Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/9fWXkacnWfLXH44Xb8HrXGzmknY.roa
File:                     9fWXkacnWfLXH44Xb8HrXGzmknY.roa (raw, json)
Hash identifier:          ueIT5017I7hv93aOprGzdVNSjT4YNhBA1fdwv5/AgdI=
Subject key identifier:   F5:F5:97:91:A7:27:59:F2:D7:1F:8E:17:6F:C1:EB:5C:6C:E6:92:76
Certificate issuer:       /CN=c98b825f36e9cc330315c940de800cbabce3397b
Certificate serial:       019427B6900EC347AD110D3E0EB2CE41BAC1
Authority key identifier: C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/9fWXkacnWfLXH44Xb8HrXGzmknY.roa
Signing time:             Thu 02 Jan 2025 15:51:03 +0000
ROA not before:           Thu 02 Jan 2025 15:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        194.11.129.0/24 maxlen: 24
                          194.11.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:90:0e:c3:47:ad:11:0d:3e:0e:b2:ce:41:ba:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98b825f36e9cc330315c940de800cbabce3397b
        Validity
            Not Before: Jan  2 15:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5f59791a72759f2d71f8e176fc1eb5c6ce69276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:92:38:3e:11:e3:05:4d:2c:e5:91:c6:f6:6b:
                    63:ea:6e:e5:9e:eb:c9:3c:a9:95:3b:64:15:9e:98:
                    89:0f:07:4c:0c:e4:eb:8c:ac:bd:f1:c0:c0:8a:9b:
                    83:4c:9f:59:9c:ea:66:1b:54:d2:bc:1e:32:e4:fd:
                    02:28:39:d2:6c:41:1b:86:37:9c:07:bc:b3:c2:2e:
                    71:88:e7:b9:41:15:1f:16:dd:02:9a:19:b1:c4:2b:
                    d6:1d:38:3d:dc:00:ba:76:74:63:ce:3e:67:47:43:
                    0c:ad:43:4b:be:ac:7d:57:cf:ad:d8:d7:7f:08:71:
                    f4:7e:8c:06:30:3b:47:16:d7:af:34:7f:c8:8f:b0:
                    48:ce:aa:5d:23:36:52:b1:55:e5:c5:fe:cd:e4:5e:
                    b2:5d:17:c8:a4:34:df:14:81:97:b8:82:5f:29:8f:
                    92:71:a1:a6:4c:43:fa:1d:41:9f:89:9b:33:6d:4e:
                    d8:2a:39:3c:af:e8:68:0e:64:91:b1:17:4e:d3:0d:
                    0c:c0:ca:50:c6:6e:6d:47:ed:a5:7e:3a:f6:a6:e3:
                    d4:04:07:39:29:82:65:cf:88:3d:99:2d:3f:d1:63:
                    63:fc:9a:50:06:8e:e2:d4:3e:84:31:de:99:3d:56:
                    60:c5:70:44:35:a8:71:7d:5f:48:48:f5:47:c7:73:
                    ca:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F5:97:91:A7:27:59:F2:D7:1F:8E:17:6F:C1:EB:5C:6C:E6:92:76
            X509v3 Authority Key Identifier:
                keyid:C9:8B:82:5F:36:E9:CC:33:03:15:C9:40:DE:80:0C:BA:BC:E3:39:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYuCXzbpzDMDFclA3oAMurzjOXs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/9fWXkacnWfLXH44Xb8HrXGzmknY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ea3614-f090-4a2b-9355-b89a511c3bbd/1/yYuCXzbpzDMDFclA3oAMurzjOXs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.129.0-194.11.130.255

    Signature Algorithm: sha256WithRSAEncryption
         40:f8:a7:3b:84:ba:fd:8d:f5:26:8a:0f:46:b4:25:dc:ef:f3:
         04:10:40:3e:86:75:50:db:4c:7a:9d:09:6c:1d:39:7e:aa:d0:
         a5:d8:b8:06:67:4c:95:b8:68:83:33:f2:38:0a:84:d1:ba:d9:
         25:9b:8f:7a:2c:2d:ad:aa:62:4e:61:4b:24:c4:1a:99:ca:3d:
         04:eb:9c:c8:be:1e:44:13:52:00:26:63:8e:d0:7f:09:40:57:
         86:06:58:92:3a:7e:3e:38:a8:0d:84:5f:be:29:11:3c:a3:96:
         a9:0a:44:ff:a0:ca:3a:f7:c6:fe:65:05:19:82:4c:6f:bb:bc:
         3c:6f:e6:66:a6:8c:94:cd:80:52:b0:1a:8c:42:7c:77:c4:c5:
         90:1c:30:c3:82:77:b7:19:c8:0a:c2:d0:3f:72:c5:43:6f:0d:
         61:c4:34:85:a1:ea:41:a3:58:1b:27:8e:c1:f7:f1:e0:1d:54:
         54:31:06:67:90:ec:34:8d:ae:57:dc:01:40:82:da:90:1d:3f:
         cd:e8:28:ca:88:59:f5:c8:1b:cb:63:2e:24:d2:72:0e:28:a2:
         4e:c5:07:0c:94:b6:2d:d5:ee:21:a5:13:56:91:08:9e:2e:d3:
         8b:65:f9:af:5f:4e:c8:27:6c:5a:a8:26:35:07:4f:db:7f:bf:
         36:00:dc:d4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQntpAOw0etEQ0+DrLOQbrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGI4MjVmMzZlOWNjMzMwMzE1Yzk0MGRlODAwY2JhYmNl
MzM5N2IwHhcNMjUwMTAyMTU1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWY1OTc5MWE3Mjc1OWYyZDcxZjhlMTc2ZmMxZWI1YzZjZTY5Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJI4PhHjBU0s5ZHG9mtj6m7lnuvJ
PKmVO2QVnpiJDwdMDOTrjKy98cDAipuDTJ9ZnOpmG1TSvB4y5P0CKDnSbEEbhjec
B7yzwi5xiOe5QRUfFt0CmhmxxCvWHTg93AC6dnRjzj5nR0MMrUNLvqx9V8+t2Nd/
CHH0fowGMDtHFtevNH/Ij7BIzqpdIzZSsVXlxf7N5F6yXRfIpDTfFIGXuIJfKY+S
caGmTEP6HUGfiZszbU7YKjk8r+hoDmSRsRdO0w0MwMpQxm5tR+2lfjr2puPUBAc5
KYJlz4g9mS0/0WNj/JpQBo7i1D6EMd6ZPVZgxXBENahxfV9ISPVHx3PK6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPX1l5GnJ1ny1x+OF2/B61xs5pJ2MB8GA1UdIwQY
MBaAFMmLgl826cwzAxXJQN6ADLq84zl7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUt
Yjg5YTUxMWMzYmJkLzEvOWZXWGthY25XZkxYSDQ0WGI4SHJYR3pta25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9lYTM2MTQtZjA5MC00YTJiLTkzNTUtYjg5YTUxMWMzYmJk
LzEveVl1Q1h6YnB6RE1ERmNsQTNvQU11cnpqT1hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCC4ED
BADCC4IwDQYJKoZIhvcNAQELBQADggEBAED4pzuEuv2N9SaKD0a0Jdzv8wQQQD6G
dVDbTHqdCWwdOX6q0KXYuAZnTJW4aIMz8jgKhNG62SWbj3osLa2qYk5hSyTEGpnK
PQTrnMi+HkQTUgAmY47QfwlAV4YGWJI6fj44qA2EX74pETyjlqkKRP+gyjr3xv5l
BRmCTG+7vDxv5mamjJTNgFKwGoxCfHfExZAcMMOCd7cZyArC0D9yxUNvDWHENIWh
6kGjWBsnjsH38eAdVFQxBmeQ7DSNrlfcAUCC2pAdP83oKMqIWfXIG8tjLiTScg4o
ok7FBwyUti3V7iGlE1aRCJ4u04tl+a9fTsgnbFqoJjUHT9t/vzYA3NQ=
-----END CERTIFICATE-----