Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/DJ3xsn4AGyOFLwibFH0SEtAtTTo.roa
File:                     DJ3xsn4AGyOFLwibFH0SEtAtTTo.roa (raw, json)
Hash identifier:          JIDzI5yhJyTqILByfLdhhO+DDMBoWyksm2EDpkJAl4Y=
Subject key identifier:   0C:9D:F1:B2:7E:00:1B:23:85:2F:08:9B:14:7D:12:12:D0:2D:4D:3A
Certificate issuer:       /CN=04560bea392eaf69208ab705ef405cf78684176b
Certificate serial:       018ECF58CBB1977A95B089AC62601CB9F4AB
Authority key identifier: 04:56:0B:EA:39:2E:AF:69:20:8A:B7:05:EF:40:5C:F7:86:84:17:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BFYL6jkur2kgircF70Bc94aEF2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/DJ3xsn4AGyOFLwibFH0SEtAtTTo.roa
Signing time:             Thu 11 Apr 2024 22:48:06 +0000
ROA not before:           Thu 11 Apr 2024 22:48:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395363
IP address blocks:        185.173.184.0/24 maxlen: 24
                          185.173.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/BFYL6jkur2kgircF70Bc94aEF2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/BFYL6jkur2kgircF70Bc94aEF2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BFYL6jkur2kgircF70Bc94aEF2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cf:58:cb:b1:97:7a:95:b0:89:ac:62:60:1c:b9:f4:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04560bea392eaf69208ab705ef405cf78684176b
        Validity
            Not Before: Apr 11 22:48:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c9df1b27e001b23852f089b147d1212d02d4d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:58:e0:2d:e7:f8:5f:14:ac:17:63:e5:76:93:
                    a4:e2:c6:9f:33:b3:01:12:ad:c6:f6:e5:3b:a4:49:
                    13:f1:ff:db:c7:0b:44:37:e1:68:1e:0a:de:31:4c:
                    95:a6:64:73:50:11:57:6d:48:e4:e8:5e:10:b9:ac:
                    f1:4b:4f:f6:f8:1d:2d:20:e3:70:20:4b:97:a9:e6:
                    9b:37:ad:f9:bd:85:2f:4b:a5:07:57:de:52:eb:18:
                    5e:1a:c1:93:b5:c0:28:e6:bd:75:03:0f:5c:73:bd:
                    ee:aa:4a:a8:84:70:19:7c:75:cf:3e:cd:06:95:b7:
                    cb:47:f8:ac:bd:b6:69:c5:ab:56:e5:6f:23:7d:e7:
                    06:76:93:fd:a0:8d:2d:bd:4a:cc:9c:43:2e:29:2c:
                    ae:e6:b1:e9:e2:ec:ff:ae:6c:65:b0:45:51:ed:98:
                    25:d6:15:c0:c3:e2:74:d0:2a:1d:ed:92:e3:d9:75:
                    d7:01:49:f9:9a:42:18:b8:ea:25:55:fb:9c:17:16:
                    4a:47:81:c7:8e:8d:00:a8:6d:4c:0a:57:c2:59:5a:
                    49:cf:a2:61:d4:af:9e:e2:ae:f1:20:86:6e:eb:cc:
                    33:68:8d:4d:dc:4b:e2:87:5f:1a:f2:0f:b4:2b:7e:
                    78:13:18:c0:d6:ac:b0:bf:0c:b5:19:e9:2a:9e:b1:
                    2e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:9D:F1:B2:7E:00:1B:23:85:2F:08:9B:14:7D:12:12:D0:2D:4D:3A
            X509v3 Authority Key Identifier:
                keyid:04:56:0B:EA:39:2E:AF:69:20:8A:B7:05:EF:40:5C:F7:86:84:17:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BFYL6jkur2kgircF70Bc94aEF2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/DJ3xsn4AGyOFLwibFH0SEtAtTTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/BFYL6jkur2kgircF70Bc94aEF2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:8f:8d:c4:74:9a:22:f2:e7:ff:6d:47:c0:3e:50:61:fa:30:
         3a:08:1c:22:86:ff:1f:38:c4:cd:3d:2c:6a:f8:5d:a9:89:21:
         9a:6a:35:ca:1f:6a:62:9d:58:f6:10:3c:b3:8e:26:3e:2d:c5:
         25:59:07:12:c1:13:e0:ca:b8:a9:ce:cd:50:b6:d3:6f:be:83:
         05:b5:4c:a8:1c:be:a3:80:de:ec:ea:13:65:8b:7d:55:5a:da:
         a4:f5:05:3b:b0:af:a9:54:ad:f6:86:81:df:c3:92:e4:97:35:
         d6:d6:c8:c9:ce:1a:77:01:cb:a8:04:27:b1:5d:2a:fd:d0:5c:
         27:49:08:2f:cb:23:97:49:9e:11:26:66:c3:07:86:c2:54:24:
         84:cf:64:dc:03:d2:c9:4a:98:e9:c0:53:b5:67:a3:bf:09:22:
         76:c2:b2:ac:7b:0c:f2:6d:37:be:d9:16:17:de:ee:ea:16:86:
         93:16:98:c6:06:7c:dd:d5:4f:7b:ab:fc:10:3f:5b:f3:86:12:
         6c:c0:d7:81:fa:3b:11:75:8a:29:bc:09:eb:ce:b3:4c:0b:29:
         13:be:7b:7b:19:25:2b:97:21:c7:76:cb:14:be:fd:18:10:b1:
         75:cc:dd:5f:d8:44:ff:6c:f6:f2:8e:ae:a3:e8:7b:39:6b:e5:
         fa:29:ce:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7PWMuxl3qVsImsYmAcufSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NTYwYmVhMzkyZWFmNjkyMDhhYjcwNWVmNDA1Y2Y3ODY4
NDE3NmIwHhcNMjQwNDExMjI0ODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzlkZjFiMjdlMDAxYjIzODUyZjA4OWIxNDdkMTIxMmQwMmQ0ZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1jgLef4XxSsF2PldpOk4safM7MB
Eq3G9uU7pEkT8f/bxwtEN+FoHgreMUyVpmRzUBFXbUjk6F4QuazxS0/2+B0tIONw
IEuXqeabN635vYUvS6UHV95S6xheGsGTtcAo5r11Aw9cc73uqkqohHAZfHXPPs0G
lbfLR/isvbZpxatW5W8jfecGdpP9oI0tvUrMnEMuKSyu5rHp4uz/rmxlsEVR7Zgl
1hXAw+J00Cod7ZLj2XXXAUn5mkIYuOolVfucFxZKR4HHjo0AqG1MClfCWVpJz6Jh
1K+e4q7xIIZu68wzaI1N3Evih18a8g+0K354ExjA1qywvwy1GekqnrEumwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyd8bJ+ABsjhS8ImxR9EhLQLU06MB8GA1UdIwQY
MBaAFARWC+o5Lq9pIIq3Be9AXPeGhBdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkZZTDZqa3VyMmtnaXJjRjcwQmM5NGFFRjJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9jZTRhNGUtYjFhMy00NWY0LWEyN2Mt
ZTFhY2EwMTA2MmZmLzEvREozeHNuNEFHeU9GTHdpYkZIMFNFdEF0VFRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9jZTRhNGUtYjFhMy00NWY0LWEyN2MtZTFhY2EwMTA2MmZm
LzEvQkZZTDZqa3VyMmtnaXJjRjcwQmM5NGFFRjJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBua24MA0G
CSqGSIb3DQEBCwUAA4IBAQBGj43EdJoi8uf/bUfAPlBh+jA6CBwihv8fOMTNPSxq
+F2piSGaajXKH2pinVj2EDyzjiY+LcUlWQcSwRPgyripzs1QttNvvoMFtUyoHL6j
gN7s6hNli31VWtqk9QU7sK+pVK32hoHfw5LklzXW1sjJzhp3AcuoBCexXSr90Fwn
SQgvyyOXSZ4RJmbDB4bCVCSEz2TcA9LJSpjpwFO1Z6O/CSJ2wrKsewzybTe+2RYX
3u7qFoaTFpjGBnzd1U97q/wQP1vzhhJswNeB+jsRdYopvAnrzrNMCykTvnt7GSUr
lyHHdssUvv0YELF1zN1f2ET/bPbyjq6j6Hs5a+X6Kc7x
-----END CERTIFICATE-----