Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/362958-06dd-4c04-8864-01398942fb5a/1/xh9i3BvO0eZ9D0Pupi01dGNQ8MA.roa
File:                     xh9i3BvO0eZ9D0Pupi01dGNQ8MA.roa (raw, json)
Hash identifier:          2DFAH+8E7DRAirSjyNVfoUpdWtid9VAXOsT8geL4O0o=
Subject key identifier:   C6:1F:62:DC:1B:CE:D1:E6:7D:0F:43:EE:A6:2D:35:74:63:50:F0:C0
Certificate issuer:       /CN=9cc26f18cf96b86a4506b3b84ccc44d3b3506a20
Certificate serial:       018CC6B897C7B8D43D4D02A707EA1B219A14
Authority key identifier: 9C:C2:6F:18:CF:96:B8:6A:45:06:B3:B8:4C:CC:44:D3:B3:50:6A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nMJvGM-WuGpFBrO4TMxE07NQaiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/362958-06dd-4c04-8864-01398942fb5a/1/xh9i3BvO0eZ9D0Pupi01dGNQ8MA.roa
Signing time:             Mon 01 Jan 2024 20:30:35 +0000
ROA not before:           Mon 01 Jan 2024 20:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44138
IP address blocks:        193.109.218.0/24 maxlen: 24
                          193.200.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/362958-06dd-4c04-8864-01398942fb5a/1/nMJvGM-WuGpFBrO4TMxE07NQaiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/362958-06dd-4c04-8864-01398942fb5a/1/nMJvGM-WuGpFBrO4TMxE07NQaiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nMJvGM-WuGpFBrO4TMxE07NQaiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:97:c7:b8:d4:3d:4d:02:a7:07:ea:1b:21:9a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cc26f18cf96b86a4506b3b84ccc44d3b3506a20
        Validity
            Not Before: Jan  1 20:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c61f62dc1bced1e67d0f43eea62d35746350f0c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ce:59:94:13:87:90:71:ab:76:82:2b:7c:4c:
                    ff:e4:56:41:21:2d:be:42:a1:c8:b9:13:ae:56:48:
                    ca:02:ab:e2:cc:73:3e:ee:93:d1:5b:60:87:50:64:
                    3d:3e:36:cf:6d:44:4f:c6:c6:c6:42:bf:21:a2:3f:
                    4d:fb:01:16:2c:01:fb:39:fd:18:3d:08:f8:75:59:
                    73:3a:04:a0:0f:c8:63:12:f3:c6:84:34:19:38:ff:
                    b9:19:7e:15:4c:fc:53:9f:27:3d:5d:c3:2f:bb:2e:
                    3c:86:d3:68:1a:43:9b:13:95:2d:6a:6d:ba:d5:52:
                    7b:d0:ec:7d:d2:7a:96:3c:18:f0:ed:95:2f:89:11:
                    a6:df:1c:1b:38:5f:1c:cd:eb:75:bc:35:97:48:42:
                    2d:ca:82:fe:a1:21:f1:c1:ef:e3:1b:e8:27:a0:76:
                    35:98:0f:ec:88:39:a0:5c:ea:01:f7:ff:d1:66:ef:
                    01:bd:23:5b:50:59:43:8e:48:cb:d4:28:94:53:e0:
                    8e:9e:12:34:6b:15:ee:54:35:dc:3b:a3:aa:3e:8e:
                    47:2d:8d:b1:2d:be:72:a2:e1:33:c4:57:c5:8e:e7:
                    36:bd:f1:4f:93:7d:7e:42:62:13:12:a9:ab:83:ab:
                    26:a4:df:18:cf:91:1e:08:75:dd:b9:aa:f6:58:0f:
                    b8:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1F:62:DC:1B:CE:D1:E6:7D:0F:43:EE:A6:2D:35:74:63:50:F0:C0
            X509v3 Authority Key Identifier:
                keyid:9C:C2:6F:18:CF:96:B8:6A:45:06:B3:B8:4C:CC:44:D3:B3:50:6A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nMJvGM-WuGpFBrO4TMxE07NQaiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/362958-06dd-4c04-8864-01398942fb5a/1/xh9i3BvO0eZ9D0Pupi01dGNQ8MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/362958-06dd-4c04-8864-01398942fb5a/1/nMJvGM-WuGpFBrO4TMxE07NQaiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.218.0/24
                  193.200.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:a9:0d:68:ff:04:37:f1:a4:b7:9d:9b:8d:41:08:99:fc:93:
         2f:e1:2e:d2:1a:1f:19:b4:de:59:3d:2e:5a:1e:bf:20:40:5c:
         eb:8f:9e:82:ad:97:e4:4f:e9:c9:07:1b:f6:30:a8:69:7d:ae:
         58:01:55:65:12:69:55:5b:cc:a6:a1:b4:a9:65:58:80:de:0b:
         ee:3c:bf:17:01:2f:e1:ff:5f:92:91:94:39:d7:47:23:30:07:
         32:7e:79:9f:63:66:b1:37:3a:40:c7:99:fa:21:3f:0d:54:3b:
         ef:2c:da:04:7b:03:ab:3a:b1:4b:99:20:8e:c0:49:7c:e7:0b:
         1f:0f:70:33:b2:65:0a:e7:8a:72:d8:47:81:3f:50:c8:a8:58:
         e4:cb:b8:ce:1f:fc:20:41:88:4e:e5:bd:d5:f4:15:e4:64:47:
         c5:50:7d:6b:2b:ec:d9:7c:7a:29:23:c5:f7:a5:58:9e:c7:98:
         97:8a:12:83:5f:31:6e:36:14:1f:a0:51:d3:c4:99:52:de:c0:
         3c:0b:3a:e4:a2:30:61:da:c7:d3:51:47:fe:33:20:97:1e:e4:
         70:de:04:a2:e7:5b:e8:55:0c:41:f3:44:49:b6:80:67:98:99:
         7e:0c:0f:79:78:04:ae:1c:81:a8:3c:67:b8:b4:54:bb:85:87:
         fa:2f:76:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuJfHuNQ9TQKnB+obIZoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYzI2ZjE4Y2Y5NmI4NmE0NTA2YjNiODRjY2M0NGQzYjM1
MDZhMjAwHhcNMjQwMTAxMjAzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjFmNjJkYzFiY2VkMWU2N2QwZjQzZWVhNjJkMzU3NDYzNTBmMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc5ZlBOHkHGrdoIrfEz/5FZBIS2+
QqHIuROuVkjKAqvizHM+7pPRW2CHUGQ9PjbPbURPxsbGQr8hoj9N+wEWLAH7Of0Y
PQj4dVlzOgSgD8hjEvPGhDQZOP+5GX4VTPxTnyc9XcMvuy48htNoGkObE5Utam26
1VJ70Ox90nqWPBjw7ZUviRGm3xwbOF8czet1vDWXSEItyoL+oSHxwe/jG+gnoHY1
mA/siDmgXOoB9//RZu8BvSNbUFlDjkjL1CiUU+COnhI0axXuVDXcO6OqPo5HLY2x
Lb5youEzxFfFjuc2vfFPk31+QmITEqmrg6smpN8Yz5EeCHXduar2WA+4yQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMYfYtwbztHmfQ9D7qYtNXRjUPDAMB8GA1UdIwQY
MBaAFJzCbxjPlrhqRQazuEzMRNOzUGogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk1KdkdNLVd1R3BGQnJPNFRNeEUwN05RYWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy8zNjI5NTgtMDZkZC00YzA0LTg4NjQt
MDEzOTg5NDJmYjVhLzEveGg5aTNCdk8wZVo5RDBQdXBpMDFkR05ROE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy8zNjI5NTgtMDZkZC00YzA0LTg4NjQtMDEzOTg5NDJmYjVh
LzEvbk1KdkdNLVd1R3BGQnJPNFRNeEUwN05RYWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwW3aAwQA
wcj3MA0GCSqGSIb3DQEBCwUAA4IBAQAGqQ1o/wQ38aS3nZuNQQiZ/JMv4S7SGh8Z
tN5ZPS5aHr8gQFzrj56CrZfkT+nJBxv2MKhpfa5YAVVlEmlVW8ymobSpZViA3gvu
PL8XAS/h/1+SkZQ510cjMAcyfnmfY2axNzpAx5n6IT8NVDvvLNoEewOrOrFLmSCO
wEl85wsfD3AzsmUK54py2EeBP1DIqFjky7jOH/wgQYhO5b3V9BXkZEfFUH1rK+zZ
fHopI8X3pViex5iXihKDXzFuNhQfoFHTxJlS3sA8CzrkojBh2sfTUUf+MyCXHuRw
3gSi51voVQxB80RJtoBnmJl+DA95eASuHIGoPGe4tFS7hYf6L3ad
-----END CERTIFICATE-----