Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/A2Q9_u11OQv_68Q8LkLYXwJiHuY.roa
File:                     A2Q9_u11OQv_68Q8LkLYXwJiHuY.roa (raw, json)
Hash identifier:          5PLcdJFLZsd9eJObU8vGvGcaqm85PxgTy9JkaP5AzjY=
Subject key identifier:   03:64:3D:FE:ED:75:39:0B:FF:EB:C4:3C:2E:42:D8:5F:02:62:1E:E6
Certificate issuer:       /CN=0b5f8c9447d614b86182763d9333250e2d9412e2
Certificate serial:       0192142E41493A349009048E4BB4D38B80D1
Authority key identifier: 0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/A2Q9_u11OQv_68Q8LkLYXwJiHuY.roa
Signing time:             Sat 21 Sep 2024 10:43:48 +0000
ROA not before:           Sat 21 Sep 2024 10:43:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        185.162.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:14:2e:41:49:3a:34:90:09:04:8e:4b:b4:d3:8b:80:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5f8c9447d614b86182763d9333250e2d9412e2
        Validity
            Not Before: Sep 21 10:43:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03643dfeed75390bffebc43c2e42d85f02621ee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ce:c1:43:b8:6e:e6:25:1d:39:15:7b:c2:43:
                    e6:72:a7:2a:70:e9:63:04:53:f8:2e:ef:53:67:30:
                    d3:39:f2:66:a1:48:9a:7a:18:13:0d:18:e9:43:a8:
                    c1:94:c4:83:e4:f8:42:c2:1c:cd:54:fc:45:1c:0b:
                    91:8b:5b:3a:b4:66:50:6e:db:80:fc:01:c2:fe:2f:
                    5d:a5:d1:5b:14:e4:ce:c5:c6:13:79:ca:bf:77:93:
                    45:2a:96:be:01:b0:02:5c:c6:8b:15:f2:e6:5a:d1:
                    bd:d8:e4:dd:fa:06:fd:ae:25:a6:70:a0:a1:8b:4d:
                    bc:79:1f:ba:7d:27:2f:45:9f:c2:c5:cf:87:b4:2b:
                    cc:1c:95:48:49:44:70:c9:5c:25:54:76:e7:ce:6f:
                    f7:08:a2:dc:2b:47:8f:aa:8b:d3:f2:38:14:fd:61:
                    a3:cf:06:7a:01:ce:69:7d:f9:bc:7c:ec:5a:9e:d1:
                    04:ce:87:8d:7b:87:43:dc:0e:1e:dd:54:74:c6:57:
                    3a:6f:16:5f:94:29:97:c7:e8:e5:b5:80:24:88:30:
                    13:8b:87:f5:9a:57:cb:e6:36:3c:0f:60:c7:77:b7:
                    8a:6d:9d:8a:7c:ee:b2:3f:b2:33:90:87:e6:6c:98:
                    aa:72:a3:57:67:91:52:db:5e:88:e0:68:be:d4:f3:
                    a3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:64:3D:FE:ED:75:39:0B:FF:EB:C4:3C:2E:42:D8:5F:02:62:1E:E6
            X509v3 Authority Key Identifier:
                keyid:0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/A2Q9_u11OQv_68Q8LkLYXwJiHuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:af:9f:2c:39:c0:38:42:3b:b4:4f:8e:cb:73:62:0e:66:67:
         08:04:99:9f:9d:0b:bd:d1:55:96:e5:f0:f1:13:c0:ad:d7:bb:
         95:c1:32:ef:01:f4:5f:f2:d1:a0:71:6f:dc:86:5e:ef:4c:b7:
         bd:cd:7a:5a:b4:b2:5f:46:13:16:61:d1:1e:f8:75:9d:79:27:
         1d:18:a7:86:ff:ef:8e:e5:a1:ba:b7:01:2c:35:52:6e:b7:4f:
         f0:a1:ed:74:48:8a:bb:da:0d:46:31:dc:f2:65:33:0e:87:e1:
         be:3c:c6:bf:80:20:a5:43:b9:5e:77:86:36:4d:2a:ea:20:10:
         f4:92:b9:61:ce:6c:eb:57:c9:db:09:71:48:49:2d:56:d2:d1:
         fd:91:e4:34:a7:22:70:f2:0d:bb:8f:b5:98:05:2b:a0:84:66:
         eb:ea:69:46:b0:40:4c:b4:34:b6:02:0a:bb:a0:c8:de:bb:65:
         d5:36:81:6b:46:63:83:78:ff:ed:fc:ea:88:d3:12:4a:76:90:
         3c:64:9d:c2:37:11:1d:74:f4:60:12:f4:25:99:78:6d:7e:b5:
         3a:fa:fb:80:e2:61:55:83:b5:05:ad:6c:f7:f9:b8:ee:10:64:
         4c:59:3d:cd:3c:18:d7:a1:e4:76:6c:3e:0e:ac:41:07:7f:87:
         13:41:8e:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIULkFJOjSQCQSOS7TTi4DRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWY4Yzk0NDdkNjE0Yjg2MTgyNzYzZDkzMzMyNTBlMmQ5
NDEyZTIwHhcNMjQwOTIxMTA0MzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY0M2RmZWVkNzUzOTBiZmZlYmM0M2MyZTQyZDg1ZjAyNjIxZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc7BQ7hu5iUdORV7wkPmcqcqcOlj
BFP4Lu9TZzDTOfJmoUiaehgTDRjpQ6jBlMSD5PhCwhzNVPxFHAuRi1s6tGZQbtuA
/AHC/i9dpdFbFOTOxcYTecq/d5NFKpa+AbACXMaLFfLmWtG92OTd+gb9riWmcKCh
i028eR+6fScvRZ/Cxc+HtCvMHJVISURwyVwlVHbnzm/3CKLcK0ePqovT8jgU/WGj
zwZ6Ac5pffm8fOxantEEzoeNe4dD3A4e3VR0xlc6bxZflCmXx+jltYAkiDATi4f1
mlfL5jY8D2DHd7eKbZ2KfO6yP7IzkIfmbJiqcqNXZ5FS216I4Gi+1POjLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANkPf7tdTkL/+vEPC5C2F8CYh7mMB8GA1UdIwQY
MBaAFAtfjJRH1hS4YYJ2PZMzJQ4tlBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYt
OGE5NWU2Mzc3MzMyLzEvQTJROV91MTFPUXZfNjhROExrTFlYd0ppSHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYtOGE5NWU2Mzc3MzMy
LzEvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaKxMA0G
CSqGSIb3DQEBCwUAA4IBAQBwr58sOcA4Qju0T47Lc2IOZmcIBJmfnQu90VWW5fDx
E8Ct17uVwTLvAfRf8tGgcW/chl7vTLe9zXpatLJfRhMWYdEe+HWdeScdGKeG/++O
5aG6twEsNVJut0/woe10SIq72g1GMdzyZTMOh+G+PMa/gCClQ7led4Y2TSrqIBD0
krlhzmzrV8nbCXFISS1W0tH9keQ0pyJw8g27j7WYBSughGbr6mlGsEBMtDS2Agq7
oMjeu2XVNoFrRmODeP/t/OqI0xJKdpA8ZJ3CNxEddPRgEvQlmXhtfrU6+vuA4mFV
g7UFrWz3+bjuEGRMWT3NPBjXoeR2bD4OrEEHf4cTQY5x
-----END CERTIFICATE-----