Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/xZRwQEVBqhCo3g2OnfWg1phYcj0.roa
File:                     xZRwQEVBqhCo3g2OnfWg1phYcj0.roa (raw, json)
Hash identifier:          Up0oMZDKtVNJTjmYE39xr0VdPFglYOYmh22V1+hmiHs=
Subject key identifier:   C5:94:70:40:45:41:AA:10:A8:DE:0D:8E:9D:F5:A0:D6:98:58:72:3D
Certificate issuer:       /CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
Certificate serial:       01941F8C4B486F9FD12294E9D0B302E993F4
Authority key identifier: 9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/xZRwQEVBqhCo3g2OnfWg1phYcj0.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     786
IP address blocks:        149.153.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4b:48:6f:9f:d1:22:94:e9:d0:b3:02:e9:93:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b5337bd1a7c5ee9c57a73b0a33c61219cd2a9cb
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c59470404541aa10a8de0d8e9df5a0d69858723d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6f:c4:9d:a6:91:18:10:97:c7:47:41:dc:63:
                    4f:4b:50:14:66:f7:e4:6a:ed:cc:2a:4b:ba:0e:b4:
                    ae:c6:e7:dd:b6:1a:c6:ea:b1:e0:2d:e3:87:df:a0:
                    33:2c:15:1d:2b:a2:8c:c9:32:fa:46:93:7e:ff:19:
                    90:b1:82:af:c7:78:af:95:b5:68:a6:e0:6a:7c:cb:
                    89:d7:c1:e4:8f:f0:00:d6:54:85:8b:f2:35:a8:23:
                    67:a1:cb:20:9b:ac:43:f1:25:dd:61:d0:ff:2e:c6:
                    7a:08:b3:76:97:64:86:7d:10:0f:8c:63:90:94:de:
                    bb:8d:8d:7c:a4:91:27:50:4f:26:b4:00:11:7b:44:
                    8b:1f:af:44:ec:04:34:f4:ac:44:93:4c:14:a0:34:
                    e7:7c:22:47:df:8c:1e:f5:4d:8d:7f:3a:71:ae:f5:
                    16:3d:ab:75:43:4a:fc:d6:84:2d:76:81:2b:75:0e:
                    36:4e:5b:13:6b:c9:ae:50:70:90:8f:28:03:8d:57:
                    83:d7:d1:66:2e:2f:87:76:fc:16:e6:e2:4c:b5:e2:
                    55:2c:9f:61:98:3c:fe:e7:46:4f:47:0a:34:af:82:
                    72:c9:95:84:46:7c:b3:de:3e:87:3b:2f:42:a0:bd:
                    79:e9:a3:38:1e:0d:50:eb:39:37:55:0b:cc:c8:59:
                    22:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:94:70:40:45:41:AA:10:A8:DE:0D:8E:9D:F5:A0:D6:98:58:72:3D
            X509v3 Authority Key Identifier:
                keyid:9B:53:37:BD:1A:7C:5E:E9:C5:7A:73:B0:A3:3C:61:21:9C:D2:A9:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m1M3vRp8XunFenOwozxhIZzSqcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/xZRwQEVBqhCo3g2OnfWg1phYcj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/9cb5fb-ab65-4a2b-88dd-2ef7165b21b5/1/m1M3vRp8XunFenOwozxhIZzSqcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:f9:ce:8e:3a:2e:d1:7f:4b:6a:31:9b:8d:42:dc:2a:01:aa:
         ef:e1:44:1e:a4:0d:f6:67:f1:d7:90:09:5b:2a:37:b8:28:7c:
         8e:15:dc:5c:37:d9:25:63:60:37:ce:60:aa:dc:6c:77:84:83:
         8b:bf:66:b4:52:5e:57:d7:32:65:b6:a8:35:88:c9:58:7e:f9:
         e1:a2:02:00:b4:9d:dd:ca:0b:8b:61:63:fa:e8:c3:39:e7:fc:
         b3:17:88:36:28:ae:46:be:ad:94:50:00:2d:b1:6c:e8:9b:9e:
         79:44:08:bb:64:c0:4a:f1:34:11:f8:14:72:4c:12:fc:0f:11:
         d0:88:b6:31:c3:77:59:77:eb:4d:18:76:f7:ee:65:51:29:54:
         81:47:57:ba:e2:77:59:4c:4c:d8:98:31:6a:17:1c:90:5c:26:
         67:4d:42:31:7c:68:bc:ce:e7:e3:6c:05:6e:43:75:c8:48:b9:
         d5:fb:d9:68:aa:82:80:5e:41:22:0f:a9:47:fb:b9:b0:cd:0c:
         aa:b9:21:3e:82:f9:c3:ad:ff:98:ca:58:13:09:e1:cd:eb:ff:
         b0:52:95:8a:31:63:c0:5e:3a:77:5e:b3:9c:fe:78:4a:05:f6:
         ce:05:d6:29:f4:02:11:6d:df:c8:91:30:1c:97:51:40:cb:49:
         82:b2:27:38
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQfjEtIb5/RIpTp0LMC6ZP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNTMzN2JkMWE3YzVlZTljNTdhNzNiMGEzM2M2MTIxOWNk
MmE5Y2IwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk0NzA0MDQ1NDFhYTEwYThkZTBkOGU5ZGY1YTBkNjk4NTg3MjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmW/EnaaRGBCXx0dB3GNPS1AUZvfk
au3MKku6DrSuxufdthrG6rHgLeOH36AzLBUdK6KMyTL6RpN+/xmQsYKvx3ivlbVo
puBqfMuJ18Hkj/AA1lSFi/I1qCNnocsgm6xD8SXdYdD/LsZ6CLN2l2SGfRAPjGOQ
lN67jY18pJEnUE8mtAARe0SLH69E7AQ09KxEk0wUoDTnfCJH34we9U2NfzpxrvUW
Pat1Q0r81oQtdoErdQ42TlsTa8muUHCQjygDjVeD19FmLi+HdvwW5uJMteJVLJ9h
mDz+50ZPRwo0r4JyyZWERnyz3j6HOy9CoL156aM4Hg1Q6zk3VQvMyFkiEwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMWUcEBFQaoQqN4Njp31oNaYWHI9MB8GA1UdIwQY
MBaAFJtTN70afF7pxXpzsKM8YSGc0qnLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQt
MmVmNzE2NWIyMWI1LzEveFpSd1FFVkJxaENvM2cyT25mV2cxcGhZY2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS85Y2I1ZmItYWI2NS00YTJiLTg4ZGQtMmVmNzE2NWIyMWI1
LzEvbTFNM3ZScDhYdW5GZW5Pd296eGhJWnpTcWNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlZkwDQYJ
KoZIhvcNAQELBQADggEBAEX5zo46LtF/S2oxm41C3CoBqu/hRB6kDfZn8deQCVsq
N7gofI4V3Fw32SVjYDfOYKrcbHeEg4u/ZrRSXlfXMmW2qDWIyVh++eGiAgC0nd3K
C4thY/rowznn/LMXiDYorka+rZRQAC2xbOibnnlECLtkwErxNBH4FHJMEvwPEdCI
tjHDd1l3600YdvfuZVEpVIFHV7rid1lMTNiYMWoXHJBcJmdNQjF8aLzO5+NsBW5D
dchIudX72WiqgoBeQSIPqUf7ubDNDKq5IT6C+cOt/5jKWBMJ4c3r/7BSlYoxY8Be
Ondes5z+eEoF9s4F1in0AhFt38iRMByXUUDLSYKyJzg=
-----END CERTIFICATE-----