Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/9INEJHy8ZUQsZkXJ3LToNxX8kZ4.roa
File:                     9INEJHy8ZUQsZkXJ3LToNxX8kZ4.roa (raw, json)
Hash identifier:          KdS2sZMTtBI8DBanSx1tGmEyybopPJ/MA5ChS1PT+v0=
Subject key identifier:   F4:83:44:24:7C:BC:65:44:2C:66:45:C9:DC:B4:E8:37:15:FC:91:9E
Certificate issuer:       /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial:       019424B3B53AA4091053A201B38A9226592F
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/9INEJHy8ZUQsZkXJ3LToNxX8kZ4.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204300
IP address blocks:        94.131.28.0/22 maxlen: 22
                          95.164.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 19:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b5:3a:a4:09:10:53:a2:01:b3:8a:92:26:59:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f48344247cbc65442c6645c9dcb4e83715fc919e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ec:20:7b:58:8e:d9:95:31:0c:12:0b:28:2c:
                    bb:34:ee:02:06:b2:9a:e0:4d:4b:6a:58:4d:53:b3:
                    a8:7d:ab:49:94:3b:54:06:f6:ea:9b:26:ac:cf:77:
                    c8:6c:45:1b:89:62:16:a3:d3:1a:15:ce:25:b3:ac:
                    13:81:de:a5:bb:af:f9:a7:fb:38:38:4a:4f:96:e0:
                    ab:f8:de:62:a8:c3:f4:ab:7b:fe:99:b6:37:c7:53:
                    49:d6:67:2f:0f:31:a4:74:83:99:cd:2f:03:b2:fa:
                    17:c2:e7:94:d3:4e:a3:5c:b2:54:dc:da:fa:42:e5:
                    37:4e:ec:83:82:d1:f5:78:21:4f:3b:58:84:27:48:
                    01:ac:02:e4:84:ba:1c:64:0d:eb:ce:3a:97:aa:32:
                    dc:19:7a:10:7b:c4:ef:b2:88:06:b6:71:df:3a:86:
                    b7:6d:f8:20:92:86:1c:96:17:7e:d2:d2:3f:fd:30:
                    39:2a:2f:3a:10:4e:69:64:ba:77:9f:6e:5d:da:8f:
                    1a:9f:09:a8:9b:e0:28:d2:a3:58:b4:bf:dc:a4:8a:
                    c9:72:c9:46:53:8c:25:c6:72:ba:8f:1c:57:6d:f4:
                    71:d5:7b:3d:6b:9a:70:e1:c3:13:3f:32:32:2e:a5:
                    7f:bf:bd:92:c5:89:2c:45:01:66:6d:9c:b5:13:99:
                    0b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:83:44:24:7C:BC:65:44:2C:66:45:C9:DC:B4:E8:37:15:FC:91:9E
            X509v3 Authority Key Identifier:
                keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/9INEJHy8ZUQsZkXJ3LToNxX8kZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.28.0/22
                  95.164.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:78:25:6b:35:0f:12:f6:1e:d1:0b:d2:a3:93:3a:d9:30:86:
         7b:b5:4b:5b:77:e1:42:da:39:87:7b:44:65:5a:bb:89:cc:47:
         5e:1e:4f:eb:ed:87:ab:e0:de:eb:ee:a1:00:50:d3:95:68:97:
         6c:c1:64:73:67:67:a4:c5:db:ad:b7:77:c5:7d:3f:3b:44:0c:
         6c:e6:ce:b6:97:35:f4:34:55:1d:a0:cf:12:3b:94:38:ec:98:
         cd:c5:d4:b6:d6:8d:85:96:3b:13:b1:fc:c7:30:db:f0:75:b6:
         d8:70:5e:a5:45:a8:10:fd:89:9a:9d:c2:39:1a:2b:e5:16:7b:
         88:94:08:d1:c8:a3:ac:a0:45:46:25:be:40:61:ff:9a:16:2a:
         09:72:18:c2:36:28:77:07:c3:1b:08:ad:03:53:07:0d:74:2b:
         32:02:f9:96:01:01:1a:be:85:d3:01:f1:da:0d:ab:19:29:fa:
         ca:6b:dd:d7:d9:57:74:97:89:85:ac:55:b3:c5:4e:9a:cd:a9:
         62:ab:e2:c3:ba:fa:6c:7e:bb:88:be:e1:d6:83:2d:44:c3:18:
         ec:e2:04:a5:f9:a2:fd:ac:24:90:5c:db:a9:ad:70:73:51:58:
         83:4b:88:40:a0:47:8e:54:b6:3d:07:3a:1a:b3:dc:70:20:b8:
         43:e5:e4:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQks7U6pAkQU6IBs4qSJlkvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDgzNDQyNDdjYmM2NTQ0MmM2NjQ1YzlkY2I0ZTgzNzE1ZmM5MTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoewge1iO2ZUxDBILKCy7NO4CBrKa
4E1LalhNU7OofatJlDtUBvbqmyasz3fIbEUbiWIWo9MaFc4ls6wTgd6lu6/5p/s4
OEpPluCr+N5iqMP0q3v+mbY3x1NJ1mcvDzGkdIOZzS8DsvoXwueU006jXLJU3Nr6
QuU3TuyDgtH1eCFPO1iEJ0gBrALkhLocZA3rzjqXqjLcGXoQe8TvsogGtnHfOoa3
bfggkoYclhd+0tI//TA5Ki86EE5pZLp3n25d2o8anwmom+Ao0qNYtL/cpIrJcslG
U4wlxnK6jxxXbfRx1Xs9a5pw4cMTPzIyLqV/v72SxYksRQFmbZy1E5kLWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPSDRCR8vGVELGZFydy06DcV/JGeMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvOUlORUpIeThaVVFzWmtYSjNMVG9OeFg4a1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXoMcAwQC
X6TEMA0GCSqGSIb3DQEBCwUAA4IBAQB/eCVrNQ8S9h7RC9KjkzrZMIZ7tUtbd+FC
2jmHe0RlWruJzEdeHk/r7Yer4N7r7qEAUNOVaJdswWRzZ2ekxdutt3fFfT87RAxs
5s62lzX0NFUdoM8SO5Q47JjNxdS21o2FljsTsfzHMNvwdbbYcF6lRagQ/YmancI5
GivlFnuIlAjRyKOsoEVGJb5AYf+aFioJchjCNih3B8MbCK0DUwcNdCsyAvmWAQEa
voXTAfHaDasZKfrKa93X2Vd0l4mFrFWzxU6azaliq+LDuvpsfruIvuHWgy1Ewxjs
4gSl+aL9rCSQXNuprXBzUViDS4hAoEeOVLY9Bzoas9xwILhD5eSb
-----END CERTIFICATE-----