Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/CDT1AQ5kIQyhnDklZq26oSsjpJU.roa
File:                     CDT1AQ5kIQyhnDklZq26oSsjpJU.roa (raw, json)
Hash identifier:          3wNrNriaT6DFLn/xqZ/dFwC2JXNVgBKefU3nNrhywIU=
Subject key identifier:   08:34:F5:01:0E:64:21:0C:A1:9C:39:25:66:AD:BA:A1:2B:23:A4:95
Certificate issuer:       /CN=9d36e91b62d3dc7c137a28aaa006ede9b9ea1fe4
Certificate serial:       018CC6B919AE1D7AE90DEE6AA6DE11A9A791
Authority key identifier: 9D:36:E9:1B:62:D3:DC:7C:13:7A:28:AA:A0:06:ED:E9:B9:EA:1F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/CDT1AQ5kIQyhnDklZq26oSsjpJU.roa
Signing time:             Mon 01 Jan 2024 20:31:08 +0000
ROA not before:           Mon 01 Jan 2024 20:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50351
IP address blocks:        195.191.110.0/24 maxlen: 24
                          195.191.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:19:ae:1d:7a:e9:0d:ee:6a:a6:de:11:a9:a7:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d36e91b62d3dc7c137a28aaa006ede9b9ea1fe4
        Validity
            Not Before: Jan  1 20:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0834f5010e64210ca19c392566adbaa12b23a495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:68:6a:39:4d:15:9b:48:f2:71:00:17:95:bf:
                    85:a1:96:a3:95:51:32:d3:c1:39:5d:97:fd:5b:52:
                    b1:43:85:47:f2:42:90:d4:04:fb:db:43:b0:04:4b:
                    5d:27:ff:2f:b9:fc:08:7d:ec:a1:39:5d:4a:76:1d:
                    d9:0d:06:87:de:a5:d1:32:36:38:d6:89:7d:04:7a:
                    2f:31:08:60:58:0e:db:25:65:4c:49:fc:92:c1:af:
                    c2:50:a8:22:62:29:6c:1e:c7:dc:1f:3c:ad:73:75:
                    2b:e4:da:f9:84:f5:82:e7:c9:74:48:aa:d2:60:6f:
                    32:b4:7b:71:b2:d9:34:73:3e:c0:79:67:a8:fc:0d:
                    af:86:14:ea:70:5c:24:53:dc:c3:4d:f0:de:74:4b:
                    a4:78:38:e0:b2:2a:56:bf:fa:80:71:24:d3:7a:f9:
                    0b:a9:d7:59:ae:3b:f5:40:87:9d:c6:db:82:5f:01:
                    08:ca:99:1b:7a:3f:db:cd:93:f3:ee:10:85:bb:15:
                    86:cd:b9:67:83:f2:7d:b0:e4:b9:8c:88:00:17:e1:
                    95:04:67:1e:5a:cc:e5:a9:c5:1e:7e:41:4b:8b:5c:
                    72:68:9e:0c:49:c3:9c:77:53:dd:4b:bb:5a:31:d4:
                    fa:23:1f:09:79:c9:3c:01:c8:4a:0e:33:ec:88:99:
                    e5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:34:F5:01:0E:64:21:0C:A1:9C:39:25:66:AD:BA:A1:2B:23:A4:95
            X509v3 Authority Key Identifier:
                keyid:9D:36:E9:1B:62:D3:DC:7C:13:7A:28:AA:A0:06:ED:E9:B9:EA:1F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/CDT1AQ5kIQyhnDklZq26oSsjpJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:46:26:4f:a9:6f:a8:76:57:20:21:9c:1d:7b:22:05:ed:54:
         3b:6b:30:9e:81:77:ae:41:49:b2:6a:b2:16:dd:b4:a9:bf:ca:
         01:3f:d0:ac:55:d3:fe:e4:25:53:be:e7:9d:fc:77:eb:67:d2:
         23:1d:6c:f5:7b:e3:aa:b3:fe:36:15:21:eb:6c:29:88:d6:8e:
         bd:a6:12:96:64:5e:67:47:91:ad:15:62:5a:06:92:1b:ae:b7:
         b0:ba:ce:13:ff:0e:26:4c:c1:f6:8b:86:c8:97:f3:20:eb:b1:
         8a:7c:b8:e1:c3:fb:2a:8c:88:0f:94:25:55:54:cc:80:6a:8a:
         ae:87:7e:10:b4:e0:73:31:fa:bc:d6:01:cf:37:52:1b:a8:5f:
         7b:86:aa:ed:9b:d0:10:25:49:c5:6f:2b:c7:58:8a:91:b6:4a:
         c8:87:df:e4:b0:60:c6:5f:52:7a:86:e2:9a:bc:73:a5:76:7e:
         45:99:e7:70:6f:5c:0f:eb:fc:b2:08:85:1c:62:aa:2f:4f:e9:
         a9:b6:82:cd:ef:48:8f:55:1f:4d:67:93:32:c2:75:0c:2b:cf:
         99:4b:79:06:47:73:98:95:c0:40:68:75:4b:eb:0f:d4:6d:5f:
         1b:23:9e:23:14:de:48:e3:64:ec:e3:26:29:a2:33:88:6d:17:
         a1:34:36:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRmuHXrpDe5qpt4RqaeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMzZlOTFiNjJkM2RjN2MxMzdhMjhhYWEwMDZlZGU5Yjll
YTFmZTQwHhcNMjQwMTAxMjAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODM0ZjUwMTBlNjQyMTBjYTE5YzM5MjU2NmFkYmFhMTJiMjNhNDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGhqOU0Vm0jycQAXlb+FoZajlVEy
08E5XZf9W1KxQ4VH8kKQ1AT720OwBEtdJ/8vufwIfeyhOV1Kdh3ZDQaH3qXRMjY4
1ol9BHovMQhgWA7bJWVMSfySwa/CUKgiYilsHsfcHzytc3Ur5Nr5hPWC58l0SKrS
YG8ytHtxstk0cz7AeWeo/A2vhhTqcFwkU9zDTfDedEukeDjgsipWv/qAcSTTevkL
qddZrjv1QIedxtuCXwEIypkbej/bzZPz7hCFuxWGzblng/J9sOS5jIgAF+GVBGce
WszlqcUefkFLi1xyaJ4MScOcd1PdS7taMdT6Ix8Jeck8AchKDjPsiJnlfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAg09QEOZCEMoZw5JWatuqErI6SVMB8GA1UdIwQY
MBaAFJ026Rti09x8E3ooqqAG7em56h/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblRicEcyTFQzSHdUZWlpcW9BYnQ2Ym5xSC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9jMjg0Y2QtYjJiNy00OTExLWIyMGIt
YjJjZWE3NjkwODM3LzEvQ0RUMUFRNWtJUXlobkRrbFpxMjZvU3NqcEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9jMjg0Y2QtYjJiNy00OTExLWIyMGItYjJjZWE3NjkwODM3
LzEvblRicEcyTFQzSHdUZWlpcW9BYnQ2Ym5xSC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw79uMA0G
CSqGSIb3DQEBCwUAA4IBAQBcRiZPqW+odlcgIZwdeyIF7VQ7azCegXeuQUmyarIW
3bSpv8oBP9CsVdP+5CVTvued/HfrZ9IjHWz1e+Oqs/42FSHrbCmI1o69phKWZF5n
R5GtFWJaBpIbrrewus4T/w4mTMH2i4bIl/Mg67GKfLjhw/sqjIgPlCVVVMyAaoqu
h34QtOBzMfq81gHPN1IbqF97hqrtm9AQJUnFbyvHWIqRtkrIh9/ksGDGX1J6huKa
vHOldn5Fmedwb1wP6/yyCIUcYqovT+mptoLN70iPVR9NZ5MywnUMK8+ZS3kGR3OY
lcBAaHVL6w/UbV8bI54jFN5I42Ts4yYpojOIbRehNDa9
-----END CERTIFICATE-----