Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/P9QxyJmv9Z9C6SJVcI9DfY80ZqE.roa
File:                     P9QxyJmv9Z9C6SJVcI9DfY80ZqE.roa (raw, json)
Hash identifier:          Ve1I0xGuvhPuHrTo2o4dfngVB21Rz6Cv0jL8IhaZyUg=
Subject key identifier:   3F:D4:31:C8:99:AF:F5:9F:42:E9:22:55:70:8F:43:7D:8F:34:66:A1
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0195D34BBA5750CF4DC290CC39BD4F7A45B2
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/P9QxyJmv9Z9C6SJVcI9DfY80ZqE.roa
Signing time:             Wed 26 Mar 2025 16:31:50 +0000
ROA not before:           Wed 26 Mar 2025 16:31:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211663
IP address blocks:        176.100.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d3:4b:ba:57:50:cf:4d:c2:90:cc:39:bd:4f:7a:45:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 26 16:31:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fd431c899aff59f42e92255708f437d8f3466a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e9:b4:7f:79:2e:46:e0:50:c9:0a:ed:d8:30:
                    04:f8:27:ae:03:d2:18:bc:c1:9b:fc:1b:e7:32:18:
                    0f:df:bf:47:fb:50:65:f8:e4:d5:37:32:b2:e3:a3:
                    fc:b1:c8:79:3b:25:19:e2:e1:34:2a:ed:f0:9d:26:
                    a8:80:44:3a:20:fd:23:bf:d6:a7:94:8a:c6:a6:bf:
                    a3:58:81:59:37:e9:92:38:25:60:90:c2:ac:5f:17:
                    6d:38:f8:ac:23:09:eb:a3:75:2e:ab:a3:19:e8:90:
                    7b:2c:b2:09:2c:69:b5:fd:e9:2f:a6:a2:c8:30:b0:
                    b7:45:3f:19:19:05:9d:43:15:8b:95:4b:c4:e1:db:
                    0b:15:96:a0:78:bd:1e:44:7d:b1:5b:60:c6:04:58:
                    8f:fe:2e:bb:13:70:9d:90:9a:96:7e:ad:a2:a7:ef:
                    a3:8f:b1:e2:c6:b1:84:0b:ef:35:e3:88:0f:c2:1f:
                    de:ec:56:f2:3c:bf:62:19:9a:38:2e:46:5d:0f:ac:
                    b7:f0:f4:f9:30:03:4c:57:a7:7e:aa:cc:ef:b8:62:
                    b6:a6:d0:d8:d7:2c:a2:dc:8a:31:76:f5:d7:d2:44:
                    33:dd:04:7f:3e:66:70:47:a8:7b:58:77:1b:d5:89:
                    c3:df:b4:cd:e9:91:2c:84:24:4a:3a:cc:9b:23:a2:
                    5b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D4:31:C8:99:AF:F5:9F:42:E9:22:55:70:8F:43:7D:8F:34:66:A1
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/P9QxyJmv9Z9C6SJVcI9DfY80ZqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ee:d8:73:15:88:5e:8b:10:a4:ff:29:b5:6c:de:c1:91:6d:
         31:92:d2:33:bf:a4:15:90:ac:54:90:e8:3d:70:8c:87:e1:e2:
         77:76:98:eb:af:cc:3d:33:37:da:4b:9b:f1:b1:48:01:6a:b8:
         10:3e:8d:e3:8d:37:e1:4a:ea:9e:05:5b:6f:d9:45:88:4b:e7:
         91:63:ae:46:61:e5:43:6e:58:92:b6:c6:37:1f:68:fb:1e:9d:
         36:ff:95:9d:f9:04:35:fd:90:3d:0a:90:1a:46:42:76:b9:c0:
         74:87:22:3f:97:3e:86:46:0b:77:31:8d:8c:93:b9:cc:7c:f5:
         5b:ed:55:ff:f2:f0:98:16:01:0d:03:ee:09:e2:0c:46:3e:bf:
         8e:b7:60:d2:7e:3b:49:11:03:5c:fe:d3:fc:cd:1b:86:fa:75:
         6d:c7:2c:33:db:fe:1b:9d:14:95:4a:3b:e2:2c:25:c4:83:af:
         84:33:c7:4c:25:28:37:85:a9:05:fe:9f:b1:fb:ec:60:dc:4a:
         c9:34:34:fa:f2:0e:db:f6:d0:d7:ff:ab:3d:ca:1a:ae:d4:cc:
         01:29:43:08:f4:4f:d6:2f:9b:51:50:11:d0:ba:d5:e0:c3:7b:
         91:5e:8d:44:b3:87:1d:58:ce:43:f7:c4:5d:f1:92:b2:84:ec:
         bb:17:06:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXTS7pXUM9NwpDMOb1PekWyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMzI2MTYzMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ0MzFjODk5YWZmNTlmNDJlOTIyNTU3MDhmNDM3ZDhmMzQ2NmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxem0f3kuRuBQyQrt2DAE+CeuA9IY
vMGb/BvnMhgP379H+1Bl+OTVNzKy46P8sch5OyUZ4uE0Ku3wnSaogEQ6IP0jv9an
lIrGpr+jWIFZN+mSOCVgkMKsXxdtOPisIwnro3Uuq6MZ6JB7LLIJLGm1/ekvpqLI
MLC3RT8ZGQWdQxWLlUvE4dsLFZageL0eRH2xW2DGBFiP/i67E3CdkJqWfq2ip++j
j7HixrGEC+8144gPwh/e7FbyPL9iGZo4LkZdD6y38PT5MANMV6d+qszvuGK2ptDY
1yyi3IoxdvXX0kQz3QR/PmZwR6h7WHcb1YnD37TN6ZEshCRKOsybI6JbpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/UMciZr/WfQukiVXCPQ32PNGahMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvUDlReHlKbXY5WjlDNlNKVmNJOURmWTgwWnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGQqMA0G
CSqGSIb3DQEBCwUAA4IBAQAL7thzFYheixCk/ym1bN7BkW0xktIzv6QVkKxUkOg9
cIyH4eJ3dpjrr8w9MzfaS5vxsUgBargQPo3jjTfhSuqeBVtv2UWIS+eRY65GYeVD
bliStsY3H2j7Hp02/5Wd+QQ1/ZA9CpAaRkJ2ucB0hyI/lz6GRgt3MY2Mk7nMfPVb
7VX/8vCYFgENA+4J4gxGPr+Ot2DSfjtJEQNc/tP8zRuG+nVtxywz2/4bnRSVSjvi
LCXEg6+EM8dMJSg3hakF/p+x++xg3ErJNDT68g7b9tDX/6s9yhqu1MwBKUMI9E/W
L5tRUBHQutXgw3uRXo1Es4cdWM5D98Rd8ZKyhOy7Fwaj
-----END CERTIFICATE-----