Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/9a227jlcyERB05XuKgmmcTNLpNE.roa
File:                     9a227jlcyERB05XuKgmmcTNLpNE.roa (raw, json)
Hash identifier:          a8eVC/jEAw2MkKx2mic9H59IS/um5WPqUrHWI5PvJLg=
Subject key identifier:   F5:AD:B6:EE:39:5C:C8:44:41:D3:95:EE:2A:09:A6:71:33:4B:A4:D1
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BBB3464E2EA3D26AFCB8432F7E3F6
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/9a227jlcyERB05XuKgmmcTNLpNE.roa
Signing time:             Thu 02 Jan 2025 09:49:42 +0000
ROA not before:           Thu 02 Jan 2025 09:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        89.251.17.0/24 maxlen: 24
                          193.93.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:bb:34:64:e2:ea:3d:26:af:cb:84:32:f7:e3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5adb6ee395cc84441d395ee2a09a671334ba4d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2b:a3:f5:58:ed:b3:92:e3:6f:d3:9b:52:94:
                    38:c3:f9:f7:b0:03:cc:fe:45:21:a6:62:7f:86:9b:
                    83:e8:5a:fd:d0:e4:fe:9a:7d:aa:8f:1e:ea:b1:56:
                    39:98:d7:82:9c:97:f1:45:c3:2b:22:0c:07:3d:ac:
                    e6:65:fa:02:20:bd:16:92:76:8b:59:d5:1e:2e:92:
                    e6:d6:a6:91:b7:9f:2d:88:8d:14:09:4e:af:5b:7a:
                    0e:2e:32:c5:a9:42:cf:2d:6b:34:04:f2:b2:39:56:
                    53:2d:be:d9:2a:a8:9a:d3:06:ae:10:5b:59:f9:9a:
                    b5:eb:c9:93:79:64:a5:33:b8:1d:27:4d:67:fd:aa:
                    f7:c9:c6:3f:57:78:7a:91:1f:95:de:7f:9b:2f:c9:
                    5e:d4:8a:89:5b:00:df:37:9b:79:3f:5d:fb:4b:3d:
                    38:62:62:6c:99:54:0a:12:b9:18:c8:76:b6:8f:dc:
                    6f:f6:b8:62:8c:35:1c:c5:94:4c:22:54:72:1d:92:
                    4a:8b:d9:4a:39:db:48:ee:8f:69:35:61:cb:1c:fb:
                    a8:1b:4b:55:2c:ff:5f:59:8d:d2:27:57:18:ca:57:
                    a9:58:dc:9e:92:25:9f:df:29:0f:70:a3:01:8f:85:
                    ec:23:eb:ee:a0:4d:0b:5e:ea:11:3e:a8:7f:98:fd:
                    29:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:AD:B6:EE:39:5C:C8:44:41:D3:95:EE:2A:09:A6:71:33:4B:A4:D1
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/9a227jlcyERB05XuKgmmcTNLpNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.251.17.0/24
                  193.93.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:08:15:ad:c4:d9:69:71:39:c9:87:56:22:66:9a:03:dd:53:
         6d:f8:a1:79:c3:c5:41:e7:7e:b4:9b:9a:58:c6:87:95:e8:e6:
         c1:1c:74:23:9a:00:7c:0a:40:58:88:3d:78:f3:59:84:22:de:
         1c:b4:97:ba:ae:7c:97:a0:25:e4:23:f5:f3:c9:60:ad:bf:c8:
         43:bb:45:83:35:23:f1:97:0a:42:36:2d:32:db:86:c9:b1:b7:
         84:88:97:97:18:55:fa:af:7e:1c:4a:07:80:c1:09:a7:24:1b:
         2e:99:4a:97:82:fe:a8:4c:38:09:54:9a:71:b7:fc:af:a1:6b:
         70:e5:4d:4f:a9:d9:68:f4:be:aa:ea:18:06:c4:e2:03:6c:90:
         5e:29:d6:55:9a:b6:86:57:35:e1:ea:6d:e3:c6:fd:fa:33:a7:
         6b:00:dd:41:c6:37:5a:0c:ef:66:5f:fb:00:50:89:45:42:c1:
         49:05:9a:02:36:cd:66:c8:f5:61:30:d4:1f:5e:6a:c4:10:47:
         3c:7c:6a:99:68:95:31:e8:d2:03:3e:cb:bd:6a:5c:d7:26:ea:
         b1:40:4a:c7:56:31:18:3c:e1:16:df:4a:be:19:b2:66:53:dc:
         a7:9e:92:48:17:4f:25:aa:99:c6:24:de:fa:da:15:e5:2a:df:
         c1:70:7b:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQma7s0ZOLqPSavy4Qy9+P2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWFkYjZlZTM5NWNjODQ0NDFkMzk1ZWUyYTA5YTY3MTMzNGJhNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Cuj9Vjts5Ljb9ObUpQ4w/n3sAPM
/kUhpmJ/hpuD6Fr90OT+mn2qjx7qsVY5mNeCnJfxRcMrIgwHPazmZfoCIL0WknaL
WdUeLpLm1qaRt58tiI0UCU6vW3oOLjLFqULPLWs0BPKyOVZTLb7ZKqia0wauEFtZ
+Zq168mTeWSlM7gdJ01n/ar3ycY/V3h6kR+V3n+bL8le1IqJWwDfN5t5P137Sz04
YmJsmVQKErkYyHa2j9xv9rhijDUcxZRMIlRyHZJKi9lKOdtI7o9pNWHLHPuoG0tV
LP9fWY3SJ1cYylepWNyekiWf3ykPcKMBj4XsI+vuoE0LXuoRPqh/mP0pCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPWttu45XMhEQdOV7ioJpnEzS6TRMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvOWEyMjdqbGN5RVJCMDVYdUtnbW1jVE5McE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWfsRAwQA
wV01MA0GCSqGSIb3DQEBCwUAA4IBAQA8CBWtxNlpcTnJh1YiZpoD3VNt+KF5w8VB
5360m5pYxoeV6ObBHHQjmgB8CkBYiD1481mEIt4ctJe6rnyXoCXkI/XzyWCtv8hD
u0WDNSPxlwpCNi0y24bJsbeEiJeXGFX6r34cSgeAwQmnJBsumUqXgv6oTDgJVJpx
t/yvoWtw5U1Pqdlo9L6q6hgGxOIDbJBeKdZVmraGVzXh6m3jxv36M6drAN1Bxjda
DO9mX/sAUIlFQsFJBZoCNs1myPVhMNQfXmrEEEc8fGqZaJUx6NIDPsu9alzXJuqx
QErHVjEYPOEW30q+GbJmU9ynnpJIF08lqpnGJN762hXlKt/BcHut
-----END CERTIFICATE-----