Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/yQafrAusZTwTPZBFL3M0qrFQZ04.roa
File:                     yQafrAusZTwTPZBFL3M0qrFQZ04.roa (raw, json)
Hash identifier:          Bj+Dm5K+2i3MwGi4viuLKNvUn9KDeSK+/ogiA8Pwh18=
Subject key identifier:   C9:06:9F:AC:0B:AC:65:3C:13:3D:90:45:2F:73:34:AA:B1:50:67:4E
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       0194236A457CB54CFF392581471E1F105E6B
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/yQafrAusZTwTPZBFL3M0qrFQZ04.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        80.94.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:45:7c:b5:4c:ff:39:25:81:47:1e:1f:10:5e:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9069fac0bac653c133d90452f7334aab150674e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:97:b9:1c:0e:df:04:54:0a:96:da:e3:a6:33:
                    e7:87:8c:6a:3e:3c:93:e6:78:59:9c:94:64:69:ba:
                    a7:05:1b:b2:f2:32:a4:95:c9:1b:ca:dd:ad:f2:b5:
                    e7:44:81:ec:49:86:b3:84:a7:29:a8:a7:f9:3e:dc:
                    58:52:d7:65:cd:ea:b9:28:8e:70:61:da:dc:8e:a9:
                    69:46:65:2c:21:23:c9:a3:eb:04:3e:1a:52:74:ed:
                    7d:83:2e:d7:3a:b3:56:d3:7f:3d:68:30:60:31:7a:
                    c5:a5:ce:36:8a:59:37:a7:2e:71:36:8f:aa:27:54:
                    d4:78:24:10:70:fa:2c:eb:3e:ae:71:39:5f:cf:2a:
                    18:81:69:73:d5:66:d8:ad:32:e5:76:7b:e7:e1:29:
                    75:14:61:94:b0:3b:6b:ab:78:3c:92:dd:ea:de:c0:
                    ff:af:02:8c:0f:84:5f:3d:62:44:12:ef:bd:86:e4:
                    07:92:88:dc:df:bb:60:aa:ff:61:ab:3a:c9:ff:8d:
                    f8:d0:f7:b9:ea:33:7c:cd:11:6b:a1:1c:e6:1d:c5:
                    37:73:2c:4e:01:8a:fc:2f:8b:49:2c:61:21:e9:aa:
                    42:95:85:03:c1:99:c7:5f:03:f1:44:3a:b4:1d:16:
                    42:ed:d6:75:68:27:1c:1b:b8:28:13:42:41:f4:ac:
                    6e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:06:9F:AC:0B:AC:65:3C:13:3D:90:45:2F:73:34:AA:B1:50:67:4E
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/yQafrAusZTwTPZBFL3M0qrFQZ04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:40:89:da:9a:0b:c9:f1:f6:3b:8a:d2:81:48:2f:d7:42:9f:
         58:8b:ca:23:40:c8:b1:5b:30:bb:88:a8:35:bc:9a:f6:6f:13:
         ea:62:5b:d6:e9:17:64:58:ca:a3:8b:6d:7b:44:28:44:55:18:
         77:ff:dd:16:b4:e4:2c:06:ef:a7:b2:c7:c8:5a:86:dc:b0:16:
         0e:db:26:ed:41:17:64:a9:16:f9:f4:e9:64:61:85:50:c8:25:
         29:ca:93:5a:e0:b3:db:ed:2e:8e:f9:81:ef:76:31:af:48:a6:
         51:c0:c0:4e:63:c7:fd:08:cc:e7:3c:6e:0c:b4:f9:21:3d:5f:
         58:bc:9a:a9:45:99:fd:3f:8c:36:b7:b2:15:83:c9:33:fe:1a:
         5a:40:88:0f:52:41:b6:63:81:7e:5f:18:5e:3e:0b:52:e8:3c:
         3b:cb:b5:a8:c4:70:96:0a:c2:31:78:51:e9:73:be:77:3e:39:
         83:e1:d9:84:d4:dc:43:93:e9:73:43:49:57:30:cf:af:a0:b2:
         1b:3d:bc:34:bb:77:8f:0a:ef:4c:16:88:75:25:13:5b:5d:ac:
         9c:47:cf:7a:15:83:36:52:80:0d:aa:ee:f0:c7:9f:31:24:f5:
         20:d5:76:a2:8c:26:36:a9:38:ee:e9:c4:eb:3c:db:fd:91:17:
         40:9a:73:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakV8tUz/OSWBRx4fEF5rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTA2OWZhYzBiYWM2NTNjMTMzZDkwNDUyZjczMzRhYWIxNTA2NzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpe5HA7fBFQKltrjpjPnh4xqPjyT
5nhZnJRkabqnBRuy8jKklckbyt2t8rXnRIHsSYazhKcpqKf5PtxYUtdlzeq5KI5w
YdrcjqlpRmUsISPJo+sEPhpSdO19gy7XOrNW0389aDBgMXrFpc42ilk3py5xNo+q
J1TUeCQQcPos6z6ucTlfzyoYgWlz1WbYrTLldnvn4Sl1FGGUsDtrq3g8kt3q3sD/
rwKMD4RfPWJEEu+9huQHkojc37tgqv9hqzrJ/4340Pe56jN8zRFroRzmHcU3cyxO
AYr8L4tJLGEh6apClYUDwZnHXwPxRDq0HRZC7dZ1aCccG7goE0JB9KxurwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkGn6wLrGU8Ez2QRS9zNKqxUGdOMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEveVFhZnJBdXNaVHdUUFpCRkwzTTBxckZRWjA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF5aMA0G
CSqGSIb3DQEBCwUAA4IBAQAQQInamgvJ8fY7itKBSC/XQp9Yi8ojQMixWzC7iKg1
vJr2bxPqYlvW6RdkWMqji217RChEVRh3/90WtOQsBu+nssfIWobcsBYO2ybtQRdk
qRb59OlkYYVQyCUpypNa4LPb7S6O+YHvdjGvSKZRwMBOY8f9CMznPG4MtPkhPV9Y
vJqpRZn9P4w2t7IVg8kz/hpaQIgPUkG2Y4F+XxhePgtS6Dw7y7WoxHCWCsIxeFHp
c753PjmD4dmE1NxDk+lzQ0lXMM+voLIbPbw0u3ePCu9MFoh1JRNbXaycR896FYM2
UoANqu7wx58xJPUg1XaijCY2qTju6cTrPNv9kRdAmnOo
-----END CERTIFICATE-----