Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/lLapjcdu9pW40ntTmus4mLCMMao.roa
File:                     lLapjcdu9pW40ntTmus4mLCMMao.roa (raw, json)
Hash identifier:          MG8R+EP074Ya4+jL+dMKnWgExZH+J/kJfQaN+eeMgg4=
Subject key identifier:   94:B6:A9:8D:C7:6E:F6:95:B8:D2:7B:53:9A:EB:38:98:B0:8C:31:AA
Certificate issuer:       /CN=d38579e4c7da01df0465186236e9af27eb7312ed
Certificate serial:       0196E7ECFD7FE0AF9F7773390F1E228F37BB
Authority key identifier: D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/lLapjcdu9pW40ntTmus4mLCMMao.roa
Signing time:             Mon 19 May 2025 09:43:10 +0000
ROA not before:           Mon 19 May 2025 09:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207475
IP address blocks:        194.9.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:ec:fd:7f:e0:af:9f:77:73:39:0f:1e:22:8f:37:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38579e4c7da01df0465186236e9af27eb7312ed
        Validity
            Not Before: May 19 09:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94b6a98dc76ef695b8d27b539aeb3898b08c31aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a4:66:28:72:a3:60:7b:31:1e:c3:03:7c:44:
                    78:f5:28:92:14:47:7e:01:6f:c2:17:60:23:f4:9a:
                    a8:bc:6d:e0:8f:cf:7e:af:b3:26:38:81:d4:fb:86:
                    c3:83:13:ba:57:68:45:c1:9e:2a:a3:0c:f3:c2:02:
                    35:2e:74:3f:65:4c:8e:ee:3d:1a:32:1e:7c:9c:9a:
                    06:4d:7b:7a:bf:c1:6b:bf:88:89:75:53:44:0c:99:
                    a1:f7:73:c9:c3:29:a3:54:4f:86:74:62:2f:0e:cd:
                    a7:cb:da:f0:b6:4f:09:71:3e:5f:7a:76:62:29:e0:
                    8a:ef:6d:55:00:45:35:a2:57:aa:25:7a:88:53:3d:
                    60:33:2c:8a:26:fb:61:78:b2:80:68:e3:5d:10:21:
                    ea:ad:8b:94:91:5e:b7:97:50:30:26:f9:f1:11:f0:
                    e6:01:47:ea:eb:20:d6:51:c9:6e:6a:72:dd:03:34:
                    01:ae:67:f1:4d:a2:ac:07:13:d3:d8:08:49:d7:33:
                    0d:61:d5:86:b2:18:6a:66:22:26:bc:da:35:69:b3:
                    ec:d8:0f:8c:d9:35:d6:5a:72:5c:3b:e5:2e:27:81:
                    ae:d9:73:54:22:e6:7a:e9:0d:7e:1a:1a:b5:4e:96:
                    a0:e5:9c:d7:a9:56:56:8e:c4:a2:24:ee:df:e3:6e:
                    ed:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B6:A9:8D:C7:6E:F6:95:B8:D2:7B:53:9A:EB:38:98:B0:8C:31:AA
            X509v3 Authority Key Identifier:
                keyid:D3:85:79:E4:C7:DA:01:DF:04:65:18:62:36:E9:AF:27:EB:73:12:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04V55MfaAd8EZRhiNumvJ-tzEu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/lLapjcdu9pW40ntTmus4mLCMMao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/94622d-c26d-4376-b059-bd405419b00d/1/04V55MfaAd8EZRhiNumvJ-tzEu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.9.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:38:94:dd:64:e8:8c:23:b0:02:c5:39:85:fd:79:e5:8b:39:
         ea:89:75:cd:69:5e:f4:4d:f8:77:b8:40:7b:d5:5a:2d:d1:c1:
         09:01:f8:1b:90:44:ea:f3:c7:a0:75:72:b7:98:d5:f2:8c:de:
         b2:24:62:12:d2:09:6e:bd:2c:25:11:3e:a7:14:12:d3:22:95:
         38:67:5e:72:84:b1:aa:de:31:b5:d8:2d:ed:cc:3d:c3:89:1c:
         be:a7:9c:57:52:98:96:fa:27:9e:6e:71:42:bb:65:b0:63:a9:
         a3:21:38:3b:77:18:86:28:83:b6:8f:b4:cb:d5:b3:d8:0e:40:
         2a:d0:d8:1b:02:aa:65:55:1d:01:35:11:41:f7:67:e4:3a:27:
         c7:da:e4:eb:39:68:ad:e6:24:fa:18:a4:9a:7d:1d:26:83:d2:
         35:82:a6:ee:2d:10:b9:9a:36:db:20:c1:9b:2f:c7:58:ae:ef:
         74:01:7d:22:3a:d2:cf:83:4e:8a:27:e8:e4:dd:61:ea:ce:5b:
         bb:b8:fc:cd:cb:6a:2a:96:b9:42:45:46:01:7b:98:c7:f8:79:
         84:da:91:43:37:ef:04:19:64:75:90:83:22:40:6f:24:02:4d:
         f5:33:79:e3:62:dc:21:3b:72:e0:c6:f3:de:6e:34:4d:29:ff:
         05:07:0b:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbn7P1/4K+fd3M5Dx4ijze7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzODU3OWU0YzdkYTAxZGYwNDY1MTg2MjM2ZTlhZjI3ZWI3
MzEyZWQwHhcNMjUwNTE5MDk0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGI2YTk4ZGM3NmVmNjk1YjhkMjdiNTM5YWViMzg5OGIwOGMzMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6RmKHKjYHsxHsMDfER49SiSFEd+
AW/CF2Aj9JqovG3gj89+r7MmOIHU+4bDgxO6V2hFwZ4qowzzwgI1LnQ/ZUyO7j0a
Mh58nJoGTXt6v8Frv4iJdVNEDJmh93PJwymjVE+GdGIvDs2ny9rwtk8JcT5fenZi
KeCK721VAEU1oleqJXqIUz1gMyyKJvtheLKAaONdECHqrYuUkV63l1AwJvnxEfDm
AUfq6yDWUcluanLdAzQBrmfxTaKsBxPT2AhJ1zMNYdWGshhqZiImvNo1abPs2A+M
2TXWWnJcO+UuJ4Gu2XNUIuZ66Q1+Ghq1Tpag5ZzXqVZWjsSiJO7f427tywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJS2qY3HbvaVuNJ7U5rrOJiwjDGqMB8GA1UdIwQY
MBaAFNOFeeTH2gHfBGUYYjbpryfrcxLtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTkt
YmQ0MDU0MTliMDBkLzEvbExhcGpjZHU5cFc0MG50VG11czRtTENNTWFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC85NDYyMmQtYzI2ZC00Mzc2LWIwNTktYmQ0MDU0MTliMDBk
LzEvMDRWNTVNZmFBZDhFWlJoaU51bXZKLXR6RXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwglGMA0G
CSqGSIb3DQEBCwUAA4IBAQAAOJTdZOiMI7ACxTmF/XnliznqiXXNaV70Tfh3uEB7
1Vot0cEJAfgbkETq88egdXK3mNXyjN6yJGIS0gluvSwlET6nFBLTIpU4Z15yhLGq
3jG12C3tzD3DiRy+p5xXUpiW+ieebnFCu2WwY6mjITg7dxiGKIO2j7TL1bPYDkAq
0NgbAqplVR0BNRFB92fkOifH2uTrOWit5iT6GKSafR0mg9I1gqbuLRC5mjbbIMGb
L8dYru90AX0iOtLPg06KJ+jk3WHqzlu7uPzNy2oqlrlCRUYBe5jH+HmE2pFDN+8E
GWR1kIMiQG8kAk31M3njYtwhO3LgxvPebjRNKf8FBwtB
-----END CERTIFICATE-----