Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/_9XCfWZ4dnLWFdUL8r6pzx7fxuk.roa
File:                     _9XCfWZ4dnLWFdUL8r6pzx7fxuk.roa (raw, json)
Hash identifier:          RsVqk6Tgp9Jx74ByznH/3eULkWs9GEe73L0uA2kVfL0=
Subject key identifier:   FF:D5:C2:7D:66:78:76:72:D6:15:D5:0B:F2:BE:A9:CF:1E:DF:C6:E9
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       0194236A5F19BF2238DDAE79E307259FFFBF
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/_9XCfWZ4dnLWFdUL8r6pzx7fxuk.roa
Signing time:             Wed 01 Jan 2025 19:49:21 +0000
ROA not before:           Wed 01 Jan 2025 19:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3917
IP address blocks:        145.26.0.0/16 maxlen: 16
                          145.26.56.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:5f:19:bf:22:38:dd:ae:79:e3:07:25:9f:ff:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  1 19:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffd5c27d66787672d615d50bf2bea9cf1edfc6e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5d:01:76:1b:78:c3:e6:c4:9e:59:15:e0:63:
                    90:76:be:f3:b7:c1:7e:27:f5:7a:ec:46:fd:d8:72:
                    74:ae:31:b6:de:0d:d3:e6:36:61:e5:42:02:80:96:
                    9d:a4:43:a7:0c:6d:28:6d:2d:cc:95:36:c0:f6:57:
                    f4:47:f2:36:20:5c:a3:22:56:f2:ee:46:c7:d8:a7:
                    02:be:d3:c5:36:0c:48:e6:ec:c1:87:24:3d:63:d9:
                    d6:09:6e:f0:d3:fc:ec:db:9a:bc:1c:c1:b9:03:48:
                    b1:38:15:a6:4e:1a:62:e5:25:38:13:e1:9c:68:0b:
                    e5:f6:69:5d:fe:8a:84:50:c7:43:3c:c7:dc:6f:93:
                    50:f9:b4:4f:5a:60:d7:0b:f9:9f:a7:47:89:64:d8:
                    56:bf:ca:0f:d7:c3:a3:cc:0c:71:ee:b6:59:08:74:
                    01:5e:9a:a8:1b:ca:32:9d:42:5c:f7:01:60:11:7b:
                    90:82:39:62:51:8e:af:96:82:18:07:b1:1b:3b:72:
                    50:08:a9:10:d3:ad:d8:58:52:d9:57:32:45:f4:a3:
                    13:8c:eb:89:4a:66:5e:18:d2:1c:08:44:93:ca:04:
                    c4:e6:6e:43:8d:fc:45:3c:c8:4c:63:5a:f4:66:2a:
                    03:6d:b0:e4:c7:93:ee:a1:72:41:73:36:13:79:13:
                    9f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:D5:C2:7D:66:78:76:72:D6:15:D5:0B:F2:BE:A9:CF:1E:DF:C6:E9
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/_9XCfWZ4dnLWFdUL8r6pzx7fxuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.26.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1d:d5:19:d9:4d:ec:e1:11:6d:45:89:32:b8:09:ee:10:9f:ba:
         82:71:69:cd:c7:2e:4e:06:30:f0:17:a0:98:a7:03:3f:c5:91:
         f8:2a:fd:d2:c0:64:48:51:18:73:da:13:7d:ec:35:df:dd:db:
         1f:6d:68:3b:c1:62:57:3d:09:4b:22:7e:96:9c:e1:31:b7:a1:
         e7:ed:02:83:15:fd:bb:d3:c1:a7:41:ee:03:f9:06:df:01:a3:
         98:dd:ad:0c:7a:1e:25:02:1a:f9:59:34:37:bc:6a:5b:98:3a:
         55:4f:e3:ff:ea:90:af:d6:ec:dd:dc:c8:50:3e:44:b8:75:00:
         28:96:e0:59:d0:99:df:ad:3a:fc:79:0a:8e:2e:4a:20:30:3b:
         c5:29:14:62:58:f2:df:12:74:6b:e2:6b:1f:8f:0d:48:49:0e:
         53:16:1a:8b:52:3e:fc:3a:5f:4e:a4:69:09:9b:ed:6e:af:db:
         fe:0e:06:65:00:51:6e:60:e5:55:5a:33:71:0c:75:ed:0f:b5:
         39:e2:31:d8:fd:25:f9:31:b6:b8:bb:68:af:30:c3:8d:82:69:
         1f:eb:42:5c:1b:64:c4:39:47:5b:12:ad:d1:77:41:18:48:c4:
         32:a0:7c:25:7e:5c:b9:d8:d5:29:20:79:c9:3c:90:1d:14:7d:
         6d:85:73:b8
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjal8ZvyI43a554wcln/+/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjUwMTAxMTk0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQ1YzI3ZDY2Nzg3NjcyZDYxNWQ1MGJmMmJlYTljZjFlZGZjNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF0Bdht4w+bEnlkV4GOQdr7zt8F+
J/V67Eb92HJ0rjG23g3T5jZh5UICgJadpEOnDG0obS3MlTbA9lf0R/I2IFyjIlby
7kbH2KcCvtPFNgxI5uzBhyQ9Y9nWCW7w0/zs25q8HMG5A0ixOBWmThpi5SU4E+Gc
aAvl9mld/oqEUMdDPMfcb5NQ+bRPWmDXC/mfp0eJZNhWv8oP18OjzAxx7rZZCHQB
XpqoG8oynUJc9wFgEXuQgjliUY6vloIYB7EbO3JQCKkQ063YWFLZVzJF9KMTjOuJ
SmZeGNIcCESTygTE5m5DjfxFPMhMY1r0ZioDbbDkx5PuoXJBczYTeROffQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFP/Vwn1meHZy1hXVC/K+qc8e38bpMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvXzlYQ2ZXWjRkbkxXRmRVTDhyNnB6eDdmeHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkRowDQYJ
KoZIhvcNAQELBQADggEBAB3VGdlN7OERbUWJMrgJ7hCfuoJxac3HLk4GMPAXoJin
Az/Fkfgq/dLAZEhRGHPaE33sNd/d2x9taDvBYlc9CUsifpac4TG3oeftAoMV/bvT
wadB7gP5Bt8Bo5jdrQx6HiUCGvlZNDe8aluYOlVP4//qkK/W7N3cyFA+RLh1ACiW
4FnQmd+tOvx5Co4uSiAwO8UpFGJY8t8SdGviax+PDUhJDlMWGotSPvw6X06kaQmb
7W6v2/4OBmUAUW5g5VVaM3EMde0PtTniMdj9Jfkxtri7aK8ww42CaR/rQlwbZMQ5
R1sSrdF3QRhIxDKgfCV+XLnY1Skgeck8kB0UfW2Fc7g=
-----END CERTIFICATE-----