Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/n_Oe5tg-lq01Sxi4M9BpEWPUWCE.roa
File:                     n_Oe5tg-lq01Sxi4M9BpEWPUWCE.roa (raw, json)
Hash identifier:          1RPFCsB32UdonUmkpa5Hdk02ASMqhKTELGiA7SWzNPk=
Subject key identifier:   9F:F3:9E:E6:D8:3E:96:AD:35:4B:18:B8:33:D0:69:11:63:D4:58:21
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018EF04F80D5E3710B88312D08487876D1EE
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/n_Oe5tg-lq01Sxi4M9BpEWPUWCE.roa
Signing time:             Thu 18 Apr 2024 08:25:25 +0000
ROA not before:           Thu 18 Apr 2024 08:25:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        87.254.23.0/24 maxlen: 24
                          185.210.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:4f:80:d5:e3:71:0b:88:31:2d:08:48:78:76:d1:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Apr 18 08:25:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ff39ee6d83e96ad354b18b833d0691163d45821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:40:84:99:c3:5c:b0:9f:5c:4a:0b:fc:4b:85:
                    bc:37:a3:0a:96:db:c5:aa:4b:c1:34:6f:70:99:b5:
                    b4:4a:3d:16:ff:58:5f:f0:9e:e3:c4:48:f7:a3:1f:
                    85:d8:21:7f:71:33:e4:fe:26:81:8e:69:96:cb:21:
                    8e:b9:40:5b:64:2a:73:c3:8d:27:b1:79:89:1e:18:
                    7c:72:9c:e0:4f:63:00:d1:45:19:66:3c:e6:e9:75:
                    cc:15:d5:1e:c5:ee:0b:cd:24:d4:a5:1d:ed:aa:c0:
                    1a:be:d9:bc:99:4f:79:f9:f0:87:35:66:79:9e:f6:
                    64:2d:69:19:95:06:1f:23:e1:02:a7:63:94:3b:1c:
                    e1:f4:1b:3f:8c:4b:57:f7:75:40:d0:7e:e1:c0:a6:
                    d3:82:09:5e:0c:92:e1:4d:62:c1:3c:04:1e:b3:0a:
                    0d:7f:5b:34:a0:a2:55:89:f9:cb:84:d3:6a:0d:b4:
                    5f:ce:72:90:bd:b8:8a:22:a7:d7:67:8a:9c:98:7a:
                    c2:a1:21:28:ed:05:36:aa:7b:bc:be:8e:c6:5d:6a:
                    53:7e:cc:3e:53:8e:fd:ba:84:22:3c:60:ef:cc:b4:
                    b0:97:7d:e1:ae:d1:ff:e9:c5:12:3b:f6:0f:cf:1f:
                    e9:6f:3d:41:82:44:2d:5d:e9:5c:91:02:79:04:c1:
                    f1:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F3:9E:E6:D8:3E:96:AD:35:4B:18:B8:33:D0:69:11:63:D4:58:21
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/n_Oe5tg-lq01Sxi4M9BpEWPUWCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.23.0/24
                  185.210.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:8f:92:b3:e9:6a:62:00:92:ee:7a:e2:e3:9b:61:85:fd:02:
         0f:f3:57:52:20:31:e2:26:d9:ec:c7:92:fd:2a:b9:13:1a:05:
         29:a6:83:c5:45:23:a8:16:22:93:fe:68:b5:1d:b2:3b:d0:42:
         90:2e:3f:d1:a2:0d:8a:81:1b:9a:6c:3f:92:8b:1f:bc:5b:7b:
         33:40:b4:ce:2c:0f:a1:9d:58:9b:d9:2a:69:55:b5:86:a9:c8:
         3a:aa:73:7a:8e:68:81:0f:2c:56:38:9e:28:94:b8:d8:37:29:
         17:7a:99:82:01:64:42:ab:82:d5:1c:2d:b4:55:9e:5a:08:a1:
         5d:86:7c:6a:ca:f4:aa:62:58:ec:f7:f1:ae:c9:af:4b:a2:c1:
         ef:40:cf:3c:f7:8b:3b:21:e8:1b:eb:89:f7:52:f1:c9:99:99:
         07:88:93:7e:ff:6d:dc:e0:e0:46:f1:5b:af:37:49:94:d1:8f:
         c0:4b:6b:f8:c0:84:39:ec:24:2b:ec:97:74:4e:eb:c5:b2:30:
         17:35:97:23:1c:04:f2:92:f0:c9:64:c3:6a:bf:07:48:33:f1:
         40:a2:fc:be:f9:ec:4e:a4:43:3e:0c:05:52:fa:f7:8f:ab:a4:
         5f:28:ca:8b:e4:1e:bd:e0:7f:46:bd:27:e6:f5:07:54:bf:49:
         47:e3:33:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7wT4DV43ELiDEtCEh4dtHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjQwNDE4MDgyNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmYzOWVlNmQ4M2U5NmFkMzU0YjE4YjgzM2QwNjkxMTYzZDQ1ODIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUCEmcNcsJ9cSgv8S4W8N6MKltvF
qkvBNG9wmbW0Sj0W/1hf8J7jxEj3ox+F2CF/cTPk/iaBjmmWyyGOuUBbZCpzw40n
sXmJHhh8cpzgT2MA0UUZZjzm6XXMFdUexe4LzSTUpR3tqsAavtm8mU95+fCHNWZ5
nvZkLWkZlQYfI+ECp2OUOxzh9Bs/jEtX93VA0H7hwKbTggleDJLhTWLBPAQeswoN
f1s0oKJVifnLhNNqDbRfznKQvbiKIqfXZ4qcmHrCoSEo7QU2qnu8vo7GXWpTfsw+
U479uoQiPGDvzLSwl33hrtH/6cUSO/YPzx/pbz1BgkQtXelckQJ5BMHxDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ/znubYPpatNUsYuDPQaRFj1FghMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvbl9PZTV0Zy1scTAxU3hpNE05QnBFV1BVV0NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAV/4XAwQB
udKoMA0GCSqGSIb3DQEBCwUAA4IBAQBxj5Kz6WpiAJLueuLjm2GF/QIP81dSIDHi
Jtnsx5L9KrkTGgUppoPFRSOoFiKT/mi1HbI70EKQLj/Rog2KgRuabD+Six+8W3sz
QLTOLA+hnVib2SppVbWGqcg6qnN6jmiBDyxWOJ4olLjYNykXepmCAWRCq4LVHC20
VZ5aCKFdhnxqyvSqYljs9/Guya9LosHvQM8894s7Iegb64n3UvHJmZkHiJN+/23c
4OBG8VuvN0mU0Y/AS2v4wIQ57CQr7Jd0TuvFsjAXNZcjHATykvDJZMNqvwdIM/FA
ovy++exOpEM+DAVS+vePq6RfKMqL5B694H9GvSfm9QdUv0lH4zOj
-----END CERTIFICATE-----