Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/q06qTUv5-JCRpItbJ_9COQqHH6A.roa
File:                     q06qTUv5-JCRpItbJ_9COQqHH6A.roa (raw, json)
Hash identifier:          elj4UEL+GeLcIcxtH4+ahp+BuvQR4jhMQkNkTFsz2eM=
Subject key identifier:   AB:4E:AA:4D:4B:F9:F8:90:91:A4:8B:5B:27:FF:42:39:0A:87:1F:A0
Certificate issuer:       /CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
Certificate serial:       019424B28EEEA91F7091A4828C97877FC6A4
Authority key identifier: 9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/q06qTUv5-JCRpItbJ_9COQqHH6A.roa
Signing time:             Thu 02 Jan 2025 01:47:49 +0000
ROA not before:           Thu 02 Jan 2025 01:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9087
IP address blocks:        178.236.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:8e:ee:a9:1f:70:91:a4:82:8c:97:87:7f:c6:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
        Validity
            Not Before: Jan  2 01:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab4eaa4d4bf9f89091a48b5b27ff42390a871fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4b:b5:4e:9f:0a:be:e2:39:24:58:71:ea:6e:
                    ec:3f:bc:49:8e:ab:c0:f9:2e:5d:b8:48:a0:db:8d:
                    fe:2f:af:1f:9d:be:50:36:fb:2d:53:69:35:73:85:
                    0e:89:4f:07:0c:22:84:5c:2b:d6:bc:77:70:1a:f4:
                    2b:b5:46:e1:0e:a3:d6:14:d3:bf:3c:ab:9b:3a:b3:
                    76:6c:e7:d0:79:8e:b9:62:38:ea:db:63:8c:c1:69:
                    43:59:a9:c5:c7:c1:55:88:a5:44:12:24:98:bd:0a:
                    74:7c:e3:b4:0a:6e:ae:0c:4e:bf:b2:0a:ac:dd:b5:
                    ee:50:95:b4:0f:88:1d:69:92:1b:9a:87:91:10:56:
                    45:15:eb:e7:44:1f:45:ac:3d:ed:1d:93:11:98:c1:
                    fa:45:02:11:b3:32:ba:87:03:fe:8d:ad:03:e2:0f:
                    e6:7f:48:c4:6a:d1:b1:55:a3:ff:69:59:a9:43:f3:
                    cd:77:4b:12:70:08:8f:68:70:45:73:23:19:70:5b:
                    69:23:b9:fd:24:5a:f3:74:d3:97:fd:90:41:8c:82:
                    0a:24:9a:03:9a:d3:60:c6:bc:75:7d:9f:1b:1d:b6:
                    25:5d:f3:97:60:95:85:71:5a:5b:7e:13:51:62:ec:
                    75:7d:e6:cb:cd:74:47:6e:52:52:e5:14:1a:b8:ba:
                    48:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:4E:AA:4D:4B:F9:F8:90:91:A4:8B:5B:27:FF:42:39:0A:87:1F:A0
            X509v3 Authority Key Identifier:
                keyid:9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/q06qTUv5-JCRpItbJ_9COQqHH6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.236.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:c0:8f:db:4e:87:79:59:d9:b3:ec:3d:0a:78:c8:5a:04:1b:
         21:b7:f7:eb:cb:a0:b3:e2:29:2a:38:b5:35:6e:41:da:07:b1:
         69:51:de:04:b5:17:b0:7e:d7:2f:8b:ce:43:bc:2e:8e:7a:86:
         a4:03:b6:84:28:df:81:4d:23:10:fe:11:62:3c:1c:84:7e:ce:
         43:fc:83:28:82:cc:5e:4b:a3:3d:ba:98:c6:1e:16:aa:f5:66:
         a6:15:8c:7a:40:68:1c:46:25:ca:9b:fb:d7:6d:09:03:b8:cc:
         df:de:0a:a9:88:4f:6a:82:d6:bd:47:c8:1d:e4:7c:a8:7f:48:
         99:1d:eb:6e:1f:83:f6:d8:4f:80:38:68:24:91:2f:55:e5:cf:
         a8:6d:c3:84:df:ad:aa:15:27:44:f5:8c:fd:c9:29:1e:08:27:
         6b:7b:4b:67:3e:8b:34:4f:77:6d:5a:f5:8b:69:03:d8:98:ba:
         bb:93:90:59:2c:52:06:63:93:9f:15:b4:a0:a9:a8:6d:e3:32:
         b1:9b:29:6f:88:07:53:69:81:32:b5:81:b4:ad:db:8b:67:d4:
         65:4b:36:ce:9c:85:8c:7e:57:89:4b:8f:f9:57:f3:ec:43:ad:
         5b:73:f8:49:38:4a:c3:69:ad:17:28:e8:ab:78:b1:b1:63:72:
         3a:03:e7:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkso7uqR9wkaSCjJeHf8akMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjNmNGNiNGJhYjVjMTA4MDFhNzcwNjU4ZGY4OTFjZmI4
YzY4YzYwHhcNMjUwMTAyMDE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjRlYWE0ZDRiZjlmODkwOTFhNDhiNWIyN2ZmNDIzOTBhODcxZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjku1Tp8KvuI5JFhx6m7sP7xJjqvA
+S5duEig243+L68fnb5QNvstU2k1c4UOiU8HDCKEXCvWvHdwGvQrtUbhDqPWFNO/
PKubOrN2bOfQeY65Yjjq22OMwWlDWanFx8FViKVEEiSYvQp0fOO0Cm6uDE6/sgqs
3bXuUJW0D4gdaZIbmoeREFZFFevnRB9FrD3tHZMRmMH6RQIRszK6hwP+ja0D4g/m
f0jEatGxVaP/aVmpQ/PNd0sScAiPaHBFcyMZcFtpI7n9JFrzdNOX/ZBBjIIKJJoD
mtNgxrx1fZ8bHbYlXfOXYJWFcVpbfhNRYux1febLzXRHblJS5RQauLpIzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtOqk1L+fiQkaSLWyf/QjkKhx+gMB8GA1UdIwQY
MBaAFJ0j9MtLq1wQgBp3BljfiRz7jGjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODkt
MDE1NzdhOTI3ZmE5LzEvcTA2cVRVdjUtSkNScEl0YkpfOUNPUXFISDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODktMDE1NzdhOTI3ZmE5
LzEvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsuy4MA0G
CSqGSIb3DQEBCwUAA4IBAQDSwI/bTod5Wdmz7D0KeMhaBBsht/fry6Cz4ikqOLU1
bkHaB7FpUd4EtRewftcvi85DvC6OeoakA7aEKN+BTSMQ/hFiPByEfs5D/IMogsxe
S6M9upjGHhaq9WamFYx6QGgcRiXKm/vXbQkDuMzf3gqpiE9qgta9R8gd5Hyof0iZ
HetuH4P22E+AOGgkkS9V5c+obcOE362qFSdE9Yz9ySkeCCdre0tnPos0T3dtWvWL
aQPYmLq7k5BZLFIGY5OfFbSgqaht4zKxmylviAdTaYEytYG0rduLZ9RlSzbOnIWM
fleJS4/5V/PsQ61bc/hJOErDaa0XKOireLGxY3I6A+cQ
-----END CERTIFICATE-----