Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/9bAJqgVHnvRdYInB5oZXujQ5XoQ.roa
File:                     9bAJqgVHnvRdYInB5oZXujQ5XoQ.roa (raw, json)
Hash identifier:          qWJO+gO+X6NUIcqwJsrxmMcrEAIF+s1Wskr1UuY7rv8=
Subject key identifier:   F5:B0:09:AA:05:47:9E:F4:5D:60:89:C1:E6:86:57:BA:34:39:5E:84
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       01941FFA45355FB9725010519A2FBFE89D9B
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/9bAJqgVHnvRdYInB5oZXujQ5XoQ.roa
Signing time:             Wed 01 Jan 2025 03:48:02 +0000
ROA not before:           Wed 01 Jan 2025 03:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206092
IP address blocks:        37.140.254.0/24 maxlen: 24
                          185.82.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:45:35:5f:b9:72:50:10:51:9a:2f:bf:e8:9d:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Jan  1 03:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5b009aa05479ef45d6089c1e68657ba34395e84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fa:be:95:fd:94:be:28:18:af:9e:0d:fa:77:
                    3e:6c:0f:ed:40:ab:00:88:2d:b9:b4:c7:e5:1b:4b:
                    12:dd:81:7d:b3:27:44:c8:3d:d7:0a:bb:fc:5f:10:
                    f0:f9:ac:d7:02:03:c8:f7:02:ba:f4:f8:37:f4:62:
                    a9:7b:9d:78:5a:2f:84:6e:44:8d:1e:53:7a:06:10:
                    7a:f2:7b:44:b9:1b:03:17:9f:b9:f6:34:a1:97:08:
                    cb:73:e7:df:7a:c0:e0:da:a8:3b:2a:06:c2:f1:2c:
                    e0:ea:a1:1c:77:18:d8:c0:69:be:ad:f5:91:34:fc:
                    6f:95:3e:da:df:37:6c:7e:e9:16:be:9a:e5:43:2b:
                    32:63:73:21:6c:31:a7:71:a4:cb:35:bc:da:d4:7e:
                    58:63:1f:f5:c9:6c:26:85:0d:2f:c2:df:5c:06:5f:
                    06:e2:97:1e:4d:33:2d:44:3a:80:bc:7d:5c:d6:41:
                    22:31:10:d5:85:d3:33:51:77:a5:92:1a:15:e1:a7:
                    2f:4a:17:da:7e:59:69:54:80:e0:c2:75:6d:ef:ce:
                    e5:e2:e6:ce:db:dc:ea:48:cd:4b:77:36:5a:7a:08:
                    24:8c:cc:9d:7b:0f:04:58:6b:02:46:03:5e:57:2d:
                    a9:f7:6b:4c:a7:2a:e6:cd:e6:59:75:fe:48:09:40:
                    ab:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B0:09:AA:05:47:9E:F4:5D:60:89:C1:E6:86:57:BA:34:39:5E:84
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/9bAJqgVHnvRdYInB5oZXujQ5XoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.254.0/24
                  185.82.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:af:db:27:3c:e7:57:0e:5f:aa:16:12:88:11:63:80:8f:2b:
         76:c4:66:d6:9e:d5:d8:11:6d:c6:c2:18:e1:9d:09:5a:01:13:
         94:5e:96:0b:c8:aa:3e:55:fe:c0:f9:b1:67:0c:32:bf:cb:ce:
         55:c4:d9:5f:5d:e4:ff:e0:f0:ed:0f:7e:45:00:1e:3a:d1:25:
         7d:97:24:0a:35:e8:7d:31:09:6a:21:9f:ef:17:0a:82:22:92:
         d4:b8:12:a2:e2:64:ee:e1:92:ce:3b:af:e2:1b:87:8f:e2:01:
         3c:2f:72:c8:5c:ba:b2:c0:d6:67:57:73:2a:15:12:d5:1c:38:
         83:97:25:25:19:01:44:69:15:e0:a8:17:ad:09:78:30:f3:4a:
         98:64:2f:b9:45:3c:43:9b:ef:67:55:7d:2b:0d:05:5d:68:e5:
         b4:3f:58:1e:04:08:25:1b:3d:3d:2e:b7:7f:d6:c8:25:6a:e5:
         0e:5e:47:1f:5c:4f:4f:e1:5d:91:a0:7f:3d:aa:cb:79:fb:66:
         7b:e9:29:7b:1f:95:c9:4d:d3:d5:9c:11:67:2f:91:bb:1e:b1:
         aa:e0:c1:c0:35:95:3d:05:1f:d5:1f:db:cf:7e:c4:8b:6a:df:
         ed:b2:1a:1f:a0:71:22:6f:33:fb:83:91:d4:b4:59:4e:81:d3:
         ab:a6:5b:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+kU1X7lyUBBRmi+/6J2bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjUwMTAxMDM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWIwMDlhYTA1NDc5ZWY0NWQ2MDg5YzFlNjg2NTdiYTM0Mzk1ZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/q+lf2UvigYr54N+nc+bA/tQKsA
iC25tMflG0sS3YF9sydEyD3XCrv8XxDw+azXAgPI9wK69Pg39GKpe514Wi+EbkSN
HlN6BhB68ntEuRsDF5+59jShlwjLc+ffesDg2qg7KgbC8Szg6qEcdxjYwGm+rfWR
NPxvlT7a3zdsfukWvprlQysyY3MhbDGncaTLNbza1H5YYx/1yWwmhQ0vwt9cBl8G
4pceTTMtRDqAvH1c1kEiMRDVhdMzUXelkhoV4acvShfafllpVIDgwnVt787l4ubO
29zqSM1LdzZaeggkjMydew8EWGsCRgNeVy2p92tMpyrmzeZZdf5ICUCrFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPWwCaoFR570XWCJweaGV7o0OV6EMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvOWJBSnFnVkhudlJkWUluQjVvWlh1alE1WG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJYz+AwQA
uVJIMA0GCSqGSIb3DQEBCwUAA4IBAQAor9snPOdXDl+qFhKIEWOAjyt2xGbWntXY
EW3GwhjhnQlaAROUXpYLyKo+Vf7A+bFnDDK/y85VxNlfXeT/4PDtD35FAB460SV9
lyQKNeh9MQlqIZ/vFwqCIpLUuBKi4mTu4ZLOO6/iG4eP4gE8L3LIXLqywNZnV3Mq
FRLVHDiDlyUlGQFEaRXgqBetCXgw80qYZC+5RTxDm+9nVX0rDQVdaOW0P1geBAgl
Gz09Lrd/1sglauUOXkcfXE9P4V2RoH89qst5+2Z76Sl7H5XJTdPVnBFnL5G7HrGq
4MHANZU9BR/VH9vPfsSLat/tshofoHEibzP7g5HUtFlOgdOrplu9
-----END CERTIFICATE-----