Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/lRtWiEUGI08QkTj-JAgK-bKDZAM.roa
File:                     lRtWiEUGI08QkTj-JAgK-bKDZAM.roa (raw, json)
Hash identifier:          ewOxoxwYLcFsIAFisXEFAEvCf5KlmrBM7jLNVcTuzwc=
Subject key identifier:   95:1B:56:88:45:06:23:4F:10:91:38:FE:24:08:0A:F9:B2:83:64:03
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019424B3CB68E9FB842AC1CFD1455DC07193
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/lRtWiEUGI08QkTj-JAgK-bKDZAM.roa
Signing time:             Thu 02 Jan 2025 01:49:10 +0000
ROA not before:           Thu 02 Jan 2025 01:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201884
IP address blocks:        217.113.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:cb:68:e9:fb:84:2a:c1:cf:d1:45:5d:c0:71:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  2 01:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=951b56884506234f109138fe24080af9b2836403
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:18:04:3d:5d:69:c0:37:1c:b2:39:c4:f0:e8:
                    e5:5d:19:87:70:4a:89:06:06:08:11:11:c4:22:fc:
                    2b:a0:6b:f4:0c:5a:5d:28:f3:87:b7:76:a9:4a:eb:
                    3d:af:40:81:d2:9d:31:ae:91:0d:7f:94:2a:de:3a:
                    a1:c4:3b:ee:0a:8f:44:7c:97:06:db:82:e3:99:24:
                    a9:ab:44:62:ec:3e:17:87:b0:9e:58:32:a6:0c:e4:
                    ea:09:1c:9f:d4:ed:f7:7b:74:ef:fa:e0:34:7b:7d:
                    1c:58:b8:e2:62:9a:e6:42:7d:5d:7c:00:42:99:2d:
                    f3:50:8a:b3:b5:e3:ee:c2:99:e5:60:7d:cb:a9:f2:
                    93:97:bb:96:57:cc:cb:fe:80:2f:e4:d4:20:76:10:
                    0e:6f:7a:95:d5:0f:e6:94:98:b1:30:fd:d6:ff:f3:
                    c4:52:2d:70:2a:6f:84:a0:6a:f0:6e:b3:bc:e6:ff:
                    08:0b:1d:89:74:40:0c:d4:cd:92:1e:43:4d:69:86:
                    90:93:c6:5b:8a:f6:6e:c5:42:0d:5a:fb:d2:4f:80:
                    73:d0:a9:1a:04:7b:7c:80:63:28:ec:35:3f:9d:f9:
                    bf:7b:88:d3:95:f4:70:6f:ff:95:56:35:81:e3:ec:
                    d3:c2:43:73:9c:6a:6c:e6:0d:19:77:d0:a5:a0:f9:
                    a2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:1B:56:88:45:06:23:4F:10:91:38:FE:24:08:0A:F9:B2:83:64:03
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/lRtWiEUGI08QkTj-JAgK-bKDZAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:52:6a:a9:7f:84:a0:24:d8:c6:fe:58:c5:df:4c:bc:9f:c7:
         0e:b9:3b:46:a3:69:79:0c:15:83:b6:6c:a1:f4:10:22:b7:63:
         2e:0c:b6:68:df:82:24:11:93:de:84:3e:ca:ef:51:64:9b:f8:
         2f:74:c0:3c:dd:2d:1b:06:0e:8c:05:90:de:1f:82:31:d1:57:
         14:87:11:af:1e:66:df:98:e0:e5:8c:7b:bb:6e:a9:c1:80:c1:
         7f:03:36:e1:8a:c7:2f:5e:c5:d1:72:fd:99:78:4e:33:b5:85:
         ef:00:6f:d3:33:6c:5a:67:5a:5a:14:13:33:93:ae:fa:88:98:
         d8:e6:e4:bd:8b:3e:82:ee:1e:8f:73:58:b9:3c:a2:b2:a7:2a:
         3a:5c:bd:f4:6b:54:a7:a5:b9:3a:34:d9:5d:1a:ed:77:f6:4c:
         32:21:27:55:7f:19:e4:e9:ee:81:d0:b0:57:bd:23:16:bd:ae:
         6f:65:39:c5:b1:87:e7:fd:29:76:1c:13:ea:58:59:d5:5e:3f:
         ed:de:1e:4c:fd:38:01:23:45:5a:74:b2:22:02:88:33:d6:c5:
         4a:27:66:1f:03:e1:df:6f:cc:9f:74:c4:a1:5c:77:9f:e2:d1:
         d8:fe:76:26:20:ec:ab:c3:71:8f:94:97:e0:61:c6:9b:25:55:
         bb:e3:1c:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8to6fuEKsHP0UVdwHGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjUwMTAyMDE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTFiNTY4ODQ1MDYyMzRmMTA5MTM4ZmUyNDA4MGFmOWIyODM2NDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxgEPV1pwDccsjnE8OjlXRmHcEqJ
BgYIERHEIvwroGv0DFpdKPOHt3apSus9r0CB0p0xrpENf5Qq3jqhxDvuCo9EfJcG
24LjmSSpq0Ri7D4Xh7CeWDKmDOTqCRyf1O33e3Tv+uA0e30cWLjiYprmQn1dfABC
mS3zUIqztePuwpnlYH3LqfKTl7uWV8zL/oAv5NQgdhAOb3qV1Q/mlJixMP3W//PE
Ui1wKm+EoGrwbrO85v8ICx2JdEAM1M2SHkNNaYaQk8ZbivZuxUINWvvST4Bz0Kka
BHt8gGMo7DU/nfm/e4jTlfRwb/+VVjWB4+zTwkNznGps5g0Zd9CloPmi+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUbVohFBiNPEJE4/iQICvmyg2QDMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvbFJ0V2lFVUdJMDhRa1RqLUpBZ0stYktEWkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XEJMA0G
CSqGSIb3DQEBCwUAA4IBAQANUmqpf4SgJNjG/ljF30y8n8cOuTtGo2l5DBWDtmyh
9BAit2MuDLZo34IkEZPehD7K71Fkm/gvdMA83S0bBg6MBZDeH4Ix0VcUhxGvHmbf
mODljHu7bqnBgMF/AzbhiscvXsXRcv2ZeE4ztYXvAG/TM2xaZ1paFBMzk676iJjY
5uS9iz6C7h6Pc1i5PKKypyo6XL30a1Snpbk6NNldGu139kwyISdVfxnk6e6B0LBX
vSMWva5vZTnFsYfn/Sl2HBPqWFnVXj/t3h5M/TgBI0VadLIiAogz1sVKJ2YfA+Hf
b8yfdMShXHef4tHY/nYmIOyrw3GPlJfgYcabJVW74xyW
-----END CERTIFICATE-----