Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/497b78-b546-4630-9348-739c85c200b9/1/rhJcJSm_PMi8Ty8JJNNm9gt0gCs.roa
File:                     rhJcJSm_PMi8Ty8JJNNm9gt0gCs.roa (raw, json)
Hash identifier:          35jRPVs6JG51YgnZYUHY+bKhkmjaLSvQRKcI4y/GRMA=
Subject key identifier:   AE:12:5C:25:29:BF:3C:C8:BC:4F:2F:09:24:D3:66:F6:0B:74:80:2B
Certificate issuer:       /CN=9b60a6a1da0f117804f07fe125387a2adc998965
Certificate serial:       019423699C3E327B865D15187C89017C858E
Authority key identifier: 9B:60:A6:A1:DA:0F:11:78:04:F0:7F:E1:25:38:7A:2A:DC:99:89:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m2CmodoPEXgE8H_hJTh6KtyZiWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/497b78-b546-4630-9348-739c85c200b9/1/rhJcJSm_PMi8Ty8JJNNm9gt0gCs.roa
Signing time:             Wed 01 Jan 2025 19:48:31 +0000
ROA not before:           Wed 01 Jan 2025 19:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201397
IP address blocks:        194.116.226.0/24 maxlen: 24
                          2a12:a9c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/497b78-b546-4630-9348-739c85c200b9/1/m2CmodoPEXgE8H_hJTh6KtyZiWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/497b78-b546-4630-9348-739c85c200b9/1/m2CmodoPEXgE8H_hJTh6KtyZiWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m2CmodoPEXgE8H_hJTh6KtyZiWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:9c:3e:32:7b:86:5d:15:18:7c:89:01:7c:85:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b60a6a1da0f117804f07fe125387a2adc998965
        Validity
            Not Before: Jan  1 19:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae125c2529bf3cc8bc4f2f0924d366f60b74802b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:98:bc:a8:1a:54:c3:a7:39:b9:bb:e5:c8:35:
                    9a:fa:a3:9d:e0:7c:a8:cf:db:c8:52:7b:36:51:d1:
                    ad:14:8d:e0:57:82:4e:ad:f2:f4:d3:5b:62:3c:17:
                    37:de:cd:6e:1e:08:81:80:f0:4d:b5:68:17:36:83:
                    c5:84:84:2d:23:40:e5:2f:a5:d8:38:56:3a:ad:d1:
                    ef:a2:94:eb:d1:f0:8b:fb:9c:0a:66:e7:e3:dc:e5:
                    33:e0:f6:05:30:5a:34:6f:f6:18:fc:6a:47:31:2e:
                    64:d3:46:73:42:6d:8c:1e:21:35:84:ce:47:71:60:
                    87:01:45:e7:a6:24:53:ff:91:19:f5:c6:b2:90:8b:
                    9d:60:07:59:40:e2:89:09:e5:7c:0f:b1:d5:7f:67:
                    3e:60:c1:9c:39:11:02:6a:8a:b4:05:f1:f6:a6:8a:
                    05:04:ab:97:be:17:7d:ef:af:c8:03:88:c4:9c:7e:
                    a3:99:0d:ad:74:88:fb:84:be:09:e1:a1:e5:a4:fb:
                    d6:20:28:25:50:8d:bb:5d:0f:d4:93:cd:22:ae:0c:
                    a0:16:11:7e:3b:7a:d4:06:57:ec:7a:5f:7c:6e:09:
                    19:fd:86:8d:85:4b:aa:c1:27:c6:80:e8:ee:9d:91:
                    d9:2e:1a:03:18:5e:4a:ac:2c:2e:bb:a8:f8:40:ae:
                    e4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:12:5C:25:29:BF:3C:C8:BC:4F:2F:09:24:D3:66:F6:0B:74:80:2B
            X509v3 Authority Key Identifier:
                keyid:9B:60:A6:A1:DA:0F:11:78:04:F0:7F:E1:25:38:7A:2A:DC:99:89:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m2CmodoPEXgE8H_hJTh6KtyZiWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/497b78-b546-4630-9348-739c85c200b9/1/rhJcJSm_PMi8Ty8JJNNm9gt0gCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/497b78-b546-4630-9348-739c85c200b9/1/m2CmodoPEXgE8H_hJTh6KtyZiWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.226.0/24
                IPv6:
                  2a12:a9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:24:af:f0:56:1e:7f:84:64:b9:04:18:d7:21:0d:86:7e:e9:
         4c:72:52:0c:15:04:a6:03:73:45:a3:57:91:61:40:a4:d0:0e:
         1c:0b:58:93:b0:41:02:6f:a7:49:46:e2:82:46:38:56:a9:de:
         19:cd:bd:e0:51:28:dc:f7:2f:05:e9:43:42:16:9f:57:0e:cf:
         6c:4f:7b:fa:c6:3f:d1:8e:08:53:04:e8:aa:4d:fb:5e:bb:8a:
         11:8e:18:a6:ff:ea:c0:d3:ad:de:63:7b:e4:df:be:09:57:00:
         f2:5a:69:79:fb:e9:c4:1f:88:53:fc:11:52:56:d7:e3:31:6d:
         dc:4e:8c:8d:b1:02:91:3f:bc:e6:ea:98:5a:8f:e7:6a:b3:4e:
         7c:12:b1:f2:05:9e:f3:ee:32:27:3c:df:69:31:79:55:dd:9b:
         72:ef:e9:90:82:23:27:5d:43:fa:50:e2:e5:1f:ba:fc:6d:a0:
         48:e9:30:4e:bc:f1:10:b7:2a:2c:08:25:ca:d4:d4:08:60:25:
         6f:d5:bd:72:b4:31:ae:33:b1:e5:2c:4f:61:0c:77:e7:21:c4:
         ad:b2:0e:8b:89:0e:96:6a:56:56:a6:3d:e7:c9:b4:f8:13:ad:
         4a:10:7f:7a:8a:fb:6d:45:c4:88:1c:d4:89:ea:0e:af:ac:9e:
         3f:54:5c:da
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaZw+MnuGXRUYfIkBfIWOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliNjBhNmExZGEwZjExNzgwNGYwN2ZlMTI1Mzg3YTJhZGM5
OTg5NjUwHhcNMjUwMTAxMTk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTEyNWMyNTI5YmYzY2M4YmM0ZjJmMDkyNGQzNjZmNjBiNzQ4MDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5i8qBpUw6c5ubvlyDWa+qOd4Hyo
z9vIUns2UdGtFI3gV4JOrfL001tiPBc33s1uHgiBgPBNtWgXNoPFhIQtI0DlL6XY
OFY6rdHvopTr0fCL+5wKZufj3OUz4PYFMFo0b/YY/GpHMS5k00ZzQm2MHiE1hM5H
cWCHAUXnpiRT/5EZ9caykIudYAdZQOKJCeV8D7HVf2c+YMGcORECaoq0BfH2pooF
BKuXvhd976/IA4jEnH6jmQ2tdIj7hL4J4aHlpPvWICglUI27XQ/Uk80irgygFhF+
O3rUBlfsel98bgkZ/YaNhUuqwSfGgOjunZHZLhoDGF5KrCwuu6j4QK7koQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK4SXCUpvzzIvE8vCSTTZvYLdIArMB8GA1UdIwQY
MBaAFJtgpqHaDxF4BPB/4SU4eircmYllMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTJDbW9kb1BFWGdFOEhfaEpUaDZLdHlaaVdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny80OTdiNzgtYjU0Ni00NjMwLTkzNDgt
NzM5Yzg1YzIwMGI5LzEvcmhKY0pTbV9QTWk4VHk4SkpOTm05Z3QwZ0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny80OTdiNzgtYjU0Ni00NjMwLTkzNDgtNzM5Yzg1YzIwMGI5
LzEvbTJDbW9kb1BFWGdFOEhfaEpUaDZLdHlaaVdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwnTiMA0E
AgACMAcDBQMqEqnAMA0GCSqGSIb3DQEBCwUAA4IBAQBPJK/wVh5/hGS5BBjXIQ2G
fulMclIMFQSmA3NFo1eRYUCk0A4cC1iTsEECb6dJRuKCRjhWqd4Zzb3gUSjc9y8F
6UNCFp9XDs9sT3v6xj/RjghTBOiqTfteu4oRjhim/+rA063eY3vk374JVwDyWml5
++nEH4hT/BFSVtfjMW3cToyNsQKRP7zm6phaj+dqs058ErHyBZ7z7jInPN9pMXlV
3Zty7+mQgiMnXUP6UOLlH7r8baBI6TBOvPEQtyosCCXK1NQIYCVv1b1ytDGuM7Hl
LE9hDHfnIcStsg6LiQ6WalZWpj3nybT4E61KEH96ivttRcSIHNSJ6g6vrJ4/VFza
-----END CERTIFICATE-----