Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/CIsZyO4sYlxS6zxs93wo-C0_kOw.roa
File:                     CIsZyO4sYlxS6zxs93wo-C0_kOw.roa (raw, json)
Hash identifier:          ioxln7YvRG7zaRY74N5lo8NJZPbsX7Lowl9YoqVb2QM=
Subject key identifier:   08:8B:19:C8:EE:2C:62:5C:52:EB:3C:6C:F7:7C:28:F8:2D:3F:90:EC
Certificate issuer:       /CN=c9470ae418eeddd6b39dae9e7a177a19c7799c41
Certificate serial:       019422FB6D4CF8C0ADB2D47368BD0E120316
Authority key identifier: C9:47:0A:E4:18:EE:DD:D6:B3:9D:AE:9E:7A:17:7A:19:C7:79:9C:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/CIsZyO4sYlxS6zxs93wo-C0_kOw.roa
Signing time:             Wed 01 Jan 2025 17:48:10 +0000
ROA not before:           Wed 01 Jan 2025 17:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.36.216.0/22 maxlen: 24
                          194.247.26.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:6d:4c:f8:c0:ad:b2:d4:73:68:bd:0e:12:03:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9470ae418eeddd6b39dae9e7a177a19c7799c41
        Validity
            Not Before: Jan  1 17:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=088b19c8ee2c625c52eb3c6cf77c28f82d3f90ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:70:49:9a:d2:f3:4a:f8:85:bc:33:f3:6a:14:
                    97:cb:7d:45:38:45:fd:a3:39:f7:ed:e8:5f:cb:c0:
                    53:69:72:3d:95:cf:b9:37:fd:b5:a5:5f:97:7b:38:
                    42:40:d6:25:fe:fd:30:a0:f5:ac:bd:93:2a:90:19:
                    48:0e:4b:ce:d6:5c:ca:64:36:e2:3c:3b:d9:78:0d:
                    57:c9:82:35:21:e1:1b:2a:b7:66:5f:a9:d8:20:50:
                    2a:ed:ff:87:ad:0c:87:45:c0:21:7c:73:02:eb:2d:
                    1c:a5:7b:83:7b:80:76:9d:d4:1a:d0:f1:cd:45:4e:
                    66:e7:20:7d:74:14:19:fa:11:26:36:25:41:cf:de:
                    38:30:e5:99:a8:35:a4:ba:51:dd:6e:a8:a4:90:d2:
                    35:dd:36:5d:d5:b4:45:82:5f:29:24:cc:0d:dd:e9:
                    09:76:54:7e:07:66:15:2b:45:08:b9:7f:12:dd:22:
                    b9:3e:60:b4:8c:35:5d:d5:4b:df:64:d6:b9:e7:96:
                    c9:1c:4e:4c:65:ff:71:a1:55:9a:2a:b3:18:aa:e7:
                    01:b0:8a:dd:0a:0a:2f:03:3e:c4:76:26:49:bf:b6:
                    87:86:18:6f:10:e0:12:95:54:fd:52:a5:40:73:6a:
                    6c:7f:65:e3:48:88:10:a1:cf:07:23:e1:51:37:41:
                    c1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:8B:19:C8:EE:2C:62:5C:52:EB:3C:6C:F7:7C:28:F8:2D:3F:90:EC
            X509v3 Authority Key Identifier:
                keyid:C9:47:0A:E4:18:EE:DD:D6:B3:9D:AE:9E:7A:17:7A:19:C7:79:9C:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yUcK5Bju3dazna6eehd6Gcd5nEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/CIsZyO4sYlxS6zxs93wo-C0_kOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce022d-d8db-4459-be1c-b091215d5e4d/1/yUcK5Bju3dazna6eehd6Gcd5nEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.216.0/22
                  194.247.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:56:e3:f3:5a:20:83:a8:0b:13:bf:d5:d9:82:a3:44:24:04:
         12:2a:14:30:3b:8b:4a:4f:18:21:7c:d5:b3:cf:18:46:9e:e9:
         09:48:82:3a:dc:39:50:c3:3d:e6:d1:44:7b:be:90:23:97:27:
         44:52:0d:0f:04:1a:6e:ad:99:44:06:0b:5d:19:d9:76:61:8a:
         df:96:c3:93:29:be:2e:32:41:0d:13:74:1a:d1:d7:ce:46:b2:
         8f:07:5e:77:47:d1:f3:ad:45:7b:e2:b7:4f:77:8a:f2:8c:23:
         e3:d0:ce:c9:ff:67:6d:c0:56:c1:98:69:d2:43:06:25:2e:61:
         de:31:e1:7c:54:b1:91:2e:43:bc:4e:bf:75:46:1b:0b:77:be:
         3a:0b:8d:18:42:00:6d:9f:05:b2:4e:f7:f5:7f:86:ba:16:26:
         8b:cf:84:54:05:8e:3c:f1:ca:c9:23:d1:2a:4a:df:e4:fe:cd:
         56:df:24:25:73:ca:3f:55:ef:60:fa:0d:10:67:65:cf:b7:6e:
         1e:a2:f9:43:64:cc:19:3d:77:a8:cb:79:62:55:d6:0a:d3:57:
         45:2c:6f:1c:dd:a4:59:ec:21:ff:b1:89:45:3e:75:22:e4:76:
         95:95:2a:52:c0:18:f5:ca:d1:8f:d2:80:6e:4f:9e:fd:19:a3:
         97:81:2a:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+21M+MCtstRzaL0OEgMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NDcwYWU0MThlZWRkZDZiMzlkYWU5ZTdhMTc3YTE5Yzc3
OTljNDEwHhcNMjUwMTAxMTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODhiMTljOGVlMmM2MjVjNTJlYjNjNmNmNzdjMjhmODJkM2Y5MGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHBJmtLzSviFvDPzahSXy31FOEX9
ozn37ehfy8BTaXI9lc+5N/21pV+XezhCQNYl/v0woPWsvZMqkBlIDkvO1lzKZDbi
PDvZeA1XyYI1IeEbKrdmX6nYIFAq7f+HrQyHRcAhfHMC6y0cpXuDe4B2ndQa0PHN
RU5m5yB9dBQZ+hEmNiVBz944MOWZqDWkulHdbqikkNI13TZd1bRFgl8pJMwN3ekJ
dlR+B2YVK0UIuX8S3SK5PmC0jDVd1UvfZNa555bJHE5MZf9xoVWaKrMYqucBsIrd
CgovAz7EdiZJv7aHhhhvEOASlVT9UqVAc2psf2XjSIgQoc8HI+FRN0HBBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAiLGcjuLGJcUus8bPd8KPgtP5DsMB8GA1UdIwQY
MBaAFMlHCuQY7t3Ws52unnoXehnHeZxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVVjSzVCanUzZGF6bmE2ZWVoZDZHY2Q1bkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTAyMmQtZDhkYi00NDU5LWJlMWMt
YjA5MTIxNWQ1ZTRkLzEvQ0lzWnlPNHNZbHhTNnp4czkzd28tQzBfa093LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTAyMmQtZDhkYi00NDU5LWJlMWMtYjA5MTIxNWQ1ZTRk
LzEveVVjSzVCanUzZGF6bmE2ZWVoZDZHY2Q1bkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSTYAwQB
wvcaMA0GCSqGSIb3DQEBCwUAA4IBAQB5VuPzWiCDqAsTv9XZgqNEJAQSKhQwO4tK
TxghfNWzzxhGnukJSII63DlQwz3m0UR7vpAjlydEUg0PBBpurZlEBgtdGdl2YYrf
lsOTKb4uMkENE3Qa0dfORrKPB153R9HzrUV74rdPd4ryjCPj0M7J/2dtwFbBmGnS
QwYlLmHeMeF8VLGRLkO8Tr91RhsLd746C40YQgBtnwWyTvf1f4a6FiaLz4RUBY48
8crJI9EqSt/k/s1W3yQlc8o/Ve9g+g0QZ2XPt24eovlDZMwZPXeoy3liVdYK01dF
LG8c3aRZ7CH/sYlFPnUi5HaVlSpSwBj1ytGP0oBuT579GaOXgSpM
-----END CERTIFICATE-----