Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/hJioCN97izkIox1mGQfBb7VOt7U.roa
File:                     hJioCN97izkIox1mGQfBb7VOt7U.roa (raw, json)
Hash identifier:          Z/9TCo9hkciBNrrwj8YF4K8Y25b9M4lsHPn/aSPl80s=
Subject key identifier:   84:98:A8:08:DF:7B:8B:39:08:A3:1D:66:19:07:C1:6F:B5:4E:B7:B5
Certificate issuer:       /CN=f566016d878230128b58e279d661c195e6399588
Certificate serial:       018D7F3943077660D4EC35341CEE33C66EEF
Authority key identifier: F5:66:01:6D:87:82:30:12:8B:58:E2:79:D6:61:C1:95:E6:39:95:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WYBbYeCMBKLWOJ51mHBleY5lYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/hJioCN97izkIox1mGQfBb7VOt7U.roa
Signing time:             Tue 06 Feb 2024 16:21:15 +0000
ROA not before:           Tue 06 Feb 2024 16:21:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.158.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/9WYBbYeCMBKLWOJ51mHBleY5lYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/9WYBbYeCMBKLWOJ51mHBleY5lYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9WYBbYeCMBKLWOJ51mHBleY5lYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7f:39:43:07:76:60:d4:ec:35:34:1c:ee:33:c6:6e:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f566016d878230128b58e279d661c195e6399588
        Validity
            Not Before: Feb  6 16:21:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8498a808df7b8b3908a31d661907c16fb54eb7b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b1:af:51:67:af:d7:df:73:93:92:79:aa:1d:
                    01:cc:30:4a:a6:a6:19:1c:a7:e2:49:44:fa:db:95:
                    83:2d:ce:81:af:14:77:e4:de:8b:92:dc:ca:0e:3e:
                    5f:e7:6b:7e:3e:b7:9c:22:3a:74:07:15:c8:de:ac:
                    d8:4a:72:0a:03:fc:ef:db:6d:41:81:79:b6:51:07:
                    1b:b5:86:85:2d:32:f4:a9:a7:24:39:c4:e8:a7:ab:
                    64:90:80:a9:3b:79:9c:eb:97:55:41:a1:22:23:c6:
                    0e:cb:76:a6:f9:b8:db:2d:a8:9e:89:2f:bb:df:0a:
                    c3:23:8d:51:17:7b:c6:32:c9:4c:e1:5e:c5:19:ae:
                    cb:24:6a:b3:0e:f1:15:fd:cb:f3:96:98:1a:36:dd:
                    c9:b5:fb:6a:f6:a9:b7:19:a5:41:0a:6d:d5:bd:a1:
                    bd:cc:e7:e2:fe:ac:b9:25:d4:75:1f:7f:5b:95:1a:
                    6d:ad:d3:be:11:37:52:6f:02:dc:30:ff:9d:5e:fd:
                    70:ba:36:95:c5:06:0b:37:e8:cc:c0:4c:f5:48:86:
                    2f:61:44:81:79:5f:db:b4:5a:6b:c0:7b:51:55:90:
                    09:59:8c:8e:65:00:0d:8e:78:29:de:01:09:16:49:
                    f6:e8:3e:25:81:5b:fc:54:55:ee:16:61:3b:78:e9:
                    7d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:98:A8:08:DF:7B:8B:39:08:A3:1D:66:19:07:C1:6F:B5:4E:B7:B5
            X509v3 Authority Key Identifier:
                keyid:F5:66:01:6D:87:82:30:12:8B:58:E2:79:D6:61:C1:95:E6:39:95:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WYBbYeCMBKLWOJ51mHBleY5lYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/hJioCN97izkIox1mGQfBb7VOt7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/093a51-1075-40be-9dc2-d15b079c35fb/1/9WYBbYeCMBKLWOJ51mHBleY5lYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:e9:cd:de:87:57:1e:31:e0:f7:77:61:01:8e:98:9d:6f:5d:
         b3:8d:87:5e:1a:85:5a:a0:f8:0c:ad:bf:ce:29:0e:44:32:56:
         ca:a7:b9:39:e3:41:c1:05:ab:77:f9:e3:58:02:db:73:f1:ce:
         97:a8:11:1f:37:c4:03:90:8e:17:b0:52:89:ea:a9:88:c3:8d:
         e3:78:b4:69:5b:97:a1:1d:4e:9f:d1:5a:b9:4d:11:7c:81:1b:
         43:7b:e6:04:cd:98:91:2f:f0:24:ef:ae:d0:e1:b9:c7:e1:75:
         4d:c7:ba:87:ff:55:6f:c5:a4:32:35:45:b8:24:35:9a:cd:f6:
         a7:4d:80:af:8b:6b:a6:7b:dd:e6:fa:e7:c1:54:63:b9:0d:a0:
         42:5f:23:53:13:63:02:2b:3c:4c:84:59:05:b4:85:0b:ec:7d:
         ce:4a:fc:02:40:06:c8:4c:ed:15:d6:55:d3:0e:9c:04:b2:ed:
         2e:15:5e:f3:b6:da:4a:26:24:9c:bb:57:0b:90:94:db:3d:fa:
         fe:36:8c:4a:67:65:13:18:a1:74:25:44:49:d7:4a:3e:cf:02:
         2d:2d:71:84:84:fd:18:eb:ee:8b:f5:be:d7:68:ca:3f:53:1f:
         b2:2e:a6:d1:00:6b:99:db:d4:15:ac:90:24:9a:ef:f0:3b:f4:
         fc:1b:54:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1/OUMHdmDU7DU0HO4zxm7vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NjYwMTZkODc4MjMwMTI4YjU4ZTI3OWQ2NjFjMTk1ZTYz
OTk1ODgwHhcNMjQwMjA2MTYyMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk4YTgwOGRmN2I4YjM5MDhhMzFkNjYxOTA3YzE2ZmI1NGViN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLGvUWev199zk5J5qh0BzDBKpqYZ
HKfiSUT625WDLc6BrxR35N6LktzKDj5f52t+PrecIjp0BxXI3qzYSnIKA/zv221B
gXm2UQcbtYaFLTL0qackOcTop6tkkICpO3mc65dVQaEiI8YOy3am+bjbLaieiS+7
3wrDI41RF3vGMslM4V7FGa7LJGqzDvEV/cvzlpgaNt3Jtftq9qm3GaVBCm3VvaG9
zOfi/qy5JdR1H39blRptrdO+ETdSbwLcMP+dXv1wujaVxQYLN+jMwEz1SIYvYUSB
eV/btFprwHtRVZAJWYyOZQANjngp3gEJFkn26D4lgVv8VFXuFmE7eOl9owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFISYqAjfe4s5CKMdZhkHwW+1Tre1MB8GA1UdIwQY
MBaAFPVmAW2HgjASi1jiedZhwZXmOZWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdZQmJZZUNNQktMV09KNTFtSEJsZVk1bFlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8wOTNhNTEtMTA3NS00MGJlLTlkYzIt
ZDE1YjA3OWMzNWZiLzEvaEppb0NOOTdpemtJb3gxbUdRZkJiN1ZPdDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8wOTNhNTEtMTA3NS00MGJlLTlkYzItZDE1YjA3OWMzNWZi
LzEvOVdZQmJZZUNNQktMV09KNTFtSEJsZVk1bFlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ5tMA0G
CSqGSIb3DQEBCwUAA4IBAQBB6c3eh1ceMeD3d2EBjpidb12zjYdeGoVaoPgMrb/O
KQ5EMlbKp7k540HBBat3+eNYAttz8c6XqBEfN8QDkI4XsFKJ6qmIw43jeLRpW5eh
HU6f0Vq5TRF8gRtDe+YEzZiRL/Ak767Q4bnH4XVNx7qH/1VvxaQyNUW4JDWazfan
TYCvi2ume93m+ufBVGO5DaBCXyNTE2MCKzxMhFkFtIUL7H3OSvwCQAbITO0V1lXT
DpwEsu0uFV7zttpKJiScu1cLkJTbPfr+NoxKZ2UTGKF0JURJ10o+zwItLXGEhP0Y
6+6L9b7XaMo/Ux+yLqbRAGuZ29QVrJAkmu/wO/T8G1Sj
-----END CERTIFICATE-----