Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/af1d49-d0e4-4d68-8dee-dd69a4ee1350/1/9uhiPEdbFX2QYUEiHjssSEqe9Lc.roa
File:                     9uhiPEdbFX2QYUEiHjssSEqe9Lc.roa (raw, json)
Hash identifier:          JDGLc5NMDkCMPEQ4C1PpyznWkfQ7D4xOVKs5nSGckyE=
Subject key identifier:   F6:E8:62:3C:47:5B:15:7D:90:61:41:22:1E:3B:2C:48:4A:9E:F4:B7
Certificate issuer:       /CN=cb9f19cc1ad78745a5dab31d634057e29abfed8c
Certificate serial:       018CC9BB358CB21EC44B7A247A3D19083BD0
Authority key identifier: CB:9F:19:CC:1A:D7:87:45:A5:DA:B3:1D:63:40:57:E2:9A:BF:ED:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y58ZzBrXh0Wl2rMdY0BX4pq_7Yw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/af1d49-d0e4-4d68-8dee-dd69a4ee1350/1/9uhiPEdbFX2QYUEiHjssSEqe9Lc.roa
Signing time:             Tue 02 Jan 2024 10:32:18 +0000
ROA not before:           Tue 02 Jan 2024 10:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207706
IP address blocks:        94.154.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/af1d49-d0e4-4d68-8dee-dd69a4ee1350/1/y58ZzBrXh0Wl2rMdY0BX4pq_7Yw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/af1d49-d0e4-4d68-8dee-dd69a4ee1350/1/y58ZzBrXh0Wl2rMdY0BX4pq_7Yw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y58ZzBrXh0Wl2rMdY0BX4pq_7Yw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:35:8c:b2:1e:c4:4b:7a:24:7a:3d:19:08:3b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb9f19cc1ad78745a5dab31d634057e29abfed8c
        Validity
            Not Before: Jan  2 10:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6e8623c475b157d906141221e3b2c484a9ef4b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:df:29:4d:e1:01:ce:3b:1c:de:b4:7b:57:69:
                    9d:96:7f:6a:52:8c:25:b2:f2:03:2b:a8:ef:ec:9e:
                    32:06:d2:5f:21:34:55:99:a9:10:ed:88:71:05:3d:
                    86:71:03:22:36:f7:48:c2:75:fe:f5:d6:c2:4d:55:
                    c8:a6:f0:5b:43:d9:2e:1c:ca:37:8b:d6:97:a6:ef:
                    1d:5c:3b:13:5c:e0:be:e8:8e:a9:86:54:a0:23:05:
                    8c:8c:38:b8:2f:42:71:87:50:5f:90:16:48:32:4b:
                    17:04:8c:67:20:bc:19:65:fc:c8:80:75:91:c2:e5:
                    26:44:49:27:a5:d1:0a:f6:1c:d4:fe:cb:3b:3c:a4:
                    c3:ad:90:ce:24:98:fb:13:2f:73:d5:4d:61:bf:45:
                    bd:d6:e6:1c:e2:4a:01:64:67:f9:d6:8e:1a:34:1e:
                    f6:a9:dd:92:06:5b:0d:6f:7a:e6:12:9d:8a:b6:7a:
                    b9:ae:e7:57:98:85:85:5c:d2:a3:9e:65:cf:c6:15:
                    bb:62:64:c8:53:1f:12:d5:7c:cd:83:37:fe:0d:85:
                    d4:e4:54:ec:f0:73:31:aa:74:e7:e8:a9:7d:bd:20:
                    a2:bf:0b:00:b4:f8:f4:58:1a:4a:85:cf:40:ee:9f:
                    c5:90:c7:b3:73:d2:fe:01:26:96:b6:82:fb:8b:bb:
                    d0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E8:62:3C:47:5B:15:7D:90:61:41:22:1E:3B:2C:48:4A:9E:F4:B7
            X509v3 Authority Key Identifier:
                keyid:CB:9F:19:CC:1A:D7:87:45:A5:DA:B3:1D:63:40:57:E2:9A:BF:ED:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y58ZzBrXh0Wl2rMdY0BX4pq_7Yw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/af1d49-d0e4-4d68-8dee-dd69a4ee1350/1/9uhiPEdbFX2QYUEiHjssSEqe9Lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/af1d49-d0e4-4d68-8dee-dd69a4ee1350/1/y58ZzBrXh0Wl2rMdY0BX4pq_7Yw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:56:e3:d4:f9:3c:d4:d4:85:c3:3b:d9:d3:34:95:a0:41:03:
         c4:96:d1:6d:f7:9e:0a:1d:72:3a:30:85:4b:7f:45:b9:dc:09:
         d8:79:94:3a:f5:73:71:5f:15:76:e6:e6:98:96:bb:ea:1f:28:
         9c:dd:a2:e0:64:76:c3:18:61:95:be:3b:27:fa:e6:3b:88:66:
         4c:f2:d3:7d:01:e4:72:1c:b0:e4:6b:e6:7b:38:c8:7d:c5:e1:
         54:65:f9:fc:54:b7:53:12:6b:f8:a8:13:05:23:77:6f:3c:6c:
         b2:2f:ed:39:0e:50:6b:8f:b0:67:d4:ef:bf:d4:30:e3:31:a9:
         62:bd:94:8d:b0:88:93:71:b0:44:f7:4f:05:c8:47:6c:b2:df:
         33:d0:41:5a:54:88:4a:4e:4c:2f:52:d8:84:ba:af:75:b8:11:
         e3:c4:7f:a5:45:bb:f2:5e:93:45:66:ac:9e:3c:34:16:2f:f6:
         df:3a:3f:78:39:4a:b8:3d:0e:e4:89:d0:ad:71:83:8c:c6:03:
         a8:60:78:84:cb:9b:ee:e4:a7:10:15:99:5c:4f:2b:70:1f:9a:
         84:13:ce:4c:0f:f4:d9:98:50:a4:0f:70:9b:88:bc:29:ff:f6:
         f3:4a:11:c6:ef:e4:b9:49:6d:45:c1:a3:1d:8d:35:d3:52:c3:
         ed:fe:b9:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuzWMsh7ES3okej0ZCDvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOWYxOWNjMWFkNzg3NDVhNWRhYjMxZDYzNDA1N2UyOWFi
ZmVkOGMwHhcNMjQwMTAyMTAzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmU4NjIzYzQ3NWIxNTdkOTA2MTQxMjIxZTNiMmM0ODRhOWVmNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg98pTeEBzjsc3rR7V2mdln9qUowl
svIDK6jv7J4yBtJfITRVmakQ7YhxBT2GcQMiNvdIwnX+9dbCTVXIpvBbQ9kuHMo3
i9aXpu8dXDsTXOC+6I6phlSgIwWMjDi4L0Jxh1BfkBZIMksXBIxnILwZZfzIgHWR
wuUmREknpdEK9hzU/ss7PKTDrZDOJJj7Ey9z1U1hv0W91uYc4koBZGf51o4aNB72
qd2SBlsNb3rmEp2Ktnq5rudXmIWFXNKjnmXPxhW7YmTIUx8S1XzNgzf+DYXU5FTs
8HMxqnTn6Kl9vSCivwsAtPj0WBpKhc9A7p/FkMezc9L+ASaWtoL7i7vQPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPboYjxHWxV9kGFBIh47LEhKnvS3MB8GA1UdIwQY
MBaAFMufGcwa14dFpdqzHWNAV+Kav+2MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTU4WnpCclhoMFdsMnJNZFkwQlg0cHFfN1l3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9hZjFkNDktZDBlNC00ZDY4LThkZWUt
ZGQ2OWE0ZWUxMzUwLzEvOXVoaVBFZGJGWDJRWVVFaUhqc3NTRXFlOUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9hZjFkNDktZDBlNC00ZDY4LThkZWUtZGQ2OWE0ZWUxMzUw
LzEveTU4WnpCclhoMFdsMnJNZFkwQlg0cHFfN1l3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpoHMA0G
CSqGSIb3DQEBCwUAA4IBAQB3VuPU+TzU1IXDO9nTNJWgQQPEltFt954KHXI6MIVL
f0W53AnYeZQ69XNxXxV25uaYlrvqHyic3aLgZHbDGGGVvjsn+uY7iGZM8tN9AeRy
HLDka+Z7OMh9xeFUZfn8VLdTEmv4qBMFI3dvPGyyL+05DlBrj7Bn1O+/1DDjMali
vZSNsIiTcbBE908FyEdsst8z0EFaVIhKTkwvUtiEuq91uBHjxH+lRbvyXpNFZqye
PDQWL/bfOj94OUq4PQ7kidCtcYOMxgOoYHiEy5vu5KcQFZlcTytwH5qEE85MD/TZ
mFCkD3CbiLwp//bzShHG7+S5SW1FwaMdjTXTUsPt/rkE
-----END CERTIFICATE-----