Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/uRo2bMOeIiH8StyfjDXOPHZmCRc.roa
File:                     uRo2bMOeIiH8StyfjDXOPHZmCRc.roa (raw, json)
Hash identifier:          /c4Qcmm44bZ40YwEJJpcK2loOF7YWT9F41wjJC1v0Vc=
Subject key identifier:   B9:1A:36:6C:C3:9E:22:21:FC:4A:DC:9F:8C:35:CE:3C:76:66:09:17
Certificate issuer:       /CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
Certificate serial:       019423D7257D7D00DED39872DE0B6BDFD92C
Authority key identifier: E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/uRo2bMOeIiH8StyfjDXOPHZmCRc.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20546
IP address blocks:        185.64.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:25:7d:7d:00:de:d3:98:72:de:0b:6b:df:d9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7d9cfb078eda5816fc809e98c25cb71963e75b7
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b91a366cc39e2221fc4adc9f8c35ce3c76660917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:ce:3f:e4:5e:8d:d4:72:3e:37:bf:db:79:6c:
                    67:6e:04:39:34:41:10:b3:ab:f8:aa:b6:3d:cd:fb:
                    b2:2f:7f:f3:16:33:43:9c:0a:c8:5e:85:45:23:3d:
                    24:c7:bf:36:1e:a4:f2:7c:32:7a:9e:53:d0:4f:80:
                    66:61:7b:0d:7c:ed:37:d8:ac:41:d1:95:b3:01:ab:
                    f9:5d:eb:8f:f6:40:b5:78:68:c7:f4:fd:ec:e2:c6:
                    c1:23:42:0a:dc:13:70:27:2f:6b:18:49:c0:f0:6d:
                    a3:07:76:34:8c:cd:ce:04:95:73:a4:eb:55:9a:92:
                    20:8d:95:ab:f8:a1:1c:d8:8a:d2:ec:3a:82:8c:43:
                    53:c1:2b:29:93:4a:f6:c7:34:c9:07:11:3e:8b:6a:
                    ef:0a:46:45:4f:ff:3a:e7:40:f2:03:f8:53:a4:f3:
                    89:ca:d5:e8:96:e4:68:2d:01:94:7b:66:51:9a:09:
                    79:4b:4a:3b:9c:de:0e:d8:e8:c4:d0:c7:f7:b3:2b:
                    e5:58:2f:e3:92:17:74:11:0b:37:bc:b6:a6:6a:f1:
                    ba:1e:43:9f:40:1c:63:87:5d:83:ba:79:ae:e0:f5:
                    ed:0b:53:63:2a:59:96:22:20:e7:34:18:24:fb:62:
                    7b:a2:90:d2:89:75:99:62:0e:36:b4:85:77:44:80:
                    ac:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:1A:36:6C:C3:9E:22:21:FC:4A:DC:9F:8C:35:CE:3C:76:66:09:17
            X509v3 Authority Key Identifier:
                keyid:E7:D9:CF:B0:78:ED:A5:81:6F:C8:09:E9:8C:25:CB:71:96:3E:75:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/59nPsHjtpYFvyAnpjCXLcZY-dbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/uRo2bMOeIiH8StyfjDXOPHZmCRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/000ea7-c9f4-4ebb-b9b1-feee7c29d4de/1/59nPsHjtpYFvyAnpjCXLcZY-dbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:cb:7d:34:36:13:15:a5:39:14:a6:2d:bd:85:43:d7:89:ba:
         35:d3:40:ce:ba:28:78:a1:44:95:fc:bb:0b:d7:fe:02:a6:19:
         06:80:ad:6e:f4:14:aa:29:46:6b:d8:d3:d9:66:45:0c:8f:c8:
         1a:22:d4:37:56:48:56:d1:7e:e1:1c:14:25:da:53:0b:6f:d2:
         15:63:d7:4e:0a:c7:dd:21:5e:1f:ce:62:70:91:f2:3e:ac:15:
         1b:0c:ad:30:d6:95:f3:e0:67:be:22:06:d4:b2:80:11:01:75:
         ca:f9:36:ba:46:57:ca:2e:70:34:c4:16:6b:3d:94:76:29:43:
         7a:19:b8:fd:60:fb:66:95:dd:df:b4:5d:6d:e0:1b:02:69:3b:
         10:18:4f:99:be:01:17:d5:37:36:b2:8e:ec:b4:b2:d0:63:82:
         19:56:3a:25:a0:ec:9a:f7:b7:b4:16:48:b5:d2:cf:b4:63:f8:
         1f:3d:9d:1a:b5:bb:e5:dc:ac:2a:bd:68:6d:e9:c3:72:a4:8f:
         3a:08:41:66:cb:51:3e:a0:83:f7:8c:fb:30:40:5a:2d:57:32:
         5d:a0:92:25:f0:9d:eb:11:40:92:fc:1d:38:06:8c:a8:bb:18:
         46:98:41:97:2b:d5:cd:e2:0a:3e:fc:99:75:1d:04:47:1a:cb:
         95:f0:f3:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yV9fQDe05hy3gtr39ksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3ZDljZmIwNzhlZGE1ODE2ZmM4MDllOThjMjVjYjcxOTYz
ZTc1YjcwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTFhMzY2Y2MzOWUyMjIxZmM0YWRjOWY4YzM1Y2UzYzc2NjYwOTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA184/5F6N1HI+N7/beWxnbgQ5NEEQ
s6v4qrY9zfuyL3/zFjNDnArIXoVFIz0kx782HqTyfDJ6nlPQT4BmYXsNfO032KxB
0ZWzAav5XeuP9kC1eGjH9P3s4sbBI0IK3BNwJy9rGEnA8G2jB3Y0jM3OBJVzpOtV
mpIgjZWr+KEc2IrS7DqCjENTwSspk0r2xzTJBxE+i2rvCkZFT/8650DyA/hTpPOJ
ytXoluRoLQGUe2ZRmgl5S0o7nN4O2OjE0Mf3syvlWC/jkhd0EQs3vLamavG6HkOf
QBxjh12Dunmu4PXtC1NjKlmWIiDnNBgk+2J7opDSiXWZYg42tIV3RICshQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLkaNmzDniIh/Ercn4w1zjx2ZgkXMB8GA1UdIwQY
MBaAFOfZz7B47aWBb8gJ6Ywly3GWPnW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEt
ZmVlZTdjMjlkNGRlLzEvdVJvMmJNT2VJaUg4U3R5ZmpEWE9QSFptQ1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8wMDBlYTctYzlmNC00ZWJiLWI5YjEtZmVlZTdjMjlkNGRl
LzEvNTluUHNIanRwWUZ2eUFucGpDWExjWlktZGJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUBgMA0G
CSqGSIb3DQEBCwUAA4IBAQBuy300NhMVpTkUpi29hUPXibo100DOuih4oUSV/LsL
1/4CphkGgK1u9BSqKUZr2NPZZkUMj8gaItQ3VkhW0X7hHBQl2lMLb9IVY9dOCsfd
IV4fzmJwkfI+rBUbDK0w1pXz4Ge+IgbUsoARAXXK+Ta6RlfKLnA0xBZrPZR2KUN6
Gbj9YPtmld3ftF1t4BsCaTsQGE+ZvgEX1Tc2so7stLLQY4IZVjoloOya97e0Fki1
0s+0Y/gfPZ0atbvl3KwqvWht6cNypI86CEFmy1E+oIP3jPswQFotVzJdoJIl8J3r
EUCS/B04BoyouxhGmEGXK9XN4go+/Jl1HQRHGsuV8PMG
-----END CERTIFICATE-----