Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/90vahj-_hJ5i1HoZpq9u0D0BXno.roa
File:                     90vahj-_hJ5i1HoZpq9u0D0BXno.roa (raw, json)
Hash identifier:          hNcbTROFVc3qb49hFAj0UmBrANu4X9fdOG7KqwGkrWI=
Subject key identifier:   F7:4B:DA:86:3F:BF:84:9E:62:D4:7A:19:A6:AF:6E:D0:3D:01:5E:7A
Certificate issuer:       /CN=9e0374d71bc57db96dc393e91febb9e9d59fef9a
Certificate serial:       0194258FC92A456EC22463001E64DEEFCDA5
Authority key identifier: 9E:03:74:D7:1B:C5:7D:B9:6D:C3:93:E9:1F:EB:B9:E9:D5:9F:EF:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ngN01xvFfbltw5PpH-u56dWf75o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/90vahj-_hJ5i1HoZpq9u0D0BXno.roa
Signing time:             Thu 02 Jan 2025 05:49:27 +0000
ROA not before:           Thu 02 Jan 2025 05:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.97.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/ngN01xvFfbltw5PpH-u56dWf75o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/ngN01xvFfbltw5PpH-u56dWf75o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ngN01xvFfbltw5PpH-u56dWf75o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c9:2a:45:6e:c2:24:63:00:1e:64:de:ef:cd:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e0374d71bc57db96dc393e91febb9e9d59fef9a
        Validity
            Not Before: Jan  2 05:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f74bda863fbf849e62d47a19a6af6ed03d015e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f3:c5:2c:2f:a3:11:b0:42:13:40:37:40:15:
                    d1:80:8f:6d:86:b8:33:44:65:61:9a:e8:e2:d3:30:
                    50:39:2d:8b:be:ff:42:2b:be:61:31:d1:67:77:a8:
                    bc:5d:71:00:c8:b2:df:d8:26:81:c7:60:1c:16:98:
                    f9:05:a6:77:a8:97:c5:20:9b:b2:d0:63:7c:bc:6b:
                    a1:2e:d9:a4:c8:7b:b8:4d:9e:2b:9e:78:32:b7:18:
                    00:9b:bb:82:eb:59:15:3d:22:4c:a5:e4:0a:ac:c0:
                    33:94:20:a5:1b:31:c6:87:29:25:63:cb:b6:1c:50:
                    15:19:b9:65:de:00:6c:51:aa:6f:b8:0e:76:9a:ed:
                    33:ae:df:1d:71:ce:3e:fd:78:62:24:34:ff:e4:6f:
                    e5:db:80:be:20:16:fb:90:44:a1:bd:75:b8:ff:62:
                    2d:9c:f5:d7:b2:4d:ef:2d:0b:1e:ce:25:94:e4:38:
                    53:5d:39:a1:6c:82:a3:c9:2d:34:53:57:d2:c8:14:
                    b4:81:4f:4c:fb:d9:e3:d9:5e:39:bf:c3:5b:13:fe:
                    e6:92:0d:13:ef:83:e0:f7:8b:e0:4c:7f:1a:ad:86:
                    85:f5:12:6a:c1:4b:df:00:6d:d7:e5:a1:e7:92:b5:
                    60:8c:f2:8e:65:d1:d0:92:6e:3f:e8:af:4b:31:2a:
                    46:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:4B:DA:86:3F:BF:84:9E:62:D4:7A:19:A6:AF:6E:D0:3D:01:5E:7A
            X509v3 Authority Key Identifier:
                keyid:9E:03:74:D7:1B:C5:7D:B9:6D:C3:93:E9:1F:EB:B9:E9:D5:9F:EF:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ngN01xvFfbltw5PpH-u56dWf75o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/90vahj-_hJ5i1HoZpq9u0D0BXno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c43a75-a326-4c6d-87ca-817d84e53d53/1/ngN01xvFfbltw5PpH-u56dWf75o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:98:e7:f2:41:2e:04:74:5b:45:7a:f2:42:d4:19:95:b4:3b:
         d2:14:a7:b6:dd:99:44:18:c8:cc:00:55:4e:66:80:1f:02:f6:
         b7:8a:0f:a4:aa:d4:5c:04:00:59:3e:f7:6f:be:14:0c:e3:f2:
         fc:18:40:d3:52:a6:59:1b:fa:53:c3:2d:62:c9:02:4b:01:56:
         54:22:11:0d:11:43:66:5a:3e:30:5e:f5:7a:d9:29:fb:65:f0:
         b1:40:42:65:5d:08:dc:c5:93:04:0f:17:2a:51:e0:ba:7d:f7:
         4d:0c:7e:47:2e:e5:86:8f:b7:27:ff:dd:e6:d1:1f:e2:65:1c:
         88:72:a9:7a:f4:4d:0c:fa:65:12:71:40:7f:ac:ad:aa:7c:e6:
         f9:07:b8:20:7f:15:1a:b5:e6:f2:0a:79:30:5e:df:9e:ff:5f:
         d0:73:ad:3b:95:73:ac:84:73:2a:fa:0c:73:ff:71:2c:f3:f8:
         71:82:a2:2b:81:3d:91:83:48:cd:76:ba:51:ff:a5:de:dc:e4:
         62:ea:6d:73:c3:aa:3c:b1:98:5d:d2:3f:02:5c:23:e6:f6:f7:
         94:40:b3:31:6f:a4:1f:5c:2f:a1:e6:02:b6:0e:d3:4f:97:05:
         7d:6c:aa:45:db:15:d1:ac:23:79:f4:05:b5:25:da:ca:12:07:
         09:36:93:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8kqRW7CJGMAHmTe782lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMDM3NGQ3MWJjNTdkYjk2ZGMzOTNlOTFmZWJiOWU5ZDU5
ZmVmOWEwHhcNMjUwMTAyMDU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzRiZGE4NjNmYmY4NDllNjJkNDdhMTlhNmFmNmVkMDNkMDE1ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvPFLC+jEbBCE0A3QBXRgI9thrgz
RGVhmuji0zBQOS2Lvv9CK75hMdFnd6i8XXEAyLLf2CaBx2AcFpj5BaZ3qJfFIJuy
0GN8vGuhLtmkyHu4TZ4rnngytxgAm7uC61kVPSJMpeQKrMAzlCClGzHGhyklY8u2
HFAVGbll3gBsUapvuA52mu0zrt8dcc4+/XhiJDT/5G/l24C+IBb7kEShvXW4/2It
nPXXsk3vLQseziWU5DhTXTmhbIKjyS00U1fSyBS0gU9M+9nj2V45v8NbE/7mkg0T
74Pg94vgTH8arYaF9RJqwUvfAG3X5aHnkrVgjPKOZdHQkm4/6K9LMSpGewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdL2oY/v4SeYtR6GaavbtA9AV56MB8GA1UdIwQY
MBaAFJ4DdNcbxX25bcOT6R/ruenVn++aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmdOMDF4dkZmYmx0dzVQcEgtdTU2ZFdmNzVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jNDNhNzUtYTMyNi00YzZkLTg3Y2Et
ODE3ZDg0ZTUzZDUzLzEvOTB2YWhqLV9oSjVpMUhvWnBxOXUwRDBCWG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jNDNhNzUtYTMyNi00YzZkLTg3Y2EtODE3ZDg0ZTUzZDUz
LzEvbmdOMDF4dkZmYmx0dzVQcEgtdTU2ZFdmNzVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWEKMA0G
CSqGSIb3DQEBCwUAA4IBAQBBmOfyQS4EdFtFevJC1BmVtDvSFKe23ZlEGMjMAFVO
ZoAfAva3ig+kqtRcBABZPvdvvhQM4/L8GEDTUqZZG/pTwy1iyQJLAVZUIhENEUNm
Wj4wXvV62Sn7ZfCxQEJlXQjcxZMEDxcqUeC6ffdNDH5HLuWGj7cn/93m0R/iZRyI
cql69E0M+mUScUB/rK2qfOb5B7ggfxUatebyCnkwXt+e/1/Qc607lXOshHMq+gxz
/3Es8/hxgqIrgT2Rg0jNdrpR/6Xe3ORi6m1zw6o8sZhd0j8CXCPm9veUQLMxb6Qf
XC+h5gK2DtNPlwV9bKpF2xXRrCN59AW1JdrKEgcJNpNX
-----END CERTIFICATE-----