Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/C9YabYyYTwF76KS0OdJKS7svqe8.roa
File:                     C9YabYyYTwF76KS0OdJKS7svqe8.roa (raw, json)
Hash identifier:          OaSH1c1TCgLCLOEvTQ5fN3rE7i93/Zx2eO7IyYukR98=
Subject key identifier:   0B:D6:1A:6D:8C:98:4F:01:7B:E8:A4:B4:39:D2:4A:4B:BB:2F:A9:EF
Certificate issuer:       /CN=0e98226cdcf741dcc8a42a659a8b3de2198188f9
Certificate serial:       0194228D0AEE2E1CAD89F8736A8D67674428
Authority key identifier: 0E:98:22:6C:DC:F7:41:DC:C8:A4:2A:65:9A:8B:3D:E2:19:81:88:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpgibNz3QdzIpCplmos94hmBiPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/C9YabYyYTwF76KS0OdJKS7svqe8.roa
Signing time:             Wed 01 Jan 2025 15:47:36 +0000
ROA not before:           Wed 01 Jan 2025 15:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197091
IP address blocks:        195.43.72.0/23 maxlen: 23
                          195.43.72.0/24 maxlen: 24
                          195.43.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/DpgibNz3QdzIpCplmos94hmBiPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/DpgibNz3QdzIpCplmos94hmBiPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpgibNz3QdzIpCplmos94hmBiPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:0a:ee:2e:1c:ad:89:f8:73:6a:8d:67:67:44:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e98226cdcf741dcc8a42a659a8b3de2198188f9
        Validity
            Not Before: Jan  1 15:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bd61a6d8c984f017be8a4b439d24a4bbb2fa9ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:dd:6d:d3:6f:e4:bc:4a:19:98:c6:55:79:82:
                    d7:8b:5e:fc:6a:57:5d:23:46:13:c3:12:f6:db:bb:
                    77:d9:8a:1d:30:fb:3b:a7:d2:6a:4e:a8:58:55:91:
                    54:da:c3:12:37:75:bd:cf:f1:24:1b:fe:3f:6d:8b:
                    96:2a:f9:17:db:86:be:bf:c4:e5:72:e5:92:c4:d2:
                    57:9e:9d:79:d1:61:eb:f9:b8:27:04:58:3d:97:07:
                    70:77:2d:34:2b:ec:8f:72:9e:f7:7a:e3:79:8a:ff:
                    3d:09:fa:26:d7:1c:bc:fc:35:d5:4c:35:58:50:2c:
                    81:95:00:c7:47:be:df:69:5b:85:af:fe:ee:ee:8f:
                    0f:d1:c5:76:9e:84:b9:79:55:a9:87:ac:95:96:df:
                    1b:8c:40:7e:e4:2b:00:69:ba:82:17:8a:a3:d7:fc:
                    c9:a2:5f:74:a4:c8:54:62:34:f1:9c:40:8e:6b:2a:
                    a3:2b:16:b5:ce:81:c2:3a:32:c8:67:ad:5d:1f:4c:
                    d5:36:62:b8:18:18:81:e4:3c:66:33:d3:96:5d:c4:
                    f8:4f:18:40:55:e0:f6:4a:1d:36:eb:bd:3a:e2:37:
                    8d:dd:4d:74:01:e1:f0:68:89:dd:98:9a:a9:f8:51:
                    1c:6d:c8:4e:cc:9a:8f:ca:e6:74:d1:eb:57:61:b2:
                    3a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D6:1A:6D:8C:98:4F:01:7B:E8:A4:B4:39:D2:4A:4B:BB:2F:A9:EF
            X509v3 Authority Key Identifier:
                keyid:0E:98:22:6C:DC:F7:41:DC:C8:A4:2A:65:9A:8B:3D:E2:19:81:88:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpgibNz3QdzIpCplmos94hmBiPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/C9YabYyYTwF76KS0OdJKS7svqe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/79024d-5b45-4ef4-b528-e9c7b5506e55/1/DpgibNz3QdzIpCplmos94hmBiPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:60:66:93:c4:0a:df:1a:60:80:88:e8:86:d9:b2:d2:f9:0b:
         67:ae:22:a2:c2:b8:01:06:73:6b:20:eb:07:00:56:cf:b0:bb:
         98:c2:0c:88:f2:8f:02:2e:0d:35:64:71:1b:80:b0:33:23:fb:
         bd:f5:c9:2a:ed:b4:52:14:62:b1:ba:92:82:50:6b:bd:47:8f:
         44:88:4f:28:be:eb:e7:61:93:ff:a3:53:db:29:50:29:36:2e:
         2d:bc:70:06:03:4a:3e:2c:ca:16:9d:f1:de:cf:ec:6b:a9:86:
         1b:69:65:dc:a7:a1:0b:34:b7:34:ce:2d:76:75:50:c5:a9:27:
         a9:c5:98:22:27:56:28:bb:de:4c:35:7a:90:38:b6:4c:02:6d:
         5b:43:2e:8e:1e:91:f3:b8:74:93:1e:ec:b9:1a:7e:c6:13:fe:
         1d:93:fb:8f:6e:31:43:d4:e6:76:4e:96:96:df:5d:58:2f:00:
         05:b7:08:9f:d9:20:b1:5d:ad:b9:13:54:63:95:ab:42:d5:58:
         2b:d8:b9:a5:52:fd:65:aa:99:b6:54:e5:69:12:00:cf:e9:02:
         74:19:47:66:7b:09:51:37:b4:13:06:71:46:b4:7c:df:bc:1f:
         40:03:7a:d6:f1:5f:5a:18:b4:98:87:f4:06:c5:25:f4:44:72:
         a6:f6:55:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijQruLhytifhzao1nZ0QoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTgyMjZjZGNmNzQxZGNjOGE0MmE2NTlhOGIzZGUyMTk4
MTg4ZjkwHhcNMjUwMTAxMTU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQ2MWE2ZDhjOTg0ZjAxN2JlOGE0YjQzOWQyNGE0YmJiMmZhOWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd1t02/kvEoZmMZVeYLXi178aldd
I0YTwxL227t32YodMPs7p9JqTqhYVZFU2sMSN3W9z/EkG/4/bYuWKvkX24a+v8Tl
cuWSxNJXnp150WHr+bgnBFg9lwdwdy00K+yPcp73euN5iv89Cfom1xy8/DXVTDVY
UCyBlQDHR77faVuFr/7u7o8P0cV2noS5eVWph6yVlt8bjEB+5CsAabqCF4qj1/zJ
ol90pMhUYjTxnECOayqjKxa1zoHCOjLIZ61dH0zVNmK4GBiB5DxmM9OWXcT4TxhA
VeD2Sh0267064jeN3U10AeHwaIndmJqp+FEcbchOzJqPyuZ00etXYbI6LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvWGm2MmE8Be+iktDnSSku7L6nvMB8GA1UdIwQY
MBaAFA6YImzc90HcyKQqZZqLPeIZgYj5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBnaWJOejNRZHpJcENwbG1vczk0aG1CaVBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS83OTAyNGQtNWI0NS00ZWY0LWI1Mjgt
ZTljN2I1NTA2ZTU1LzEvQzlZYWJZeVlUd0Y3NktTME9kSktTN3N2cWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS83OTAyNGQtNWI0NS00ZWY0LWI1MjgtZTljN2I1NTA2ZTU1
LzEvRHBnaWJOejNRZHpJcENwbG1vczk0aG1CaVBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwytIMA0G
CSqGSIb3DQEBCwUAA4IBAQA9YGaTxArfGmCAiOiG2bLS+QtnriKiwrgBBnNrIOsH
AFbPsLuYwgyI8o8CLg01ZHEbgLAzI/u99ckq7bRSFGKxupKCUGu9R49EiE8ovuvn
YZP/o1PbKVApNi4tvHAGA0o+LMoWnfHez+xrqYYbaWXcp6ELNLc0zi12dVDFqSep
xZgiJ1You95MNXqQOLZMAm1bQy6OHpHzuHSTHuy5Gn7GE/4dk/uPbjFD1OZ2TpaW
311YLwAFtwif2SCxXa25E1RjlatC1Vgr2LmlUv1lqpm2VOVpEgDP6QJ0GUdmewlR
N7QTBnFGtHzfvB9AA3rW8V9aGLSYh/QGxSX0RHKm9lXg
-----END CERTIFICATE-----