Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/q9EzhRak9A-maSvUjMGlPsmVdWk.roa
File:                     q9EzhRak9A-maSvUjMGlPsmVdWk.roa (raw, json)
Hash identifier:          fhhhD7VzymISsohMui+Cyx0H2ETVK9ly9iR82236g+Q=
Subject key identifier:   AB:D1:33:85:16:A4:F4:0F:A6:69:2B:D4:8C:C1:A5:3E:C9:95:75:69
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       019424452192B6D5BFBDF6C09CEA250966C6
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/q9EzhRak9A-maSvUjMGlPsmVdWk.roa
Signing time:             Wed 01 Jan 2025 23:48:17 +0000
ROA not before:           Wed 01 Jan 2025 23:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16262
IP address blocks:        87.251.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:21:92:b6:d5:bf:bd:f6:c0:9c:ea:25:09:66:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  1 23:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abd1338516a4f40fa6692bd48cc1a53ec9957569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9e:94:f4:08:47:bf:60:c8:39:2c:5f:99:f0:
                    e1:7d:7b:3e:c9:6c:30:23:f9:6e:6a:5b:7a:b7:d4:
                    a1:47:56:5f:be:1e:28:d6:a0:70:c0:b7:c1:f6:70:
                    8e:c2:8d:b1:f1:82:c4:dd:0d:0f:3b:34:3a:bd:0a:
                    1c:bb:fe:be:83:20:f7:3b:ac:d9:30:53:da:f7:38:
                    7d:12:60:f1:fa:50:0e:7e:f5:8f:d4:1f:ca:42:a0:
                    eb:96:b3:27:9f:ad:db:24:0d:78:0d:59:55:54:e4:
                    07:e3:78:c6:48:30:3f:97:19:7a:80:dc:46:30:ee:
                    87:84:46:20:07:87:b8:8c:dd:c3:6e:dd:9b:62:25:
                    fb:ab:86:cd:0f:ec:8d:8c:18:42:a3:59:b3:b7:ed:
                    7e:e3:3b:5b:09:98:8b:4e:e8:72:22:54:46:c4:50:
                    fb:46:4d:3e:5f:a4:3d:79:ca:c8:3b:09:69:64:5e:
                    81:2f:d5:f2:e1:9c:c2:43:31:26:99:66:c7:c4:20:
                    5c:b6:80:d7:45:97:6f:74:9a:56:e5:eb:0b:bc:7b:
                    64:1e:6f:ec:54:0d:7d:13:db:a9:28:0f:78:fc:88:
                    9c:46:fa:6b:24:5c:03:e4:1a:45:5b:e3:8b:94:b6:
                    58:7c:d1:e9:ba:d5:b4:c7:68:0f:33:44:76:b5:93:
                    f4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D1:33:85:16:A4:F4:0F:A6:69:2B:D4:8C:C1:A5:3E:C9:95:75:69
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/q9EzhRak9A-maSvUjMGlPsmVdWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:38:1d:fa:52:f6:fe:a8:61:14:1e:e0:b1:0e:6d:3d:49:7c:
         6a:f3:cd:ea:ba:73:df:f7:15:24:e2:5a:21:aa:19:b9:9e:50:
         6a:3b:88:04:63:de:5c:27:31:03:b1:32:c9:3d:68:e3:ca:07:
         33:d2:51:e6:f6:6e:4c:be:65:57:ac:64:88:fe:b6:bb:70:33:
         e8:2d:1c:5c:73:f1:f5:dc:27:f9:77:98:5f:e0:57:21:fc:78:
         c1:33:42:0c:41:cc:e6:61:dd:22:27:5a:2f:b3:7a:9f:11:7d:
         11:f4:f1:1e:64:c0:99:5c:71:66:f7:f1:ce:1f:e9:ce:71:0d:
         e1:0b:7e:da:02:71:e0:30:2d:45:0e:83:ec:6a:cf:eb:68:c0:
         ef:a7:05:1c:26:fd:67:ae:b7:b5:6f:be:dc:88:79:6d:13:90:
         75:58:36:dc:6d:7d:39:bb:dc:6f:2c:96:b5:83:25:18:ac:04:
         e9:0f:98:c7:2f:42:5d:7e:fe:bb:d6:6d:2d:59:89:83:b8:67:
         97:d7:1d:4b:69:4e:cf:6d:60:33:e1:7b:16:32:c9:08:22:43:
         71:33:f2:e3:43:45:e6:d4:cd:c6:95:92:84:cc:e7:0c:d0:b1:
         6e:c6:80:9a:e0:d0:d7:21:a1:ea:09:65:b1:43:9f:5f:f1:05:
         7d:b3:7d:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRSGSttW/vfbAnOolCWbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjUwMTAxMjM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQxMzM4NTE2YTRmNDBmYTY2OTJiZDQ4Y2MxYTUzZWM5OTU3NTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo56U9AhHv2DIOSxfmfDhfXs+yWww
I/lualt6t9ShR1Zfvh4o1qBwwLfB9nCOwo2x8YLE3Q0POzQ6vQocu/6+gyD3O6zZ
MFPa9zh9EmDx+lAOfvWP1B/KQqDrlrMnn63bJA14DVlVVOQH43jGSDA/lxl6gNxG
MO6HhEYgB4e4jN3Dbt2bYiX7q4bND+yNjBhCo1mzt+1+4ztbCZiLTuhyIlRGxFD7
Rk0+X6Q9ecrIOwlpZF6BL9Xy4ZzCQzEmmWbHxCBctoDXRZdvdJpW5esLvHtkHm/s
VA19E9upKA94/IicRvprJFwD5BpFW+OLlLZYfNHputW0x2gPM0R2tZP0AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvRM4UWpPQPpmkr1IzBpT7JlXVpMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvcTlFemhSYWs5QS1tYVN2VWpNR2xQc21WZFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tJMA0G
CSqGSIb3DQEBCwUAA4IBAQB9OB36Uvb+qGEUHuCxDm09SXxq883qunPf9xUk4loh
qhm5nlBqO4gEY95cJzEDsTLJPWjjygcz0lHm9m5MvmVXrGSI/ra7cDPoLRxcc/H1
3Cf5d5hf4Fch/HjBM0IMQczmYd0iJ1ovs3qfEX0R9PEeZMCZXHFm9/HOH+nOcQ3h
C37aAnHgMC1FDoPsas/raMDvpwUcJv1nrre1b77ciHltE5B1WDbcbX05u9xvLJa1
gyUYrATpD5jHL0Jdfv671m0tWYmDuGeX1x1LaU7PbWAz4XsWMskIIkNxM/LjQ0Xm
1M3GlZKEzOcM0LFuxoCa4NDXIaHqCWWxQ59f8QV9s31h
-----END CERTIFICATE-----