Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/q9SsxYbRIp9e4XDgj9J3VkZ0CgM.roa
File:                     q9SsxYbRIp9e4XDgj9J3VkZ0CgM.roa (raw, json)
Hash identifier:          vHSPBUTKHvDa0CMaWz0/b1NLlD2hxXAs+Bnl2Vh/Iqc=
Subject key identifier:   AB:D4:AC:C5:86:D1:22:9F:5E:E1:70:E0:8F:D2:77:56:46:74:0A:03
Certificate issuer:       /CN=19fb56adc9071d5e9fda2b669438b92bf863e58f
Certificate serial:       019424B2898C91DB649BA1B58D6D506B23D8
Authority key identifier: 19:FB:56:AD:C9:07:1D:5E:9F:DA:2B:66:94:38:B9:2B:F8:63:E5:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/q9SsxYbRIp9e4XDgj9J3VkZ0CgM.roa
Signing time:             Thu 02 Jan 2025 01:47:47 +0000
ROA not before:           Thu 02 Jan 2025 01:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62313
IP address blocks:        194.150.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 03:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:89:8c:91:db:64:9b:a1:b5:8d:6d:50:6b:23:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19fb56adc9071d5e9fda2b669438b92bf863e58f
        Validity
            Not Before: Jan  2 01:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abd4acc586d1229f5ee170e08fd2775646740a03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:60:ab:d3:8d:e6:cd:1a:c3:5a:e2:b6:a1:ae:
                    ca:e8:6e:31:17:27:b1:b9:d4:26:ba:74:71:8a:24:
                    0d:2f:17:5e:29:dc:80:1c:de:f2:ea:b4:4e:cc:96:
                    9e:e6:b8:cb:14:68:c8:68:98:cf:02:bf:2c:dc:52:
                    cf:b5:2e:10:82:35:2a:3a:5f:ef:40:db:b7:fe:00:
                    2c:67:da:03:76:8b:34:57:55:72:50:d9:e4:85:66:
                    f8:41:51:02:bf:6f:03:0a:43:f8:34:5c:a9:89:d1:
                    26:31:78:a9:62:6c:a9:d5:6b:61:ef:de:ea:e6:6f:
                    94:0f:a3:7e:93:45:35:f8:83:72:54:5a:d8:9a:64:
                    52:30:e6:ce:86:f8:92:cc:7c:4b:3b:52:25:eb:43:
                    b3:75:3b:80:a3:36:df:19:2c:f0:ec:59:a4:cf:bd:
                    7e:cb:a0:c2:58:9a:ce:a4:60:32:db:b0:05:e2:a8:
                    44:3a:2d:be:80:b5:20:12:a9:88:6d:a9:5d:fe:62:
                    6b:d0:19:27:91:d0:16:1b:95:97:30:53:05:dd:07:
                    ce:99:63:b4:da:89:92:b9:c2:71:c0:3a:19:78:00:
                    3d:b8:1b:4c:6b:f6:5a:15:fa:d7:5b:ec:32:ab:58:
                    04:34:dc:ee:c6:45:ab:16:85:6e:c7:9a:cf:a2:d9:
                    ad:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D4:AC:C5:86:D1:22:9F:5E:E1:70:E0:8F:D2:77:56:46:74:0A:03
            X509v3 Authority Key Identifier:
                keyid:19:FB:56:AD:C9:07:1D:5E:9F:DA:2B:66:94:38:B9:2B:F8:63:E5:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GftWrckHHV6f2itmlDi5K_hj5Y8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/q9SsxYbRIp9e4XDgj9J3VkZ0CgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/618399-c53b-4cf2-930e-63eebe0325ec/1/GftWrckHHV6f2itmlDi5K_hj5Y8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:38:a5:f6:cb:3d:e5:c2:53:d0:8c:02:bf:de:99:c3:11:73:
         1c:97:8f:e3:75:37:fa:c0:f4:83:c5:8d:2f:e2:e6:ef:86:1a:
         31:68:95:e2:70:a3:12:56:53:52:df:d6:4d:67:bd:4c:70:49:
         d8:32:69:38:70:c0:2d:81:af:61:ce:64:1c:cb:79:9a:4e:10:
         0c:ab:7f:18:a4:3c:01:67:16:80:58:c8:9c:04:05:e0:47:a8:
         d5:87:16:0a:12:f9:02:1a:23:bc:57:85:cd:76:7e:a5:36:77:
         70:7c:50:fc:49:1f:fe:49:cb:94:33:b0:f1:8a:fc:a7:d7:25:
         e7:a5:f4:08:fb:85:52:27:c0:7d:d0:58:17:88:ab:cf:6f:0c:
         67:49:c2:43:3c:1e:88:87:80:88:e6:1d:44:17:cf:c9:0d:f4:
         d1:7a:98:e8:37:96:2c:d8:6e:f6:25:d1:18:e8:c6:ae:26:c1:
         87:86:ea:e1:96:0f:b3:7e:87:3a:4c:c4:ae:46:3f:22:3c:fd:
         30:6e:73:11:08:22:5d:c4:45:38:f2:3e:05:73:98:31:4b:0c:
         61:bc:ae:da:bb:6c:33:1e:1a:88:9f:18:e6:61:7d:14:f6:2b:
         ad:9b:f1:90:ef:28:27:83:85:9a:4f:45:e8:58:4c:27:31:33:
         8b:5a:bc:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksomMkdtkm6G1jW1QayPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ZmI1NmFkYzkwNzFkNWU5ZmRhMmI2Njk0MzhiOTJiZjg2
M2U1OGYwHhcNMjUwMTAyMDE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQ0YWNjNTg2ZDEyMjlmNWVlMTcwZTA4ZmQyNzc1NjQ2NzQwYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWCr043mzRrDWuK2oa7K6G4xFyex
udQmunRxiiQNLxdeKdyAHN7y6rROzJae5rjLFGjIaJjPAr8s3FLPtS4QgjUqOl/v
QNu3/gAsZ9oDdos0V1VyUNnkhWb4QVECv28DCkP4NFypidEmMXipYmyp1Wth797q
5m+UD6N+k0U1+INyVFrYmmRSMObOhviSzHxLO1Il60OzdTuAozbfGSzw7Fmkz71+
y6DCWJrOpGAy27AF4qhEOi2+gLUgEqmIbald/mJr0BknkdAWG5WXMFMF3QfOmWO0
2omSucJxwDoZeAA9uBtMa/ZaFfrXW+wyq1gENNzuxkWrFoVux5rPotmtLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvUrMWG0SKfXuFw4I/Sd1ZGdAoDMB8GA1UdIwQY
MBaAFBn7Vq3JBx1en9orZpQ4uSv4Y+WPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2Z0V3Jja0hIVjZmMml0bWxEaTVLX2hqNVk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82MTgzOTktYzUzYi00Y2YyLTkzMGUt
NjNlZWJlMDMyNWVjLzEvcTlTc3hZYlJJcDllNFhEZ2o5SjNWa1owQ2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82MTgzOTktYzUzYi00Y2YyLTkzMGUtNjNlZWJlMDMyNWVj
LzEvR2Z0V3Jja0hIVjZmMml0bWxEaTVLX2hqNVk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpa+MA0G
CSqGSIb3DQEBCwUAA4IBAQAuOKX2yz3lwlPQjAK/3pnDEXMcl4/jdTf6wPSDxY0v
4ubvhhoxaJXicKMSVlNS39ZNZ71McEnYMmk4cMAtga9hzmQcy3maThAMq38YpDwB
ZxaAWMicBAXgR6jVhxYKEvkCGiO8V4XNdn6lNndwfFD8SR/+ScuUM7Dxivyn1yXn
pfQI+4VSJ8B90FgXiKvPbwxnScJDPB6Ih4CI5h1EF8/JDfTRepjoN5Ys2G72JdEY
6MauJsGHhurhlg+zfoc6TMSuRj8iPP0wbnMRCCJdxEU48j4Fc5gxSwxhvK7au2wz
HhqInxjmYX0U9iutm/GQ7ygng4WaT0XoWEwnMTOLWrw6
-----END CERTIFICATE-----