Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/9qSGcGsaAT-Orj-BviLbbFBnobc.roa
File:                     9qSGcGsaAT-Orj-BviLbbFBnobc.roa (raw, json)
Hash identifier:          KGQdMGZUYXqZM3Cup0R+gwjVZv7t7VL1nDYpfpe2mMo=
Subject key identifier:   F6:A4:86:70:6B:1A:01:3F:8E:AE:3F:81:BE:22:DB:6C:50:67:A1:B7
Certificate issuer:       /CN=8aad9c0ce5ba3905b41970a04e51976076c67e00
Certificate serial:       01942748646EDEEF7756E9FF37F1AAD631E6
Authority key identifier: 8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/9qSGcGsaAT-Orj-BviLbbFBnobc.roa
Signing time:             Thu 02 Jan 2025 13:50:43 +0000
ROA not before:           Thu 02 Jan 2025 13:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54282
IP address blocks:        193.135.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:64:6e:de:ef:77:56:e9:ff:37:f1:aa:d6:31:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aad9c0ce5ba3905b41970a04e51976076c67e00
        Validity
            Not Before: Jan  2 13:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6a486706b1a013f8eae3f81be22db6c5067a1b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:a2:97:05:58:81:c9:56:31:65:a0:bd:53:82:
                    67:cc:7e:a5:c2:dc:b3:0a:11:44:59:09:5f:bb:b3:
                    b8:29:ad:60:cb:85:96:ab:17:3f:26:9b:e4:bf:de:
                    24:c4:88:2c:52:2b:76:ef:f2:cd:25:cd:ee:8d:27:
                    57:a2:f1:04:c7:7d:6c:b9:ee:b1:93:5b:32:64:85:
                    30:0c:c5:82:f3:8d:f8:49:17:4b:26:30:6d:b2:01:
                    d0:fa:1d:ef:5b:ef:80:48:e0:3e:d4:e5:e8:9b:37:
                    92:3d:95:11:71:12:01:14:de:3f:5f:b4:3e:9f:16:
                    9a:7d:1a:16:6f:87:21:c2:09:93:33:6c:af:a2:d2:
                    ce:fb:0c:88:06:6e:12:4e:7f:4d:28:9e:74:92:1a:
                    88:a9:2f:20:9e:bf:8a:18:69:d4:e8:1e:be:dd:d5:
                    7a:8e:b2:53:43:76:cc:4c:77:94:d6:77:a9:40:77:
                    62:9e:65:f6:31:4d:d7:36:52:77:d4:45:75:a8:95:
                    07:a1:e3:e8:10:b9:6e:e5:9b:51:cb:1f:40:71:06:
                    a3:38:b3:a8:d4:9a:95:71:f7:e1:5b:f3:9b:12:dc:
                    3f:bb:e4:d1:be:42:79:09:3a:f6:49:e5:dd:67:b1:
                    57:84:45:e0:8c:59:f3:5c:44:74:eb:fa:35:15:d3:
                    ec:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A4:86:70:6B:1A:01:3F:8E:AE:3F:81:BE:22:DB:6C:50:67:A1:B7
            X509v3 Authority Key Identifier:
                keyid:8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/9qSGcGsaAT-Orj-BviLbbFBnobc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         94:3e:23:43:1d:de:d8:10:72:ce:f6:fa:1d:55:f1:94:47:e8:
         6b:d8:ef:6f:76:f2:74:44:c4:1b:38:c2:bb:4c:7f:7a:df:3a:
         9b:e8:1f:9b:b9:d1:c6:c1:8b:e0:bd:52:31:75:bf:3c:d3:35:
         94:07:a6:91:11:56:dd:7a:9d:77:5a:db:16:71:f1:43:05:2f:
         0c:a6:3a:d6:54:3c:71:40:13:5e:8f:86:48:de:4a:78:92:ac:
         16:31:c2:ea:06:c7:ff:7a:eb:b5:38:c6:fc:17:0c:2b:1c:63:
         34:b0:8f:3f:86:af:e3:e0:0f:53:7f:99:54:f6:c8:6e:2e:2e:
         6a:d7:ae:3c:45:ff:b6:32:e5:9f:78:eb:9d:b3:18:8e:20:67:
         eb:d6:97:82:ae:a5:d5:09:b0:d0:27:8d:4d:e6:a1:21:5c:8c:
         9c:3e:49:51:24:12:43:fb:e2:54:47:b6:34:ef:10:ae:90:d7:
         e3:a2:71:1f:b7:8d:80:6e:2d:86:8b:e3:53:69:32:22:08:8a:
         85:c6:91:d4:5f:07:91:f4:46:cd:b5:0d:ec:3a:b9:32:09:4f:
         76:9d:b4:10:bf:5f:af:b8:51:a0:a6:83:5a:64:26:90:d8:1a:
         25:66:b9:70:d1:ba:f6:7b:a7:99:27:da:2c:83:db:89:dd:9c:
         16:b2:71:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSGRu3u93Vun/N/Gq1jHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWQ5YzBjZTViYTM5MDViNDE5NzBhMDRlNTE5NzYwNzZj
NjdlMDAwHhcNMjUwMTAyMTM1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmE0ODY3MDZiMWEwMTNmOGVhZTNmODFiZTIyZGI2YzUwNjdhMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+aKXBViByVYxZaC9U4JnzH6lwtyz
ChFEWQlfu7O4Ka1gy4WWqxc/Jpvkv94kxIgsUit27/LNJc3ujSdXovEEx31sue6x
k1syZIUwDMWC8434SRdLJjBtsgHQ+h3vW++ASOA+1OXomzeSPZURcRIBFN4/X7Q+
nxaafRoWb4chwgmTM2yvotLO+wyIBm4STn9NKJ50khqIqS8gnr+KGGnU6B6+3dV6
jrJTQ3bMTHeU1nepQHdinmX2MU3XNlJ31EV1qJUHoePoELlu5ZtRyx9AcQajOLOo
1JqVcffhW/ObEtw/u+TRvkJ5CTr2SeXdZ7FXhEXgjFnzXER06/o1FdPszwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPakhnBrGgE/jq4/gb4i22xQZ6G3MB8GA1UdIwQY
MBaAFIqtnAzlujkFtBlwoE5Rl2B2xn4AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXEyY0RPVzZPUVcwR1hDZ1RsR1hZSGJHZmdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9lNDQ1ZTQtMjZiZC00OGM5LTgzZGIt
N2EwZWNlOWMwYWY4LzEvOXFTR2NHc2FBVC1PcmotQnZpTGJiRkJub2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9lNDQ1ZTQtMjZiZC00OGM5LTgzZGItN2EwZWNlOWMwYWY4
LzEvaXEyY0RPVzZPUVcwR1hDZ1RsR1hZSGJHZmdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYcoMA0G
CSqGSIb3DQEBCwUAA4IBAQCUPiNDHd7YEHLO9vodVfGUR+hr2O9vdvJ0RMQbOMK7
TH963zqb6B+budHGwYvgvVIxdb880zWUB6aREVbdep13WtsWcfFDBS8MpjrWVDxx
QBNej4ZI3kp4kqwWMcLqBsf/euu1OMb8FwwrHGM0sI8/hq/j4A9Tf5lU9shuLi5q
1648Rf+2MuWfeOudsxiOIGfr1peCrqXVCbDQJ41N5qEhXIycPklRJBJD++JUR7Y0
7xCukNfjonEft42Abi2Gi+NTaTIiCIqFxpHUXweR9EbNtQ3sOrkyCU92nbQQv1+v
uFGgpoNaZCaQ2BolZrlw0br2e6eZJ9osg9uJ3ZwWsnFO
-----END CERTIFICATE-----