Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f2196a-389e-4cce-8171-90ad0cadff79/1/PED9HaCWia2wrK32Un3AaSHk_N8.roa
File:                     PED9HaCWia2wrK32Un3AaSHk_N8.roa (raw, json)
Hash identifier:          KfiJSR9ZIloBoCYeloV3Ve4aBC2We63FbK6T02p4WZM=
Subject key identifier:   3C:40:FD:1D:A0:96:89:AD:B0:AC:AD:F6:52:7D:C0:69:21:E4:FC:DF
Certificate issuer:       /CN=c5f9f50ca1c34a3be610048d138af3c0753af92b
Certificate serial:       0194258F4FBF15B9EC3A343025E7AE0E23D6
Authority key identifier: C5:F9:F5:0C:A1:C3:4A:3B:E6:10:04:8D:13:8A:F3:C0:75:3A:F9:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xfn1DKHDSjvmEASNE4rzwHU6-Ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f2196a-389e-4cce-8171-90ad0cadff79/1/PED9HaCWia2wrK32Un3AaSHk_N8.roa
Signing time:             Thu 02 Jan 2025 05:48:56 +0000
ROA not before:           Thu 02 Jan 2025 05:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        128.65.164.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f2196a-389e-4cce-8171-90ad0cadff79/1/xfn1DKHDSjvmEASNE4rzwHU6-Ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f2196a-389e-4cce-8171-90ad0cadff79/1/xfn1DKHDSjvmEASNE4rzwHU6-Ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xfn1DKHDSjvmEASNE4rzwHU6-Ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:54:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4f:bf:15:b9:ec:3a:34:30:25:e7:ae:0e:23:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5f9f50ca1c34a3be610048d138af3c0753af92b
        Validity
            Not Before: Jan  2 05:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c40fd1da09689adb0acadf6527dc06921e4fcdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fa:43:0b:ae:50:d2:b6:e0:ac:96:97:59:b9:
                    3d:99:0c:15:36:3e:cd:78:21:c9:eb:0c:e7:ea:a7:
                    ae:c9:33:ec:04:d7:68:8e:2f:7d:67:cc:e1:b6:ad:
                    3f:bb:18:b9:6a:a3:e0:79:9c:6c:f4:18:0d:ca:0e:
                    5d:c8:e8:7f:60:3d:71:04:25:3d:a7:da:a5:47:61:
                    27:98:bb:e6:7c:0f:69:45:95:17:f2:48:a2:e8:b8:
                    9e:59:5e:fa:b5:f2:2f:b3:ef:db:5f:7a:f8:06:6a:
                    ef:3f:d7:49:a5:ce:22:b2:98:9e:a8:42:2b:7d:20:
                    a8:35:22:d3:8b:be:60:d4:9c:fa:52:e1:04:87:07:
                    f5:83:ee:76:0f:62:fe:b0:ac:7c:fa:32:4b:82:85:
                    cb:62:48:c6:48:69:20:17:97:66:f1:33:94:50:73:
                    ad:5c:0a:ae:3d:1b:c9:fc:2a:0b:ab:04:e2:72:90:
                    7a:7a:95:ad:c6:81:db:3a:9d:aa:0a:a5:3a:88:40:
                    c6:ea:8b:4c:5d:0c:e9:00:4c:4e:f0:b5:b2:e9:ac:
                    98:d2:00:2a:6d:1f:91:63:5b:69:35:c5:36:b6:7c:
                    e7:05:69:ee:67:1e:53:d4:47:08:c4:5c:52:05:44:
                    bc:10:5f:e6:4e:04:2e:f4:9d:0e:8b:ee:7e:e0:02:
                    59:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:40:FD:1D:A0:96:89:AD:B0:AC:AD:F6:52:7D:C0:69:21:E4:FC:DF
            X509v3 Authority Key Identifier:
                keyid:C5:F9:F5:0C:A1:C3:4A:3B:E6:10:04:8D:13:8A:F3:C0:75:3A:F9:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xfn1DKHDSjvmEASNE4rzwHU6-Ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f2196a-389e-4cce-8171-90ad0cadff79/1/PED9HaCWia2wrK32Un3AaSHk_N8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f2196a-389e-4cce-8171-90ad0cadff79/1/xfn1DKHDSjvmEASNE4rzwHU6-Ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:48:08:ad:1a:67:ee:fa:3b:1b:13:9d:7a:8d:71:09:61:d2:
         e2:23:b4:79:79:5f:43:ae:90:00:3f:8c:29:3a:50:bc:f9:1c:
         89:df:e7:8b:e0:03:ff:8a:d1:f5:94:96:5b:7f:d0:82:e3:e2:
         e1:a0:8c:2d:3f:15:9d:c7:33:42:bd:dd:52:3a:e9:a8:b1:e7:
         e1:e5:5a:86:1d:8d:e8:ea:2c:6c:71:90:26:2b:d9:fc:5e:06:
         b1:8f:c6:ed:3a:56:17:57:9a:af:d6:0a:22:0f:ef:56:91:40:
         ea:2d:71:ca:6b:31:9a:9d:9e:1c:91:20:25:d9:a7:45:76:3d:
         48:23:09:c4:3d:b1:8c:2c:16:a5:73:a0:bf:49:25:df:7e:bd:
         be:da:28:2e:59:a2:a1:38:f8:ca:95:4e:04:0a:21:8b:e1:0e:
         e2:b9:fc:76:56:03:b4:0f:5a:c4:3d:c0:9b:22:36:1a:fb:70:
         f1:23:df:3f:4c:a7:29:95:b2:c3:5a:c4:83:44:83:8d:87:55:
         97:df:ce:01:4b:50:52:ad:67:a8:f1:49:10:46:d2:f8:7b:98:
         f0:a8:1c:61:c7:4b:d0:07:ea:f8:a7:73:a0:12:f3:d8:fd:c4:
         37:a1:f9:b8:1a:86:78:7a:e3:e0:3b:76:b4:21:37:b7:85:f0:
         e2:3c:75:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj0+/FbnsOjQwJeeuDiPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZjlmNTBjYTFjMzRhM2JlNjEwMDQ4ZDEzOGFmM2MwNzUz
YWY5MmIwHhcNMjUwMTAyMDU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQwZmQxZGEwOTY4OWFkYjBhY2FkZjY1MjdkYzA2OTIxZTRmY2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfpDC65Q0rbgrJaXWbk9mQwVNj7N
eCHJ6wzn6qeuyTPsBNdoji99Z8zhtq0/uxi5aqPgeZxs9BgNyg5dyOh/YD1xBCU9
p9qlR2EnmLvmfA9pRZUX8kii6LieWV76tfIvs+/bX3r4BmrvP9dJpc4ispieqEIr
fSCoNSLTi75g1Jz6UuEEhwf1g+52D2L+sKx8+jJLgoXLYkjGSGkgF5dm8TOUUHOt
XAquPRvJ/CoLqwTicpB6epWtxoHbOp2qCqU6iEDG6otMXQzpAExO8LWy6ayY0gAq
bR+RY1tpNcU2tnznBWnuZx5T1EcIxFxSBUS8EF/mTgQu9J0Oi+5+4AJZpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxA/R2glomtsKyt9lJ9wGkh5PzfMB8GA1UdIwQY
MBaAFMX59Qyhw0o75hAEjROK88B1OvkrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGZuMURLSERTanZtRUFTTkU0cnp3SFU2LVNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mMjE5NmEtMzg5ZS00Y2NlLTgxNzEt
OTBhZDBjYWRmZjc5LzEvUEVEOUhhQ1dpYTJ3ckszMlVuM0FhU0hrX044LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mMjE5NmEtMzg5ZS00Y2NlLTgxNzEtOTBhZDBjYWRmZjc5
LzEveGZuMURLSERTanZtRUFTTkU0cnp3SFU2LVNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgEGkMA0G
CSqGSIb3DQEBCwUAA4IBAQA5SAitGmfu+jsbE516jXEJYdLiI7R5eV9DrpAAP4wp
OlC8+RyJ3+eL4AP/itH1lJZbf9CC4+LhoIwtPxWdxzNCvd1SOumosefh5VqGHY3o
6ixscZAmK9n8Xgaxj8btOlYXV5qv1goiD+9WkUDqLXHKazGanZ4ckSAl2adFdj1I
IwnEPbGMLBalc6C/SSXffr2+2iguWaKhOPjKlU4ECiGL4Q7iufx2VgO0D1rEPcCb
IjYa+3DxI98/TKcplbLDWsSDRIONh1WX384BS1BSrWeo8UkQRtL4e5jwqBxhx0vQ
B+r4p3OgEvPY/cQ3ofm4GoZ4euPgO3a0ITe3hfDiPHXi
-----END CERTIFICATE-----