Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/jQtkyfhvw7ej3LVCzDZ-NlINCeo.roa
File:                     jQtkyfhvw7ej3LVCzDZ-NlINCeo.roa (raw, json)
Hash identifier:          Pw7RR4DGFCuMzGziRsvzxXgNxRF36G9tlqJPCKuA2iU=
Subject key identifier:   8D:0B:64:C9:F8:6F:C3:B7:A3:DC:B5:42:CC:36:7E:36:52:0D:09:EA
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBAFD63B42F331789D8033BCB1EBE1
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/jQtkyfhvw7ej3LVCzDZ-NlINCeo.roa
Signing time:             Wed 01 Jan 2025 17:48:27 +0000
ROA not before:           Wed 01 Jan 2025 17:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2601
IP address blocks:        45.9.31.0/24 maxlen: 24
                          193.28.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:af:d6:3b:42:f3:31:78:9d:80:33:bc:b1:eb:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d0b64c9f86fc3b7a3dcb542cc367e36520d09ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:97:7b:af:93:f2:29:3e:a2:7c:9d:3b:a7:1b:
                    d3:f1:51:f1:df:77:c4:f6:96:d0:7c:20:e2:f5:3e:
                    a4:f5:2e:5b:74:25:39:5a:3e:51:97:4e:98:a8:34:
                    d9:c8:4e:0d:0d:0e:0d:99:4d:07:cf:63:08:0e:96:
                    ec:61:ba:83:02:1b:29:0e:e7:de:bc:80:8c:cf:38:
                    c6:aa:05:ae:4f:eb:f5:7a:ed:a4:c1:c2:ce:ab:03:
                    b5:47:b5:3a:29:4e:91:9a:77:96:c4:56:ee:30:a0:
                    9a:0f:4e:36:29:6e:29:07:50:5d:7b:56:67:41:1b:
                    df:a8:f2:fd:e9:e1:80:66:a3:f4:51:74:c7:25:ff:
                    46:39:46:00:e6:e0:59:fb:6e:f3:33:b7:ba:e8:eb:
                    16:40:8d:af:47:bd:82:d4:43:17:2c:20:92:e5:03:
                    c5:6e:aa:95:a9:8c:10:77:93:be:bc:15:12:04:3c:
                    53:25:40:8b:8b:31:6b:09:78:86:b3:72:7e:72:e0:
                    72:66:fe:a7:af:34:4f:6d:f6:95:c6:f4:1a:e0:38:
                    9b:8b:4a:09:9f:f8:e3:8d:c9:ba:44:bf:95:49:10:
                    87:74:87:9c:8d:17:e5:e1:2d:d3:06:25:6c:dc:eb:
                    c1:83:50:2b:bf:e8:32:33:ca:cd:a9:b1:93:30:8a:
                    51:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:0B:64:C9:F8:6F:C3:B7:A3:DC:B5:42:CC:36:7E:36:52:0D:09:EA
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/jQtkyfhvw7ej3LVCzDZ-NlINCeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.31.0/24
                  193.28.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:44:7b:30:8f:6b:89:5f:89:1c:fb:3f:0d:4d:58:19:b4:66:
         20:37:de:de:26:6f:78:c5:4c:1b:da:9b:6c:c8:d4:ee:8a:75:
         fe:7d:df:d7:89:bf:4a:45:ce:b7:7c:06:48:e6:4b:eb:6f:7a:
         61:10:c9:fb:a3:da:8d:b0:59:a1:45:bc:d7:0e:ba:c8:a0:f0:
         61:9c:ce:01:5a:01:73:fe:de:ef:c3:bc:8a:f3:e9:a1:83:11:
         b1:62:28:33:d6:2a:7c:df:bc:08:01:4d:8e:f6:72:56:9f:cf:
         98:22:07:be:31:9b:c8:27:15:b5:41:79:3f:22:aa:41:13:27:
         f2:7b:9b:93:b7:e9:be:e5:3f:62:ee:17:9d:df:17:74:6b:55:
         80:60:82:aa:ef:c1:09:0a:f6:11:81:dd:5c:17:4f:98:67:e1:
         01:16:fe:fa:5f:d5:c6:47:51:c8:ba:6b:25:09:c3:f9:9b:53:
         99:e6:c8:ea:88:9b:15:26:06:0d:65:58:bc:9c:76:85:09:bf:
         09:1d:dd:1d:36:01:1e:21:28:69:79:f4:e7:71:72:2b:03:03:
         72:c2:3c:6e:9e:ae:d8:45:24:8e:08:86:43:72:e0:7b:09:8b:
         52:25:f5:d1:f5:2a:a4:82:d7:07:cf:b9:b2:e0:ed:0f:87:73:
         d7:38:58:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+6/WO0LzMXidgDO8sevhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDBiNjRjOWY4NmZjM2I3YTNkY2I1NDJjYzM2N2UzNjUyMGQwOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZd7r5PyKT6ifJ07pxvT8VHx33fE
9pbQfCDi9T6k9S5bdCU5Wj5Rl06YqDTZyE4NDQ4NmU0Hz2MIDpbsYbqDAhspDufe
vICMzzjGqgWuT+v1eu2kwcLOqwO1R7U6KU6RmneWxFbuMKCaD042KW4pB1Bde1Zn
QRvfqPL96eGAZqP0UXTHJf9GOUYA5uBZ+27zM7e66OsWQI2vR72C1EMXLCCS5QPF
bqqVqYwQd5O+vBUSBDxTJUCLizFrCXiGs3J+cuByZv6nrzRPbfaVxvQa4Dibi0oJ
n/jjjcm6RL+VSRCHdIecjRfl4S3TBiVs3OvBg1Arv+gyM8rNqbGTMIpRPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI0LZMn4b8O3o9y1Qsw2fjZSDQnqMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvalF0a3lmaHZ3N2VqM0xWQ3pEWi1ObElOQ2VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQkfAwQA
wRyxMA0GCSqGSIb3DQEBCwUAA4IBAQC0RHswj2uJX4kc+z8NTVgZtGYgN97eJm94
xUwb2ptsyNTuinX+fd/Xib9KRc63fAZI5kvrb3phEMn7o9qNsFmhRbzXDrrIoPBh
nM4BWgFz/t7vw7yK8+mhgxGxYigz1ip837wIAU2O9nJWn8+YIge+MZvIJxW1QXk/
IqpBEyfye5uTt+m+5T9i7hed3xd0a1WAYIKq78EJCvYRgd1cF0+YZ+EBFv76X9XG
R1HIumslCcP5m1OZ5sjqiJsVJgYNZVi8nHaFCb8JHd0dNgEeIShpefTncXIrAwNy
wjxunq7YRSSOCIZDcuB7CYtSJfXR9SqkgtcHz7my4O0Ph3PXOFi3
-----END CERTIFICATE-----