Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/pp90XH9ku5igKr_7gjm59WVXVs4.roa
File:                     pp90XH9ku5igKr_7gjm59WVXVs4.roa (raw, json)
Hash identifier:          bfssuNaaIGlZ7LKFXdiYHHy+DIw/jcyEOsfVzSQEBMQ=
Subject key identifier:   A6:9F:74:5C:7F:64:BB:98:A0:2A:BF:FB:82:39:B9:F5:65:57:56:CE
Certificate issuer:       /CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
Certificate serial:       019421B19D90FCF31BF39DBD11A76CB8C03F
Authority key identifier: 9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/pp90XH9ku5igKr_7gjm59WVXVs4.roa
Signing time:             Wed 01 Jan 2025 11:47:55 +0000
ROA not before:           Wed 01 Jan 2025 11:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8735
IP address blocks:        193.188.250.0/24 maxlen: 24
                          194.8.96.0/19 maxlen: 25
                          194.145.64.0/19 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9d:90:fc:f3:1b:f3:9d:bd:11:a7:6c:b8:c0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5de490ff874e9689cecf726cbb4e2f51f6c731
        Validity
            Not Before: Jan  1 11:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a69f745c7f64bb98a02abffb8239b9f5655756ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4d:d6:21:16:8d:81:63:ec:db:6e:1e:ed:c4:
                    55:12:88:40:4e:54:a8:83:88:a9:d1:97:cd:c8:f7:
                    43:98:68:ae:bb:f3:d7:c2:9a:6f:a2:dc:02:fe:e1:
                    54:53:4d:a4:46:43:7c:73:d0:b0:d2:f7:7b:a3:c8:
                    af:6b:62:d5:8b:a5:97:ac:3e:c9:6d:c4:c6:09:e8:
                    09:6b:1f:21:ca:67:b9:e2:28:b3:f7:ca:42:34:de:
                    b6:ce:04:a7:1f:0a:01:f9:d8:96:a7:f6:f8:ca:2a:
                    3b:1f:a7:a9:70:ad:5c:72:18:6d:da:6d:2f:26:42:
                    c8:d4:55:0b:fc:92:52:11:d5:e4:03:f8:b2:1a:1b:
                    02:6c:71:50:30:7b:8c:fa:48:a8:7e:56:3b:aa:d9:
                    cd:bf:71:0b:24:67:ed:72:51:0c:37:1e:a5:61:99:
                    2d:31:d0:d6:dc:fa:52:cb:11:fe:1a:43:9d:02:ff:
                    f7:0a:5b:1c:94:bb:ee:16:6e:e6:b0:b2:c8:bb:9c:
                    84:53:16:71:c4:44:7f:a3:b3:3c:13:f4:d8:9c:a4:
                    09:64:2e:13:66:80:e7:2a:ed:4b:78:0e:d0:3a:3f:
                    ed:de:23:02:63:b9:98:1e:f6:ca:6d:50:5b:5d:fc:
                    6b:f6:2f:a9:c8:b8:bb:73:9e:95:c3:1d:ba:f2:72:
                    34:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:9F:74:5C:7F:64:BB:98:A0:2A:BF:FB:82:39:B9:F5:65:57:56:CE
            X509v3 Authority Key Identifier:
                keyid:9D:5D:E4:90:FF:87:4E:96:89:CE:CF:72:6C:BB:4E:2F:51:F6:C7:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV3kkP-HTpaJzs9ybLtOL1H2xzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/pp90XH9ku5igKr_7gjm59WVXVs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/745bdb-104b-49c7-99d5-cec33ba1bdf5/1/nV3kkP-HTpaJzs9ybLtOL1H2xzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.250.0/24
                  194.8.96.0/19
                  194.145.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4d:ce:fd:d2:fb:5a:22:58:ee:08:30:58:73:28:3d:ed:20:c3:
         b0:6a:ef:e9:66:b8:e1:0b:3e:5d:28:7e:7e:9a:2c:db:fc:fb:
         b0:77:25:07:6a:19:87:68:c3:9f:a4:79:a7:91:f1:31:7e:1e:
         cd:a2:e2:e1:25:1d:bc:3f:28:c0:dd:53:a2:0a:4d:fd:3a:d8:
         b1:07:7a:18:47:19:bf:51:24:d3:4d:a6:9e:4a:61:ca:8c:5f:
         e1:42:07:6f:32:fb:e9:4c:48:ac:64:12:38:7f:54:23:68:64:
         20:af:82:32:2b:71:18:b0:a9:7f:39:be:c4:91:1f:d9:2c:85:
         99:78:b9:b4:f2:00:03:25:f7:80:72:ee:5e:4c:25:8f:14:35:
         9d:f4:f2:fd:58:d5:47:ec:c1:78:51:06:79:bf:33:2b:44:5c:
         1a:7a:20:1b:08:17:b1:27:5a:e2:87:8a:74:c5:fa:f0:3d:52:
         36:f3:05:95:80:ae:75:02:dd:20:89:b4:08:28:c2:5c:76:f9:
         1a:97:dc:64:e2:7d:b7:09:5b:46:c7:a0:f2:14:2d:40:99:27:
         f9:d0:cb:f5:fb:6c:cf:16:91:d6:3c:97:52:c3:26:d8:a4:20:
         04:53:eb:71:05:33:b7:1f:bf:2e:84:7f:a2:d1:c5:75:64:e1:
         fe:e3:9c:31
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsZ2Q/PMb8529EadsuMA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWRlNDkwZmY4NzRlOTY4OWNlY2Y3MjZjYmI0ZTJmNTFm
NmM3MzEwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjlmNzQ1YzdmNjRiYjk4YTAyYWJmZmI4MjM5YjlmNTY1NTc1NmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE3WIRaNgWPs224e7cRVEohATlSo
g4ip0ZfNyPdDmGiuu/PXwppvotwC/uFUU02kRkN8c9Cw0vd7o8iva2LVi6WXrD7J
bcTGCegJax8hyme54iiz98pCNN62zgSnHwoB+diWp/b4yio7H6epcK1cchht2m0v
JkLI1FUL/JJSEdXkA/iyGhsCbHFQMHuM+kioflY7qtnNv3ELJGftclEMNx6lYZkt
MdDW3PpSyxH+GkOdAv/3ClsclLvuFm7msLLIu5yEUxZxxER/o7M8E/TYnKQJZC4T
ZoDnKu1LeA7QOj/t3iMCY7mYHvbKbVBbXfxr9i+pyLi7c56Vwx268nI0ZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKafdFx/ZLuYoCq/+4I5ufVlV1bOMB8GA1UdIwQY
MBaAFJ1d5JD/h06Wic7Pcmy7Ti9R9scxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUt
Y2VjMzNiYTFiZGY1LzEvcHA5MFhIOWt1NWlnS3JfN2dqbTU5V1ZYVnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC83NDViZGItMTA0Yi00OWM3LTk5ZDUtY2VjMzNiYTFiZGY1
LzEvblYza2tQLUhUcGFKenM5eWJMdE9MMUgyeHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwbz6AwQF
wghgAwQFwpFAMA0GCSqGSIb3DQEBCwUAA4IBAQBNzv3S+1oiWO4IMFhzKD3tIMOw
au/pZrjhCz5dKH5+mizb/PuwdyUHahmHaMOfpHmnkfExfh7NouLhJR28PyjA3VOi
Ck39OtixB3oYRxm/USTTTaaeSmHKjF/hQgdvMvvpTEisZBI4f1QjaGQgr4IyK3EY
sKl/Ob7EkR/ZLIWZeLm08gADJfeAcu5eTCWPFDWd9PL9WNVH7MF4UQZ5vzMrRFwa
eiAbCBexJ1rih4p0xfrwPVI28wWVgK51At0gibQIKMJcdvkal9xk4n23CVtGx6Dy
FC1AmSf50Mv1+2zPFpHWPJdSwybYpCAEU+txBTO3H78uhH+i0cV1ZOH+45wx
-----END CERTIFICATE-----