Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/n70_8J4cE_Ul0ZrxzD8mdHS5Q6o.roa
File:                     n70_8J4cE_Ul0ZrxzD8mdHS5Q6o.roa (raw, json)
Hash identifier:          jXPzTTJfnmSnBTS4zE/SV92eafjtZvFOiflCMV0cwY8=
Subject key identifier:   9F:BD:3F:F0:9E:1C:13:F5:25:D1:9A:F1:CC:3F:26:74:74:B9:43:AA
Certificate issuer:       /CN=d9a988916d51406f9a269f30a02d0086b57f4d5a
Certificate serial:       0190C56209177260F350ABB988196FC5ED61
Authority key identifier: D9:A9:88:91:6D:51:40:6F:9A:26:9F:30:A0:2D:00:86:B5:7F:4D:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2amIkW1RQG-aJp8woC0AhrV_TVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/n70_8J4cE_Ul0ZrxzD8mdHS5Q6o.roa
Signing time:             Thu 18 Jul 2024 10:27:34 +0000
ROA not before:           Thu 18 Jul 2024 10:27:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197848
IP address blocks:        185.6.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/2amIkW1RQG-aJp8woC0AhrV_TVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/2amIkW1RQG-aJp8woC0AhrV_TVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2amIkW1RQG-aJp8woC0AhrV_TVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:62:09:17:72:60:f3:50:ab:b9:88:19:6f:c5:ed:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9a988916d51406f9a269f30a02d0086b57f4d5a
        Validity
            Not Before: Jul 18 10:27:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fbd3ff09e1c13f525d19af1cc3f267474b943aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:03:92:2a:7b:e8:f9:5d:9d:39:36:7a:fb:53:
                    29:7f:f2:f3:5f:e1:0f:7b:be:16:8c:97:51:d2:50:
                    fe:14:01:0c:8f:a3:ef:29:53:19:e4:fb:a4:53:b2:
                    12:cb:dc:53:fa:c0:d4:ae:c2:93:75:5d:79:c8:70:
                    c2:ad:3c:f6:26:d2:3e:a8:61:7a:11:b4:e1:f7:a0:
                    14:f8:53:00:03:6f:ec:d7:0e:27:48:a9:85:0d:66:
                    86:91:4b:44:46:f2:56:cc:89:33:1c:cf:98:d6:7d:
                    cf:be:b9:b4:f3:ea:b9:a1:9d:9a:c0:32:ac:33:cb:
                    12:c4:46:d5:8b:6b:e7:1f:9a:55:7c:e9:ee:9c:7a:
                    e5:4c:41:8a:8f:5c:ad:6e:41:52:83:b5:d7:e0:e3:
                    60:16:d3:a3:0d:f3:dd:ae:5d:af:d7:f6:dc:22:98:
                    19:45:ff:7e:d3:5b:89:62:55:be:3c:fa:c4:8a:95:
                    35:6f:e1:21:8e:79:c9:9e:71:94:47:94:e3:da:a8:
                    45:7c:0f:e2:b8:e0:02:e3:b5:96:1d:a5:07:5d:36:
                    4d:b4:ed:20:5a:34:8a:4a:9a:9a:c0:e8:6e:fd:0c:
                    bc:4e:2b:97:f6:85:14:46:22:bb:b9:70:e8:ef:aa:
                    1a:51:0d:a4:d5:d3:13:23:38:33:85:01:d9:c6:37:
                    63:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:BD:3F:F0:9E:1C:13:F5:25:D1:9A:F1:CC:3F:26:74:74:B9:43:AA
            X509v3 Authority Key Identifier:
                keyid:D9:A9:88:91:6D:51:40:6F:9A:26:9F:30:A0:2D:00:86:B5:7F:4D:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2amIkW1RQG-aJp8woC0AhrV_TVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/n70_8J4cE_Ul0ZrxzD8mdHS5Q6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/962b3f-fc26-4549-ae02-4d049a1eaf2f/1/2amIkW1RQG-aJp8woC0AhrV_TVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:96:f5:cb:b9:17:1c:a7:cd:44:1a:62:3f:30:3c:5c:62:53:
         66:79:be:57:af:a2:07:f9:9d:5c:8b:dd:33:f9:f4:01:61:bd:
         9a:fb:3b:d8:97:6c:ac:c3:3c:d7:a6:09:2e:aa:51:85:f8:47:
         93:e3:e4:47:d8:55:05:3d:60:ed:89:f9:d5:54:98:52:87:dc:
         8d:86:ef:39:a9:4c:d8:c3:f7:6c:06:2c:2e:ae:6d:05:ee:eb:
         90:0e:23:34:64:d1:56:de:f9:6a:88:77:2d:ea:8e:c1:6c:e5:
         81:9a:80:a9:bb:57:51:4f:d0:45:c8:d2:ea:57:61:57:ce:0d:
         0c:ba:69:60:fb:3b:b5:01:7d:7d:38:2e:ed:0b:53:80:99:ba:
         9d:a9:62:ec:1d:ae:12:2e:92:49:3a:a4:c8:89:ff:ce:81:0a:
         a3:b2:13:ea:c5:1a:6b:5e:c8:2b:3e:4c:d5:a4:6d:aa:f0:f4:
         92:c9:c7:1f:36:db:07:a1:87:96:60:9d:60:da:8b:a1:69:ba:
         3f:60:c5:a6:db:83:5c:40:dd:89:df:e6:30:06:8d:ef:1f:3a:
         b3:91:3b:8a:92:c1:a0:23:a2:f2:c8:f9:e3:10:28:c9:d1:29:
         6c:08:c5:ac:31:ff:1f:2e:ae:67:e8:d3:d1:3d:b3:91:6f:37:
         29:a4:5c:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDFYgkXcmDzUKu5iBlvxe1hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YTk4ODkxNmQ1MTQwNmY5YTI2OWYzMGEwMmQwMDg2YjU3
ZjRkNWEwHhcNMjQwNzE4MTAyNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmJkM2ZmMDllMWMxM2Y1MjVkMTlhZjFjYzNmMjY3NDc0Yjk0M2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AOSKnvo+V2dOTZ6+1Mpf/LzX+EP
e74WjJdR0lD+FAEMj6PvKVMZ5PukU7ISy9xT+sDUrsKTdV15yHDCrTz2JtI+qGF6
EbTh96AU+FMAA2/s1w4nSKmFDWaGkUtERvJWzIkzHM+Y1n3Pvrm08+q5oZ2awDKs
M8sSxEbVi2vnH5pVfOnunHrlTEGKj1ytbkFSg7XX4ONgFtOjDfPdrl2v1/bcIpgZ
Rf9+01uJYlW+PPrEipU1b+EhjnnJnnGUR5Tj2qhFfA/iuOAC47WWHaUHXTZNtO0g
WjSKSpqawOhu/Qy8TiuX9oUURiK7uXDo76oaUQ2k1dMTIzgzhQHZxjdj5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+9P/CeHBP1JdGa8cw/JnR0uUOqMB8GA1UdIwQY
MBaAFNmpiJFtUUBvmiafMKAtAIa1f01aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmFtSWtXMVJRRy1hSnA4d29DMEFoclZfVFZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy85NjJiM2YtZmMyNi00NTQ5LWFlMDIt
NGQwNDlhMWVhZjJmLzEvbjcwXzhKNGNFX1VsMFpyeHpEOG1kSFM1UTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy85NjJiM2YtZmMyNi00NTQ5LWFlMDItNGQwNDlhMWVhZjJm
LzEvMmFtSWtXMVJRRy1hSnA4d29DMEFoclZfVFZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQYeMA0G
CSqGSIb3DQEBCwUAA4IBAQCWlvXLuRccp81EGmI/MDxcYlNmeb5Xr6IH+Z1ci90z
+fQBYb2a+zvYl2yswzzXpgkuqlGF+EeT4+RH2FUFPWDtifnVVJhSh9yNhu85qUzY
w/dsBiwurm0F7uuQDiM0ZNFW3vlqiHct6o7BbOWBmoCpu1dRT9BFyNLqV2FXzg0M
umlg+zu1AX19OC7tC1OAmbqdqWLsHa4SLpJJOqTIif/OgQqjshPqxRprXsgrPkzV
pG2q8PSSyccfNtsHoYeWYJ1g2ouhabo/YMWm24NcQN2J3+YwBo3vHzqzkTuKksGg
I6LyyPnjECjJ0SlsCMWsMf8fLq5n6NPRPbORbzcppFyQ
-----END CERTIFICATE-----