Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/jEAkiYZGebmexlsp_N74Luf8ncM.roa
File:                     jEAkiYZGebmexlsp_N74Luf8ncM.roa (raw, json)
Hash identifier:          +DXjW2ECzTkDVfc2+HlFxRgkxyMrJDdoUlhpgo+sByY=
Subject key identifier:   8C:40:24:89:86:46:79:B9:9E:C6:5B:29:FC:DE:F8:2E:E7:FC:9D:C3
Certificate issuer:       /CN=c9d11b707878bd77fbff15f27752c08a4aa556f4
Certificate serial:       018CC49326069E76125110ACFEAEF8C8EC58
Authority key identifier: C9:D1:1B:70:78:78:BD:77:FB:FF:15:F2:77:52:C0:8A:4A:A5:56:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydEbcHh4vXf7_xXyd1LAikqlVvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/jEAkiYZGebmexlsp_N74Luf8ncM.roa
Signing time:             Mon 01 Jan 2024 10:30:26 +0000
ROA not before:           Mon 01 Jan 2024 10:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201228
IP address blocks:        193.247.209.0/24 maxlen: 24
                          193.247.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/ydEbcHh4vXf7_xXyd1LAikqlVvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/ydEbcHh4vXf7_xXyd1LAikqlVvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydEbcHh4vXf7_xXyd1LAikqlVvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:26:06:9e:76:12:51:10:ac:fe:ae:f8:c8:ec:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d11b707878bd77fbff15f27752c08a4aa556f4
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c402489864679b99ec65b29fcdef82ee7fc9dc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8e:d2:01:a3:e4:11:ae:dc:b8:e5:dc:b1:c9:
                    7e:8e:57:1e:87:5d:4f:b7:e0:cf:1f:cf:18:b8:ec:
                    b6:8c:f3:73:90:f9:2b:4c:d3:60:0e:cb:f2:40:0c:
                    32:42:a1:ba:76:98:ab:3e:7d:38:26:db:63:9e:1a:
                    97:af:60:8c:f6:d9:b6:ec:7d:81:1c:22:f6:71:96:
                    27:8c:f3:cf:2b:5b:2a:a2:10:10:2d:14:2a:97:9d:
                    ed:79:f1:7f:95:b4:0e:f7:ab:41:ee:00:06:11:70:
                    1b:5e:af:f0:4c:d5:16:1a:f9:3e:cd:1d:9d:3f:e8:
                    b4:b4:90:ca:7f:4a:13:33:90:59:3c:b6:b3:cf:e2:
                    a7:83:f5:de:d1:56:d0:d0:9b:06:c0:29:c3:40:1f:
                    1b:f3:15:08:56:5e:f1:f5:e4:61:3b:77:75:d5:eb:
                    f6:48:8d:3e:3a:b8:de:c0:fa:4f:5f:86:92:2e:d9:
                    6a:ad:cd:98:9b:5b:36:00:4f:31:7b:33:29:23:35:
                    d1:df:36:36:5d:d9:c8:9f:6c:5c:ee:e0:dd:08:1d:
                    ec:39:49:59:0b:6b:fb:13:cc:37:70:d1:34:67:46:
                    50:56:6d:30:75:13:d6:82:9b:8c:ee:96:90:54:84:
                    ec:29:62:da:a7:28:41:3b:f0:8c:fa:27:48:a7:12:
                    0d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:40:24:89:86:46:79:B9:9E:C6:5B:29:FC:DE:F8:2E:E7:FC:9D:C3
            X509v3 Authority Key Identifier:
                keyid:C9:D1:1B:70:78:78:BD:77:FB:FF:15:F2:77:52:C0:8A:4A:A5:56:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydEbcHh4vXf7_xXyd1LAikqlVvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/jEAkiYZGebmexlsp_N74Luf8ncM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/dcddfa-a059-4ff0-a809-5eabfb1e5130/1/ydEbcHh4vXf7_xXyd1LAikqlVvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.209.0-193.247.210.255

    Signature Algorithm: sha256WithRSAEncryption
         d2:7f:90:39:e0:aa:b8:d4:35:e7:27:d6:30:4c:11:21:54:a8:
         f1:13:74:6e:31:89:48:f3:bb:b7:f4:d1:78:00:73:34:e0:2c:
         bb:da:05:74:70:c3:91:e1:56:ca:8c:e6:ba:be:80:8f:dd:a0:
         be:95:f9:60:5f:d3:54:41:e5:41:c0:41:74:77:84:84:17:32:
         2a:70:2b:8b:a6:43:0c:85:b1:c4:f0:29:52:d2:18:65:e1:48:
         3b:19:e2:62:18:51:a7:a4:e8:b1:7d:eb:0f:e7:9e:43:e8:c9:
         d2:4c:25:cf:f8:dd:05:33:ef:d4:a6:36:f2:56:f8:5d:b0:6e:
         3e:02:a6:06:76:9f:3b:6d:c2:eb:dc:ac:f7:5d:ae:68:34:1c:
         21:07:cf:f1:04:e2:21:86:3b:d0:7b:1e:5e:f9:65:75:1e:15:
         45:94:2b:cb:32:22:b2:6e:0b:7d:88:2b:4c:dd:e0:b8:db:1c:
         78:19:50:0b:f1:c9:2b:08:b7:ba:70:ec:e5:0b:ed:ce:64:01:
         94:40:f4:cb:1e:43:29:ac:ff:dd:0d:56:c7:21:f2:79:19:28:
         2e:8e:03:ac:79:25:44:47:dc:de:49:5b:e0:1e:e1:e4:d8:0a:
         f5:e4:5b:f7:75:38:f3:da:74:06:31:17:58:18:07:aa:2b:98:
         ad:5a:3f:7e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEkyYGnnYSURCs/q74yOxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDExYjcwNzg3OGJkNzdmYmZmMTVmMjc3NTJjMDhhNGFh
NTU2ZjQwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQwMjQ4OTg2NDY3OWI5OWVjNjViMjlmY2RlZjgyZWU3ZmM5ZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwY7SAaPkEa7cuOXcscl+jlceh11P
t+DPH88YuOy2jPNzkPkrTNNgDsvyQAwyQqG6dpirPn04JttjnhqXr2CM9tm27H2B
HCL2cZYnjPPPK1sqohAQLRQql53tefF/lbQO96tB7gAGEXAbXq/wTNUWGvk+zR2d
P+i0tJDKf0oTM5BZPLazz+Kng/Xe0VbQ0JsGwCnDQB8b8xUIVl7x9eRhO3d11ev2
SI0+OrjewPpPX4aSLtlqrc2Ym1s2AE8xezMpIzXR3zY2XdnIn2xc7uDdCB3sOUlZ
C2v7E8w3cNE0Z0ZQVm0wdRPWgpuM7paQVITsKWLapyhBO/CM+idIpxINFwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFIxAJImGRnm5nsZbKfze+C7n/J3DMB8GA1UdIwQY
MBaAFMnRG3B4eL13+/8V8ndSwIpKpVb0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRFYmNIaDR2WGY3X3hYeWQxTEFpa3FsVnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kY2RkZmEtYTA1OS00ZmYwLWE4MDkt
NWVhYmZiMWU1MTMwLzEvakVBa2lZWkdlYm1leGxzcF9ONzRMdWY4bmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kY2RkZmEtYTA1OS00ZmYwLWE4MDktNWVhYmZiMWU1MTMw
LzEveWRFYmNIaDR2WGY3X3hYeWQxTEFpa3FsVnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADB99ED
BADB99IwDQYJKoZIhvcNAQELBQADggEBANJ/kDngqrjUNecn1jBMESFUqPETdG4x
iUjzu7f00XgAczTgLLvaBXRww5HhVsqM5rq+gI/doL6V+WBf01RB5UHAQXR3hIQX
MipwK4umQwyFscTwKVLSGGXhSDsZ4mIYUaek6LF96w/nnkPoydJMJc/43QUz79Sm
NvJW+F2wbj4CpgZ2nzttwuvcrPddrmg0HCEHz/EE4iGGO9B7Hl75ZXUeFUWUK8sy
IrJuC32IK0zd4LjbHHgZUAvxySsIt7pw7OUL7c5kAZRA9MseQyms/90NVsch8nkZ
KC6OA6x5JURH3N5JW+Ae4eTYCvXkW/d1OPPadAYxF1gYB6ormK1aP34=
-----END CERTIFICATE-----