Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/2684fb-1edb-4142-b2b6-f090d91dcbf8/1/F9XGZi-RuqVcSe1fpzN4q7qIdc4.roa
File:                     F9XGZi-RuqVcSe1fpzN4q7qIdc4.roa (raw, json)
Hash identifier:          f6T7R08rHMZ0z6ganX/KnRpxEiznu3aFpX2FIokh414=
Subject key identifier:   17:D5:C6:66:2F:91:BA:A5:5C:49:ED:5F:A7:33:78:AB:BA:88:75:CE
Certificate issuer:       /CN=0a7bbcde57d85b3fb1aadcba9c99775e19eeef3e
Certificate serial:       01945F39DC9D653D7DC96BD26FC11E613DEC
Authority key identifier: 0A:7B:BC:DE:57:D8:5B:3F:B1:AA:DC:BA:9C:99:77:5E:19:EE:EF:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cnu83lfYWz-xqty6nJl3Xhnu7z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/2684fb-1edb-4142-b2b6-f090d91dcbf8/1/F9XGZi-RuqVcSe1fpzN4q7qIdc4.roa
Signing time:             Mon 13 Jan 2025 10:33:35 +0000
ROA not before:           Mon 13 Jan 2025 10:33:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201981
IP address blocks:        185.55.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/2684fb-1edb-4142-b2b6-f090d91dcbf8/1/Cnu83lfYWz-xqty6nJl3Xhnu7z4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/2684fb-1edb-4142-b2b6-f090d91dcbf8/1/Cnu83lfYWz-xqty6nJl3Xhnu7z4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cnu83lfYWz-xqty6nJl3Xhnu7z4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:39:dc:9d:65:3d:7d:c9:6b:d2:6f:c1:1e:61:3d:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7bbcde57d85b3fb1aadcba9c99775e19eeef3e
        Validity
            Not Before: Jan 13 10:33:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17d5c6662f91baa55c49ed5fa73378abba8875ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:31:e1:0e:89:c6:87:d7:72:27:8c:e2:b4:ea:
                    de:dd:78:59:f7:14:35:32:5a:bb:bb:e6:3b:c5:8b:
                    c9:0f:9a:4c:1b:31:b5:b6:a7:90:cb:4d:3e:7d:2e:
                    0f:36:a0:21:cf:31:a7:9e:ad:74:65:40:cd:c6:31:
                    a5:c6:a9:b0:81:c0:9c:9e:44:0a:a1:e3:d6:a1:cb:
                    59:fe:05:49:c4:23:01:d8:fe:a2:ac:ef:08:c5:0e:
                    59:0e:0b:93:64:30:b5:78:3c:81:be:97:c5:ec:83:
                    ef:92:97:90:b9:dd:dd:37:1e:7b:b0:7b:5f:bb:57:
                    81:d6:8f:96:bc:17:0e:9c:a2:f7:e5:43:07:de:31:
                    74:65:ca:28:a8:8a:ee:30:9f:c0:f7:20:03:73:88:
                    d0:37:a6:21:04:98:65:e4:f1:75:d4:e3:49:72:59:
                    3b:89:84:11:d4:78:7b:92:3e:e5:66:f5:d7:5f:42:
                    21:69:11:b8:61:f2:31:e8:d7:3a:23:72:c6:86:52:
                    df:a9:56:93:97:a9:38:ca:16:43:a4:1d:e9:fa:e3:
                    45:18:cb:08:0d:f0:8d:c4:3c:04:38:bd:5c:2a:9d:
                    a1:50:7b:7b:8c:db:16:9a:8a:0c:93:66:dc:95:d2:
                    c6:b3:f5:b6:13:b4:c4:03:a6:a6:1a:0e:ab:cd:8d:
                    98:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:D5:C6:66:2F:91:BA:A5:5C:49:ED:5F:A7:33:78:AB:BA:88:75:CE
            X509v3 Authority Key Identifier:
                keyid:0A:7B:BC:DE:57:D8:5B:3F:B1:AA:DC:BA:9C:99:77:5E:19:EE:EF:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cnu83lfYWz-xqty6nJl3Xhnu7z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2684fb-1edb-4142-b2b6-f090d91dcbf8/1/F9XGZi-RuqVcSe1fpzN4q7qIdc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/2684fb-1edb-4142-b2b6-f090d91dcbf8/1/Cnu83lfYWz-xqty6nJl3Xhnu7z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:3e:54:80:5e:69:a1:ee:7a:4a:a4:a6:ee:7a:a6:ff:4e:80:
         c2:5b:5c:0a:1d:dd:3c:c2:26:dc:49:eb:f1:b1:ca:7d:49:27:
         d2:bd:50:47:74:d2:a8:83:ea:1d:36:30:4d:4b:e1:c7:94:ac:
         1f:eb:fa:76:3d:6b:13:5d:39:98:c7:d9:78:0f:67:fc:69:78:
         e5:39:a2:8f:65:ba:e6:aa:c9:40:b8:24:36:37:3e:df:ea:02:
         ae:22:7c:35:a8:db:90:97:dc:df:f0:19:92:e0:70:94:c6:bb:
         4b:eb:6c:53:5a:ce:17:aa:07:7f:27:6d:ad:19:3f:52:1e:ee:
         ce:ab:67:24:5e:66:ae:42:b4:0d:a7:c7:39:3d:5b:82:87:df:
         a6:83:33:e5:10:a8:00:86:d5:17:db:29:8b:3b:bc:3d:ae:c9:
         54:46:c9:30:f2:46:18:fd:be:89:7d:32:8d:31:0b:33:8f:e7:
         8b:2f:0f:a9:47:35:1d:cc:ee:5e:0e:27:9d:14:8d:4e:1d:c9:
         bd:28:f2:1d:07:7f:f8:5e:51:9a:1f:e9:02:7c:cb:a1:78:a2:
         fd:63:3f:8e:5b:34:16:44:64:62:a9:22:8c:e1:f4:b3:1f:c6:
         9f:0c:43:a7:87:72:c4:6a:43:7d:3f:8c:ca:5e:d9:6c:28:3c:
         46:45:0b:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRfOdydZT19yWvSb8EeYT3sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhN2JiY2RlNTdkODViM2ZiMWFhZGNiYTljOTk3NzVlMTll
ZWVmM2UwHhcNMjUwMTEzMTAzMzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Q1YzY2NjJmOTFiYWE1NWM0OWVkNWZhNzMzNzhhYmJhODg3NWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzHhDonGh9dyJ4zitOre3XhZ9xQ1
Mlq7u+Y7xYvJD5pMGzG1tqeQy00+fS4PNqAhzzGnnq10ZUDNxjGlxqmwgcCcnkQK
oePWoctZ/gVJxCMB2P6irO8IxQ5ZDguTZDC1eDyBvpfF7IPvkpeQud3dNx57sHtf
u1eB1o+WvBcOnKL35UMH3jF0ZcooqIruMJ/A9yADc4jQN6YhBJhl5PF11ONJclk7
iYQR1Hh7kj7lZvXXX0IhaRG4YfIx6Nc6I3LGhlLfqVaTl6k4yhZDpB3p+uNFGMsI
DfCNxDwEOL1cKp2hUHt7jNsWmooMk2bcldLGs/W2E7TEA6amGg6rzY2YoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfVxmYvkbqlXEntX6czeKu6iHXOMB8GA1UdIwQY
MBaAFAp7vN5X2Fs/sarcupyZd14Z7u8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ251ODNsZllXei14cXR5Nm5KbDNYaG51N3o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8yNjg0ZmItMWVkYi00MTQyLWIyYjYt
ZjA5MGQ5MWRjYmY4LzEvRjlYR1ppLVJ1cVZjU2UxZnB6TjRxN3FJZGM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8yNjg0ZmItMWVkYi00MTQyLWIyYjYtZjA5MGQ5MWRjYmY4
LzEvQ251ODNsZllXei14cXR5Nm5KbDNYaG51N3o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTfsMA0G
CSqGSIb3DQEBCwUAA4IBAQAFPlSAXmmh7npKpKbueqb/ToDCW1wKHd08wibcSevx
scp9SSfSvVBHdNKog+odNjBNS+HHlKwf6/p2PWsTXTmYx9l4D2f8aXjlOaKPZbrm
qslAuCQ2Nz7f6gKuInw1qNuQl9zf8BmS4HCUxrtL62xTWs4Xqgd/J22tGT9SHu7O
q2ckXmauQrQNp8c5PVuCh9+mgzPlEKgAhtUX2ymLO7w9rslURskw8kYY/b6JfTKN
MQszj+eLLw+pRzUdzO5eDiedFI1OHcm9KPIdB3/4XlGaH+kCfMuheKL9Yz+OWzQW
RGRiqSKM4fSzH8afDEOnh3LEakN9P4zKXtlsKDxGRQsS
-----END CERTIFICATE-----