Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/AcGdJynUFUsvpmpcGDxjoU0LoMk.roa
File:                     AcGdJynUFUsvpmpcGDxjoU0LoMk.roa (raw, json)
Hash identifier:          3yXxgJY9dvTBTX+aWm8ttQpN8t6qhdXpYa4NVNU+laM=
Subject key identifier:   01:C1:9D:27:29:D4:15:4B:2F:A6:6A:5C:18:3C:63:A1:4D:0B:A0:C9
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0196F3059FB014838ED37EAC485DE9504165
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/AcGdJynUFUsvpmpcGDxjoU0LoMk.roa
Signing time:             Wed 21 May 2025 13:25:54 +0000
ROA not before:           Wed 21 May 2025 13:25:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206150
IP address blocks:        195.177.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 20:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:05:9f:b0:14:83:8e:d3:7e:ac:48:5d:e9:50:41:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: May 21 13:25:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01c19d2729d4154b2fa66a5c183c63a14d0ba0c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:73:47:4c:00:bf:e0:67:00:31:d4:b5:57:0a:
                    8f:2b:60:36:a7:90:be:c2:55:df:d5:8c:c8:8d:f2:
                    52:ab:4d:90:ee:65:c2:35:79:20:8b:87:b1:ba:1e:
                    a2:94:21:fb:ac:44:ba:40:0c:ef:35:73:2a:f2:ee:
                    9b:68:51:1a:ce:6b:56:af:7c:74:c1:26:1c:20:ea:
                    8c:22:e4:5c:2e:ff:27:df:f7:56:de:45:a2:7c:8d:
                    45:f8:7c:47:62:ed:08:bb:e3:71:f8:1f:bc:dd:46:
                    ec:41:c0:60:18:98:ae:ec:9b:ff:28:00:7e:49:dd:
                    50:de:e9:51:ba:26:7e:d2:de:5c:1b:6b:4d:ab:7f:
                    b9:80:7b:61:bf:cb:a3:83:7d:5d:e9:7c:1e:32:4b:
                    e0:56:fe:47:d1:dc:ce:87:1d:37:47:e1:cb:cc:28:
                    ad:da:5c:0d:b2:8b:a8:42:e1:61:68:ee:bc:70:72:
                    92:d2:b2:86:2b:c0:de:bb:c0:a1:6a:76:3f:a8:10:
                    a7:6e:5f:7b:a4:0b:f0:eb:09:8c:fc:b3:69:42:7b:
                    45:2b:f2:03:20:e2:d7:fc:91:83:54:c2:84:4c:65:
                    34:cb:c6:5b:04:4d:a4:37:e6:d4:20:01:6d:ff:e2:
                    5b:94:a5:90:97:37:5c:c4:81:df:70:f5:6e:48:8d:
                    14:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:C1:9D:27:29:D4:15:4B:2F:A6:6A:5C:18:3C:63:A1:4D:0B:A0:C9
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/AcGdJynUFUsvpmpcGDxjoU0LoMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:1e:66:e4:0f:e0:77:44:6b:dd:01:65:7a:10:25:bb:02:ba:
         51:a4:be:1c:c9:46:a3:73:93:67:92:3e:de:b9:be:93:ea:98:
         4f:cc:6c:22:65:6e:86:cc:d1:27:0f:d3:04:3c:c7:37:96:db:
         49:bf:f6:68:80:83:0e:df:01:9e:59:9b:b9:0c:82:66:1d:91:
         ba:96:79:30:13:43:96:3b:0b:e2:77:e1:9d:c7:3d:f8:00:20:
         ca:ed:61:98:1a:b1:93:12:19:7c:38:0b:cb:af:99:1a:b9:b9:
         0c:1a:a7:53:1e:79:0e:c0:3c:48:b8:92:59:6c:dd:06:6f:3e:
         3e:9b:2f:2f:52:2c:af:76:24:92:5f:af:09:ee:03:52:89:29:
         fb:87:f5:95:1c:0c:f1:83:a4:90:e5:9e:68:d6:4e:6a:e4:56:
         99:bd:72:17:40:90:ca:74:05:4b:cb:02:1c:d3:c8:51:81:af:
         7d:35:95:f7:fb:fc:31:31:c6:0d:d9:8f:49:bb:93:81:45:94:
         b6:e9:48:84:59:c3:bb:da:78:96:6d:68:88:1c:9b:7a:71:41:
         88:5c:38:93:65:a7:a7:5a:be:cb:9e:35:10:19:99:d1:06:09:
         13:71:e4:cb:cd:7b:3d:fa:37:19:8e:60:61:c4:21:2a:58:6e:
         e5:53:9b:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbzBZ+wFIOO036sSF3pUEFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNTIxMTMyNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWMxOWQyNzI5ZDQxNTRiMmZhNjZhNWMxODNjNjNhMTRkMGJhMGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHNHTAC/4GcAMdS1VwqPK2A2p5C+
wlXf1YzIjfJSq02Q7mXCNXkgi4exuh6ilCH7rES6QAzvNXMq8u6baFEazmtWr3x0
wSYcIOqMIuRcLv8n3/dW3kWifI1F+HxHYu0Iu+Nx+B+83UbsQcBgGJiu7Jv/KAB+
Sd1Q3ulRuiZ+0t5cG2tNq3+5gHthv8ujg31d6XweMkvgVv5H0dzOhx03R+HLzCit
2lwNsouoQuFhaO68cHKS0rKGK8Deu8ChanY/qBCnbl97pAvw6wmM/LNpQntFK/ID
IOLX/JGDVMKETGU0y8ZbBE2kN+bUIAFt/+JblKWQlzdcxIHfcPVuSI0UHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHBnScp1BVLL6ZqXBg8Y6FNC6DJMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvQWNHZEp5blVGVXN2cG1wY0dEeGpvVTBMb01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7FdMA0G
CSqGSIb3DQEBCwUAA4IBAQBxHmbkD+B3RGvdAWV6ECW7ArpRpL4cyUajc5Nnkj7e
ub6T6phPzGwiZW6GzNEnD9MEPMc3lttJv/ZogIMO3wGeWZu5DIJmHZG6lnkwE0OW
Owvid+Gdxz34ACDK7WGYGrGTEhl8OAvLr5kaubkMGqdTHnkOwDxIuJJZbN0Gbz4+
my8vUiyvdiSSX68J7gNSiSn7h/WVHAzxg6SQ5Z5o1k5q5FaZvXIXQJDKdAVLywIc
08hRga99NZX3+/wxMcYN2Y9Ju5OBRZS26UiEWcO72niWbWiIHJt6cUGIXDiTZaen
Wr7LnjUQGZnRBgkTceTLzXs9+jcZjmBhxCEqWG7lU5tn
-----END CERTIFICATE-----