Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/9EmaRE56MhxkySrgldeCqIzjdb4.roa
File:                     9EmaRE56MhxkySrgldeCqIzjdb4.roa (raw, json)
Hash identifier:          1f+hqjqOUpzqbgERzyV2EMzT2kIlImzsUPPui1WSWLA=
Subject key identifier:   F4:49:9A:44:4E:7A:32:1C:64:C9:2A:E0:95:D7:82:A8:8C:E3:75:BE
Certificate issuer:       /CN=9705462cbfc8764777e6da31b595d7ccbfe38243
Certificate serial:       01942827CF5A317B81D17957E82000C2736B
Authority key identifier: 97:05:46:2C:BF:C8:76:47:77:E6:DA:31:B5:95:D7:CC:BF:E3:82:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwVGLL_Idkd35toxtZXXzL_jgkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/9EmaRE56MhxkySrgldeCqIzjdb4.roa
Signing time:             Thu 02 Jan 2025 17:54:45 +0000
ROA not before:           Thu 02 Jan 2025 17:54:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8758
IP address blocks:        185.96.76.0/22 maxlen: 22
                          2a05:ff80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/lwVGLL_Idkd35toxtZXXzL_jgkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/lwVGLL_Idkd35toxtZXXzL_jgkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwVGLL_Idkd35toxtZXXzL_jgkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:cf:5a:31:7b:81:d1:79:57:e8:20:00:c2:73:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9705462cbfc8764777e6da31b595d7ccbfe38243
        Validity
            Not Before: Jan  2 17:54:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4499a444e7a321c64c92ae095d782a88ce375be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:80:83:12:36:3f:86:98:76:d5:12:5b:8b:a3:
                    d9:32:9d:e8:81:49:b6:bf:e2:ee:93:eb:93:37:1a:
                    34:85:fc:2f:4f:04:81:07:0a:0e:5b:bd:17:25:0a:
                    bd:5d:ee:fa:49:70:e4:8f:0a:ac:66:5d:89:ad:1a:
                    43:78:b1:b0:45:14:4a:1c:a4:c4:17:bd:10:e5:f0:
                    83:88:dd:f4:23:80:44:a7:9f:7a:31:09:65:9e:df:
                    70:42:12:c1:6d:37:ce:f7:b0:0e:0e:ac:fa:da:f9:
                    b6:09:05:0f:c7:cf:b9:1b:9a:68:6d:24:35:57:5f:
                    e7:1a:58:cf:23:e0:c2:33:c2:89:43:71:8d:fa:7b:
                    8e:bb:a2:05:d7:ee:0b:7a:03:fe:54:fc:09:a9:45:
                    d1:cc:16:6c:66:26:30:42:80:2f:23:9f:8b:c9:ba:
                    20:d0:da:7b:9c:ad:14:ff:59:78:45:bd:54:3d:46:
                    b8:15:28:69:27:05:f0:3a:e1:03:1c:d0:4a:50:37:
                    94:df:f3:6a:b9:e6:88:5e:d0:91:dd:ad:bf:2f:b2:
                    a3:b1:bc:7b:b7:3e:3c:81:69:25:b2:f0:59:41:92:
                    72:21:ff:c9:fc:de:35:d3:a7:ce:fc:58:a2:50:1b:
                    7f:81:47:30:79:2a:e8:81:f7:c0:c3:1b:49:d0:9d:
                    e3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:49:9A:44:4E:7A:32:1C:64:C9:2A:E0:95:D7:82:A8:8C:E3:75:BE
            X509v3 Authority Key Identifier:
                keyid:97:05:46:2C:BF:C8:76:47:77:E6:DA:31:B5:95:D7:CC:BF:E3:82:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwVGLL_Idkd35toxtZXXzL_jgkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/9EmaRE56MhxkySrgldeCqIzjdb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/lwVGLL_Idkd35toxtZXXzL_jgkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.76.0/22
                IPv6:
                  2a05:ff80::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:da:3a:af:cd:34:6f:2b:73:b0:56:26:51:04:dc:81:0d:67:
         e5:55:b5:bf:f5:3b:5d:3d:14:51:9b:34:85:db:0b:2d:1d:c2:
         5a:62:b7:cf:dd:7c:e9:e5:dd:4b:eb:7e:e5:f7:6a:84:3d:fb:
         c9:17:8f:ef:ae:67:ff:52:9e:29:f9:1f:5a:9c:68:ed:91:18:
         25:1d:9a:06:ef:68:92:b2:89:fc:06:5b:21:75:bf:3e:c5:ff:
         62:e6:4b:5e:a2:e0:56:f3:02:88:da:fe:5f:7f:f9:f0:6b:1f:
         89:f3:75:20:30:2d:08:22:08:2f:b9:d9:30:b0:42:c1:6b:32:
         88:83:b0:6e:d9:25:dd:dd:08:0e:30:34:e2:73:a5:d7:3c:b2:
         3d:fa:e1:3f:91:72:3b:c4:3a:09:8b:3a:5c:b0:7d:93:b7:f0:
         4b:de:4b:aa:24:8b:07:f6:b6:d0:e4:f6:d7:84:05:04:e2:84:
         7d:e4:2c:a2:ed:bb:44:2a:e9:71:e9:44:f0:2f:07:bb:9d:d2:
         61:9d:75:35:74:f9:dd:4e:41:20:9a:6e:ec:7d:13:6e:45:3c:
         a4:2a:3d:01:10:98:36:0e:f4:af:a2:27:e5:7c:42:86:42:6c:
         b7:1e:0f:ac:78:e7:0e:f2:50:65:f2:36:13:11:9b:d5:81:c8:
         1c:dd:6e:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJ89aMXuB0XlX6CAAwnNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDU0NjJjYmZjODc2NDc3N2U2ZGEzMWI1OTVkN2NjYmZl
MzgyNDMwHhcNMjUwMTAyMTc1NDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDQ5OWE0NDRlN2EzMjFjNjRjOTJhZTA5NWQ3ODJhODhjZTM3NWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYCDEjY/hph21RJbi6PZMp3ogUm2
v+Luk+uTNxo0hfwvTwSBBwoOW70XJQq9Xe76SXDkjwqsZl2JrRpDeLGwRRRKHKTE
F70Q5fCDiN30I4BEp596MQllnt9wQhLBbTfO97AODqz62vm2CQUPx8+5G5pobSQ1
V1/nGljPI+DCM8KJQ3GN+nuOu6IF1+4LegP+VPwJqUXRzBZsZiYwQoAvI5+Lybog
0Np7nK0U/1l4Rb1UPUa4FShpJwXwOuEDHNBKUDeU3/NqueaIXtCR3a2/L7Kjsbx7
tz48gWklsvBZQZJyIf/J/N4106fO/FiiUBt/gUcweSrogffAwxtJ0J3jnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPRJmkROejIcZMkq4JXXgqiM43W+MB8GA1UdIwQY
MBaAFJcFRiy/yHZHd+baMbWV18y/44JDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdWR0xMX0lka2QzNXRveHRaWFh6TF9qZ2tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lZGNkMTItM2JlMi00NjI5LWE1NTkt
ZTcyZmJkZGI3NzQ2LzEvOUVtYVJFNTZNaHhreVNyZ2xkZUNxSXpqZGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lZGNkMTItM2JlMi00NjI5LWE1NTktZTcyZmJkZGI3NzQ2
LzEvbHdWR0xMX0lka2QzNXRveHRaWFh6TF9qZ2tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWBMMA0E
AgACMAcDBQMqBf+AMA0GCSqGSIb3DQEBCwUAA4IBAQBV2jqvzTRvK3OwViZRBNyB
DWflVbW/9TtdPRRRmzSF2wstHcJaYrfP3Xzp5d1L637l92qEPfvJF4/vrmf/Up4p
+R9anGjtkRglHZoG72iSson8Blshdb8+xf9i5kteouBW8wKI2v5ff/nwax+J83Ug
MC0IIggvudkwsELBazKIg7Bu2SXd3QgOMDTic6XXPLI9+uE/kXI7xDoJizpcsH2T
t/BL3kuqJIsH9rbQ5PbXhAUE4oR95Cyi7btEKulx6UTwLwe7ndJhnXU1dPndTkEg
mm7sfRNuRTykKj0BEJg2DvSvoiflfEKGQmy3Hg+seOcO8lBl8jYTEZvVgcgc3W6a
-----END CERTIFICATE-----