Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/09ODKwi14sokET89A3YEafZdz3U.roa
File:                     09ODKwi14sokET89A3YEafZdz3U.roa (raw, json)
Hash identifier:          NsNuO/8nQNerb05giH5XeMZ6488FWs0wHe5Q3iyJiRo=
Subject key identifier:   D3:D3:83:2B:08:B5:E2:CA:24:11:3F:3D:03:76:04:69:F6:5D:CF:75
Certificate issuer:       /CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
Certificate serial:       018CC8DF29E66C14089E3464E0C6ABE05A64
Authority key identifier: C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/09ODKwi14sokET89A3YEafZdz3U.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.212.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 14:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:29:e6:6c:14:08:9e:34:64:e0:c6:ab:e0:5a:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0fbd5876613edc56e0f5de468cce5eb2885ff29
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3d3832b08b5e2ca24113f3d03760469f65dcf75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6c:c3:2f:88:11:9d:13:f3:d0:d6:da:fb:cc:
                    56:cd:fc:76:fb:09:70:14:63:34:7d:88:73:0e:b1:
                    6d:ee:3b:a5:d0:89:35:8d:6e:a6:09:f4:57:49:bc:
                    f0:9c:48:0a:7a:b9:37:db:40:58:0c:da:c6:f5:f7:
                    7d:9c:05:db:e5:6c:80:2e:f7:9a:00:13:8c:67:b9:
                    8c:ba:85:e3:26:39:9e:ac:bd:d0:6f:57:a0:88:06:
                    60:ca:4b:64:d3:48:40:3d:e9:ad:0c:db:47:5e:d6:
                    31:0e:ed:39:41:da:10:f6:18:58:bc:44:79:4e:ae:
                    3e:bd:f5:ed:49:e2:a0:69:88:b8:0d:68:43:18:21:
                    d3:6e:e2:8c:83:e6:71:3b:1f:b5:83:a8:cb:f8:6a:
                    2b:7e:68:ee:c5:0d:f7:5e:9c:98:d2:17:3c:40:2c:
                    e7:32:93:fe:ce:1a:4c:66:29:fe:76:4d:76:47:88:
                    ec:35:72:0c:6e:1b:27:f5:dd:d1:19:a2:94:7a:e2:
                    a3:f1:c7:00:75:e6:c1:ca:f7:32:55:9f:86:d3:2d:
                    0a:6b:9a:91:93:39:01:8f:2b:5e:72:3c:f5:98:ac:
                    57:bb:43:02:c6:c5:d4:5c:80:bd:53:7a:30:59:db:
                    8f:8e:9d:24:7f:fd:1f:c9:90:2c:39:46:e5:85:45:
                    fc:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D3:83:2B:08:B5:E2:CA:24:11:3F:3D:03:76:04:69:F6:5D:CF:75
            X509v3 Authority Key Identifier:
                keyid:C0:FB:D5:87:66:13:ED:C5:6E:0F:5D:E4:68:CC:E5:EB:28:85:FF:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wPvVh2YT7cVuD13kaMzl6yiF_yk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/09ODKwi14sokET89A3YEafZdz3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/01ebc2-84d0-4ae3-a2c2-a3b6be4a9e9b/1/wPvVh2YT7cVuD13kaMzl6yiF_yk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:89:96:31:55:c1:0f:f1:dc:59:0e:a9:e1:66:69:32:35:7c:
         8f:18:4d:c1:e2:cd:e8:f8:62:26:a9:fb:93:f2:04:45:d4:28:
         ae:70:0e:34:ca:00:ba:f2:c3:a1:e2:3c:96:2c:f0:63:f9:6e:
         33:a7:3e:69:4f:1b:c7:c9:19:dc:f3:9b:ae:16:e4:f9:34:fb:
         1c:84:77:b1:f1:0b:d4:4e:e6:fd:84:9f:4d:ae:a7:9e:74:d6:
         b3:84:d4:ce:bf:e2:8a:c8:b1:94:54:95:ff:2d:62:00:c7:45:
         cb:96:af:62:c3:b6:01:de:a4:a1:01:fc:e6:c7:8a:56:79:df:
         92:cd:1a:9a:18:6f:c3:0e:60:3e:0a:32:1e:a1:5a:48:72:7b:
         ad:0e:eb:42:64:ab:61:a2:b6:87:10:3c:66:4b:c7:7f:16:71:
         7d:88:cb:51:68:ec:40:01:c8:9f:b6:89:e9:f4:c4:36:d4:da:
         fc:61:ff:ec:f5:d6:7d:29:62:fd:07:d9:7e:85:48:25:b9:0b:
         21:cb:95:79:fa:6d:bd:14:a8:8b:c2:c0:a3:e9:69:db:bf:75:
         33:50:21:f0:0c:de:7a:48:e2:e9:34:7f:68:a3:cd:f0:4c:8d:
         34:a2:7c:f7:8a:94:01:92:03:0a:59:f4:a2:9f:24:70:e2:92:
         08:4f:ac:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ynmbBQInjRk4Mar4FpkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZmJkNTg3NjYxM2VkYzU2ZTBmNWRlNDY4Y2NlNWViMjg4
NWZmMjkwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2QzODMyYjA4YjVlMmNhMjQxMTNmM2QwMzc2MDQ2OWY2NWRjZjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGzDL4gRnRPz0Nba+8xWzfx2+wlw
FGM0fYhzDrFt7jul0Ik1jW6mCfRXSbzwnEgKerk320BYDNrG9fd9nAXb5WyALvea
ABOMZ7mMuoXjJjmerL3Qb1egiAZgyktk00hAPemtDNtHXtYxDu05QdoQ9hhYvER5
Tq4+vfXtSeKgaYi4DWhDGCHTbuKMg+ZxOx+1g6jL+GorfmjuxQ33XpyY0hc8QCzn
MpP+zhpMZin+dk12R4jsNXIMbhsn9d3RGaKUeuKj8ccAdebByvcyVZ+G0y0Ka5qR
kzkBjytecjz1mKxXu0MCxsXUXIC9U3owWduPjp0kf/0fyZAsOUblhUX8XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPTgysIteLKJBE/PQN2BGn2Xc91MB8GA1UdIwQY
MBaAFMD71YdmE+3Fbg9d5GjM5esohf8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzIt
YTNiNmJlNGE5ZTliLzEvMDlPREt3aTE0c29rRVQ4OUEzWUVhZlpkejNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wMWViYzItODRkMC00YWUzLWEyYzItYTNiNmJlNGE5ZTli
LzEvd1B2VmgyWVQ3Y1Z1RDEza2FNemw2eWlGX3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudRpMA0G
CSqGSIb3DQEBCwUAA4IBAQCciZYxVcEP8dxZDqnhZmkyNXyPGE3B4s3o+GImqfuT
8gRF1CiucA40ygC68sOh4jyWLPBj+W4zpz5pTxvHyRnc85uuFuT5NPschHex8QvU
Tub9hJ9NrqeedNazhNTOv+KKyLGUVJX/LWIAx0XLlq9iw7YB3qShAfzmx4pWed+S
zRqaGG/DDmA+CjIeoVpIcnutDutCZKthoraHEDxmS8d/FnF9iMtRaOxAAciftonp
9MQ21Nr8Yf/s9dZ9KWL9B9l+hUgluQshy5V5+m29FKiLwsCj6Wnbv3UzUCHwDN56
SOLpNH9oo83wTI00onz3ipQBkgMKWfSinyRw4pIIT6xV
-----END CERTIFICATE-----