Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/l_9QNm6TFPcOQqpe6tOf7PzHqxY.roa
File:                     l_9QNm6TFPcOQqpe6tOf7PzHqxY.roa (raw, json)
Hash identifier:          ukA0DE86JDEGwRhzAa8ZJBBBX5UrVi9bIVJIj1WfJuc=
Subject key identifier:   97:FF:50:36:6E:93:14:F7:0E:42:AA:5E:EA:D3:9F:EC:FC:C7:AB:16
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747DA836328B34252F5DF5F093DAE76
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/l_9QNm6TFPcOQqpe6tOf7PzHqxY.roa
Signing time:             Thu 02 Jan 2025 13:50:07 +0000
ROA not before:           Thu 02 Jan 2025 13:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202418
IP address blocks:        185.242.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:da:83:63:28:b3:42:52:f5:df:5f:09:3d:ae:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97ff50366e9314f70e42aa5eead39fecfcc7ab16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:91:3a:65:17:1a:86:3d:88:db:35:ca:8d:4d:
                    55:25:a1:7e:98:ef:24:2a:11:c2:4f:64:78:09:14:
                    fd:72:91:99:90:3a:8b:3e:89:83:4e:ee:e9:20:c0:
                    3f:6d:1b:4d:6b:85:ab:1e:5b:d9:b1:a6:d0:f0:8b:
                    ed:e0:8b:04:52:0b:d9:b4:ce:52:e2:e3:6a:c0:51:
                    c2:06:ac:94:80:6c:9d:f0:d1:13:ef:7e:e7:03:64:
                    3a:04:56:f4:d4:b5:4f:e4:a4:22:f7:2f:0c:e2:50:
                    55:8c:2f:fb:8f:87:b6:7c:83:f2:1e:a6:39:f3:ce:
                    92:02:33:39:3f:d3:5e:03:08:16:9e:ab:78:41:3e:
                    32:b7:34:0d:61:ed:7c:82:18:a4:28:36:fb:d6:4f:
                    03:8b:57:f6:d4:d5:b4:5a:f2:53:15:2d:27:77:e9:
                    51:0d:2d:2c:d8:62:09:dd:06:e1:7c:1f:d1:6c:8a:
                    c0:cc:f7:64:71:75:4f:fa:9a:02:98:b1:3c:db:5e:
                    a1:2b:f2:42:89:99:0a:c9:45:9f:81:fc:ef:93:9b:
                    7d:f8:6e:f3:af:dc:ee:aa:1d:b2:4a:f5:ae:a7:15:
                    28:72:c8:bf:94:63:dd:6d:54:03:6d:09:40:d2:1e:
                    46:b7:26:25:01:08:4a:30:b2:de:90:fb:05:2b:10:
                    c7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:FF:50:36:6E:93:14:F7:0E:42:AA:5E:EA:D3:9F:EC:FC:C7:AB:16
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/l_9QNm6TFPcOQqpe6tOf7PzHqxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:f8:f8:c8:ff:1a:e9:30:3a:19:1d:b2:8d:d1:a8:13:4a:61:
         6b:c0:74:61:73:24:3a:6b:bf:b6:d0:24:15:29:81:17:d3:6f:
         d2:c7:99:5f:53:eb:3d:bc:b7:81:2b:c8:32:9e:51:d5:15:40:
         13:86:64:b8:a0:92:2b:78:ae:8b:e8:73:72:20:b4:7c:27:e4:
         0d:af:9b:07:e1:a1:27:07:c5:e7:13:ff:43:0e:0b:3b:60:f3:
         a9:35:26:4e:27:5f:fb:8b:94:f5:f8:d0:3c:b9:09:62:d7:ce:
         ba:9a:28:7b:d1:97:4f:0b:6a:b5:3d:e7:0a:6b:48:5c:d7:8b:
         1d:75:52:c0:a5:af:e1:be:32:78:f3:0e:6e:1c:77:b7:f0:75:
         59:0e:a4:c5:69:a8:b3:9f:50:f1:8a:72:02:95:ae:9f:ca:b5:
         1c:5f:79:19:dd:33:2c:fe:34:d2:59:fc:15:df:54:b2:91:e5:
         02:19:db:9b:e9:5b:76:6b:db:85:0e:60:cd:a5:11:fe:19:fe:
         81:3d:6c:4a:4f:43:a6:bf:39:b4:a0:3e:bc:04:51:53:8a:dc:
         d7:a7:8f:e4:9c:9e:a7:d9:26:38:2e:c6:06:cb:cc:82:20:a5:
         56:bd:88:c5:6f:81:6a:d2:d2:c5:e5:7b:31:74:6d:aa:19:d6:
         6b:06:b1:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR9qDYyizQlL1318JPa52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2ZmNTAzNjZlOTMxNGY3MGU0MmFhNWVlYWQzOWZlY2ZjYzdhYjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZE6ZRcahj2I2zXKjU1VJaF+mO8k
KhHCT2R4CRT9cpGZkDqLPomDTu7pIMA/bRtNa4WrHlvZsabQ8Ivt4IsEUgvZtM5S
4uNqwFHCBqyUgGyd8NET737nA2Q6BFb01LVP5KQi9y8M4lBVjC/7j4e2fIPyHqY5
886SAjM5P9NeAwgWnqt4QT4ytzQNYe18ghikKDb71k8Di1f21NW0WvJTFS0nd+lR
DS0s2GIJ3QbhfB/RbIrAzPdkcXVP+poCmLE8216hK/JCiZkKyUWfgfzvk5t9+G7z
r9zuqh2ySvWupxUocsi/lGPdbVQDbQlA0h5GtyYlAQhKMLLekPsFKxDHKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJf/UDZukxT3DkKqXurTn+z8x6sWMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbF85UU5tNlRGUGNPUXFwZTZ0T2Y3UHpIcXhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufLjMA0G
CSqGSIb3DQEBCwUAA4IBAQA8+PjI/xrpMDoZHbKN0agTSmFrwHRhcyQ6a7+20CQV
KYEX02/Sx5lfU+s9vLeBK8gynlHVFUAThmS4oJIreK6L6HNyILR8J+QNr5sH4aEn
B8XnE/9DDgs7YPOpNSZOJ1/7i5T1+NA8uQli1866mih70ZdPC2q1PecKa0hc14sd
dVLApa/hvjJ48w5uHHe38HVZDqTFaaizn1DxinICla6fyrUcX3kZ3TMs/jTSWfwV
31SykeUCGdub6Vt2a9uFDmDNpRH+Gf6BPWxKT0Omvzm0oD68BFFTitzXp4/knJ6n
2SY4LsYGy8yCIKVWvYjFb4Fq0tLF5XsxdG2qGdZrBrHp
-----END CERTIFICATE-----