Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/wNwYQ8mCvTdznk-R9cIS2uXjf8g.roa
File:                     wNwYQ8mCvTdznk-R9cIS2uXjf8g.roa (raw, json)
Hash identifier:          K+cjCT9KGnhV7mdPVbb2wa5gxtLw72aubK2ACr6NLQ8=
Subject key identifier:   C0:DC:18:43:C9:82:BD:37:73:9E:4F:91:F5:C2:12:DA:E5:E3:7F:C8
Certificate issuer:       /CN=9d210f2259093aaf45285922a588e9a661aba9fa
Certificate serial:       019422FBA4C3D2D7EADD1DA20F4E4313960E
Authority key identifier: 9D:21:0F:22:59:09:3A:AF:45:28:59:22:A5:88:E9:A6:61:AB:A9:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/wNwYQ8mCvTdznk-R9cIS2uXjf8g.roa
Signing time:             Wed 01 Jan 2025 17:48:24 +0000
ROA not before:           Wed 01 Jan 2025 17:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31253
IP address blocks:        80.242.222.0/24 maxlen: 24
                          80.242.223.0/24 maxlen: 24
                          188.127.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/nSEPIlkJOq9FKFkipYjppmGrqfo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/nSEPIlkJOq9FKFkipYjppmGrqfo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:a4:c3:d2:d7:ea:dd:1d:a2:0f:4e:43:13:96:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d210f2259093aaf45285922a588e9a661aba9fa
        Validity
            Not Before: Jan  1 17:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0dc1843c982bd37739e4f91f5c212dae5e37fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:54:96:88:c9:9d:b4:1d:ae:0b:fb:75:02:22:
                    20:5a:1f:ef:23:e6:9a:7b:fc:e6:0c:69:78:28:e8:
                    81:1b:61:dc:59:5a:13:d8:3a:9f:e2:28:d8:0f:a9:
                    6c:46:c4:54:87:6f:ca:d1:89:3f:63:7c:53:b5:c1:
                    03:4c:01:26:16:de:dd:cb:db:00:ef:59:7f:c1:7a:
                    0f:88:c3:bc:1b:32:09:83:5e:33:35:da:d4:c1:68:
                    3e:4a:ef:25:3e:93:d6:6b:44:50:61:5a:03:80:6b:
                    cf:7b:b4:77:35:16:27:d5:5c:f9:b9:e5:06:b1:18:
                    0c:81:0a:72:c6:d1:f9:29:b2:9e:d2:51:2b:10:e6:
                    44:8c:a6:37:8d:0b:27:9d:bb:14:09:6a:fb:14:4a:
                    3e:e9:b0:a6:58:db:0c:52:85:a3:d7:02:a1:77:d4:
                    e8:11:c2:29:91:07:1f:b9:8e:a6:da:1b:f7:83:87:
                    61:b6:10:e8:7b:5d:5e:ba:61:18:ef:5a:f3:f9:04:
                    46:11:6d:a9:a3:29:64:4d:6f:0c:a6:16:be:0d:ee:
                    1b:e2:a2:f6:e5:15:e1:8d:03:82:d2:47:1e:33:87:
                    9f:b4:b8:fc:1c:20:90:d5:ce:63:36:2e:06:70:3c:
                    9b:f5:19:46:4b:63:fe:78:f1:9c:ae:e8:aa:87:68:
                    b3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:DC:18:43:C9:82:BD:37:73:9E:4F:91:F5:C2:12:DA:E5:E3:7F:C8
            X509v3 Authority Key Identifier:
                keyid:9D:21:0F:22:59:09:3A:AF:45:28:59:22:A5:88:E9:A6:61:AB:A9:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/wNwYQ8mCvTdznk-R9cIS2uXjf8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/nSEPIlkJOq9FKFkipYjppmGrqfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.242.222.0/23
                  188.127.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:82:50:8a:67:e9:45:e7:52:80:0e:47:de:55:13:6e:22:ea:
         f3:2d:b0:85:c9:5c:08:55:e0:f0:ee:a0:58:19:dc:ef:d1:03:
         e4:e5:24:cc:1b:b1:dc:60:62:4f:d7:b5:de:bd:b8:a9:ea:a5:
         8c:65:bb:da:a0:ed:8e:09:8b:bd:32:cf:dc:77:9c:b1:40:2d:
         2b:e4:0a:30:ba:9d:a6:7b:a4:6f:a6:63:64:0a:88:4e:df:a2:
         48:0d:30:5a:d6:9c:19:09:75:70:05:d4:d7:d3:9e:d3:10:aa:
         0e:c2:68:97:54:93:ef:6a:3c:54:38:8e:68:86:40:9c:cf:c5:
         e3:f8:0b:37:58:0a:69:a1:b2:16:c8:d7:14:eb:9a:49:75:2d:
         09:b1:8a:6e:bd:7e:21:ec:75:03:4a:01:a1:e7:42:4e:3f:ad:
         6d:8a:a0:a9:61:39:f4:14:66:47:00:82:0b:43:50:9b:94:01:
         97:d5:9c:76:3a:61:a8:47:f7:22:c2:d5:19:fd:9b:42:db:92:
         fc:d6:e9:f0:c3:44:fc:10:08:e8:31:6a:1d:95:40:5b:ad:20:
         eb:39:52:59:c4:e0:4f:f6:0c:39:1a:2b:0d:03:d1:46:9a:04:
         9d:ec:3a:4b:45:f4:60:ce:37:6d:37:9f:84:61:05:04:28:0a:
         e0:c8:63:f4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+6TD0tfq3R2iD05DE5YOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjEwZjIyNTkwOTNhYWY0NTI4NTkyMmE1ODhlOWE2NjFh
YmE5ZmEwHhcNMjUwMTAxMTc0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMGRjMTg0M2M5ODJiZDM3NzM5ZTRmOTFmNWMyMTJkYWU1ZTM3ZmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVSWiMmdtB2uC/t1AiIgWh/vI+aa
e/zmDGl4KOiBG2HcWVoT2Dqf4ijYD6lsRsRUh2/K0Yk/Y3xTtcEDTAEmFt7dy9sA
71l/wXoPiMO8GzIJg14zNdrUwWg+Su8lPpPWa0RQYVoDgGvPe7R3NRYn1Vz5ueUG
sRgMgQpyxtH5KbKe0lErEOZEjKY3jQsnnbsUCWr7FEo+6bCmWNsMUoWj1wKhd9To
EcIpkQcfuY6m2hv3g4dhthDoe11eumEY71rz+QRGEW2poylkTW8Mpha+De4b4qL2
5RXhjQOC0kceM4eftLj8HCCQ1c5jNi4GcDyb9RlGS2P+ePGcruiqh2izxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMDcGEPJgr03c55PkfXCEtrl43/IMB8GA1UdIwQY
MBaAFJ0hDyJZCTqvRShZIqWI6aZhq6n6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNFUElsa0pPcTlGS0ZraXBZanBwbUdycWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85MzY4NmQtMTFmNS00ZTNlLWI1YzQt
NDM4NDNjMmU5NDNiLzEvd053WVE4bUN2VGR6bmstUjljSVMydVhqZjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85MzY4NmQtMTFmNS00ZTNlLWI1YzQtNDM4NDNjMmU5NDNi
LzEvblNFUElsa0pPcTlGS0ZraXBZanBwbUdycWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUPLeAwQA
vH8oMA0GCSqGSIb3DQEBCwUAA4IBAQCqglCKZ+lF51KADkfeVRNuIurzLbCFyVwI
VeDw7qBYGdzv0QPk5STMG7HcYGJP17Xevbip6qWMZbvaoO2OCYu9Ms/cd5yxQC0r
5Aowup2me6RvpmNkCohO36JIDTBa1pwZCXVwBdTX057TEKoOwmiXVJPvajxUOI5o
hkCcz8Xj+As3WAppobIWyNcU65pJdS0JsYpuvX4h7HUDSgGh50JOP61tiqCpYTn0
FGZHAIILQ1CblAGX1Zx2OmGoR/ciwtUZ/ZtC25L81unww0T8EAjoMWodlUBbrSDr
OVJZxOBP9gw5GisNA9FGmgSd7DpLRfRgzjdtN5+EYQUEKArgyGP0
-----END CERTIFICATE-----