Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/205275-2ced-4a4e-b900-4f3e5b2e0c56/1/olN9MI_xWeqJPEy3ZoC17rEizZ4.roa
File:                     olN9MI_xWeqJPEy3ZoC17rEizZ4.roa (raw, json)
Hash identifier:          lXI6TnqJ7/9bfcPq9RwBu9V6cBsDdGCPlSbhwhPTPxY=
Subject key identifier:   A2:53:7D:30:8F:F1:59:EA:89:3C:4C:B7:66:80:B5:EE:B1:22:CD:9E
Certificate issuer:       /CN=1d0871fc2e99892ea1115a302138e1d32a62182c
Certificate serial:       018CC26D7E50E826B23404497C6BF273E0D2
Authority key identifier: 1D:08:71:FC:2E:99:89:2E:A1:11:5A:30:21:38:E1:D3:2A:62:18:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQhx_C6ZiS6hEVowITjh0ypiGCw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/205275-2ced-4a4e-b900-4f3e5b2e0c56/1/olN9MI_xWeqJPEy3ZoC17rEizZ4.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.118.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/205275-2ced-4a4e-b900-4f3e5b2e0c56/1/HQhx_C6ZiS6hEVowITjh0ypiGCw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/205275-2ced-4a4e-b900-4f3e5b2e0c56/1/HQhx_C6ZiS6hEVowITjh0ypiGCw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HQhx_C6ZiS6hEVowITjh0ypiGCw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7e:50:e8:26:b2:34:04:49:7c:6b:f2:73:e0:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d0871fc2e99892ea1115a302138e1d32a62182c
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2537d308ff159ea893c4cb76680b5eeb122cd9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:48:af:50:03:84:66:f8:42:b7:bf:ca:25:64:
                    8a:85:8c:5d:9b:dc:55:fa:48:38:70:e9:ba:e7:0b:
                    2c:57:5b:61:a7:2d:a8:b8:f8:14:70:3d:39:ed:84:
                    8d:cb:38:05:35:8d:8a:79:34:7c:be:f5:cc:45:a2:
                    4c:83:08:7e:1d:c4:67:49:41:50:c3:bd:2c:a8:ca:
                    f8:d7:77:dd:73:d4:d8:bb:97:05:80:77:db:ce:c9:
                    1b:3d:e2:92:f5:d1:a1:ab:22:2d:d2:f9:1a:ab:e8:
                    75:4a:6f:12:e6:db:2b:57:3b:0c:66:97:57:0f:b8:
                    c0:9c:ec:ee:d2:71:02:81:8b:95:99:89:9a:4d:49:
                    9b:7b:12:56:9b:53:28:b1:b0:56:6d:45:c6:75:9b:
                    35:47:4a:38:c3:f9:56:94:ce:b0:04:dd:e6:81:05:
                    b8:5f:ea:7d:38:19:ca:02:c6:bf:83:f4:d5:50:a1:
                    50:fc:84:f8:82:03:e6:ce:08:97:d7:3e:1f:12:66:
                    98:1f:b3:94:b5:8b:24:45:67:f9:8b:5c:38:87:27:
                    c4:ca:73:19:f0:19:5b:30:82:cc:72:10:ea:58:54:
                    31:d8:2d:f1:cc:f4:c4:c8:7d:84:da:9e:1f:b2:36:
                    09:e1:97:fb:09:2d:ea:6f:d2:3c:ac:90:bf:6c:99:
                    08:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:53:7D:30:8F:F1:59:EA:89:3C:4C:B7:66:80:B5:EE:B1:22:CD:9E
            X509v3 Authority Key Identifier:
                keyid:1D:08:71:FC:2E:99:89:2E:A1:11:5A:30:21:38:E1:D3:2A:62:18:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQhx_C6ZiS6hEVowITjh0ypiGCw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/205275-2ced-4a4e-b900-4f3e5b2e0c56/1/olN9MI_xWeqJPEy3ZoC17rEizZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/205275-2ced-4a4e-b900-4f3e5b2e0c56/1/HQhx_C6ZiS6hEVowITjh0ypiGCw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:b8:ed:ae:8b:a1:80:b9:23:5c:06:9e:40:e8:3b:64:8f:db:
         ea:7f:9e:4b:5b:2e:0b:0b:34:11:7b:17:78:3b:52:43:d8:24:
         57:4a:a0:26:a6:84:92:7b:ac:af:ff:11:94:c1:88:93:81:a6:
         0c:d2:eb:94:bd:03:b9:f2:b3:46:b5:5f:72:87:a8:83:1e:35:
         25:e5:a3:11:e3:ba:fc:17:cf:44:70:0d:e0:90:3b:ff:a6:9d:
         6f:43:7a:87:2b:12:35:ef:a7:8a:7f:77:53:32:69:e6:c1:fe:
         f2:8b:26:4e:4b:ad:19:9d:8b:e6:e7:71:84:47:22:1b:c3:b3:
         d0:4e:d2:3f:40:15:d9:e4:d0:e4:97:07:b9:5e:c7:78:19:35:
         41:c4:27:b9:79:6b:12:1e:7b:02:ab:62:29:85:2e:d6:de:34:
         f4:9b:39:f4:ae:8f:75:6e:ad:d2:4c:fd:79:0f:62:ff:08:23:
         2d:16:42:18:15:c5:63:f1:50:3c:dd:a7:12:32:74:c8:9e:4d:
         76:c5:f4:78:93:fa:33:39:5f:77:b3:82:8c:8a:d1:79:ed:31:
         2e:73:50:f7:ba:19:03:86:15:f4:59:93:f9:1c:d8:7e:72:dd:
         e4:0f:e9:5b:b8:e9:e1:10:1c:c7:71:8d:c6:56:13:ca:5a:c9:
         60:8d:80:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX5Q6CayNARJfGvyc+DSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDg3MWZjMmU5OTg5MmVhMTExNWEzMDIxMzhlMWQzMmE2
MjE4MmMwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjUzN2QzMDhmZjE1OWVhODkzYzRjYjc2NjgwYjVlZWIxMjJjZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEivUAOEZvhCt7/KJWSKhYxdm9xV
+kg4cOm65wssV1thpy2ouPgUcD057YSNyzgFNY2KeTR8vvXMRaJMgwh+HcRnSUFQ
w70sqMr413fdc9TYu5cFgHfbzskbPeKS9dGhqyIt0vkaq+h1Sm8S5tsrVzsMZpdX
D7jAnOzu0nECgYuVmYmaTUmbexJWm1MosbBWbUXGdZs1R0o4w/lWlM6wBN3mgQW4
X+p9OBnKAsa/g/TVUKFQ/IT4ggPmzgiX1z4fEmaYH7OUtYskRWf5i1w4hyfEynMZ
8BlbMILMchDqWFQx2C3xzPTEyH2E2p4fsjYJ4Zf7CS3qb9I8rJC/bJkICwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJTfTCP8VnqiTxMt2aAte6xIs2eMB8GA1UdIwQY
MBaAFB0IcfwumYkuoRFaMCE44dMqYhgsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFoeF9DNlppUzZoRVZvd0lUamgweXBpR0N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8yMDUyNzUtMmNlZC00YTRlLWI5MDAt
NGYzZTViMmUwYzU2LzEvb2xOOU1JX3hXZXFKUEV5M1pvQzE3ckVpelo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8yMDUyNzUtMmNlZC00YTRlLWI5MDAtNGYzZTViMmUwYzU2
LzEvSFFoeF9DNlppUzZoRVZvd0lUamgweXBpR0N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXZtMA0G
CSqGSIb3DQEBCwUAA4IBAQAIuO2ui6GAuSNcBp5A6Dtkj9vqf55LWy4LCzQRexd4
O1JD2CRXSqAmpoSSe6yv/xGUwYiTgaYM0uuUvQO58rNGtV9yh6iDHjUl5aMR47r8
F89EcA3gkDv/pp1vQ3qHKxI176eKf3dTMmnmwf7yiyZOS60ZnYvm53GERyIbw7PQ
TtI/QBXZ5NDklwe5Xsd4GTVBxCe5eWsSHnsCq2IphS7W3jT0mzn0ro91bq3STP15
D2L/CCMtFkIYFcVj8VA83acSMnTInk12xfR4k/ozOV93s4KMitF57TEuc1D3uhkD
hhX0WZP5HNh+ct3kD+lbuOnhEBzHcY3GVhPKWslgjYDv
-----END CERTIFICATE-----