Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/0b938f-189b-4a7d-8c36-2a3fa61c3dc5/1/cy8YEy59qiwK_Fnvfydw8wHKMzM.roa
File:                     cy8YEy59qiwK_Fnvfydw8wHKMzM.roa (raw, json)
Hash identifier:          13AgIVf/9mtLdIXYsHWwtEN18P6MQ6JEfgaLpvph65A=
Subject key identifier:   73:2F:18:13:2E:7D:AA:2C:0A:FC:59:EF:7F:27:70:F3:01:CA:33:33
Certificate issuer:       /CN=9fac2fdddabf20ea449870e1dcc0915e60148346
Certificate serial:       019421B1DBFBEB316AA2D0275C9E8BD32609
Authority key identifier: 9F:AC:2F:DD:DA:BF:20:EA:44:98:70:E1:DC:C0:91:5E:60:14:83:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n6wv3dq_IOpEmHDh3MCRXmAUg0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/0b938f-189b-4a7d-8c36-2a3fa61c3dc5/1/cy8YEy59qiwK_Fnvfydw8wHKMzM.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24634
IP address blocks:        77.246.64.0/20 maxlen: 24
                          92.242.168.0/22 maxlen: 24
                          2a0d:b340::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/0b938f-189b-4a7d-8c36-2a3fa61c3dc5/1/n6wv3dq_IOpEmHDh3MCRXmAUg0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/0b938f-189b-4a7d-8c36-2a3fa61c3dc5/1/n6wv3dq_IOpEmHDh3MCRXmAUg0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n6wv3dq_IOpEmHDh3MCRXmAUg0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:db:fb:eb:31:6a:a2:d0:27:5c:9e:8b:d3:26:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fac2fdddabf20ea449870e1dcc0915e60148346
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=732f18132e7daa2c0afc59ef7f2770f301ca3333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ac:d0:a6:2e:f7:b6:bd:42:f6:d1:b3:7f:d5:
                    18:98:6b:32:bd:ac:be:82:ee:9c:b3:f1:1f:5a:a8:
                    41:e1:86:d8:fa:08:ee:1f:3a:bd:b9:ce:2c:1b:e4:
                    41:b3:7f:d7:18:1f:d4:f1:b9:56:78:37:a4:00:d9:
                    05:34:b4:18:fc:fc:16:d6:e9:f5:5e:37:7f:b0:dc:
                    71:1c:32:1b:9f:bd:dd:a4:d1:9c:2f:b7:bf:23:ac:
                    63:cb:d5:4d:c2:e2:9a:f4:e0:2a:cd:84:8d:04:60:
                    a1:74:12:a9:7c:79:eb:21:0e:ef:45:39:a8:27:f3:
                    28:f5:48:d3:9a:62:c5:fa:a4:82:ec:a4:53:90:35:
                    94:c4:34:31:32:b9:f8:f2:48:e1:6b:96:c4:ab:1b:
                    8e:25:4b:8f:81:55:90:a0:ba:2e:7d:60:4f:cc:c0:
                    78:db:29:ed:0c:49:f0:10:a1:ab:ea:36:3e:4a:ba:
                    38:0c:b3:d9:21:43:a4:23:13:88:07:22:1d:bc:f8:
                    dd:0d:b5:3e:37:6e:26:f8:2f:44:d5:64:fc:3b:77:
                    8e:79:3a:74:f0:e2:bf:62:59:87:dd:28:5b:c9:5f:
                    2d:20:4b:64:88:31:fa:90:d6:17:5f:70:e9:0a:04:
                    32:fc:eb:e7:36:09:ba:88:0a:ff:aa:b5:80:56:10:
                    3b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:2F:18:13:2E:7D:AA:2C:0A:FC:59:EF:7F:27:70:F3:01:CA:33:33
            X509v3 Authority Key Identifier:
                keyid:9F:AC:2F:DD:DA:BF:20:EA:44:98:70:E1:DC:C0:91:5E:60:14:83:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n6wv3dq_IOpEmHDh3MCRXmAUg0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/0b938f-189b-4a7d-8c36-2a3fa61c3dc5/1/cy8YEy59qiwK_Fnvfydw8wHKMzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/0b938f-189b-4a7d-8c36-2a3fa61c3dc5/1/n6wv3dq_IOpEmHDh3MCRXmAUg0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.246.64.0/20
                  92.242.168.0/22
                IPv6:
                  2a0d:b340::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:24:dd:8f:76:31:0f:86:5d:08:ae:e6:33:89:39:0f:4b:cc:
         88:e3:6f:79:61:40:a6:ef:f5:71:bc:d6:e9:f6:38:dc:f0:17:
         b4:45:04:d2:41:02:21:1f:9a:63:b1:ca:21:78:30:f5:78:47:
         9f:1e:6e:c8:61:10:c7:db:df:b8:f7:20:bb:f5:3f:7d:36:f3:
         fc:f8:60:54:3b:24:2e:75:fc:16:d9:a0:ff:b0:c3:92:ac:2f:
         7c:1e:8b:d2:0d:81:dd:b2:75:e4:aa:ac:7c:18:5d:d2:28:f8:
         46:40:ac:04:7c:3b:ec:d2:10:2e:b1:01:ea:6e:d6:3c:65:83:
         ca:b3:2b:c9:6f:02:dc:a0:9d:a9:4a:22:74:a9:d6:c9:c1:fb:
         6d:a8:9c:97:7f:13:5a:e5:f5:e7:d4:d9:3c:7e:37:67:8f:d1:
         73:66:04:71:67:66:54:19:61:d7:0d:f1:b1:3e:ed:31:6c:70:
         52:39:e2:78:06:b0:61:d0:1b:23:da:58:98:c6:fa:77:02:9c:
         fd:78:2a:a1:18:48:7f:4b:a2:94:31:41:eb:c6:dc:12:fa:34:
         85:f4:7c:da:a4:ca:d5:f8:b0:9a:1c:ee:89:ca:0c:82:07:3d:
         e5:cb:c0:a2:c1:73:cb:2a:16:d3:99:0e:d2:1b:d2:39:f2:4a:
         b9:c1:05:6e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsdv76zFqotAnXJ6L0yYJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWMyZmRkZGFiZjIwZWE0NDk4NzBlMWRjYzA5MTVlNjAx
NDgzNDYwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzJmMTgxMzJlN2RhYTJjMGFmYzU5ZWY3ZjI3NzBmMzAxY2EzMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKzQpi73tr1C9tGzf9UYmGsyvay+
gu6cs/EfWqhB4YbY+gjuHzq9uc4sG+RBs3/XGB/U8blWeDekANkFNLQY/PwW1un1
Xjd/sNxxHDIbn73dpNGcL7e/I6xjy9VNwuKa9OAqzYSNBGChdBKpfHnrIQ7vRTmo
J/Mo9UjTmmLF+qSC7KRTkDWUxDQxMrn48kjha5bEqxuOJUuPgVWQoLoufWBPzMB4
2yntDEnwEKGr6jY+Sro4DLPZIUOkIxOIByIdvPjdDbU+N24m+C9E1WT8O3eOeTp0
8OK/YlmH3ShbyV8tIEtkiDH6kNYXX3DpCgQy/OvnNgm6iAr/qrWAVhA74QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHMvGBMufaosCvxZ738ncPMByjMzMB8GA1UdIwQY
MBaAFJ+sL93avyDqRJhw4dzAkV5gFINGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjZ3djNkcV9JT3BFbUhEaDNNQ1JYbUFVZzBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8wYjkzOGYtMTg5Yi00YTdkLThjMzYt
MmEzZmE2MWMzZGM1LzEvY3k4WUV5NTlxaXdLX0ZudmZ5ZHc4d0hLTXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8wYjkzOGYtMTg5Yi00YTdkLThjMzYtMmEzZmE2MWMzZGM1
LzEvbjZ3djNkcV9JT3BFbUhEaDNNQ1JYbUFVZzBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQETfZAAwQC
XPKoMA0EAgACMAcDBQMqDbNAMA0GCSqGSIb3DQEBCwUAA4IBAQAYJN2PdjEPhl0I
ruYziTkPS8yI4295YUCm7/VxvNbp9jjc8Be0RQTSQQIhH5pjscoheDD1eEefHm7I
YRDH29+49yC79T99NvP8+GBUOyQudfwW2aD/sMOSrC98HovSDYHdsnXkqqx8GF3S
KPhGQKwEfDvs0hAusQHqbtY8ZYPKsyvJbwLcoJ2pSiJ0qdbJwfttqJyXfxNa5fXn
1Nk8fjdnj9FzZgRxZ2ZUGWHXDfGxPu0xbHBSOeJ4BrBh0Bsj2liYxvp3Apz9eCqh
GEh/S6KUMUHrxtwS+jSF9HzapMrV+LCaHO6JygyCBz3ly8CiwXPLKhbTmQ7SG9I5
8kq5wQVu
-----END CERTIFICATE-----