Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/9sc_Z6wsh2xqSgSi_D7ZTYMetBM.roa
File:                     9sc_Z6wsh2xqSgSi_D7ZTYMetBM.roa (raw, json)
Hash identifier:          ysO7qNEauUD+3RJnhREGXDUT/3d77gpAizI5YbhTLSM=
Subject key identifier:   F6:C7:3F:67:AC:2C:87:6C:6A:4A:04:A2:FC:3E:D9:4D:83:1E:B4:13
Certificate issuer:       /CN=7b0af9738c9f799b56f4b9017bf821b4fca135b8
Certificate serial:       019420686FEB67659B4071EF3D207799528E
Authority key identifier: 7B:0A:F9:73:8C:9F:79:9B:56:F4:B9:01:7B:F8:21:B4:FC:A1:35:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ewr5c4yfeZtW9LkBe_ghtPyhNbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/9sc_Z6wsh2xqSgSi_D7ZTYMetBM.roa
Signing time:             Wed 01 Jan 2025 05:48:22 +0000
ROA not before:           Wed 01 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62385
IP address blocks:        193.104.151.0/24 maxlen: 24
                          2a10:7c80::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/ewr5c4yfeZtW9LkBe_ghtPyhNbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/ewr5c4yfeZtW9LkBe_ghtPyhNbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ewr5c4yfeZtW9LkBe_ghtPyhNbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6f:eb:67:65:9b:40:71:ef:3d:20:77:99:52:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b0af9738c9f799b56f4b9017bf821b4fca135b8
        Validity
            Not Before: Jan  1 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6c73f67ac2c876c6a4a04a2fc3ed94d831eb413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:64:a5:02:7a:1e:5a:a1:6e:49:7a:81:97:55:
                    3c:73:55:cb:79:f8:21:47:6a:53:71:7e:11:8d:de:
                    73:20:5d:4b:55:99:51:d1:b6:42:0f:b8:f6:b4:5c:
                    3f:6f:8d:2c:9d:14:8d:b8:3a:6e:a4:55:aa:9d:8a:
                    ee:57:4e:96:dc:13:ae:92:b9:ca:26:e8:b8:26:55:
                    bc:9c:da:11:1a:a0:a5:d6:81:3a:b3:f1:a7:41:10:
                    24:ae:e4:f5:09:41:6d:17:ac:3b:11:23:45:9c:9a:
                    07:06:39:1e:f9:7e:3a:07:42:ee:d9:50:1c:e4:9f:
                    40:fa:e4:37:90:a4:5e:86:19:89:a8:dd:cb:2e:f9:
                    ac:f1:52:c4:f7:1a:ed:ed:cc:e6:91:51:30:2f:5f:
                    66:8d:33:f6:02:0b:30:2f:44:51:53:42:45:7b:e0:
                    f6:41:85:e3:e5:92:51:87:a6:a1:e2:8f:78:85:c4:
                    cc:1d:24:b5:6b:98:c8:19:f8:d0:0a:1f:b6:de:62:
                    cc:41:f5:0d:0c:ca:de:14:37:a2:d8:d2:ee:af:b2:
                    36:fe:42:91:1d:25:14:1c:e0:14:6e:1f:c4:73:da:
                    d2:9b:6c:89:67:64:7a:ab:85:63:4b:c2:b3:0a:bb:
                    53:9d:48:33:bf:a1:f0:7c:0a:1e:86:26:c2:c3:75:
                    e0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C7:3F:67:AC:2C:87:6C:6A:4A:04:A2:FC:3E:D9:4D:83:1E:B4:13
            X509v3 Authority Key Identifier:
                keyid:7B:0A:F9:73:8C:9F:79:9B:56:F4:B9:01:7B:F8:21:B4:FC:A1:35:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ewr5c4yfeZtW9LkBe_ghtPyhNbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/9sc_Z6wsh2xqSgSi_D7ZTYMetBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/ewr5c4yfeZtW9LkBe_ghtPyhNbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.151.0/24
                IPv6:
                  2a10:7c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:87:ec:9a:20:6f:68:16:da:32:58:40:22:bc:be:46:df:3a:
         d8:ce:bc:59:1d:52:f8:aa:89:09:0c:0f:49:ca:a7:2a:db:78:
         16:4b:6a:62:2f:6c:3c:88:ce:fc:49:d7:f8:0e:86:d5:21:54:
         02:f4:b5:49:aa:42:79:c9:a9:36:24:ab:ca:81:f2:e2:f3:a3:
         6d:5f:e1:cd:9e:23:f8:87:f5:9c:d3:56:6b:f3:88:1c:cf:9b:
         0c:80:32:f4:9f:62:40:e1:9a:df:30:ef:73:51:46:b6:97:8b:
         e9:db:aa:72:06:3a:26:29:05:3c:f9:95:b0:9f:37:26:df:a3:
         c7:18:e0:27:22:cd:74:0e:32:4d:b5:41:d2:5f:5c:7e:6d:e3:
         98:f0:55:7c:96:d1:0c:91:85:71:0d:cb:83:e4:2c:be:c0:78:
         b4:b9:08:3f:a9:1e:8d:dc:cc:86:ac:66:60:3f:08:91:cb:34:
         9a:ca:74:c4:e9:33:f7:1b:74:0c:f5:7c:b1:b5:b3:f7:55:6e:
         4e:71:f3:70:f4:86:b0:b3:07:bf:40:55:de:84:5e:5d:f5:98:
         e5:9f:f9:b7:02:1a:08:43:43:e2:e5:a0:f4:df:cf:d6:bc:39:
         ef:8d:30:a0:e7:99:53:b4:3b:50:48:e2:4c:da:d3:0c:7b:01:
         6d:51:38:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaG/rZ2WbQHHvPSB3mVKOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMGFmOTczOGM5Zjc5OWI1NmY0YjkwMTdiZjgyMWI0ZmNh
MTM1YjgwHhcNMjUwMTAxMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmM3M2Y2N2FjMmM4NzZjNmE0YTA0YTJmYzNlZDk0ZDgzMWViNDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGSlAnoeWqFuSXqBl1U8c1XLefgh
R2pTcX4Rjd5zIF1LVZlR0bZCD7j2tFw/b40snRSNuDpupFWqnYruV06W3BOukrnK
Jui4JlW8nNoRGqCl1oE6s/GnQRAkruT1CUFtF6w7ESNFnJoHBjke+X46B0Lu2VAc
5J9A+uQ3kKRehhmJqN3LLvms8VLE9xrt7czmkVEwL19mjTP2AgswL0RRU0JFe+D2
QYXj5ZJRh6ah4o94hcTMHSS1a5jIGfjQCh+23mLMQfUNDMreFDei2NLur7I2/kKR
HSUUHOAUbh/Ec9rSm2yJZ2R6q4VjS8KzCrtTnUgzv6HwfAoehibCw3XgnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPbHP2esLIdsakoEovw+2U2DHrQTMB8GA1UdIwQY
MBaAFHsK+XOMn3mbVvS5AXv4IbT8oTW4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXdyNWM0eWZlWnRXOUxrQmVfZ2h0UHloTmJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MjFlNzAtZjQ0Mi00MjUyLWFlYTAt
Y2ExMmY1M2Q3YjM0LzEvOXNjX1o2d3NoMnhxU2dTaV9EN1pUWU1ldEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MjFlNzAtZjQ0Mi00MjUyLWFlYTAtY2ExMmY1M2Q3YjM0
LzEvZXdyNWM0eWZlWnRXOUxrQmVfZ2h0UHloTmJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWiXMA0E
AgACMAcDBQMqEHyAMA0GCSqGSIb3DQEBCwUAA4IBAQAxh+yaIG9oFtoyWEAivL5G
3zrYzrxZHVL4qokJDA9Jyqcq23gWS2piL2w8iM78Sdf4DobVIVQC9LVJqkJ5yak2
JKvKgfLi86NtX+HNniP4h/Wc01Zr84gcz5sMgDL0n2JA4ZrfMO9zUUa2l4vp26py
BjomKQU8+ZWwnzcm36PHGOAnIs10DjJNtUHSX1x+beOY8FV8ltEMkYVxDcuD5Cy+
wHi0uQg/qR6N3MyGrGZgPwiRyzSaynTE6TP3G3QM9XyxtbP3VW5OcfNw9Iawswe/
QFXehF5d9Zjln/m3AhoIQ0Pi5aD038/WvDnvjTCg55lTtDtQSOJM2tMMewFtUThI
-----END CERTIFICATE-----