Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/51a4a3-7304-4613-8a80-ca3b1cac69c7/1/g9a2AgSYQsELLiSB_-OegEcbQ9I.roa
File:                     g9a2AgSYQsELLiSB_-OegEcbQ9I.roa (raw, json)
Hash identifier:          ImJVXRp/ldmW9cQsi6+awLuGwVI0Qm+zTXoZ5uHaLy0=
Subject key identifier:   83:D6:B6:02:04:98:42:C1:0B:2E:24:81:FF:E3:9E:80:47:1B:43:D2
Certificate issuer:       /CN=9253e214c8e5a6f41345be682f682655b1abea5b
Certificate serial:       0194228D4FF7C4D3E5EF2AEB27D5CE15212F
Authority key identifier: 92:53:E2:14:C8:E5:A6:F4:13:45:BE:68:2F:68:26:55:B1:AB:EA:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klPiFMjlpvQTRb5oL2gmVbGr6ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/51a4a3-7304-4613-8a80-ca3b1cac69c7/1/g9a2AgSYQsELLiSB_-OegEcbQ9I.roa
Signing time:             Wed 01 Jan 2025 15:47:53 +0000
ROA not before:           Wed 01 Jan 2025 15:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49223
IP address blocks:        185.39.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/51a4a3-7304-4613-8a80-ca3b1cac69c7/1/klPiFMjlpvQTRb5oL2gmVbGr6ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/51a4a3-7304-4613-8a80-ca3b1cac69c7/1/klPiFMjlpvQTRb5oL2gmVbGr6ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klPiFMjlpvQTRb5oL2gmVbGr6ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:4f:f7:c4:d3:e5:ef:2a:eb:27:d5:ce:15:21:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9253e214c8e5a6f41345be682f682655b1abea5b
        Validity
            Not Before: Jan  1 15:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83d6b602049842c10b2e2481ffe39e80471b43d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1d:8d:a2:80:b0:bb:5b:89:64:99:8b:b9:cd:
                    4f:ca:d1:8d:04:cf:9a:5b:df:20:28:59:fb:92:ed:
                    21:68:b4:d6:fa:d8:35:a4:4b:91:23:fb:e3:ba:f0:
                    8f:39:12:74:be:92:c0:d2:94:1c:72:0f:d4:50:5d:
                    75:de:5b:59:29:8f:05:22:01:cb:c2:d7:56:5b:42:
                    b0:f5:78:83:d1:c6:c2:36:93:c1:0d:6c:2a:77:e9:
                    b3:87:5d:ad:4b:1d:3d:11:90:81:bf:42:4f:11:a4:
                    c0:15:b3:fe:ae:89:d0:bb:60:4b:b2:0d:3a:69:d6:
                    65:92:bf:73:54:0a:4a:c5:f3:66:b0:c9:bf:61:4a:
                    be:a5:0e:66:dc:c3:ee:4d:d8:08:34:0b:83:0f:37:
                    73:a5:e7:01:5f:9f:99:e9:67:39:64:d7:bf:e3:4a:
                    27:e1:83:29:c1:37:ad:f6:c9:45:09:66:c8:26:44:
                    99:de:44:84:dc:2b:e0:c2:08:76:de:6b:a6:1f:6e:
                    6c:af:fb:20:43:11:aa:40:89:5f:92:4b:c8:0d:12:
                    a3:bb:42:8b:86:34:f5:1a:0f:a1:9e:2b:e1:11:b8:
                    66:61:b1:37:0c:79:a2:85:ec:70:1c:e8:fb:68:4d:
                    37:69:94:dc:bc:d7:13:49:eb:70:cb:10:9a:b4:f7:
                    e2:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D6:B6:02:04:98:42:C1:0B:2E:24:81:FF:E3:9E:80:47:1B:43:D2
            X509v3 Authority Key Identifier:
                keyid:92:53:E2:14:C8:E5:A6:F4:13:45:BE:68:2F:68:26:55:B1:AB:EA:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klPiFMjlpvQTRb5oL2gmVbGr6ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/51a4a3-7304-4613-8a80-ca3b1cac69c7/1/g9a2AgSYQsELLiSB_-OegEcbQ9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/51a4a3-7304-4613-8a80-ca3b1cac69c7/1/klPiFMjlpvQTRb5oL2gmVbGr6ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:ff:69:8a:37:df:e1:30:81:c2:00:a9:48:de:86:42:c4:ee:
         5a:e8:74:97:98:ac:f7:20:ab:0d:01:c0:3d:a3:85:80:20:15:
         4d:96:07:91:a5:91:e7:ff:91:ec:f9:33:7d:3c:79:ff:0b:e6:
         82:29:a6:92:9d:df:76:5c:99:f5:64:f9:d7:a7:47:ab:97:13:
         60:b4:05:17:b0:48:24:b1:b7:9a:b1:30:56:76:b7:b4:d8:d9:
         7a:7e:10:03:92:78:9e:f1:c3:08:17:73:49:ff:6d:58:8d:2b:
         f8:d9:59:44:03:3d:44:f6:38:d2:1e:fd:cd:d1:b6:36:df:06:
         bb:f2:92:ea:31:7a:35:6f:80:ce:bb:35:c9:a4:8c:a8:a3:a4:
         cf:5c:0c:58:8f:bf:bb:27:7e:a3:21:ad:d5:71:71:09:e5:4d:
         f6:56:bb:ea:5f:32:8e:d9:29:b2:6d:55:d2:2f:3c:e0:04:8c:
         8a:28:92:b8:a8:1d:d4:82:b2:02:10:e9:a8:c6:c5:cd:3e:6f:
         84:90:57:0f:d2:1f:5a:06:73:db:e2:91:15:84:28:86:0a:c7:
         7c:c9:79:c8:ea:85:4b:55:7a:db:a1:60:2d:d0:32:fa:83:b0:
         81:cd:9a:1c:6e:80:bb:79:ef:3e:11:d7:7d:fc:31:d6:a7:a5:
         83:1c:de:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijU/3xNPl7yrrJ9XOFSEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTNlMjE0YzhlNWE2ZjQxMzQ1YmU2ODJmNjgyNjU1YjFh
YmVhNWIwHhcNMjUwMTAxMTU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q2YjYwMjA0OTg0MmMxMGIyZTI0ODFmZmUzOWU4MDQ3MWI0M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx2NooCwu1uJZJmLuc1PytGNBM+a
W98gKFn7ku0haLTW+tg1pEuRI/vjuvCPORJ0vpLA0pQccg/UUF113ltZKY8FIgHL
wtdWW0Kw9XiD0cbCNpPBDWwqd+mzh12tSx09EZCBv0JPEaTAFbP+ronQu2BLsg06
adZlkr9zVApKxfNmsMm/YUq+pQ5m3MPuTdgINAuDDzdzpecBX5+Z6Wc5ZNe/40on
4YMpwTet9slFCWbIJkSZ3kSE3Cvgwgh23mumH25sr/sgQxGqQIlfkkvIDRKju0KL
hjT1Gg+hnivhEbhmYbE3DHmihexwHOj7aE03aZTcvNcTSetwyxCatPfiTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPWtgIEmELBCy4kgf/jnoBHG0PSMB8GA1UdIwQY
MBaAFJJT4hTI5ab0E0W+aC9oJlWxq+pbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xQaUZNamxwdlFUUmI1b0wyZ21WYkdyNmxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My81MWE0YTMtNzMwNC00NjEzLThhODAt
Y2EzYjFjYWM2OWM3LzEvZzlhMkFnU1lRc0VMTGlTQl8tT2VnRWNiUTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My81MWE0YTMtNzMwNC00NjEzLThhODAtY2EzYjFjYWM2OWM3
LzEva2xQaUZNamxwdlFUUmI1b0wyZ21WYkdyNmxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSdIMA0G
CSqGSIb3DQEBCwUAA4IBAQBg/2mKN9/hMIHCAKlI3oZCxO5a6HSXmKz3IKsNAcA9
o4WAIBVNlgeRpZHn/5Hs+TN9PHn/C+aCKaaSnd92XJn1ZPnXp0erlxNgtAUXsEgk
sbeasTBWdre02Nl6fhADknie8cMIF3NJ/21YjSv42VlEAz1E9jjSHv3N0bY23wa7
8pLqMXo1b4DOuzXJpIyoo6TPXAxYj7+7J36jIa3VcXEJ5U32VrvqXzKO2SmybVXS
LzzgBIyKKJK4qB3UgrICEOmoxsXNPm+EkFcP0h9aBnPb4pEVhCiGCsd8yXnI6oVL
VXrboWAt0DL6g7CBzZocboC7ee8+Edd9/DHWp6WDHN5v
-----END CERTIFICATE-----