7X45QybNeSlqquodgfm7IH9xXPdzSjIt5PpmUke6Z4b1jfa8rUDDAEiJXjn
WNCONX3hlmjaoEQ+8NkRcvZA2jZ5OYfpnScZ42CFsiqs8ZOQiG7LnqmdgV5CQtpq
c/O9nPoJh+HjU+NzYFcQ4NDdQ3ISS6ynz7Ic45ipltuS
-----END CERTIFICATE-----