Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/rc9WzqiLEXkgVuAZ5yKbuH43LsA.roa
File:                     rc9WzqiLEXkgVuAZ5yKbuH43LsA.roa (raw, json)
Hash identifier:          ZV4EJqWtHd7lcnflqHW61MJhBLOGuYCzkBR00vUmLug=
Subject key identifier:   AD:CF:56:CE:A8:8B:11:79:20:56:E0:19:E7:22:9B:B8:7E:37:2E:C0
Certificate issuer:       /CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
Certificate serial:       018CC493497766AE808674B19A0083B3015A
Authority key identifier: 4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/rc9WzqiLEXkgVuAZ5yKbuH43LsA.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.117.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:49:77:66:ae:80:86:74:b1:9a:00:83:b3:01:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=adcf56cea88b11792056e019e7229bb87e372ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:53:97:b3:6e:84:7a:65:5b:75:09:7c:4f:2a:
                    93:b0:e6:f5:a1:f6:0d:26:13:fd:81:6a:6b:db:b7:
                    fa:a4:71:dd:8d:64:3c:25:62:49:03:e6:b9:f5:a3:
                    df:d1:62:ec:02:89:69:0d:ae:89:08:c3:2b:cd:81:
                    8a:d5:cf:49:21:1c:b4:d6:51:b5:5a:0b:a9:ef:f9:
                    7b:b2:20:d7:18:a7:7c:c6:a8:7a:4a:d5:8e:9c:c9:
                    fe:5d:91:03:5d:a9:3f:97:5d:af:c1:6a:2f:75:17:
                    60:42:8a:f1:eb:1f:e0:85:8a:9f:19:e0:cf:af:1b:
                    a7:10:2c:3a:24:60:4b:99:fb:f6:53:a9:6c:a7:af:
                    50:ca:24:4c:38:8e:c0:ab:a7:db:9d:ca:ea:cd:89:
                    83:08:09:1a:bb:87:ab:6d:12:06:b9:26:8d:ab:1b:
                    e8:2a:5e:3c:60:dd:b9:f0:51:8c:a4:db:e2:a4:03:
                    6f:74:8c:bf:bc:f3:a6:4f:c6:e1:f6:b7:8b:d5:28:
                    14:86:67:8c:92:da:e9:c1:2b:9e:c4:41:32:56:01:
                    fa:71:1a:95:59:c6:da:37:ee:2e:4a:dc:34:19:3b:
                    4a:6d:e5:92:87:20:61:59:38:58:82:2d:38:2c:20:
                    f1:06:f2:ea:30:11:64:9e:b6:f6:a9:98:3c:80:17:
                    20:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:CF:56:CE:A8:8B:11:79:20:56:E0:19:E7:22:9B:B8:7E:37:2E:C0
            X509v3 Authority Key Identifier:
                keyid:4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/rc9WzqiLEXkgVuAZ5yKbuH43LsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:9d:69:aa:ac:1f:57:ef:01:73:6e:06:fc:3f:6f:76:0a:a0:
         a5:c9:1d:af:85:f1:b3:64:51:20:82:41:fd:08:d6:8c:b8:d7:
         41:23:14:58:d7:f2:d1:3a:9f:b9:da:ed:37:36:e8:5b:c5:e9:
         73:34:b6:33:32:ee:b2:19:4d:69:51:31:b3:b3:e2:f9:77:e0:
         3b:6e:ed:f2:b1:32:ca:e4:69:bb:d6:38:36:99:e8:49:47:66:
         9e:b1:76:1c:f2:06:87:29:0f:84:16:66:1c:c4:bd:ab:86:e5:
         e4:f7:bd:d7:fb:06:ce:71:79:df:4e:23:fa:b0:a8:fa:cc:04:
         67:15:e4:2a:29:28:12:2c:27:0a:8c:20:37:20:0c:16:e3:3f:
         b0:ed:7e:7e:fe:e8:fa:ad:1d:dc:06:74:02:21:a6:9d:5c:95:
         a0:01:2d:7b:fd:2a:88:67:f3:fb:f5:9d:a2:1f:ec:57:82:88:
         a7:05:0a:a7:ff:c5:00:bf:03:5c:b4:0b:6a:06:89:9a:6c:a6:
         a6:1e:02:73:7d:55:64:3d:88:b9:db:19:24:e8:27:62:04:6e:
         f9:73:6a:b6:e8:bb:cc:1a:ae:f8:c8:76:65:68:eb:35:78:64:
         b0:1e:d9:d3:42:e5:96:be:14:18:7d:4c:1e:5f:60:27:81:8e:
         54:4c:65:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0l3Zq6AhnSxmgCDswFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2ZhYzg2NDVhM2M2ZjEwMDQyZGM0YTc0ZDcwMGQ5ZDA2
YWYxN2EwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGNmNTZjZWE4OGIxMTc5MjA1NmUwMTllNzIyOWJiODdlMzcyZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFOXs26EemVbdQl8TyqTsOb1ofYN
JhP9gWpr27f6pHHdjWQ8JWJJA+a59aPf0WLsAolpDa6JCMMrzYGK1c9JIRy01lG1
Wgup7/l7siDXGKd8xqh6StWOnMn+XZEDXak/l12vwWovdRdgQorx6x/ghYqfGeDP
rxunECw6JGBLmfv2U6lsp69QyiRMOI7Aq6fbncrqzYmDCAkau4erbRIGuSaNqxvo
Kl48YN258FGMpNvipANvdIy/vPOmT8bh9reL1SgUhmeMktrpwSuexEEyVgH6cRqV
WcbaN+4uStw0GTtKbeWShyBhWThYgi04LCDxBvLqMBFknrb2qZg8gBcgFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK3PVs6oixF5IFbgGecim7h+Ny7AMB8GA1UdIwQY
MBaAFErPrIZFo8bxAELcSnTXANnQavF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYt
N2JmODI3N2Q4YTJmLzEvcmM5V3pxaUxFWGtnVnVBWjV5S2J1SDQzTHNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYtN2JmODI3N2Q4YTJm
LzEvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXXhMA0G
CSqGSIb3DQEBCwUAA4IBAQCnnWmqrB9X7wFzbgb8P292CqClyR2vhfGzZFEggkH9
CNaMuNdBIxRY1/LROp+52u03NuhbxelzNLYzMu6yGU1pUTGzs+L5d+A7bu3ysTLK
5Gm71jg2mehJR2aesXYc8gaHKQ+EFmYcxL2rhuXk973X+wbOcXnfTiP6sKj6zARn
FeQqKSgSLCcKjCA3IAwW4z+w7X5+/uj6rR3cBnQCIaadXJWgAS17/SqIZ/P79Z2i
H+xXgoinBQqn/8UAvwNctAtqBomabKamHgJzfVVkPYi52xkk6CdiBG75c2q26LvM
Gq74yHZlaOs1eGSwHtnTQuWWvhQYfUweX2AngY5UTGWD
-----END CERTIFICATE-----