Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/hH6hMaSyonrhQA9h_vP1HTqln7M.roa
File:                     hH6hMaSyonrhQA9h_vP1HTqln7M.roa (raw, json)
Hash identifier:          8QJDFdFinb7s3U9xb08fJBm7sr1In5Pe6TKE9Vk8YEA=
Subject key identifier:   84:7E:A1:31:A4:B2:A2:7A:E1:40:0F:61:FE:F3:F5:1D:3A:A5:9F:B3
Certificate issuer:       /CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
Certificate serial:       01941F8C4C4FE20182D59CB7AB5E9CB670D0
Authority key identifier: 9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/hH6hMaSyonrhQA9h_vP1HTqln7M.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1213
IP address blocks:        149.153.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:03:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4c:4f:e2:01:82:d5:9c:b7:ab:5e:9c:b6:70:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=847ea131a4b2a27ae1400f61fef3f51d3aa59fb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d2:59:91:b6:ac:7c:89:e1:c0:32:01:70:0e:
                    c4:9a:ba:4d:78:e0:1b:68:ea:d2:59:af:cc:53:a8:
                    d9:87:44:e0:30:b8:e9:7a:6a:78:ee:05:f9:8c:61:
                    07:49:79:ff:68:5e:4d:07:84:83:b1:86:34:6f:ae:
                    f0:43:09:8c:f7:e9:38:5d:46:13:34:7b:06:9a:0a:
                    48:ca:da:ba:78:ec:21:66:4b:33:3f:b8:dc:b9:b9:
                    7a:b2:49:a1:19:73:1a:65:8b:14:10:8f:63:52:ff:
                    6b:fb:10:34:57:73:e0:22:6e:c7:0b:38:3d:a2:ff:
                    82:f8:10:d4:32:a1:8e:5f:79:c1:7c:5b:06:38:fa:
                    44:89:24:5c:32:12:1b:82:46:e1:52:06:9f:f1:ba:
                    14:42:f2:7f:96:f4:f6:27:32:6a:e3:b5:32:39:5c:
                    ba:ad:91:30:73:9b:2f:35:4c:28:fd:89:bb:f7:c8:
                    e1:e6:12:a6:9b:86:c5:df:c4:2d:6a:65:ee:ae:5c:
                    06:1a:4a:63:4b:a3:d4:7d:b0:d3:67:3e:c7:c3:91:
                    41:65:24:0a:d8:d5:33:08:59:9a:0c:be:d5:0c:f4:
                    42:46:bc:6a:c5:82:6d:c4:51:78:62:d0:fe:98:61:
                    30:75:05:f2:5a:bd:5a:ac:8d:59:da:3c:77:c2:86:
                    9f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:7E:A1:31:A4:B2:A2:7A:E1:40:0F:61:FE:F3:F5:1D:3A:A5:9F:B3
            X509v3 Authority Key Identifier:
                keyid:9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/hH6hMaSyonrhQA9h_vP1HTqln7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         f2:61:5d:0e:3b:26:4f:1c:d5:3d:0a:48:24:68:0f:df:6c:d4:
         64:e8:63:50:56:43:b5:42:19:f3:a2:42:f8:45:ef:5a:ab:f0:
         96:5c:c3:48:53:8b:35:7d:af:42:c0:34:77:e2:59:27:5f:5b:
         3a:69:92:dc:23:c4:f5:09:8d:de:e0:14:54:7b:72:6a:34:97:
         a8:55:0f:aa:f3:a6:32:ad:96:c9:25:86:d2:85:40:0f:58:c5:
         ad:62:d8:d2:03:52:7d:a0:aa:72:8d:ed:e4:68:df:a5:f5:65:
         dd:f6:5e:28:27:14:40:90:cf:15:91:15:67:a4:0f:49:58:71:
         41:b0:32:87:15:71:ce:65:d1:21:56:f8:93:78:98:7a:de:03:
         f9:31:e9:c9:05:58:80:2d:25:7f:c0:78:43:56:5e:3c:16:d2:
         4f:80:cc:fe:d2:1e:76:ec:7c:f7:dc:2c:b9:01:4d:84:fd:9b:
         a7:db:aa:1b:43:47:b1:db:d2:84:8b:f9:49:c4:7f:14:76:07:
         c2:f8:03:57:23:38:07:f1:5c:ac:02:a0:b0:2d:1a:f0:1e:c1:
         80:43:a4:d3:55:8d:2e:a9:c6:9b:f8:20:58:44:9a:3e:c8:40:
         10:b1:de:a1:76:03:a9:4b:d0:13:8c:98:89:ed:8d:1a:f3:9d:
         08:56:8f:64
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQfjExP4gGC1Zy3q16ctnDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNTMzN2JkMWE3YzVlZTljNTdhNzNiMGEzM2M2MTIxOWNk
MmE5Y2IwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDdlYTEzMWE0YjJhMjdhZTE0MDBmNjFmZWYzZjUxZDNhYTU5ZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNJZkbasfInhwDIBcA7EmrpNeOAb
aOrSWa/MU6jZh0TgMLjpemp47gX5jGEHSXn/aF5NB4SDsYY0b67wQwmM9+k4XUYT
NHsGmgpIytq6eOwhZkszP7jcubl6skmhGXMaZYsUEI9jUv9r+xA0V3PgIm7HCzg9
ov+C+BDUMqGOX3nBfFsGOPpEiSRcMhIbgkbhUgaf8boUQvJ/lvT2JzJq47UyOVy6
rZEwc5svNUwo/Ym798jh5hKmm4bF38QtamXurlwGGkpjS6PUfbDTZz7Hw5FBZSQK
2NUzCFmaDL7VDPRCRrxqxYJtxFF4YtD+mGEwdQXyWr1arI1Z2jx3woafBwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIR+oTGksqJ64UAPYf7z9R06pZ+zMB8GA1UdIwQY
MBaAFJtTN70afF7pxXpzsKM8YSGc0qnLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQt
MmVmNzE2NWIyMWI1LzEvaEg2aE1hU3lvbnJoUUE5aF92UDFIVHFsbjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQtMmVmNzE2NWIyMWI1
LzEvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlZkwDQYJ
KoZIhvcNAQELBQADggEBAPJhXQ47Jk8c1T0KSCRoD99s1GToY1BWQ7VCGfOiQvhF
71qr8JZcw0hTizV9r0LANHfiWSdfWzppktwjxPUJjd7gFFR7cmo0l6hVD6rzpjKt
lsklhtKFQA9Yxa1i2NIDUn2gqnKN7eRo36X1Zd32XignFECQzxWRFWekD0lYcUGw
MocVcc5l0SFW+JN4mHreA/kx6ckFWIAtJX/AeENWXjwW0k+AzP7SHnbsfPfcLLkB
TYT9m6fbqhtDR7Hb0oSL+UnEfxR2B8L4A1cjOAfxXKwCoLAtGvAewYBDpNNVjS6p
xpv4IFhEmj7IQBCx3qF2A6lL0BOMmIntjRrznQhWj2Q=
-----END CERTIFICATE-----