Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/qealtEqMLJg3Xy2LvZJt_teWrWQ.roa
File:                     qealtEqMLJg3Xy2LvZJt_teWrWQ.roa (raw, json)
Hash identifier:          jUDg3WMKq6N0QAPZM0fHhLPl0mZhBgxm/pe95LVDZy0=
Subject key identifier:   A9:E6:A5:B4:4A:8C:2C:98:37:5F:2D:8B:BD:92:6D:FE:D7:96:AD:64
Certificate issuer:       /CN=9e55320077696944b1613c2e8c9c606a1e06eb79
Certificate serial:       019424B261B63F91130D7C04ADE2C67356A1
Authority key identifier: 9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/qealtEqMLJg3Xy2LvZJt_teWrWQ.roa
Signing time:             Thu 02 Jan 2025 01:47:37 +0000
ROA not before:           Thu 02 Jan 2025 01:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        93.157.188.0/24 maxlen: 24
                          93.157.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:61:b6:3f:91:13:0d:7c:04:ad:e2:c6:73:56:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e55320077696944b1613c2e8c9c606a1e06eb79
        Validity
            Not Before: Jan  2 01:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9e6a5b44a8c2c98375f2d8bbd926dfed796ad64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:63:27:83:52:b3:89:b0:29:bf:55:94:a7:96:
                    c3:79:d1:1c:0f:aa:d7:ea:81:20:54:a4:1b:66:75:
                    e8:34:85:2c:d6:5d:9f:cd:0d:a5:14:7c:1b:e0:b9:
                    6a:c0:59:fe:d3:0f:91:0e:e3:e1:81:05:4d:a0:73:
                    2d:b9:f4:08:7f:eb:bd:dc:16:24:e5:5e:49:32:a1:
                    a0:81:01:63:b5:e3:c7:b3:38:15:33:42:20:a8:ab:
                    f1:1a:a5:b7:2a:7c:18:36:a7:91:b2:b2:0e:5b:86:
                    26:36:a3:40:93:e6:0a:c7:43:fe:d1:42:5c:76:40:
                    cf:3a:f5:00:dd:7b:80:bc:8d:8c:03:01:45:ca:1b:
                    bc:55:b6:e2:51:5c:0a:35:e7:13:08:e6:66:07:92:
                    f4:c2:7d:7c:ea:d8:ab:7e:d2:3b:ef:cf:4a:1a:c1:
                    9b:4e:d0:04:be:1e:2d:61:39:8b:77:2b:c8:33:1f:
                    8d:57:c6:f8:10:ee:41:32:fe:d1:2b:4b:ec:f6:cf:
                    ee:28:1a:fe:d4:78:6f:1d:0e:60:d6:63:fc:27:fd:
                    02:ea:57:dd:d8:44:f3:f4:41:27:47:1e:49:a6:a0:
                    d5:11:a6:07:df:c8:47:6e:4a:7e:17:69:6f:92:d4:
                    17:ac:2c:8e:20:4f:eb:cf:13:1a:c1:69:6c:1d:34:
                    9c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:E6:A5:B4:4A:8C:2C:98:37:5F:2D:8B:BD:92:6D:FE:D7:96:AD:64
            X509v3 Authority Key Identifier:
                keyid:9E:55:32:00:77:69:69:44:B1:61:3C:2E:8C:9C:60:6A:1E:06:EB:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlUyAHdpaUSxYTwujJxgah4G63k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/qealtEqMLJg3Xy2LvZJt_teWrWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/260b61-a348-4d47-92f6-1e0e8b909e34/1/nlUyAHdpaUSxYTwujJxgah4G63k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.157.188.0/24
                  93.157.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:5f:79:14:cc:34:47:17:41:26:d3:88:a6:1c:58:54:b7:4d:
         d3:d5:fb:17:e2:20:d2:e9:a5:49:cb:b1:8a:2c:98:38:f1:5a:
         57:ae:4b:1e:cb:d4:53:73:34:f6:13:a5:d0:51:fd:0e:d5:3e:
         a0:56:1c:a3:c5:63:53:05:a1:99:24:e0:a9:3e:36:2f:d9:38:
         5d:18:73:74:22:1c:85:97:ce:66:a1:de:3b:0f:05:89:60:7b:
         81:39:28:ae:50:f0:37:db:81:c1:90:28:50:26:9b:64:78:8d:
         08:94:5b:a8:42:e1:12:70:b7:0a:6b:f8:8c:a9:cb:2f:97:46:
         cc:85:48:8e:4a:ae:8d:92:a2:d3:f3:35:a6:d1:f7:06:5d:ad:
         f1:9d:d7:fc:9f:7f:be:83:68:8a:f6:ff:cf:e7:51:69:e1:ee:
         89:4a:62:ed:4a:74:69:ff:e1:11:3b:e8:ad:bf:3f:63:e9:23:
         2d:c0:62:04:31:82:8e:81:4d:d7:0a:b8:f1:9f:e5:b4:77:44:
         f4:0d:73:23:ac:43:20:ad:ec:7c:9d:fb:f5:7a:c5:f4:9f:f1:
         0a:4e:be:08:98:42:2e:af:fd:18:32:f8:46:33:51:c0:00:c5:
         46:08:6a:ee:99:ab:74:a2:6c:c5:97:e7:79:d1:bf:6e:1a:40:
         0e:4f:04:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQksmG2P5ETDXwEreLGc1ahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTUzMjAwNzc2OTY5NDRiMTYxM2MyZThjOWM2MDZhMWUw
NmViNzkwHhcNMjUwMTAyMDE0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWU2YTViNDRhOGMyYzk4Mzc1ZjJkOGJiZDkyNmRmZWQ3OTZhZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmMng1KzibApv1WUp5bDedEcD6rX
6oEgVKQbZnXoNIUs1l2fzQ2lFHwb4LlqwFn+0w+RDuPhgQVNoHMtufQIf+u93BYk
5V5JMqGggQFjtePHszgVM0IgqKvxGqW3KnwYNqeRsrIOW4YmNqNAk+YKx0P+0UJc
dkDPOvUA3XuAvI2MAwFFyhu8VbbiUVwKNecTCOZmB5L0wn186tirftI7789KGsGb
TtAEvh4tYTmLdyvIMx+NV8b4EO5BMv7RK0vs9s/uKBr+1HhvHQ5g1mP8J/0C6lfd
2ETz9EEnRx5JpqDVEaYH38hHbkp+F2lvktQXrCyOIE/rzxMawWlsHTScHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKnmpbRKjCyYN18ti72Sbf7Xlq1kMB8GA1UdIwQY
MBaAFJ5VMgB3aWlEsWE8LoycYGoeBut5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYt
MWUwZThiOTA5ZTM0LzEvcWVhbHRFcU1MSmczWHkyTHZaSnRfdGVXcldRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yNjBiNjEtYTM0OC00ZDQ3LTkyZjYtMWUwZThiOTA5ZTM0
LzEvbmxVeUFIZHBhVVN4WVR3dWpKeGdhaDRHNjNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXZ28AwQA
XZ2+MA0GCSqGSIb3DQEBCwUAA4IBAQAiX3kUzDRHF0Em04imHFhUt03T1fsX4iDS
6aVJy7GKLJg48VpXrksey9RTczT2E6XQUf0O1T6gVhyjxWNTBaGZJOCpPjYv2Thd
GHN0IhyFl85mod47DwWJYHuBOSiuUPA324HBkChQJptkeI0IlFuoQuEScLcKa/iM
qcsvl0bMhUiOSq6NkqLT8zWm0fcGXa3xndf8n3++g2iK9v/P51Fp4e6JSmLtSnRp
/+ERO+itvz9j6SMtwGIEMYKOgU3XCrjxn+W0d0T0DXMjrEMgrex8nfv1esX0n/EK
Tr4ImEIur/0YMvhGM1HAAMVGCGrumat0omzFl+d50b9uGkAOTwTD
-----END CERTIFICATE-----