Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/fS3aIp_dstilOoZpsHs2fT3hEwI.roa
File:                     fS3aIp_dstilOoZpsHs2fT3hEwI.roa (raw, json)
Hash identifier:          ekL2u08a8PJkCPy3xwuS3H8hi/HVcBEIiMkXY+L534U=
Subject key identifier:   7D:2D:DA:22:9F:DD:B2:D8:A5:3A:86:69:B0:7B:36:7D:3D:E1:13:02
Certificate issuer:       /CN=c3037d2e7b09a0fbd108168a44874f6bd1689b60
Certificate serial:       01942521B8860B7CFE605ADDC06992014F4F
Authority key identifier: C3:03:7D:2E:7B:09:A0:FB:D1:08:16:8A:44:87:4F:6B:D1:68:9B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wwN9LnsJoPvRCBaKRIdPa9Fom2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/fS3aIp_dstilOoZpsHs2fT3hEwI.roa
Signing time:             Thu 02 Jan 2025 03:49:14 +0000
ROA not before:           Thu 02 Jan 2025 03:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24929
IP address blocks:        195.144.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/wwN9LnsJoPvRCBaKRIdPa9Fom2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/wwN9LnsJoPvRCBaKRIdPa9Fom2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wwN9LnsJoPvRCBaKRIdPa9Fom2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b8:86:0b:7c:fe:60:5a:dd:c0:69:92:01:4f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3037d2e7b09a0fbd108168a44874f6bd1689b60
        Validity
            Not Before: Jan  2 03:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d2dda229fddb2d8a53a8669b07b367d3de11302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f2:7a:7b:e1:bb:22:b2:7f:b9:ec:69:f1:fa:
                    a4:8a:6c:e8:eb:94:0e:e0:5a:66:72:f5:82:3f:c1:
                    fa:33:91:f0:39:89:93:97:9b:cd:f6:04:a7:02:6a:
                    c7:84:74:7b:c2:e5:78:74:6a:78:6a:b3:1c:f5:2f:
                    21:cc:8d:97:47:64:e2:3a:9a:8a:c7:0e:cc:0b:f5:
                    90:b7:b9:64:fb:c5:39:08:95:4d:4b:57:c2:8b:24:
                    c1:66:3a:73:57:e4:f2:01:dc:2d:30:b3:7e:41:45:
                    e5:4f:95:ec:dc:e0:7a:ea:d2:11:29:d6:aa:c6:1f:
                    f3:8e:44:75:40:c8:25:85:96:00:57:f3:cb:ca:80:
                    19:53:2c:24:a3:6f:6a:59:3c:7f:fe:02:b9:4e:5d:
                    65:23:e1:76:81:96:3f:1b:c3:ef:a3:08:58:51:57:
                    6e:59:2e:77:8e:89:4e:c2:29:76:98:f2:09:a4:99:
                    d6:71:b7:85:b3:ce:79:b7:3c:22:e0:ca:e9:4d:a5:
                    d2:dd:10:d1:fb:81:7a:7c:e7:85:a4:8b:16:2a:10:
                    9c:29:e6:09:38:f0:8b:9b:d0:55:76:52:e1:b6:e1:
                    b3:d0:14:fa:6c:2a:89:7f:a0:77:d7:e0:9f:8a:1a:
                    61:07:38:a3:97:d3:60:f5:63:9d:f5:c6:63:ce:fb:
                    5f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:2D:DA:22:9F:DD:B2:D8:A5:3A:86:69:B0:7B:36:7D:3D:E1:13:02
            X509v3 Authority Key Identifier:
                keyid:C3:03:7D:2E:7B:09:A0:FB:D1:08:16:8A:44:87:4F:6B:D1:68:9B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wwN9LnsJoPvRCBaKRIdPa9Fom2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/fS3aIp_dstilOoZpsHs2fT3hEwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/6cb72d-690a-406f-8add-80e7bbb041b2/1/wwN9LnsJoPvRCBaKRIdPa9Fom2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.144.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:79:ce:c9:cd:f0:5a:cf:e8:bf:cc:7b:1a:99:fd:0d:56:8c:
         8e:57:97:14:fd:c0:63:d3:8a:52:c4:b0:60:23:a8:d4:0a:b5:
         24:9e:67:61:16:33:4a:6e:26:79:32:0b:52:4b:d6:91:57:7e:
         e7:2d:f0:f9:e2:3a:3d:b9:60:d4:f4:3c:3e:bb:f9:ac:35:b5:
         3f:30:a3:36:90:c1:85:da:19:c6:50:0a:fa:4e:f1:83:9e:16:
         5f:f1:7e:a8:60:18:03:fe:8f:38:4a:a1:30:67:61:b3:64:1b:
         26:38:b7:13:95:58:a0:fd:9e:02:a0:4d:b4:8c:40:3c:2c:07:
         8d:13:b7:51:24:23:bb:08:14:0e:20:a0:26:49:b2:5b:06:24:
         22:c2:73:00:13:33:46:62:d7:47:1d:b2:39:54:1f:09:69:ec:
         84:cf:b9:9c:76:3b:80:98:f5:4a:82:b6:98:4f:58:64:5b:09:
         4a:d7:2c:b2:b1:9e:9f:0d:01:ab:7e:93:5b:f9:09:d4:c4:27:
         30:5c:b1:0f:4e:09:33:6d:cd:5d:b3:98:6a:10:5e:b6:af:4c:
         53:88:c0:b1:e8:f2:9a:74:52:f1:93:64:a0:89:2b:57:3a:97:
         ba:06:f3:cf:64:81:e1:4a:ce:48:dc:3e:83:c2:5c:5f:bf:bb:
         37:f1:0a:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbiGC3z+YFrdwGmSAU9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMDM3ZDJlN2IwOWEwZmJkMTA4MTY4YTQ0ODc0ZjZiZDE2
ODliNjAwHhcNMjUwMTAyMDM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDJkZGEyMjlmZGRiMmQ4YTUzYTg2NjliMDdiMzY3ZDNkZTExMzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfJ6e+G7IrJ/uexp8fqkimzo65QO
4FpmcvWCP8H6M5HwOYmTl5vN9gSnAmrHhHR7wuV4dGp4arMc9S8hzI2XR2TiOpqK
xw7MC/WQt7lk+8U5CJVNS1fCiyTBZjpzV+TyAdwtMLN+QUXlT5Xs3OB66tIRKdaq
xh/zjkR1QMglhZYAV/PLyoAZUywko29qWTx//gK5Tl1lI+F2gZY/G8PvowhYUVdu
WS53jolOwil2mPIJpJnWcbeFs855tzwi4MrpTaXS3RDR+4F6fOeFpIsWKhCcKeYJ
OPCLm9BVdlLhtuGz0BT6bCqJf6B31+CfihphBzijl9Ng9WOd9cZjzvtfxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0t2iKf3bLYpTqGabB7Nn094RMCMB8GA1UdIwQY
MBaAFMMDfS57CaD70QgWikSHT2vRaJtgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3dOOUxuc0pvUHZSQ0JhS1JJZFBhOUZvbTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS82Y2I3MmQtNjkwYS00MDZmLThhZGQt
ODBlN2JiYjA0MWIyLzEvZlMzYUlwX2RzdGlsT29acHNIczJmVDNoRXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS82Y2I3MmQtNjkwYS00MDZmLThhZGQtODBlN2JiYjA0MWIy
LzEvd3dOOUxuc0pvUHZSQ0JhS1JJZFBhOUZvbTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5AJMA0G
CSqGSIb3DQEBCwUAA4IBAQBSec7JzfBaz+i/zHsamf0NVoyOV5cU/cBj04pSxLBg
I6jUCrUknmdhFjNKbiZ5MgtSS9aRV37nLfD54jo9uWDU9Dw+u/msNbU/MKM2kMGF
2hnGUAr6TvGDnhZf8X6oYBgD/o84SqEwZ2GzZBsmOLcTlVig/Z4CoE20jEA8LAeN
E7dRJCO7CBQOIKAmSbJbBiQiwnMAEzNGYtdHHbI5VB8JaeyEz7mcdjuAmPVKgraY
T1hkWwlK1yyysZ6fDQGrfpNb+QnUxCcwXLEPTgkzbc1ds5hqEF62r0xTiMCx6PKa
dFLxk2SgiStXOpe6BvPPZIHhSs5I3D6Dwlxfv7s38QrE
-----END CERTIFICATE-----