Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/m9WFxaaoUJopCijrezK6Gq5Y4x0.roa
File:                     m9WFxaaoUJopCijrezK6Gq5Y4x0.roa (raw, json)
Hash identifier:          IYAL/aevINvn/lzHc7XS8T3g/wDLEF6taIL5uE1kWoE=
Subject key identifier:   9B:D5:85:C5:A6:A8:50:9A:29:0A:28:EB:7B:32:BA:1A:AE:58:E3:1D
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019427B6465A669EA49D19648A4BAC5ED78A
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/m9WFxaaoUJopCijrezK6Gq5Y4x0.roa
Signing time:             Thu 02 Jan 2025 15:50:44 +0000
ROA not before:           Thu 02 Jan 2025 15:50:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        146.255.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:46:5a:66:9e:a4:9d:19:64:8a:4b:ac:5e:d7:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 15:50:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bd585c5a6a8509a290a28eb7b32ba1aae58e31d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:85:19:80:b2:18:b8:3f:e6:b4:05:9f:87:83:
                    fc:76:47:fb:44:eb:8a:1c:e3:42:78:ec:58:d8:f8:
                    68:c8:bd:7e:a8:6a:ab:af:38:21:63:48:d9:77:6f:
                    a6:08:28:f7:27:cd:12:c7:26:00:5a:28:ce:eb:8d:
                    06:7f:1b:42:13:40:a5:90:46:b0:88:d6:b5:fc:9f:
                    e8:9f:ea:81:08:74:88:a6:38:d7:fa:ba:2c:0e:0a:
                    3a:3e:e9:6d:1a:8d:59:32:76:20:0d:78:26:cd:09:
                    12:bd:7b:39:46:e9:f4:69:ef:d3:3a:f1:bf:65:9d:
                    ff:12:3f:96:fe:16:bc:65:5d:ee:32:46:d0:94:7c:
                    9a:02:62:a4:71:46:ee:56:c9:79:20:34:0a:f8:ef:
                    20:1f:6d:ef:33:4c:da:b0:e3:c0:c5:4b:85:65:ad:
                    b9:3c:ff:a2:42:ae:8e:8a:d3:c2:44:7d:3b:13:87:
                    8b:1c:74:b9:a7:e0:94:b1:49:ad:79:7b:3c:4d:74:
                    fe:ba:68:ff:db:a6:7e:88:92:96:05:f0:0a:d4:05:
                    ff:bb:4e:c1:f7:88:fa:35:b9:15:7c:4c:21:1f:ae:
                    9f:a3:2a:c6:9f:7d:49:d0:87:29:17:fa:a2:7e:b9:
                    d5:ff:ea:67:f4:9f:6f:48:fc:c5:11:4d:58:ce:07:
                    6b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:D5:85:C5:A6:A8:50:9A:29:0A:28:EB:7B:32:BA:1A:AE:58:E3:1D
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/m9WFxaaoUJopCijrezK6Gq5Y4x0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.255.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:51:de:88:3a:65:c8:e9:7f:53:b9:71:f7:55:da:63:c6:83:
         e5:64:d5:58:02:b3:04:79:3e:97:50:47:b5:ac:06:d8:dc:4b:
         7d:48:57:7b:76:65:60:18:16:c0:82:eb:2d:ff:d1:4c:08:a7:
         ea:f6:86:c0:0f:e1:b0:87:98:f6:1a:ce:58:79:08:f7:1b:22:
         4e:13:c0:54:36:11:92:f3:fd:06:a6:94:f0:97:dd:31:59:71:
         25:70:0f:f9:5a:45:56:12:5a:e0:89:25:0a:87:cd:64:2c:42:
         96:35:2b:5f:d7:30:f7:a1:a0:75:ff:23:17:f4:31:a5:1a:fa:
         b5:5d:7c:ff:c9:aa:23:11:b0:46:a2:e8:c3:6e:18:39:a8:af:
         a4:61:11:58:38:98:86:87:c3:11:88:23:5f:ea:29:bf:4c:96:
         85:20:65:cb:84:08:fd:d4:d6:76:91:1f:7a:ff:c3:8c:ab:d8:
         a0:cb:d5:20:2c:05:86:81:c6:72:af:e5:11:f0:d4:8d:d6:31:
         6c:4d:90:62:f6:0a:64:f9:1e:f5:9e:64:a9:c1:d8:68:4a:f2:
         e6:20:be:a7:6d:76:3e:b0:45:4c:da:88:78:7f:c0:67:e9:24:
         14:6a:c8:1f:6e:a5:60:61:e6:17:68:48:b6:5d:06:48:3f:c3:
         94:d4:8e:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntkZaZp6knRlkikusXteKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjUwMTAyMTU1MDQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmQ1ODVjNWE2YTg1MDlhMjkwYTI4ZWI3YjMyYmExYWFlNThlMzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoUZgLIYuD/mtAWfh4P8dkf7ROuK
HONCeOxY2PhoyL1+qGqrrzghY0jZd2+mCCj3J80SxyYAWijO640GfxtCE0ClkEaw
iNa1/J/on+qBCHSIpjjX+rosDgo6PultGo1ZMnYgDXgmzQkSvXs5Run0ae/TOvG/
ZZ3/Ej+W/ha8ZV3uMkbQlHyaAmKkcUbuVsl5IDQK+O8gH23vM0zasOPAxUuFZa25
PP+iQq6OitPCRH07E4eLHHS5p+CUsUmteXs8TXT+umj/26Z+iJKWBfAK1AX/u07B
94j6NbkVfEwhH66foyrGn31J0IcpF/qifrnV/+pn9J9vSPzFEU1YzgdrVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvVhcWmqFCaKQoo63syuhquWOMdMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvbTlXRnhhYW9VSm9wQ2lqcmV6SzZHcTVZNHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkv8gMA0G
CSqGSIb3DQEBCwUAA4IBAQBIUd6IOmXI6X9TuXH3VdpjxoPlZNVYArMEeT6XUEe1
rAbY3Et9SFd7dmVgGBbAgust/9FMCKfq9obAD+Gwh5j2Gs5YeQj3GyJOE8BUNhGS
8/0GppTwl90xWXElcA/5WkVWElrgiSUKh81kLEKWNStf1zD3oaB1/yMX9DGlGvq1
XXz/yaojEbBGoujDbhg5qK+kYRFYOJiGh8MRiCNf6im/TJaFIGXLhAj91NZ2kR96
/8OMq9igy9UgLAWGgcZyr+UR8NSN1jFsTZBi9gpk+R71nmSpwdhoSvLmIL6nbXY+
sEVM2oh4f8Bn6SQUasgfbqVgYeYXaEi2XQZIP8OU1I7r
-----END CERTIFICATE-----