Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/I9pCIyNdXwO_UmL0GiE3Cg1yOBE.roa
File:                     I9pCIyNdXwO_UmL0GiE3Cg1yOBE.roa (raw, json)
Hash identifier:          rgdmg36ZiZKltWGUWVab82/ToqNlhoJ2jQiTOIy/cAU=
Subject key identifier:   23:DA:42:23:23:5D:5F:03:BF:52:62:F4:1A:21:37:0A:0D:72:38:11
Certificate issuer:       /CN=cc159c8a1e64fc64ff666bd9219dce174373caf2
Certificate serial:       019427B40F84D49EE800BC461FCAA9856986
Authority key identifier: CC:15:9C:8A:1E:64:FC:64:FF:66:6B:D9:21:9D:CE:17:43:73:CA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/I9pCIyNdXwO_UmL0GiE3Cg1yOBE.roa
Signing time:             Thu 02 Jan 2025 15:48:19 +0000
ROA not before:           Thu 02 Jan 2025 15:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60893
IP address blocks:        195.234.156.0/24 maxlen: 24
                          195.234.159.0/24 maxlen: 24
                          195.234.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:0f:84:d4:9e:e8:00:bc:46:1f:ca:a9:85:69:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc159c8a1e64fc64ff666bd9219dce174373caf2
        Validity
            Not Before: Jan  2 15:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23da4223235d5f03bf5262f41a21370a0d723811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5d:bd:92:e5:de:ed:11:24:ee:b7:01:aa:e0:
                    5f:8a:72:74:d9:3b:04:1e:1f:8b:eb:0d:73:e5:a5:
                    55:76:18:cb:82:9f:91:76:56:c5:ac:e5:da:a0:88:
                    72:e4:a3:fa:b3:87:49:00:98:09:a3:ca:c6:6f:74:
                    72:d3:38:50:bb:fe:22:53:4e:64:1b:f1:91:aa:01:
                    f6:32:76:8b:7e:56:c1:fd:93:c3:b7:23:9f:db:d8:
                    75:14:d5:6f:62:46:3a:ae:c5:1a:21:28:30:78:4d:
                    a0:9e:29:a5:d5:ab:14:b1:11:4a:ed:cf:5b:fb:e5:
                    34:aa:8c:c5:81:51:7f:97:2f:f1:5c:ca:51:97:13:
                    7e:70:f9:ba:d7:dd:b9:a3:c9:d6:a4:c7:03:d4:80:
                    56:dd:b4:a4:90:ce:98:95:3a:aa:a3:63:33:d7:a5:
                    8c:01:cd:9c:ec:eb:da:00:96:0b:e4:bc:e8:e1:c6:
                    6e:ab:51:c1:9c:4d:e0:21:e3:72:cd:00:6a:14:4e:
                    89:0e:49:96:3e:93:74:83:e7:1b:2b:0a:80:8c:27:
                    6f:98:ea:4f:cb:3a:94:cf:f2:8d:84:56:10:1c:d0:
                    31:70:2d:f1:d1:1e:ec:7a:18:83:b7:f2:dd:22:8d:
                    be:d9:06:d1:d2:d1:5e:32:78:34:ba:4a:bb:b8:1c:
                    cc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DA:42:23:23:5D:5F:03:BF:52:62:F4:1A:21:37:0A:0D:72:38:11
            X509v3 Authority Key Identifier:
                keyid:CC:15:9C:8A:1E:64:FC:64:FF:66:6B:D9:21:9D:CE:17:43:73:CA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/I9pCIyNdXwO_UmL0GiE3Cg1yOBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3e3109-cec3-46bb-b8d6-6482041a8246/1/zBWcih5k_GT_ZmvZIZ3OF0NzyvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.234.156.0/24
                  195.234.159.0/24
                  195.234.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:22:b3:d0:f0:f9:a9:93:27:89:9f:2d:93:00:7e:16:f8:d5:
         47:8c:7c:98:03:89:b2:79:ab:99:fc:39:e5:8f:a3:9d:44:64:
         f8:bc:82:63:7c:db:fa:18:e5:ad:53:ba:67:f5:d7:3a:b5:ab:
         84:71:66:bc:02:11:95:85:0d:0f:bb:f9:72:dd:fb:05:e8:4f:
         ac:86:0e:a6:09:3e:bf:f5:b8:de:f7:69:87:34:85:5c:af:39:
         5d:36:3a:bf:c0:1f:a8:67:66:05:92:2e:e8:ac:8a:64:b1:ed:
         6b:51:85:c5:d6:e3:48:7c:8b:6c:3e:2b:44:aa:70:33:22:bc:
         a3:f6:d4:76:fa:cf:f4:74:b1:1a:ec:69:38:db:8c:c8:f1:ca:
         d5:4d:10:46:84:c4:4f:2a:d3:0c:91:71:fa:77:46:9b:3a:00:
         e0:dd:f0:42:dc:80:4e:2d:64:f0:4d:9b:2a:ab:62:8f:8b:c1:
         3a:9b:5b:88:54:b8:95:26:45:2b:27:16:5f:35:24:8d:19:71:
         e0:3f:81:5a:69:24:73:14:78:2d:46:97:52:ca:ae:31:2a:20:
         04:0f:21:1b:1c:49:26:a0:f8:95:43:c1:9b:f3:db:24:65:a4:
         e4:a4:e1:ff:4f:43:09:a2:81:e4:57:2d:d4:06:d2:41:59:e6:
         b3:2b:58:54
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntA+E1J7oALxGH8qphWmGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMTU5YzhhMWU2NGZjNjRmZjY2NmJkOTIxOWRjZTE3NDM3
M2NhZjIwHhcNMjUwMTAyMTU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2RhNDIyMzIzNWQ1ZjAzYmY1MjYyZjQxYTIxMzcwYTBkNzIzODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqF29kuXe7REk7rcBquBfinJ02TsE
Hh+L6w1z5aVVdhjLgp+RdlbFrOXaoIhy5KP6s4dJAJgJo8rGb3Ry0zhQu/4iU05k
G/GRqgH2MnaLflbB/ZPDtyOf29h1FNVvYkY6rsUaISgweE2gniml1asUsRFK7c9b
++U0qozFgVF/ly/xXMpRlxN+cPm61925o8nWpMcD1IBW3bSkkM6YlTqqo2Mz16WM
Ac2c7OvaAJYL5Lzo4cZuq1HBnE3gIeNyzQBqFE6JDkmWPpN0g+cbKwqAjCdvmOpP
yzqUz/KNhFYQHNAxcC3x0R7sehiDt/LdIo2+2QbR0tFeMng0ukq7uBzMyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCPaQiMjXV8Dv1Ji9BohNwoNcjgRMB8GA1UdIwQY
MBaAFMwVnIoeZPxk/2Zr2SGdzhdDc8ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekJXY2loNWtfR1RfWm12WklaM09GME56eXZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zZTMxMDktY2VjMy00NmJiLWI4ZDYt
NjQ4MjA0MWE4MjQ2LzEvSTlwQ0l5TmRYd09fVW1MMEdpRTNDZzF5T0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zZTMxMDktY2VjMy00NmJiLWI4ZDYtNjQ4MjA0MWE4MjQ2
LzEvekJXY2loNWtfR1RfWm12WklaM09GME56eXZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAw+qcAwQA
w+qfAwQAw+qhMA0GCSqGSIb3DQEBCwUAA4IBAQCNIrPQ8PmpkyeJny2TAH4W+NVH
jHyYA4myeauZ/Dnlj6OdRGT4vIJjfNv6GOWtU7pn9dc6tauEcWa8AhGVhQ0Pu/ly
3fsF6E+shg6mCT6/9bje92mHNIVcrzldNjq/wB+oZ2YFki7orIpkse1rUYXF1uNI
fItsPitEqnAzIryj9tR2+s/0dLEa7Gk424zI8crVTRBGhMRPKtMMkXH6d0abOgDg
3fBC3IBOLWTwTZsqq2KPi8E6m1uIVLiVJkUrJxZfNSSNGXHgP4FaaSRzFHgtRpdS
yq4xKiAEDyEbHEkmoPiVQ8Gb89skZaTkpOH/T0MJooHkVy3UBtJBWeazK1hU
-----END CERTIFICATE-----