Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/pPzBW70Fdl6hfWhEhvjV7q1aLrQ.roa
File:                     pPzBW70Fdl6hfWhEhvjV7q1aLrQ.roa (raw, json)
Hash identifier:          N5rbFHWQTtDs66Dcjz5hfiN0GgiOlxCPBewWnPlLV2c=
Subject key identifier:   A4:FC:C1:5B:BD:05:76:5E:A1:7D:68:44:86:F8:D5:EE:AD:5A:2E:B4
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0194221FFDD44FCCDE408C032F9213B25673
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/pPzBW70Fdl6hfWhEhvjV7q1aLrQ.roa
Signing time:             Wed 01 Jan 2025 13:48:29 +0000
ROA not before:           Wed 01 Jan 2025 13:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41745
IP address blocks:        92.118.169.0/24 maxlen: 24
                          92.118.170.0/24 maxlen: 24
                          185.113.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:fd:d4:4f:cc:de:40:8c:03:2f:92:13:b2:56:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  1 13:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4fcc15bbd05765ea17d684486f8d5eead5a2eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:bd:6e:af:e0:3f:5f:fa:e3:f1:6f:46:c9:bb:
                    22:59:23:b9:0e:9b:82:59:36:f6:62:cf:58:15:8a:
                    22:d3:b7:07:c5:27:07:b3:52:aa:8d:25:bd:eb:66:
                    78:57:39:9b:59:92:77:03:1b:4b:cc:8d:66:4d:9c:
                    4f:99:00:30:ed:c7:4a:63:98:f9:a8:c5:f6:69:b8:
                    c3:ec:bf:3c:24:48:2f:8d:2a:3e:df:cf:e7:25:4e:
                    b8:b5:fa:5c:06:30:c1:79:49:2d:14:61:73:67:de:
                    69:c5:67:48:85:9c:34:57:03:11:f4:ec:e5:1e:00:
                    18:df:39:4d:1d:3a:9b:f1:b8:ed:9b:40:d9:91:93:
                    c3:9b:c1:7f:06:50:b3:2d:63:fd:af:8e:73:36:b7:
                    05:74:76:b9:25:f7:c2:94:c4:5b:23:69:95:b3:3c:
                    1a:be:2e:bf:98:86:61:85:5e:88:9d:cb:d0:c4:c8:
                    ce:30:b8:4f:05:c1:32:40:97:4d:ac:81:ec:96:a6:
                    46:03:94:9b:02:a1:83:58:78:5b:aa:22:d5:ae:f2:
                    28:e8:02:8d:8f:bb:2c:e8:aa:c5:ab:fd:ad:c1:f5:
                    dd:56:28:4d:88:93:d5:e5:8d:ec:c3:ac:ca:60:d4:
                    09:6a:8a:9c:66:d7:0d:83:6b:15:f2:44:bb:6b:17:
                    5f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:FC:C1:5B:BD:05:76:5E:A1:7D:68:44:86:F8:D5:EE:AD:5A:2E:B4
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/pPzBW70Fdl6hfWhEhvjV7q1aLrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.169.0-92.118.170.255
                  185.113.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:a5:a3:57:e9:bc:da:2b:18:1d:1d:77:4b:5d:d4:3f:eb:7f:
         0c:3d:ac:56:51:c0:b2:9a:24:03:b7:f0:37:b0:53:16:b1:8f:
         0e:1a:88:93:79:9d:8d:98:09:92:47:1d:6f:c1:4a:b5:de:57:
         9b:75:7a:d1:54:e2:b7:a1:82:1e:3e:9e:c2:e4:59:ac:c3:78:
         b5:13:75:b9:df:fd:59:12:67:13:f0:b9:1b:ee:08:db:00:2d:
         a3:fd:de:f0:d9:d7:33:d4:1b:48:64:6b:df:09:38:1a:94:5a:
         d3:e1:04:7f:94:0f:32:6c:bc:5a:eb:cb:80:5e:81:99:2c:14:
         b2:da:90:d7:fe:73:87:fa:6d:9d:c5:53:c5:e4:02:52:34:ad:
         d5:bd:69:bb:45:a7:3f:da:f6:46:d1:fa:d7:f8:cc:85:10:3b:
         69:7b:ef:fe:24:58:25:f6:a7:6e:fc:c4:5f:c0:fb:74:70:72:
         25:b5:c9:a8:0c:f2:5a:ed:c4:4d:9c:15:fb:0a:c0:12:52:3c:
         16:28:64:c7:3d:60:56:de:f2:83:f0:8b:e4:5b:b0:12:ca:6a:
         0d:e0:06:78:6a:2d:2f:fb:e3:5b:f0:b1:d6:a1:93:8a:29:e5:
         e3:56:af:bd:13:d4:86:66:ed:f8:65:2c:c9:c3:a4:14:b6:d4:
         a5:6a:e8:1b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQiH/3UT8zeQIwDL5ITslZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwMTAxMTM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGZjYzE1YmJkMDU3NjVlYTE3ZDY4NDQ4NmY4ZDVlZWFkNWEyZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk71ur+A/X/rj8W9GybsiWSO5DpuC
WTb2Ys9YFYoi07cHxScHs1KqjSW962Z4VzmbWZJ3AxtLzI1mTZxPmQAw7cdKY5j5
qMX2abjD7L88JEgvjSo+38/nJU64tfpcBjDBeUktFGFzZ95pxWdIhZw0VwMR9Ozl
HgAY3zlNHTqb8bjtm0DZkZPDm8F/BlCzLWP9r45zNrcFdHa5JffClMRbI2mVszwa
vi6/mIZhhV6IncvQxMjOMLhPBcEyQJdNrIHslqZGA5SbAqGDWHhbqiLVrvIo6AKN
j7ss6KrFq/2twfXdVihNiJPV5Y3sw6zKYNQJaoqcZtcNg2sV8kS7axdfKQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKT8wVu9BXZeoX1oRIb41e6tWi60MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvcFB6Qlc3MEZkbDZoZldoRWh2alY3cTFhTHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABcdqkD
BABcdqoDBAC5cYswDQYJKoZIhvcNAQELBQADggEBAAulo1fpvNorGB0dd0td1D/r
fww9rFZRwLKaJAO38DewUxaxjw4aiJN5nY2YCZJHHW/BSrXeV5t1etFU4rehgh4+
nsLkWazDeLUTdbnf/VkSZxPwuRvuCNsALaP93vDZ1zPUG0hka98JOBqUWtPhBH+U
DzJsvFrry4BegZksFLLakNf+c4f6bZ3FU8XkAlI0rdW9abtFpz/a9kbR+tf4zIUQ
O2l77/4kWCX2p278xF/A+3RwciW1yagM8lrtxE2cFfsKwBJSPBYoZMc9YFbe8oPw
i+RbsBLKag3gBnhqLS/741vwsdahk4op5eNWr70T1IZm7fhlLMnDpBS21KVq6Bs=
-----END CERTIFICATE-----