Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/Jo7QZBDB32wXW0Iw1K7QdXNowZk.roa
File:                     Jo7QZBDB32wXW0Iw1K7QdXNowZk.roa (raw, json)
Hash identifier:          K7AhFGZtd/rNskeYTg//KKyYm9N8IOSqZd1eL/nYFI0=
Subject key identifier:   26:8E:D0:64:10:C1:DF:6C:17:5B:42:30:D4:AE:D0:75:73:68:C1:99
Certificate issuer:       /CN=a9cc44d7f1d0dc0a5abf2776495b61de4819925f
Certificate serial:       019421B1DAB04AB6296189AA8087E29AEBD8
Authority key identifier: A9:CC:44:D7:F1:D0:DC:0A:5A:BF:27:76:49:5B:61:DE:48:19:92:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/Jo7QZBDB32wXW0Iw1K7QdXNowZk.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209242
IP address blocks:        93.115.102.0/24 maxlen: 24
                          2a14:7ac0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:da:b0:4a:b6:29:61:89:aa:80:87:e2:9a:eb:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9cc44d7f1d0dc0a5abf2776495b61de4819925f
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=268ed06410c1df6c175b4230d4aed0757368c199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:09:41:0b:32:76:35:d8:00:4d:90:56:6e:63:
                    3b:fa:85:1c:d0:0e:06:95:c7:d9:09:f6:c0:51:b0:
                    91:70:fe:a6:d1:e4:dd:c8:d7:67:49:7f:41:e1:b4:
                    71:df:2c:2b:53:bc:1b:ac:90:f5:56:71:50:81:60:
                    30:9d:b7:2d:e9:80:2d:bc:ce:55:d5:87:c8:9c:f0:
                    93:12:9f:31:25:21:e4:d6:04:62:02:b3:6a:09:b5:
                    b6:47:dd:83:51:48:28:11:dc:ac:10:eb:a9:84:b4:
                    5d:73:71:67:af:6f:10:1e:71:70:18:9d:5d:24:45:
                    56:b0:c1:e2:6f:72:66:0e:3b:b6:3d:f9:80:4e:b2:
                    4c:09:23:22:8d:2d:5a:cd:48:ee:2c:81:53:b8:bd:
                    2a:ac:eb:05:ad:01:3a:35:48:8e:72:6b:11:9d:4c:
                    f1:3b:ae:70:f9:95:a6:8e:98:a7:28:d1:15:0b:4b:
                    20:94:e9:49:a4:05:52:b9:50:7f:9b:67:95:6b:f1:
                    e5:ad:ac:f9:a7:f8:8b:f1:a3:0a:cd:d3:87:4c:f9:
                    f7:7d:42:99:a5:0f:1a:b9:6a:ee:46:20:38:83:9a:
                    f5:c4:dd:98:cd:b8:e0:62:67:55:e2:f5:7d:5e:4a:
                    d3:3a:aa:7e:3f:47:32:2b:fe:d5:4f:52:4d:f9:44:
                    37:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:8E:D0:64:10:C1:DF:6C:17:5B:42:30:D4:AE:D0:75:73:68:C1:99
            X509v3 Authority Key Identifier:
                keyid:A9:CC:44:D7:F1:D0:DC:0A:5A:BF:27:76:49:5B:61:DE:48:19:92:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qcxE1_HQ3Apavyd2SVth3kgZkl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/Jo7QZBDB32wXW0Iw1K7QdXNowZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/dab867-a579-4a95-aef7-1617f38a6dfc/1/qcxE1_HQ3Apavyd2SVth3kgZkl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.115.102.0/24
                IPv6:
                  2a14:7ac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:1f:a7:2e:ce:f4:28:75:65:0f:a7:4c:bc:5b:3b:41:f7:8e:
         e2:ee:72:76:23:4b:13:72:c4:57:b1:49:33:c7:22:db:bd:e3:
         6e:11:b8:09:77:d5:35:38:9b:86:b5:34:a1:02:6f:ab:4f:07:
         76:67:50:36:16:47:f9:1a:59:2d:1d:a5:58:45:56:07:84:7c:
         e0:3b:c4:2c:f8:bc:26:c2:0f:ec:08:3b:88:24:e5:d5:90:be:
         f5:b0:21:ff:41:47:b2:1b:e9:bd:33:73:49:11:5d:60:b5:70:
         cf:84:45:eb:55:b8:6a:d0:75:ee:ef:f4:9c:b0:10:d4:6a:2c:
         f5:3b:ea:6a:b1:c2:ba:71:77:9c:96:fe:2f:25:ee:e6:12:00:
         60:6d:62:c4:5e:fe:68:fc:b9:61:f7:f3:b1:1c:46:21:81:d7:
         d2:0e:dc:db:e9:45:09:ae:cd:5b:3e:16:83:a9:0c:06:5f:fe:
         bc:5e:65:85:a4:ca:e4:6a:20:06:10:2f:fb:4a:a1:c4:8f:c3:
         84:1b:27:95:ec:b8:84:cc:65:00:86:b7:99:bf:42:6a:70:36:
         30:d5:af:df:fd:ef:e1:00:d6:3a:a4:ff:fb:ab:fd:07:d1:35:
         f8:2f:f3:91:6d:73:da:d9:8f:4c:6b:93:8e:ed:92:9e:d7:88:
         64:81:eb:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsdqwSrYpYYmqgIfimuvYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Y2M0NGQ3ZjFkMGRjMGE1YWJmMjc3NjQ5NWI2MWRlNDgx
OTkyNWYwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjhlZDA2NDEwYzFkZjZjMTc1YjQyMzBkNGFlZDA3NTczNjhjMTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQlBCzJ2NdgATZBWbmM7+oUc0A4G
lcfZCfbAUbCRcP6m0eTdyNdnSX9B4bRx3ywrU7wbrJD1VnFQgWAwnbct6YAtvM5V
1YfInPCTEp8xJSHk1gRiArNqCbW2R92DUUgoEdysEOuphLRdc3Fnr28QHnFwGJ1d
JEVWsMHib3JmDju2PfmATrJMCSMijS1azUjuLIFTuL0qrOsFrQE6NUiOcmsRnUzx
O65w+ZWmjpinKNEVC0sglOlJpAVSuVB/m2eVa/Hlraz5p/iL8aMKzdOHTPn3fUKZ
pQ8auWruRiA4g5r1xN2YzbjgYmdV4vV9XkrTOqp+P0cyK/7VT1JN+UQ3lQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCaO0GQQwd9sF1tCMNSu0HVzaMGZMB8GA1UdIwQY
MBaAFKnMRNfx0NwKWr8ndklbYd5IGZJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWN4RTFfSFEzQXBhdnlkMlNWdGgza2daa2w4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9kYWI4NjctYTU3OS00YTk1LWFlZjct
MTYxN2YzOGE2ZGZjLzEvSm83UVpCREIzMndYVzBJdzFLN1FkWE5vd1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9kYWI4NjctYTU3OS00YTk1LWFlZjctMTYxN2YzOGE2ZGZj
LzEvcWN4RTFfSFEzQXBhdnlkMlNWdGgza2daa2w4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXXNmMA8E
AgACMAkDBwAqFHrAAAAwDQYJKoZIhvcNAQELBQADggEBAAofpy7O9Ch1ZQ+nTLxb
O0H3juLucnYjSxNyxFexSTPHItu9424RuAl31TU4m4a1NKECb6tPB3ZnUDYWR/ka
WS0dpVhFVgeEfOA7xCz4vCbCD+wIO4gk5dWQvvWwIf9BR7Ib6b0zc0kRXWC1cM+E
RetVuGrQde7v9JywENRqLPU76mqxwrpxd5yW/i8l7uYSAGBtYsRe/mj8uWH387Ec
RiGB19IO3NvpRQmuzVs+FoOpDAZf/rxeZYWkyuRqIAYQL/tKocSPw4QbJ5XsuITM
ZQCGt5m/QmpwNjDVr9/97+EA1jqk//ur/QfRNfgv85Ftc9rZj0xrk47tkp7XiGSB
65o=
-----END CERTIFICATE-----