Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/1pbl9lLrLHSegTR5aMKg_vc70Uo.roa
File:                     1pbl9lLrLHSegTR5aMKg_vc70Uo.roa (raw, json)
Hash identifier:          JuIlY/C1ag+dEHYXDzz9ICIcinIRd2dm1piPpM/bPQE=
Subject key identifier:   D6:96:E5:F6:52:EB:2C:74:9E:81:34:79:68:C2:A0:FE:F7:3B:D1:4A
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       019425207DFDF252ED20B9E0FF54F2BA24CF
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/1pbl9lLrLHSegTR5aMKg_vc70Uo.roa
Signing time:             Thu 02 Jan 2025 03:47:53 +0000
ROA not before:           Thu 02 Jan 2025 03:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199145
IP address blocks:        84.47.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:7d:fd:f2:52:ed:20:b9:e0:ff:54:f2:ba:24:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 03:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d696e5f652eb2c749e81347968c2a0fef73bd14a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c1:56:76:77:66:4f:8f:e9:0c:08:9b:bf:28:
                    7b:5d:e3:2f:c5:43:88:66:67:fd:60:ef:3b:30:77:
                    bc:be:cb:7b:67:4f:7e:43:a9:f3:3d:4a:77:ce:9e:
                    3e:77:fc:60:43:b3:63:b1:10:b8:d7:8d:d9:e1:3c:
                    c9:48:5d:3f:33:28:1d:6e:c6:cf:8d:91:91:56:01:
                    b1:c0:28:89:81:71:e4:08:64:ba:44:db:55:0f:e9:
                    80:19:85:bf:59:b9:db:b1:30:af:d5:2d:9a:d5:f0:
                    cc:a6:57:d2:6e:cb:2d:d3:64:6a:a9:ac:7f:ce:1d:
                    2b:c5:be:e4:82:31:52:a4:45:88:84:18:e6:a8:58:
                    66:ae:3c:eb:63:1b:1c:13:a5:92:9b:1a:e7:7b:e7:
                    57:60:33:c1:e5:56:ef:9d:7a:50:00:e2:dd:c2:5f:
                    5f:79:9d:da:ee:3f:fb:13:65:9a:27:2f:9c:92:17:
                    03:9f:19:d4:8f:98:87:7d:ce:dd:72:1d:ef:cf:f1:
                    b2:e8:3a:04:94:0b:9f:ed:52:3e:17:8d:20:c6:82:
                    65:c8:61:eb:e7:04:83:b0:45:39:ce:35:13:be:37:
                    96:82:a4:b6:87:e5:75:84:4c:de:3a:b2:6d:83:39:
                    37:43:be:71:4f:eb:9f:a0:5c:4c:ec:92:6b:28:72:
                    5e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:96:E5:F6:52:EB:2C:74:9E:81:34:79:68:C2:A0:FE:F7:3B:D1:4A
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/1pbl9lLrLHSegTR5aMKg_vc70Uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:97:fd:38:6c:f0:6c:d5:d4:38:f0:e8:e8:f4:dd:bb:af:9f:
         e5:c4:0f:61:f9:2f:48:6f:6b:1b:1f:e1:58:4d:6a:f1:e6:fd:
         a2:25:18:7a:01:61:1c:94:4e:24:8d:f0:09:ab:12:9e:a4:cc:
         a3:b7:5f:78:5a:b6:01:f5:cf:d6:61:aa:63:08:e5:87:52:6d:
         69:40:6c:23:34:0f:80:85:bd:1d:a4:c7:f7:a4:ac:db:a9:de:
         df:a1:21:93:6c:2a:a3:db:7c:0e:e5:f7:50:86:fa:8b:2d:ad:
         6a:0a:d0:b6:57:80:6f:52:46:85:36:42:cf:4b:f2:d2:2e:3b:
         d3:d8:d0:cb:59:ff:28:ef:e6:ef:38:70:af:2e:94:7c:38:e2:
         63:83:8c:45:28:00:17:ad:f8:73:3a:1f:20:ae:b1:fc:bf:a0:
         4a:5f:07:d1:33:9e:fe:41:68:76:76:e1:87:83:35:a8:8e:25:
         ac:f8:5c:f9:63:61:78:f4:05:a9:2f:ca:9a:d5:aa:88:bb:35:
         d6:a3:d8:76:be:11:0a:8a:b7:b9:60:84:1d:7d:95:dc:53:c8:
         66:d9:bf:9f:d9:d9:1f:e1:25:5d:f3:de:2d:14:46:bb:51:65:
         53:41:ee:ae:78:58:77:3d:b4:22:eb:69:fc:be:12:f3:9c:aa:
         00:47:52:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIH398lLtILng/1TyuiTPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjUwMTAyMDM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjk2ZTVmNjUyZWIyYzc0OWU4MTM0Nzk2OGMyYTBmZWY3M2JkMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcFWdndmT4/pDAibvyh7XeMvxUOI
Zmf9YO87MHe8vst7Z09+Q6nzPUp3zp4+d/xgQ7NjsRC4143Z4TzJSF0/MygdbsbP
jZGRVgGxwCiJgXHkCGS6RNtVD+mAGYW/WbnbsTCv1S2a1fDMplfSbsst02Rqqax/
zh0rxb7kgjFSpEWIhBjmqFhmrjzrYxscE6WSmxrne+dXYDPB5VbvnXpQAOLdwl9f
eZ3a7j/7E2WaJy+ckhcDnxnUj5iHfc7dch3vz/Gy6DoElAuf7VI+F40gxoJlyGHr
5wSDsEU5zjUTvjeWgqS2h+V1hEzeOrJtgzk3Q75xT+ufoFxM7JJrKHJeYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaW5fZS6yx0noE0eWjCoP73O9FKMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvMXBibDlsTHJMSFNlZ1RSNWFNS2dfdmM3MFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVC+tMA0G
CSqGSIb3DQEBCwUAA4IBAQAVl/04bPBs1dQ48Ojo9N27r5/lxA9h+S9Ib2sbH+FY
TWrx5v2iJRh6AWEclE4kjfAJqxKepMyjt194WrYB9c/WYapjCOWHUm1pQGwjNA+A
hb0dpMf3pKzbqd7foSGTbCqj23wO5fdQhvqLLa1qCtC2V4BvUkaFNkLPS/LSLjvT
2NDLWf8o7+bvOHCvLpR8OOJjg4xFKAAXrfhzOh8grrH8v6BKXwfRM57+QWh2duGH
gzWojiWs+Fz5Y2F49AWpL8qa1aqIuzXWo9h2vhEKire5YIQdfZXcU8hm2b+f2dkf
4SVd894tFEa7UWVTQe6ueFh3PbQi62n8vhLznKoAR1LE
-----END CERTIFICATE-----