Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/c77833-31ae-4412-b049-70a4a8d7c43f/1/s9WBuDQsMd0uYNipRXQH5Kl-2lM.roa
File:                     s9WBuDQsMd0uYNipRXQH5Kl-2lM.roa (raw, json)
Hash identifier:          VhRkHwoxQA1+nDP/bnmVFAeyxcMzJ1BZpvvwo28hUEM=
Subject key identifier:   B3:D5:81:B8:34:2C:31:DD:2E:60:D8:A9:45:74:07:E4:A9:7E:DA:53
Certificate issuer:       /CN=9f891ff3477ed7fdaacfae2e3f0dfa64fd92ac0c
Certificate serial:       018CC2DB58C7AEB5E75930EDEA8BA9756B3B
Authority key identifier: 9F:89:1F:F3:47:7E:D7:FD:AA:CF:AE:2E:3F:0D:FA:64:FD:92:AC:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n4kf80d-1_2qz64uPw36ZP2SrAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/c77833-31ae-4412-b049-70a4a8d7c43f/1/s9WBuDQsMd0uYNipRXQH5Kl-2lM.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202720
IP address blocks:        185.1.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/c77833-31ae-4412-b049-70a4a8d7c43f/1/n4kf80d-1_2qz64uPw36ZP2SrAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/c77833-31ae-4412-b049-70a4a8d7c43f/1/n4kf80d-1_2qz64uPw36ZP2SrAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n4kf80d-1_2qz64uPw36ZP2SrAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:c7:ae:b5:e7:59:30:ed:ea:8b:a9:75:6b:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f891ff3477ed7fdaacfae2e3f0dfa64fd92ac0c
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b3d581b8342c31dd2e60d8a9457407e4a97eda53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:73:d9:0f:ff:02:51:98:44:52:b7:b0:1e:1e:
                    b0:f9:e7:d6:0c:3a:39:13:7b:a5:77:18:b0:f6:36:
                    1f:1f:cb:e7:31:88:da:b4:d7:37:89:54:08:f7:d1:
                    63:ba:57:e9:2e:a3:57:38:87:af:92:3d:5a:86:b3:
                    cb:d1:99:23:b1:8b:a3:95:06:f1:9f:7f:61:f6:30:
                    ac:f4:c6:a3:c8:65:eb:10:ff:4a:00:99:91:c6:02:
                    d1:69:9b:f8:bf:93:b6:f5:0b:cb:43:ae:48:41:00:
                    dc:64:74:62:97:1f:dd:ef:2d:0a:00:d3:d3:47:0d:
                    74:52:a8:6a:4a:1c:c3:10:5a:6f:96:fe:79:9b:43:
                    a4:37:f0:1c:32:75:7f:04:5f:8f:51:ad:eb:63:5b:
                    31:d4:47:a5:d8:ea:a6:ab:0d:82:60:49:11:e5:59:
                    b0:c8:6b:85:15:b1:b5:e9:3c:9e:8f:11:2f:b6:92:
                    7a:1e:1a:bc:df:72:b9:8b:a1:8a:3f:47:23:dd:c7:
                    22:67:c9:60:38:f0:56:41:e4:79:59:47:0c:0d:7c:
                    53:59:c9:d3:39:5f:50:6a:1a:3f:50:23:15:3b:94:
                    fc:0e:e9:04:9e:7a:6f:11:06:87:f3:da:ee:82:84:
                    4e:0c:07:ae:ff:80:84:ff:ed:57:59:49:32:1e:31:
                    2d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D5:81:B8:34:2C:31:DD:2E:60:D8:A9:45:74:07:E4:A9:7E:DA:53
            X509v3 Authority Key Identifier:
                keyid:9F:89:1F:F3:47:7E:D7:FD:AA:CF:AE:2E:3F:0D:FA:64:FD:92:AC:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n4kf80d-1_2qz64uPw36ZP2SrAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/c77833-31ae-4412-b049-70a4a8d7c43f/1/s9WBuDQsMd0uYNipRXQH5Kl-2lM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/c77833-31ae-4412-b049-70a4a8d7c43f/1/n4kf80d-1_2qz64uPw36ZP2SrAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:87:2f:d3:d9:86:76:fc:4d:e2:23:4d:c2:8e:11:9b:a5:31:
         e9:cf:cf:95:ca:03:00:19:ee:25:a8:42:94:d0:de:6f:0f:bb:
         47:9b:bc:63:9b:da:0b:b7:de:d9:b5:fc:0f:a2:a8:1f:9d:f2:
         1d:21:ff:9f:b1:c4:29:a0:73:fa:94:96:de:26:0d:72:67:08:
         2b:96:6b:85:86:ee:7d:62:45:59:5b:2e:e7:19:c5:58:f3:7b:
         83:30:3d:74:a8:5a:3f:95:30:85:05:3a:3e:60:f4:ad:a0:a5:
         c0:58:0c:b5:e3:38:26:86:28:2a:62:5b:da:0d:2a:33:d6:07:
         30:49:a5:d2:c4:23:fb:59:8e:3b:a1:8f:83:65:df:10:7c:8c:
         9f:4b:8b:7c:d4:7a:ea:c2:a0:fa:33:e3:d8:e2:2b:5e:9b:32:
         ea:ff:24:cf:b7:c8:41:31:92:65:cb:af:42:4f:4b:7c:56:94:
         93:96:c3:fd:2a:d7:83:18:bf:09:e7:b7:be:3a:e8:82:d7:38:
         30:88:8a:38:37:c5:33:d7:80:4b:86:97:e4:a7:2b:7a:c8:02:
         e6:1f:18:a4:43:95:9c:92:ea:f1:c0:c4:01:65:c3:1a:d8:65:
         ff:69:34:c2:b3:9f:43:4c:8a:9e:60:bf:b3:31:04:d1:56:8c:
         0f:d4:2d:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21jHrrXnWTDt6oupdWs7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmODkxZmYzNDc3ZWQ3ZmRhYWNmYWUyZTNmMGRmYTY0ZmQ5
MmFjMGMwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Q1ODFiODM0MmMzMWRkMmU2MGQ4YTk0NTc0MDdlNGE5N2VkYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinPZD/8CUZhEUrewHh6w+efWDDo5
E3uldxiw9jYfH8vnMYjatNc3iVQI99FjulfpLqNXOIevkj1ahrPL0ZkjsYujlQbx
n39h9jCs9MajyGXrEP9KAJmRxgLRaZv4v5O29QvLQ65IQQDcZHRilx/d7y0KANPT
Rw10UqhqShzDEFpvlv55m0OkN/AcMnV/BF+PUa3rY1sx1Eel2Oqmqw2CYEkR5Vmw
yGuFFbG16TyejxEvtpJ6Hhq833K5i6GKP0cj3cciZ8lgOPBWQeR5WUcMDXxTWcnT
OV9Qaho/UCMVO5T8DukEnnpvEQaH89rugoRODAeu/4CE/+1XWUkyHjEt8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPVgbg0LDHdLmDYqUV0B+SpftpTMB8GA1UdIwQY
MBaAFJ+JH/NHftf9qs+uLj8N+mT9kqwMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjRrZjgwZC0xXzJxejY0dVB3MzZaUDJTckF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jNzc4MzMtMzFhZS00NDEyLWIwNDkt
NzBhNGE4ZDdjNDNmLzEvczlXQnVEUXNNZDB1WU5pcFJYUUg1S2wtMmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jNzc4MzMtMzFhZS00NDEyLWIwNDktNzBhNGE4ZDdjNDNm
LzEvbjRrZjgwZC0xXzJxejY0dVB3MzZaUDJTckF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQFGMA0G
CSqGSIb3DQEBCwUAA4IBAQAZhy/T2YZ2/E3iI03CjhGbpTHpz8+VygMAGe4lqEKU
0N5vD7tHm7xjm9oLt97ZtfwPoqgfnfIdIf+fscQpoHP6lJbeJg1yZwgrlmuFhu59
YkVZWy7nGcVY83uDMD10qFo/lTCFBTo+YPStoKXAWAy14zgmhigqYlvaDSoz1gcw
SaXSxCP7WY47oY+DZd8QfIyfS4t81HrqwqD6M+PY4itemzLq/yTPt8hBMZJly69C
T0t8VpSTlsP9KteDGL8J57e+OuiC1zgwiIo4N8Uz14BLhpfkpyt6yALmHxikQ5Wc
kurxwMQBZcMa2GX/aTTCs59DTIqeYL+zMQTRVowP1C0H
-----END CERTIFICATE-----