Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/ss9acv__B4xuRCikM6Q1io4S-n8.roa
File:                     ss9acv__B4xuRCikM6Q1io4S-n8.roa (raw, json)
Hash identifier:          pFGlfxJ1WiZHMyxc9wr2pYkizcAW4NxGW31B+3adYmw=
Subject key identifier:   B2:CF:5A:72:FF:FF:07:8C:6E:44:28:A4:33:A4:35:8A:8E:12:FA:7F
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019420D6290CB08F710EBF08F231A54BF7C8
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/ss9acv__B4xuRCikM6Q1io4S-n8.roa
Signing time:             Wed 01 Jan 2025 07:48:13 +0000
ROA not before:           Wed 01 Jan 2025 07:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        93.177.112.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:29:0c:b0:8f:71:0e:bf:08:f2:31:a5:4b:f7:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2cf5a72ffff078c6e4428a433a4358a8e12fa7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f6:dd:92:d2:cd:6c:bc:a7:d9:ec:d5:7a:71:
                    26:c9:86:9f:e7:8c:d2:60:3e:07:3e:17:89:94:f0:
                    a4:42:97:30:e3:4d:56:de:22:55:4b:6c:01:41:b2:
                    69:c6:4a:21:02:30:d9:d7:1a:f0:b4:e5:a0:8e:91:
                    01:b9:9e:ff:ba:2c:2d:d4:82:e6:f3:3a:ac:05:cb:
                    47:7b:01:53:20:f7:fe:09:36:bb:96:bd:67:1d:ec:
                    c4:68:26:0d:f2:3a:3f:e8:6d:54:ff:81:32:d2:d0:
                    22:26:de:3a:3a:cd:28:85:28:10:42:11:d6:56:17:
                    bd:0b:a2:87:e3:7f:8d:d7:c2:79:37:de:a6:ee:88:
                    5d:ad:5b:0c:21:80:0a:5b:4f:2e:c3:e5:c3:1d:15:
                    13:42:3e:39:8a:57:af:0f:ba:53:3c:82:3e:7f:22:
                    66:c8:7b:e5:69:10:0d:1f:e3:1c:63:08:dc:a5:ce:
                    f9:35:6c:e5:12:4c:51:55:bf:d5:2f:f7:da:fe:17:
                    2f:57:dc:34:8e:f4:3e:96:6f:07:41:65:87:49:59:
                    5c:a0:c4:ff:8b:10:da:8e:16:06:2b:1d:56:de:ca:
                    26:d5:cf:fa:c3:2f:98:a5:ab:a4:54:dd:55:9a:cb:
                    27:65:6b:69:21:96:37:70:51:26:64:fe:d0:ce:65:
                    3c:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CF:5A:72:FF:FF:07:8C:6E:44:28:A4:33:A4:35:8A:8E:12:FA:7F
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/ss9acv__B4xuRCikM6Q1io4S-n8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.177.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:e9:e2:0b:a9:75:42:94:07:a3:2f:2d:8a:f4:00:77:0f:80:
         ec:c8:79:e9:be:5b:c5:c4:b0:bc:54:03:f3:34:55:8a:de:10:
         85:e4:ed:30:f5:87:32:d2:16:a3:56:af:90:a0:59:ef:6e:99:
         e0:1e:3c:df:e9:96:00:b9:d4:26:d4:a4:4e:cb:a6:cd:17:9b:
         ec:bb:36:2a:dd:83:10:d3:2f:52:74:d9:ad:69:b8:34:5b:e1:
         93:cf:af:b4:01:b0:36:79:ba:c8:8c:41:a5:b7:79:d1:ed:37:
         b8:0f:a0:0b:1a:6e:91:96:e8:5c:17:6e:3e:89:03:1b:8f:08:
         79:30:07:c0:a5:95:e7:74:f0:c8:30:82:a9:a5:56:42:2f:d9:
         5a:75:26:4a:c9:3c:bf:b4:6e:3e:7c:03:bb:a3:14:50:21:9b:
         67:4d:98:22:de:68:21:95:81:bf:aa:fc:01:d8:14:f7:c7:92:
         f9:98:a4:31:6d:b5:51:e7:14:6b:16:38:cb:ec:60:d2:2b:1f:
         89:bf:7d:fa:22:9d:d7:60:ca:bd:47:cf:f4:50:a0:e1:15:b0:
         38:14:79:d8:27:75:af:a6:c2:ef:0a:37:fd:03:cb:e3:b4:ac:
         8f:b2:89:32:25:0d:fa:a1:5d:d2:99:46:3d:ae:5c:00:3a:d7:
         f2:37:75:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ikMsI9xDr8I8jGlS/fIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNmNWE3MmZmZmYwNzhjNmU0NDI4YTQzM2E0MzU4YThlMTJmYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPbdktLNbLyn2ezVenEmyYaf54zS
YD4HPheJlPCkQpcw401W3iJVS2wBQbJpxkohAjDZ1xrwtOWgjpEBuZ7/uiwt1ILm
8zqsBctHewFTIPf+CTa7lr1nHezEaCYN8jo/6G1U/4Ey0tAiJt46Os0ohSgQQhHW
Vhe9C6KH43+N18J5N96m7ohdrVsMIYAKW08uw+XDHRUTQj45ilevD7pTPII+fyJm
yHvlaRANH+McYwjcpc75NWzlEkxRVb/VL/fa/hcvV9w0jvQ+lm8HQWWHSVlcoMT/
ixDajhYGKx1W3som1c/6wy+YpaukVN1VmssnZWtpIZY3cFEmZP7QzmU8bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLPWnL//weMbkQopDOkNYqOEvp/MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvc3M5YWN2X19CNHh1UkNpa002UTFpbzRTLW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXbFwMA0G
CSqGSIb3DQEBCwUAA4IBAQCm6eILqXVClAejLy2K9AB3D4DsyHnpvlvFxLC8VAPz
NFWK3hCF5O0w9Ycy0hajVq+QoFnvbpngHjzf6ZYAudQm1KROy6bNF5vsuzYq3YMQ
0y9SdNmtabg0W+GTz6+0AbA2ebrIjEGlt3nR7Te4D6ALGm6RluhcF24+iQMbjwh5
MAfApZXndPDIMIKppVZCL9ladSZKyTy/tG4+fAO7oxRQIZtnTZgi3mghlYG/qvwB
2BT3x5L5mKQxbbVR5xRrFjjL7GDSKx+Jv336Ip3XYMq9R8/0UKDhFbA4FHnYJ3Wv
psLvCjf9A8vjtKyPsokyJQ36oV3SmUY9rlwAOtfyN3Vx
-----END CERTIFICATE-----