Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/doaBFCoAi9PMEGjDVkL2tXpIeqk.roa
File:                     doaBFCoAi9PMEGjDVkL2tXpIeqk.roa (raw, json)
Hash identifier:          Z98ogMYuCRCB/EUQ20sK/eyL2P/vgOy7W+oSu1U5VEE=
Subject key identifier:   76:86:81:14:2A:00:8B:D3:CC:10:68:C3:56:42:F6:B5:7A:48:7A:A9
Certificate issuer:       /CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
Certificate serial:       019423D7251FA2E2A21093111EE73FBF3DE0
Authority key identifier: E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/doaBFCoAi9PMEGjDVkL2tXpIeqk.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8469
IP address blocks:        185.64.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:25:1f:a2:e2:a2:10:93:11:1e:e7:3f:bf:3d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=768681142a008bd3cc1068c35642f6b57a487aa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:55:42:ad:c1:64:3f:dd:ea:e0:b6:d6:0d:70:
                    d2:95:83:38:d2:d5:81:b2:70:1f:84:97:77:95:ca:
                    38:5e:a7:3a:41:54:d8:4f:39:64:08:10:f2:26:cd:
                    0a:4d:03:4f:54:98:9c:e1:ce:20:1c:99:84:2a:eb:
                    63:20:03:8f:50:05:12:bb:df:c7:8a:04:a9:bb:05:
                    7d:f6:0d:c4:b4:4c:4a:66:bb:6a:15:25:ea:cd:2b:
                    a3:ae:75:d6:e6:b9:ff:2e:1c:7b:92:c6:cd:14:e1:
                    f4:69:28:3e:87:b4:9c:06:dd:eb:64:9f:48:4a:22:
                    df:2a:dd:f5:82:33:db:83:08:bd:37:31:f5:86:79:
                    37:90:05:81:b7:bb:13:c9:a3:4d:c8:95:9c:c9:2b:
                    c4:48:46:b8:50:91:e9:74:fc:59:1a:d3:a5:8c:69:
                    da:b9:83:39:54:18:e4:b6:de:75:2a:f7:0e:b7:fb:
                    3a:b3:87:52:e6:c7:86:fc:e1:ee:e3:1c:59:6a:8a:
                    fd:68:fd:98:5b:16:31:9f:e0:20:19:be:d5:be:00:
                    1c:18:14:1c:6d:b3:c3:5d:44:d6:41:42:90:46:c0:
                    dd:73:29:f7:e4:72:fe:13:ca:99:24:80:5b:9c:88:
                    21:00:a8:a0:0f:a9:ea:ed:1a:50:5e:50:7c:46:43:
                    5f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:86:81:14:2A:00:8B:D3:CC:10:68:C3:56:42:F6:B5:7A:48:7A:A9
            X509v3 Authority Key Identifier:
                keyid:E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/doaBFCoAi9PMEGjDVkL2tXpIeqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:98:e4:42:62:ae:63:d1:4e:f2:82:60:b5:f2:51:4a:97:39:
         37:00:bb:31:41:88:a7:4b:47:94:68:5d:3f:4e:23:d1:71:52:
         1d:6f:e0:e6:9b:77:3c:24:e6:b0:32:3d:97:c6:1e:8c:12:21:
         fb:f7:80:4e:69:e9:8d:ce:5f:de:ad:a6:52:61:39:45:af:64:
         22:ee:83:68:57:bd:47:e6:7b:f3:ca:44:2c:b7:71:32:1a:50:
         6d:33:6e:b5:b2:6f:d8:c1:2a:f3:0f:d4:f0:de:83:bf:48:77:
         3a:b7:ad:53:cd:5b:df:39:a4:9d:46:f2:0a:b9:b6:30:ba:71:
         85:37:63:00:ba:f8:42:7f:6f:c5:66:e5:da:8e:8e:31:fd:67:
         f1:7e:18:cd:7e:c5:59:ef:36:ff:3a:fd:3e:f2:3b:9b:a2:60:
         9c:db:16:88:d8:32:77:12:34:fd:e0:7c:3a:4a:dc:17:8c:21:
         61:12:46:d6:0d:f8:ef:d7:0b:14:7a:ef:94:3d:d3:0b:58:32:
         82:8b:f1:c8:6e:44:8d:85:f0:35:b9:d4:13:23:84:1a:5a:df:
         6d:30:f9:45:14:f4:84:55:d6:3a:27:d6:3d:7a:dd:36:40:30:
         44:c0:b1:1b:72:4c:40:cd:da:cb:24:1a:e2:49:ce:f7:a4:b7:
         93:9c:6e:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yUfouKiEJMRHuc/vz3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDljZmIwNzhlZGE1ODE2ZmM4MDllOThjMjVjYjcxOTYz
ZTc1YjcwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njg2ODExNDJhMDA4YmQzY2MxMDY4YzM1NjQyZjZiNTdhNDg3YWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVVCrcFkP93q4LbWDXDSlYM40tWB
snAfhJd3lco4Xqc6QVTYTzlkCBDyJs0KTQNPVJic4c4gHJmEKutjIAOPUAUSu9/H
igSpuwV99g3EtExKZrtqFSXqzSujrnXW5rn/Lhx7ksbNFOH0aSg+h7ScBt3rZJ9I
SiLfKt31gjPbgwi9NzH1hnk3kAWBt7sTyaNNyJWcySvESEa4UJHpdPxZGtOljGna
uYM5VBjktt51KvcOt/s6s4dS5seG/OHu4xxZaor9aP2YWxYxn+AgGb7VvgAcGBQc
bbPDXUTWQUKQRsDdcyn35HL+E8qZJIBbnIghAKigD6nq7RpQXlB8RkNfCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHaGgRQqAIvTzBBow1ZC9rV6SHqpMB8GA1UdIwQY
MBaAFOfZz7B47aWBb8gJ6Ywly3GWPnW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEt
ZmVlZTdjMjlkNGRlLzEvZG9hQkZDb0FpOVBNRUdqRFZrTDJ0WHBJZXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEtZmVlZTdjMjlkNGRl
LzEvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUBgMA0G
CSqGSIb3DQEBCwUAA4IBAQA7mORCYq5j0U7ygmC18lFKlzk3ALsxQYinS0eUaF0/
TiPRcVIdb+Dmm3c8JOawMj2Xxh6MEiH794BOaemNzl/eraZSYTlFr2Qi7oNoV71H
5nvzykQst3EyGlBtM261sm/YwSrzD9Tw3oO/SHc6t61TzVvfOaSdRvIKubYwunGF
N2MAuvhCf2/FZuXajo4x/WfxfhjNfsVZ7zb/Ov0+8jubomCc2xaI2DJ3EjT94Hw6
StwXjCFhEkbWDfjv1wsUeu+UPdMLWDKCi/HIbkSNhfA1udQTI4QaWt9tMPlFFPSE
VdY6J9Y9et02QDBEwLEbckxAzdrLJBriSc73pLeTnG7c
-----END CERTIFICATE-----