Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/CR9-9oVKeAXfBCWUUhxl1Q8V3ow.roa
File:                     CR9-9oVKeAXfBCWUUhxl1Q8V3ow.roa (raw, json)
Hash identifier:          IRkrdYu7FkmRk+/2RBf0QhAY1GMuBfNpLeMsILTFZ40=
Subject key identifier:   09:1F:7E:F6:85:4A:78:05:DF:04:25:94:52:1C:65:D5:0F:15:DE:8C
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       018CC2DAD4B992AD1AB0F8F63E22CC111F2D
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/CR9-9oVKeAXfBCWUUhxl1Q8V3ow.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209034
IP address blocks:        185.240.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d4:b9:92:ad:1a:b0:f8:f6:3e:22:cc:11:1f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=091f7ef6854a7805df042594521c65d50f15de8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:12:74:aa:db:c8:c9:dc:a8:4b:90:78:c3:
                    11:98:19:49:f8:64:b6:d4:d5:ce:ac:84:7b:bc:bf:
                    0f:95:cb:54:b6:b9:2b:ef:f3:4c:20:87:da:7b:97:
                    85:b6:d8:62:2c:a7:cd:49:2f:ea:e1:f5:f5:a9:ab:
                    08:26:c8:a7:55:46:c9:be:f4:48:d6:dc:c5:d1:71:
                    d1:81:36:b0:32:3b:ae:50:f3:b9:43:83:80:db:7f:
                    ee:be:8f:03:2d:87:26:6f:87:d2:54:60:67:6e:ef:
                    6c:58:54:a0:b6:95:f8:c4:7f:aa:d2:d4:ac:53:1c:
                    c2:55:a2:aa:0f:2c:2a:af:12:98:dc:cf:b7:94:8a:
                    b3:88:37:2c:5b:72:e3:1b:06:54:61:ea:ca:90:d4:
                    2a:d2:bf:e0:81:f8:5e:de:08:75:20:cc:7c:57:24:
                    4a:1a:22:99:d0:fe:c4:c3:42:f3:33:04:5f:8e:e1:
                    85:68:3c:a9:7f:c2:fa:08:a6:b0:a8:7e:d1:51:36:
                    93:5b:a5:5e:1a:4c:26:9f:64:60:90:f5:29:2b:dd:
                    81:53:35:2f:00:a2:4f:00:e2:ad:08:9e:40:1b:3e:
                    d5:dc:a7:89:78:24:7d:d6:61:da:6d:e3:7c:9e:7e:
                    12:93:89:7d:da:3a:98:80:04:a8:b0:5f:c0:c6:44:
                    c4:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:1F:7E:F6:85:4A:78:05:DF:04:25:94:52:1C:65:D5:0F:15:DE:8C
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/CR9-9oVKeAXfBCWUUhxl1Q8V3ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:4e:4c:3f:f0:9a:93:41:28:4f:56:a4:24:06:52:7b:18:92:
         6b:44:b4:f2:0d:9a:7b:e1:b4:c5:95:b0:5b:5a:c7:ff:91:b6:
         be:60:83:37:87:05:9b:ab:b5:54:97:90:06:2c:01:b6:83:58:
         88:51:0b:0d:e0:47:99:97:6b:d0:50:82:96:dc:45:dd:01:66:
         0e:ff:55:fe:12:96:94:9e:2e:5f:51:6b:c8:5b:ef:9a:3c:5c:
         9c:ca:54:5f:0e:5c:ca:bc:82:9a:f0:ac:0a:da:3b:2b:d9:bf:
         4e:30:3a:ec:ef:7e:c7:b3:cf:f2:8a:08:af:62:3f:d6:3c:bd:
         8d:ee:04:fa:1d:69:79:40:07:12:8a:b9:47:f4:c2:c7:ca:5c:
         79:ea:79:4d:77:7f:95:2d:12:26:7c:3a:cd:49:8c:d1:1f:1c:
         83:bc:05:47:c0:ac:a6:43:00:8a:8a:cc:b8:49:c6:d4:b3:d7:
         c4:e5:f0:8e:c5:e1:aa:89:87:24:e9:e4:48:f8:97:a4:23:48:
         cf:e0:49:29:7f:46:d8:d9:33:f4:5a:1c:26:91:6a:63:26:61:
         74:bc:5c:ac:0a:e7:48:93:a0:7c:42:68:e1:d9:9e:63:d1:60:
         fb:a4:c7:1e:3e:39:8e:55:4a:00:83:71:37:e9:57:6d:a8:20:
         1f:cf:77:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2tS5kq0asPj2PiLMER8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFmN2VmNjg1NGE3ODA1ZGYwNDI1OTQ1MjFjNjVkNTBmMTVkZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3ASdKrbyMncqEuQeMMRmBlJ+GS2
1NXOrIR7vL8PlctUtrkr7/NMIIfae5eFtthiLKfNSS/q4fX1qasIJsinVUbJvvRI
1tzF0XHRgTawMjuuUPO5Q4OA23/uvo8DLYcmb4fSVGBnbu9sWFSgtpX4xH+q0tSs
UxzCVaKqDywqrxKY3M+3lIqziDcsW3LjGwZUYerKkNQq0r/ggfhe3gh1IMx8VyRK
GiKZ0P7Ew0LzMwRfjuGFaDypf8L6CKawqH7RUTaTW6VeGkwmn2RgkPUpK92BUzUv
AKJPAOKtCJ5AGz7V3KeJeCR91mHabeN8nn4Sk4l92jqYgASosF/AxkTEewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkffvaFSngF3wQllFIcZdUPFd6MMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvQ1I5LTlvVktlQVhmQkNXVVVoeGwxUThWM293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufAsMA0G
CSqGSIb3DQEBCwUAA4IBAQAVTkw/8JqTQShPVqQkBlJ7GJJrRLTyDZp74bTFlbBb
Wsf/kba+YIM3hwWbq7VUl5AGLAG2g1iIUQsN4EeZl2vQUIKW3EXdAWYO/1X+EpaU
ni5fUWvIW++aPFycylRfDlzKvIKa8KwK2jsr2b9OMDrs737Hs8/yigivYj/WPL2N
7gT6HWl5QAcSirlH9MLHylx56nlNd3+VLRImfDrNSYzRHxyDvAVHwKymQwCKisy4
ScbUs9fE5fCOxeGqiYck6eRI+JekI0jP4Ekpf0bY2TP0WhwmkWpjJmF0vFysCudI
k6B8Qmjh2Z5j0WD7pMcePjmOVUoAg3E36VdtqCAfz3dj
-----END CERTIFICATE-----