Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/M9-ffo9RwhFqmA36fpHo5OZ0Hw0.roa
File:                     M9-ffo9RwhFqmA36fpHo5OZ0Hw0.roa (raw, json)
Hash identifier:          oIr2si6+CLlAv7+FmXCpl42vMNAMSGzu1QhXNTPcIL8=
Subject key identifier:   33:DF:9F:7E:8F:51:C2:11:6A:98:0D:FA:7E:91:E8:E4:E6:74:1F:0D
Certificate issuer:       /CN=785840e3a0f0474a4acce45ed5fc9cff77858d93
Certificate serial:       018CC6B80FADEF4626DFE8B5B736B49E037B
Authority key identifier: 78:58:40:E3:A0:F0:47:4A:4A:CC:E4:5E:D5:FC:9C:FF:77:85:8D:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/M9-ffo9RwhFqmA36fpHo5OZ0Hw0.roa
Signing time:             Mon 01 Jan 2024 20:30:00 +0000
ROA not before:           Mon 01 Jan 2024 20:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59437
IP address blocks:        185.241.110.0/24 maxlen: 24
                          2a10:9640::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:0f:ad:ef:46:26:df:e8:b5:b7:36:b4:9e:03:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=785840e3a0f0474a4acce45ed5fc9cff77858d93
        Validity
            Not Before: Jan  1 20:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33df9f7e8f51c2116a980dfa7e91e8e4e6741f0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:71:09:95:44:9c:b8:6b:c2:22:ef:ab:fc:d9:
                    a6:98:65:4b:1f:8c:1e:15:8c:10:e9:d4:51:66:b4:
                    87:89:2d:71:d6:6d:a2:e7:74:e2:8e:77:06:7b:2f:
                    d2:5e:c4:13:b0:09:99:ca:c8:80:ab:5b:79:14:e2:
                    76:e9:96:ee:8a:2d:b3:25:4c:a9:41:38:df:0f:0a:
                    44:61:f1:83:4f:f4:08:f7:2a:7e:11:da:e4:28:a1:
                    45:0f:f4:0b:5b:b3:f6:80:37:41:a4:aa:a5:d5:30:
                    23:57:59:d6:6a:8c:bd:67:57:2d:6c:0e:4c:8e:4d:
                    44:d1:ae:d1:e6:a8:c9:14:3d:26:f2:cf:2a:df:54:
                    96:4e:0c:19:fb:40:f3:da:f2:8f:12:0b:88:33:4e:
                    26:28:52:39:c3:b1:ef:09:d3:27:65:c0:54:37:d0:
                    48:09:6f:b3:ee:9d:43:00:05:c4:f7:4d:19:95:7b:
                    6c:af:b8:e7:6f:3a:17:62:a2:8e:a2:f0:04:b5:04:
                    e7:0a:d1:95:d4:fe:fb:17:64:44:08:ce:44:df:62:
                    40:15:bf:8a:43:25:e1:30:99:ba:91:94:95:f2:97:
                    70:07:bd:29:07:51:8e:68:95:df:81:24:4c:88:13:
                    f4:e5:a5:e3:39:0e:30:f7:97:bc:2c:cd:fb:6f:78:
                    42:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DF:9F:7E:8F:51:C2:11:6A:98:0D:FA:7E:91:E8:E4:E6:74:1F:0D
            X509v3 Authority Key Identifier:
                keyid:78:58:40:E3:A0:F0:47:4A:4A:CC:E4:5E:D5:FC:9C:FF:77:85:8D:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eFhA46DwR0pKzORe1fyc_3eFjZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/M9-ffo9RwhFqmA36fpHo5OZ0Hw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/142664-4c33-442a-b432-fafb12a16c31/1/eFhA46DwR0pKzORe1fyc_3eFjZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.110.0/24
                IPv6:
                  2a10:9640::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:d7:e0:76:c9:d2:70:82:6c:ec:7f:f3:54:1c:52:fc:29:34:
         b5:9d:a7:cb:9c:08:03:03:3e:6b:6b:23:b8:8b:ea:80:d8:e4:
         bc:b8:dd:94:58:06:48:9d:d9:19:70:47:7c:6d:02:c4:70:f7:
         b6:61:bb:9f:bb:4c:5b:cb:c8:ab:d3:2d:31:e5:0e:b1:ec:ff:
         59:15:30:08:c2:69:14:3d:df:c0:23:a6:4f:12:c3:f0:6e:5e:
         09:30:b3:d0:59:ad:bc:8e:04:5d:ed:48:4d:ff:c8:d5:fa:d9:
         49:5e:c0:32:fa:a5:e0:59:45:99:9f:50:36:95:d6:76:d3:99:
         f5:25:e8:35:27:2c:fe:1c:b9:04:c4:0f:d6:58:ec:fe:35:8b:
         85:46:93:da:22:1c:b2:71:c1:47:a2:91:c2:24:e4:0f:26:78:
         18:3e:8a:c9:d1:26:3e:53:6d:44:00:75:ae:81:da:51:7e:5c:
         0c:28:52:34:de:f7:7c:bb:ca:af:ca:10:05:35:d0:0c:6f:a7:
         0c:cc:4d:9f:51:7f:5f:11:b9:48:97:b7:b3:05:43:5a:fe:b6:
         3d:fb:8d:b1:20:cd:6b:35:77:f9:a6:c3:09:44:0b:af:ef:df:
         e2:cc:c9:95:72:12:e5:08:80:17:49:04:c2:d2:fd:b2:50:e6:
         97:b0:5b:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGuA+t70Ym3+i1tza0ngN7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4NTg0MGUzYTBmMDQ3NGE0YWNjZTQ1ZWQ1ZmM5Y2ZmNzc4
NThkOTMwHhcNMjQwMTAxMjAzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2RmOWY3ZThmNTFjMjExNmE5ODBkZmE3ZTkxZThlNGU2NzQxZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XEJlUScuGvCIu+r/NmmmGVLH4we
FYwQ6dRRZrSHiS1x1m2i53TijncGey/SXsQTsAmZysiAq1t5FOJ26Zbuii2zJUyp
QTjfDwpEYfGDT/QI9yp+EdrkKKFFD/QLW7P2gDdBpKql1TAjV1nWaoy9Z1ctbA5M
jk1E0a7R5qjJFD0m8s8q31SWTgwZ+0Dz2vKPEguIM04mKFI5w7HvCdMnZcBUN9BI
CW+z7p1DAAXE900ZlXtsr7jnbzoXYqKOovAEtQTnCtGV1P77F2RECM5E32JAFb+K
QyXhMJm6kZSV8pdwB70pB1GOaJXfgSRMiBP05aXjOQ4w95e8LM37b3hCLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDPfn36PUcIRapgN+n6R6OTmdB8NMB8GA1UdIwQY
MBaAFHhYQOOg8EdKSszkXtX8nP93hY2TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUZoQTQ2RHdSMHBLek9SZTFmeWNfM2VGalpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8xNDI2NjQtNGMzMy00NDJhLWI0MzIt
ZmFmYjEyYTE2YzMxLzEvTTktZmZvOVJ3aEZxbUEzNmZwSG81T1owSHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8xNDI2NjQtNGMzMy00NDJhLWI0MzItZmFmYjEyYTE2YzMx
LzEvZUZoQTQ2RHdSMHBLek9SZTFmeWNfM2VGalpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAufFuMA0E
AgACMAcDBQMqEJZAMA0GCSqGSIb3DQEBCwUAA4IBAQAZ1+B2ydJwgmzsf/NUHFL8
KTS1nafLnAgDAz5rayO4i+qA2OS8uN2UWAZIndkZcEd8bQLEcPe2Ybufu0xby8ir
0y0x5Q6x7P9ZFTAIwmkUPd/AI6ZPEsPwbl4JMLPQWa28jgRd7UhN/8jV+tlJXsAy
+qXgWUWZn1A2ldZ205n1Jeg1Jyz+HLkExA/WWOz+NYuFRpPaIhyyccFHopHCJOQP
JngYPorJ0SY+U21EAHWugdpRflwMKFI03vd8u8qvyhAFNdAMb6cMzE2fUX9fEblI
l7ezBUNa/rY9+42xIM1rNXf5psMJRAuv79/izMmVchLlCIAXSQTC0v2yUOaXsFu4
-----END CERTIFICATE-----