Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/h9k0jEUO1ZbEDnqJ19ca3BWb-8A.roa
File:                     h9k0jEUO1ZbEDnqJ19ca3BWb-8A.roa (raw, json)
Hash identifier:          cUJu4ZBsOAi1kI+WiB8XIBOQi/eAtja9vOahiPiPyFM=
Subject key identifier:   87:D9:34:8C:45:0E:D5:96:C4:0E:7A:89:D7:D7:1A:DC:15:9B:FB:C0
Certificate issuer:       /CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
Certificate serial:       018CC4935E3487204288187F06CD1A0AC0C9
Authority key identifier: D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/h9k0jEUO1ZbEDnqJ19ca3BWb-8A.roa
Signing time:             Mon 01 Jan 2024 10:30:41 +0000
ROA not before:           Mon 01 Jan 2024 10:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        192.118.70.0/24 maxlen: 24
                          192.118.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5e:34:87:20:42:88:18:7f:06:cd:1a:0a:c0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c1d5fd4e20ade5f11b66afb10a54c8ffe4b040
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87d9348c450ed596c40e7a89d7d71adc159bfbc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:21:0c:62:a8:88:92:2e:29:b3:b0:c0:6e:13:
                    dd:7a:ba:b5:1b:ee:a6:a1:b4:a1:17:f9:22:ab:fc:
                    e2:c3:1e:0e:3d:32:82:19:6c:44:bc:b1:eb:2b:2f:
                    c3:a7:25:dc:38:a7:04:a8:9b:13:82:69:d0:7e:b4:
                    b8:96:85:73:28:a6:d3:82:80:27:52:21:6f:6e:f4:
                    b1:1b:d0:e9:f5:71:af:8b:88:62:75:ed:4a:a8:cd:
                    d3:26:96:f6:0e:7b:d5:04:bc:e5:07:b6:24:70:5b:
                    37:fe:40:80:51:e7:70:cd:c3:7e:74:b0:9e:28:21:
                    2f:0f:48:19:d6:37:cd:1e:b1:e1:51:03:d0:5e:21:
                    1c:b1:a4:9f:20:24:ad:a8:dd:3a:f8:fe:bf:27:d2:
                    e4:c9:e7:d3:fd:6f:62:ac:83:11:be:31:03:10:79:
                    71:f0:16:25:3e:37:12:77:87:b7:21:82:c0:e0:9c:
                    81:9f:9f:fc:47:62:1c:22:61:2d:c6:43:04:d6:49:
                    f7:5c:6e:fa:2d:ab:94:4b:0d:97:ac:1e:61:ee:03:
                    a0:d5:29:56:1f:da:06:23:26:13:3f:e9:5a:d8:41:
                    3e:04:ff:ee:b7:7c:c9:f9:c4:7e:a3:ab:05:75:8f:
                    01:54:cb:fd:05:60:ef:2f:6a:a2:d5:8d:e8:12:ba:
                    fc:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D9:34:8C:45:0E:D5:96:C4:0E:7A:89:D7:D7:1A:DC:15:9B:FB:C0
            X509v3 Authority Key Identifier:
                keyid:D2:C1:D5:FD:4E:20:AD:E5:F1:1B:66:AF:B1:0A:54:C8:FF:E4:B0:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sHV_U4greXxG2avsQpUyP_ksEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/h9k0jEUO1ZbEDnqJ19ca3BWb-8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/8613ad-4f5f-45fd-8799-a09a875f5903/1/0sHV_U4greXxG2avsQpUyP_ksEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.118.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:15:fe:c1:db:d5:2d:51:4d:95:60:c3:1c:cc:43:f6:21:d8:
         36:b4:2f:ed:dd:d6:8f:f8:dd:a7:59:d9:a3:38:7b:20:bb:8d:
         bd:7c:cc:f7:54:35:2a:39:b4:81:a7:0b:c8:30:7e:f5:ba:da:
         f3:c8:23:65:bd:b9:59:26:c9:b9:c4:6b:2a:50:93:27:bf:c3:
         cb:bd:8e:dc:5c:37:2e:10:29:ca:ca:37:fe:b9:a9:7b:2f:d1:
         3c:da:6e:42:88:44:58:a3:ff:41:0d:94:a0:57:e1:98:94:6c:
         11:a1:df:9c:bf:35:fa:a1:fd:2f:fd:95:d4:94:f5:d7:2a:99:
         5e:b2:6a:70:55:9b:27:a6:43:15:9e:83:7c:5f:5f:2d:6c:cf:
         3b:1b:3f:85:53:4e:8c:36:5b:05:6b:04:d9:f5:aa:36:e1:f7:
         c0:ee:9d:97:c6:3b:69:86:b2:8f:64:d9:65:e3:2a:72:56:24:
         02:36:51:10:55:3b:63:35:73:ec:19:bd:8d:30:a1:84:64:9b:
         c7:6d:ee:13:68:03:cd:e2:0e:c8:6f:54:59:fc:26:42:4a:ae:
         76:ba:92:75:2e:ee:8b:17:be:c6:d7:1c:b9:84:f5:58:23:18:
         86:85:f5:5c:25:62:b0:cd:83:38:fe:52:b6:d8:9b:3a:ba:85:
         49:14:e8:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk140hyBCiBh/Bs0aCsDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzFkNWZkNGUyMGFkZTVmMTFiNjZhZmIxMGE1NGM4ZmZl
NGIwNDAwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Q5MzQ4YzQ1MGVkNTk2YzQwZTdhODlkN2Q3MWFkYzE1OWJmYmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSEMYqiIki4ps7DAbhPderq1G+6m
obShF/kiq/ziwx4OPTKCGWxEvLHrKy/DpyXcOKcEqJsTgmnQfrS4loVzKKbTgoAn
UiFvbvSxG9Dp9XGvi4hide1KqM3TJpb2DnvVBLzlB7YkcFs3/kCAUedwzcN+dLCe
KCEvD0gZ1jfNHrHhUQPQXiEcsaSfICStqN06+P6/J9LkyefT/W9irIMRvjEDEHlx
8BYlPjcSd4e3IYLA4JyBn5/8R2IcImEtxkME1kn3XG76LauUSw2XrB5h7gOg1SlW
H9oGIyYTP+la2EE+BP/ut3zJ+cR+o6sFdY8BVMv9BWDvL2qi1Y3oErr8MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfZNIxFDtWWxA56idfXGtwVm/vAMB8GA1UdIwQY
MBaAFNLB1f1OIK3l8Rtmr7EKVMj/5LBAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTkt
YTA5YTg3NWY1OTAzLzEvaDlrMGpFVU8xWmJFRG5xSjE5Y2EzQldiLThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC84NjEzYWQtNGY1Zi00NWZkLTg3OTktYTA5YTg3NWY1OTAz
LzEvMHNIVl9VNGdyZVh4RzJhdnNRcFV5UF9rc0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwHZGMA0G
CSqGSIb3DQEBCwUAA4IBAQCJFf7B29UtUU2VYMMczEP2Idg2tC/t3daP+N2nWdmj
OHsgu429fMz3VDUqObSBpwvIMH71utrzyCNlvblZJsm5xGsqUJMnv8PLvY7cXDcu
ECnKyjf+ual7L9E82m5CiERYo/9BDZSgV+GYlGwRod+cvzX6of0v/ZXUlPXXKple
smpwVZsnpkMVnoN8X18tbM87Gz+FU06MNlsFawTZ9ao24ffA7p2XxjtphrKPZNll
4ypyViQCNlEQVTtjNXPsGb2NMKGEZJvHbe4TaAPN4g7Ib1RZ/CZCSq52upJ1Lu6L
F77G1xy5hPVYIxiGhfVcJWKwzYM4/lK22Js6uoVJFOin
-----END CERTIFICATE-----