Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/9zz4BCm7vVPckf1S6cDx5jHIMR0.roa
File:                     9zz4BCm7vVPckf1S6cDx5jHIMR0.roa (raw, json)
Hash identifier:          F/CDCgUQPRsdCxjEM2wRlBYAwjK1tPWCUpaTuliqjdw=
Subject key identifier:   F7:3C:F8:04:29:BB:BD:53:DC:91:FD:52:E9:C0:F1:E6:31:C8:31:1D
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019425FC1446F5C5E1646E7D8C1843B3D9BB
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/9zz4BCm7vVPckf1S6cDx5jHIMR0.roa
Signing time:             Thu 02 Jan 2025 07:47:44 +0000
ROA not before:           Thu 02 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8220
IP address blocks:        193.30.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:14:46:f5:c5:e1:64:6e:7d:8c:18:43:b3:d9:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Jan  2 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f73cf80429bbbd53dc91fd52e9c0f1e631c8311d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:56:8c:7d:90:a7:55:29:0d:be:bc:8f:b8:be:
                    df:f8:02:5c:d1:6e:77:35:e9:41:80:d5:7a:f8:90:
                    59:2d:d1:d8:04:2b:f3:c7:c5:6f:1c:d5:b3:b5:ff:
                    47:4e:c8:e8:de:f2:3f:0a:23:d7:9c:c6:63:77:ee:
                    8e:56:c6:52:82:6c:5f:26:95:1e:b2:28:f4:3e:8d:
                    93:21:50:f4:82:5c:af:b0:df:2d:a9:70:10:1d:6d:
                    e5:71:3a:03:34:7f:40:b7:1b:e3:45:cc:bb:d1:65:
                    98:a6:5b:87:d2:4e:95:cf:49:ab:b6:01:e0:2a:13:
                    87:95:c1:d5:11:3a:19:61:cd:7e:4b:5d:9c:f8:4e:
                    73:95:6b:b4:7a:61:7a:0f:4d:a5:01:b3:4a:d4:a2:
                    6c:99:35:19:f2:0c:38:8a:d8:87:f2:da:00:44:38:
                    28:5d:df:03:c2:36:e7:44:27:ab:3e:42:72:30:35:
                    df:69:26:ea:c8:6e:58:a8:18:aa:38:9f:0b:4b:90:
                    f8:5f:f9:4a:78:f6:dc:ec:35:bb:b5:55:05:09:32:
                    39:fb:4b:a1:38:b3:e7:97:c4:c3:52:ec:9a:87:42:
                    20:91:35:65:dc:d9:22:0d:f6:5a:cc:56:bb:b7:33:
                    74:26:58:14:3d:25:89:5e:a3:7a:64:c5:76:c2:5f:
                    aa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:3C:F8:04:29:BB:BD:53:DC:91:FD:52:E9:C0:F1:E6:31:C8:31:1D
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/9zz4BCm7vVPckf1S6cDx5jHIMR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:88:d9:cf:cf:3b:a2:8f:49:3d:e4:a3:3c:61:0c:8b:4f:a7:
         83:73:b2:cd:8a:24:50:58:fd:90:43:f0:95:93:e4:87:85:58:
         21:36:0e:ac:8a:03:44:67:6b:d4:ff:26:de:ce:aa:74:6d:4a:
         8e:7e:cf:ec:3d:62:44:47:df:a8:1b:ce:8b:53:58:c0:ef:4a:
         bd:f9:be:ca:8d:39:9e:7f:4a:c6:cf:ff:1a:66:9c:1b:ce:db:
         3a:65:a4:fc:d8:ff:df:2b:bc:38:2f:e8:5f:be:56:71:76:d3:
         82:61:ce:3b:70:00:a7:da:2b:00:5a:27:68:d6:a8:7f:74:60:
         d1:b9:a1:84:de:b7:31:8b:04:11:20:ff:7c:36:b9:af:4c:85:
         e3:8f:94:1e:62:09:d7:5d:19:3c:c6:2e:3b:3a:7a:3a:cf:9e:
         40:eb:2c:15:91:be:5f:59:14:f2:75:8b:af:40:e8:eb:2d:bb:
         fc:13:e3:37:cd:3c:72:5e:86:51:11:b6:a6:8a:38:80:ee:53:
         4b:58:0a:80:e9:e3:a3:85:83:27:d4:d8:b0:01:89:d4:94:a1:
         d1:a5:0b:3b:ec:7b:b2:40:e2:3b:ff:28:e3:83:31:43:6d:19:
         23:b1:a7:ed:0d:81:2b:65:f7:29:7e:ed:af:b4:da:bb:b8:25:
         69:f5:18:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/BRG9cXhZG59jBhDs9m7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwMTAyMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzNjZjgwNDI5YmJiZDUzZGM5MWZkNTJlOWMwZjFlNjMxYzgzMTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVaMfZCnVSkNvryPuL7f+AJc0W53
NelBgNV6+JBZLdHYBCvzx8VvHNWztf9HTsjo3vI/CiPXnMZjd+6OVsZSgmxfJpUe
sij0Po2TIVD0glyvsN8tqXAQHW3lcToDNH9AtxvjRcy70WWYpluH0k6Vz0mrtgHg
KhOHlcHVEToZYc1+S12c+E5zlWu0emF6D02lAbNK1KJsmTUZ8gw4itiH8toARDgo
Xd8DwjbnRCerPkJyMDXfaSbqyG5YqBiqOJ8LS5D4X/lKePbc7DW7tVUFCTI5+0uh
OLPnl8TDUuyah0IgkTVl3NkiDfZazFa7tzN0JlgUPSWJXqN6ZMV2wl+q2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPc8+AQpu71T3JH9UunA8eYxyDEdMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvOXp6NEJDbTd2VlBja2YxUzZjRHg1akhJTVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5UMA0G
CSqGSIb3DQEBCwUAA4IBAQCPiNnPzzuij0k95KM8YQyLT6eDc7LNiiRQWP2QQ/CV
k+SHhVghNg6sigNEZ2vU/ybezqp0bUqOfs/sPWJER9+oG86LU1jA70q9+b7KjTme
f0rGz/8aZpwbzts6ZaT82P/fK7w4L+hfvlZxdtOCYc47cACn2isAWido1qh/dGDR
uaGE3rcxiwQRIP98NrmvTIXjj5QeYgnXXRk8xi47Ono6z55A6ywVkb5fWRTydYuv
QOjrLbv8E+M3zTxyXoZREbamijiA7lNLWAqA6eOjhYMn1NiwAYnUlKHRpQs77Huy
QOI7/yjjgzFDbRkjsaftDYErZfcpfu2vtNq7uCVp9Rho
-----END CERTIFICATE-----