Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/9jFcc2sIX-Fs3ktxs-58gEPmasY.roa
File:                     9jFcc2sIX-Fs3ktxs-58gEPmasY.roa (raw, json)
Hash identifier:          HePH1DofBb+MqG0ob+GiLGVr062e3DxtUkrb0KPep7A=
Subject key identifier:   F6:31:5C:73:6B:08:5F:E1:6C:DE:4B:71:B3:EE:7C:80:43:E6:6A:C6
Certificate issuer:       /CN=dbd7fc50548287deaea7ce92099e47a04a70d451
Certificate serial:       019425218EF997EA62BCC7163F6ADA50763E
Authority key identifier: DB:D7:FC:50:54:82:87:DE:AE:A7:CE:92:09:9E:47:A0:4A:70:D4:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/9jFcc2sIX-Fs3ktxs-58gEPmasY.roa
Signing time:             Thu 02 Jan 2025 03:49:03 +0000
ROA not before:           Thu 02 Jan 2025 03:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.73.224.0/24 maxlen: 24
                          2a10:f80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8e:f9:97:ea:62:bc:c7:16:3f:6a:da:50:76:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbd7fc50548287deaea7ce92099e47a04a70d451
        Validity
            Not Before: Jan  2 03:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6315c736b085fe16cde4b71b3ee7c8043e66ac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f4:3f:12:65:f5:1f:90:d1:ba:69:07:e6:91:
                    db:4c:48:11:eb:51:1d:f2:22:0c:0d:e9:49:c1:e7:
                    37:73:98:c7:1a:0c:82:d1:c2:be:54:d1:a3:42:cd:
                    8f:b8:d9:86:21:2a:7f:a4:94:53:a3:5a:37:cd:3d:
                    e6:cf:a5:6f:4a:23:9c:6d:0c:b1:84:ea:c1:cf:e3:
                    5a:59:75:a7:8a:c0:6b:37:63:b4:62:3e:96:c0:ec:
                    a1:93:56:2b:1d:e2:d6:6d:e2:ea:9d:71:52:7f:21:
                    cf:1d:a2:6c:ba:43:2c:50:b4:60:6c:20:c5:1f:44:
                    8f:18:cd:c1:f2:9e:d2:26:5e:28:2a:b8:65:82:f8:
                    8d:3e:c6:89:9f:db:56:51:87:c4:8d:fe:a4:18:3b:
                    50:d8:98:53:36:65:43:0a:b2:c4:bc:ff:26:19:42:
                    7c:cd:27:ac:c8:6f:cf:d6:51:3c:9a:8a:15:c5:ae:
                    a7:48:b1:80:73:ae:22:1d:cf:67:44:fd:a2:01:7a:
                    a7:dd:a9:e7:08:ae:20:96:50:8d:04:52:31:94:56:
                    b2:8e:f2:3c:55:9f:d4:97:60:91:9b:b8:88:14:19:
                    29:eb:28:9b:6c:60:58:4c:54:de:7f:7f:a1:3b:f3:
                    f2:11:58:c4:9a:d3:75:06:c9:7e:8a:b3:47:76:97:
                    5e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:31:5C:73:6B:08:5F:E1:6C:DE:4B:71:B3:EE:7C:80:43:E6:6A:C6
            X509v3 Authority Key Identifier:
                keyid:DB:D7:FC:50:54:82:87:DE:AE:A7:CE:92:09:9E:47:A0:4A:70:D4:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/29f8UFSCh96up86SCZ5HoEpw1FE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/9jFcc2sIX-Fs3ktxs-58gEPmasY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/606ea9-4834-4b63-9e0a-f25604c4be82/1/29f8UFSCh96up86SCZ5HoEpw1FE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.224.0/24
                IPv6:
                  2a10:f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         22:23:78:a9:f8:39:b8:01:5c:aa:f9:7e:34:9f:57:46:98:40:
         2c:44:31:c5:ba:d9:11:c5:9e:7c:e5:a5:0b:d9:f8:f2:e5:da:
         42:5f:61:9f:dd:e3:c3:54:f3:d0:01:08:7e:3b:b2:b0:5f:a2:
         4b:85:0d:b6:49:76:6a:2f:c9:eb:91:df:4a:ad:0b:72:b6:8f:
         11:a3:fc:f9:91:c6:c4:36:ea:1c:d0:d0:02:1f:35:fe:62:db:
         5b:3e:5e:62:ee:60:a8:1b:06:5f:37:e3:ef:28:83:a7:10:2c:
         14:2d:46:80:8f:e8:40:01:00:69:d2:1d:77:7a:d3:41:d6:29:
         67:12:44:1c:8b:bf:2c:e8:53:a7:2c:ff:26:59:b1:96:43:cb:
         cf:64:ba:80:45:75:33:41:0d:c1:a4:a3:04:6f:18:18:92:15:
         a2:cf:b5:5f:8c:bd:52:a7:9d:0e:a1:33:31:84:fe:bc:c6:9c:
         47:8f:75:17:93:af:11:fd:2d:29:5a:2d:36:bc:72:23:89:5c:
         6d:96:a9:dd:24:da:4a:37:46:01:68:de:09:b9:5f:4a:90:b1:
         34:fd:01:a6:d6:25:31:af:43:e9:9f:ee:8d:cb:91:b5:b8:e6:
         43:9d:b5:d0:43:d8:7e:24:c7:6e:b4:db:a9:35:65:7b:11:06:
         40:0f:30:03
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIY75l+pivMcWP2raUHY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZDdmYzUwNTQ4Mjg3ZGVhZWE3Y2U5MjA5OWU0N2EwNGE3
MGQ0NTEwHhcNMjUwMTAyMDM0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjMxNWM3MzZiMDg1ZmUxNmNkZTRiNzFiM2VlN2M4MDQzZTY2YWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/Q/EmX1H5DRumkH5pHbTEgR61Ed
8iIMDelJwec3c5jHGgyC0cK+VNGjQs2PuNmGISp/pJRTo1o3zT3mz6VvSiOcbQyx
hOrBz+NaWXWnisBrN2O0Yj6WwOyhk1YrHeLWbeLqnXFSfyHPHaJsukMsULRgbCDF
H0SPGM3B8p7SJl4oKrhlgviNPsaJn9tWUYfEjf6kGDtQ2JhTNmVDCrLEvP8mGUJ8
zSesyG/P1lE8mooVxa6nSLGAc64iHc9nRP2iAXqn3annCK4gllCNBFIxlFayjvI8
VZ/Ul2CRm7iIFBkp6yibbGBYTFTef3+hO/PyEVjEmtN1Bsl+irNHdpderQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPYxXHNrCF/hbN5LcbPufIBD5mrGMB8GA1UdIwQY
MBaAFNvX/FBUgoferqfOkgmeR6BKcNRRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjlmOFVGU0NoOTZ1cDg2U0NaNUhvRXB3MUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS82MDZlYTktNDgzNC00YjYzLTllMGEt
ZjI1NjA0YzRiZTgyLzEvOWpGY2Myc0lYLUZzM2t0eHMtNThnRVBtYXNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS82MDZlYTktNDgzNC00YjYzLTllMGEtZjI1NjA0YzRiZTgy
LzEvMjlmOFVGU0NoOTZ1cDg2U0NaNUhvRXB3MUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuUngMA0E
AgACMAcDBQAqEA+AMA0GCSqGSIb3DQEBCwUAA4IBAQAiI3ip+Dm4AVyq+X40n1dG
mEAsRDHFutkRxZ585aUL2fjy5dpCX2Gf3ePDVPPQAQh+O7KwX6JLhQ22SXZqL8nr
kd9KrQtyto8Ro/z5kcbENuoc0NACHzX+YttbPl5i7mCoGwZfN+PvKIOnECwULUaA
j+hAAQBp0h13etNB1ilnEkQci78s6FOnLP8mWbGWQ8vPZLqARXUzQQ3BpKMEbxgY
khWiz7VfjL1Sp50OoTMxhP68xpxHj3UXk68R/S0pWi02vHIjiVxtlqndJNpKN0YB
aN4JuV9KkLE0/QGm1iUxr0Ppn+6Ny5G1uOZDnbXQQ9h+JMdutNupNWV7EQZADzAD
-----END CERTIFICATE-----