Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/dabacb-e6f5-4065-86b6-8e0d83c5edfe/1/C9Uc2-MMZLc56ntn-MTlSYOC9E8.roa
File:                     C9Uc2-MMZLc56ntn-MTlSYOC9E8.roa (raw, json)
Hash identifier:          7Vks3Vs+iWpgcZieiS4e05rACvsjBFcyY3uhYDWshE0=
Subject key identifier:   0B:D5:1C:DB:E3:0C:64:B7:39:EA:7B:67:F8:C4:E5:49:83:82:F4:4F
Certificate issuer:       /CN=aa21104b4f772224d11856a24edf9466a844d26c
Certificate serial:       01941FFA876B44FBB73E898C409FCCD7589C
Authority key identifier: AA:21:10:4B:4F:77:22:24:D1:18:56:A2:4E:DF:94:66:A8:44:D2:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qiEQS093IiTRGFaiTt-UZqhE0mw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/dabacb-e6f5-4065-86b6-8e0d83c5edfe/1/C9Uc2-MMZLc56ntn-MTlSYOC9E8.roa
Signing time:             Wed 01 Jan 2025 03:48:19 +0000
ROA not before:           Wed 01 Jan 2025 03:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43268
IP address blocks:        194.62.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/dabacb-e6f5-4065-86b6-8e0d83c5edfe/1/qiEQS093IiTRGFaiTt-UZqhE0mw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/dabacb-e6f5-4065-86b6-8e0d83c5edfe/1/qiEQS093IiTRGFaiTt-UZqhE0mw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qiEQS093IiTRGFaiTt-UZqhE0mw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:87:6b:44:fb:b7:3e:89:8c:40:9f:cc:d7:58:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa21104b4f772224d11856a24edf9466a844d26c
        Validity
            Not Before: Jan  1 03:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bd51cdbe30c64b739ea7b67f8c4e5498382f44f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e4:90:5c:b9:44:1c:ee:8b:1c:ff:52:96:63:
                    88:dd:97:27:27:db:a2:55:cf:33:15:c9:a3:0d:43:
                    38:92:7a:55:02:ff:cb:f9:ed:c5:9d:da:10:e9:90:
                    fc:94:95:bd:95:75:dc:26:0f:9e:fe:17:3c:78:a7:
                    d1:cc:19:5b:e8:d7:0a:71:50:6e:d6:80:61:90:38:
                    cd:f3:d5:57:8b:2c:0c:30:e0:c8:8b:b2:8f:41:92:
                    28:89:b4:db:52:89:6c:65:cf:5a:ef:ab:18:8f:06:
                    1d:3b:64:dc:7e:56:69:7d:2f:07:8f:e1:44:14:bf:
                    0c:e8:34:58:cc:8b:1e:41:00:9f:3b:87:cb:45:ee:
                    a0:24:a3:21:0a:df:19:fc:a1:f6:89:56:64:88:a9:
                    35:95:7c:5a:b5:96:c5:08:80:87:20:76:2a:fb:84:
                    25:8f:48:cf:67:c8:3f:75:a3:2b:a1:f2:e7:be:f6:
                    b5:0a:76:b6:9d:ef:4f:16:54:b7:91:ef:90:b8:65:
                    63:db:f1:7e:23:c9:9b:a1:2a:0f:0c:1c:1a:3c:10:
                    80:fe:d7:c8:90:26:0c:1f:7c:6e:4e:6e:3f:91:7e:
                    d3:60:4e:58:10:e6:aa:6b:9c:8d:26:31:7a:39:86:
                    cf:b6:47:2a:06:4f:5c:23:ec:64:0f:97:c4:0c:d9:
                    2d:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:D5:1C:DB:E3:0C:64:B7:39:EA:7B:67:F8:C4:E5:49:83:82:F4:4F
            X509v3 Authority Key Identifier:
                keyid:AA:21:10:4B:4F:77:22:24:D1:18:56:A2:4E:DF:94:66:A8:44:D2:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qiEQS093IiTRGFaiTt-UZqhE0mw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/dabacb-e6f5-4065-86b6-8e0d83c5edfe/1/C9Uc2-MMZLc56ntn-MTlSYOC9E8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/dabacb-e6f5-4065-86b6-8e0d83c5edfe/1/qiEQS093IiTRGFaiTt-UZqhE0mw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:18:3c:da:a1:b1:84:88:e8:86:d4:14:6d:5a:4a:0b:24:04:
         7f:c3:00:13:0b:39:af:0f:a9:f6:b7:8f:d2:33:49:4d:46:2c:
         e3:93:02:1f:04:e4:ad:8f:2a:3d:a9:67:d4:33:d7:ba:60:b7:
         54:9c:b4:5d:14:f2:4a:9e:3c:36:6c:00:5d:75:fd:a9:55:62:
         3e:ac:47:81:a0:21:40:a2:3b:80:2b:6e:4d:ae:47:13:78:dd:
         8d:dc:2c:00:7b:31:67:08:ef:32:0b:79:29:4d:16:90:22:de:
         af:4b:68:5c:d8:87:ac:a0:30:b3:a1:77:e6:d8:2a:d3:a7:05:
         29:0f:64:10:f7:36:6a:65:a9:7d:41:01:0d:c8:11:45:b6:6d:
         7b:8d:a6:2c:bf:e9:c0:17:86:18:52:1f:ac:a0:3e:41:ad:45:
         ec:96:f6:73:f9:09:29:a3:12:1f:53:df:df:9c:82:86:17:f5:
         bb:31:d2:b8:b8:cc:86:73:c8:d4:c5:e0:50:34:78:19:4b:51:
         b5:c7:97:2f:f7:d1:2d:7e:c7:81:4f:bc:d5:bb:19:82:76:38:
         3e:7e:3b:22:67:30:c9:54:fb:21:2a:5d:61:6e:c8:87:1f:dc:
         f0:e3:39:33:e5:8e:b3:33:92:23:f3:51:35:b1:9a:ec:ff:85:
         85:31:88:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+odrRPu3PomMQJ/M11icMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMjExMDRiNGY3NzIyMjRkMTE4NTZhMjRlZGY5NDY2YTg0
NGQyNmMwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmQ1MWNkYmUzMGM2NGI3MzllYTdiNjdmOGM0ZTU0OTgzODJmNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eSQXLlEHO6LHP9SlmOI3ZcnJ9ui
Vc8zFcmjDUM4knpVAv/L+e3FndoQ6ZD8lJW9lXXcJg+e/hc8eKfRzBlb6NcKcVBu
1oBhkDjN89VXiywMMODIi7KPQZIoibTbUolsZc9a76sYjwYdO2TcflZpfS8Hj+FE
FL8M6DRYzIseQQCfO4fLRe6gJKMhCt8Z/KH2iVZkiKk1lXxatZbFCICHIHYq+4Ql
j0jPZ8g/daMrofLnvva1Cna2ne9PFlS3ke+QuGVj2/F+I8mboSoPDBwaPBCA/tfI
kCYMH3xuTm4/kX7TYE5YEOaqa5yNJjF6OYbPtkcqBk9cI+xkD5fEDNktywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvVHNvjDGS3Oep7Z/jE5UmDgvRPMB8GA1UdIwQY
MBaAFKohEEtPdyIk0RhWok7flGaoRNJsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlFUVMwOTNJaVRSR0ZhaVR0LVVacWhFMG13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kYWJhY2ItZTZmNS00MDY1LTg2YjYt
OGUwZDgzYzVlZGZlLzEvQzlVYzItTU1aTGM1Nm50bi1NVGxTWU9DOUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kYWJhY2ItZTZmNS00MDY1LTg2YjYtOGUwZDgzYzVlZGZl
LzEvcWlFUVMwOTNJaVRSR0ZhaVR0LVVacWhFMG13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwj5sMA0G
CSqGSIb3DQEBCwUAA4IBAQBkGDzaobGEiOiG1BRtWkoLJAR/wwATCzmvD6n2t4/S
M0lNRizjkwIfBOStjyo9qWfUM9e6YLdUnLRdFPJKnjw2bABddf2pVWI+rEeBoCFA
ojuAK25NrkcTeN2N3CwAezFnCO8yC3kpTRaQIt6vS2hc2IesoDCzoXfm2CrTpwUp
D2QQ9zZqZal9QQENyBFFtm17jaYsv+nAF4YYUh+soD5BrUXslvZz+QkpoxIfU9/f
nIKGF/W7MdK4uMyGc8jUxeBQNHgZS1G1x5cv99EtfseBT7zVuxmCdjg+fjsiZzDJ
VPshKl1hbsiHH9zw4zkz5Y6zM5Ij81E1sZrs/4WFMYjb
-----END CERTIFICATE-----