Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/9xcEatshauEO3IQR_Wu414zl24Y.roa
File:                     9xcEatshauEO3IQR_Wu414zl24Y.roa (raw, json)
Hash identifier:          fKSjlkQxueZV9jBeE970HxiT/qHpLp4twJArvl1NDVg=
Subject key identifier:   F7:17:04:6A:DB:21:6A:E1:0E:DC:84:11:FD:6B:B8:D7:8C:E5:DB:86
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       0194266BCE645CA2A31176CB3FF608AA6222
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/9xcEatshauEO3IQR_Wu414zl24Y.roa
Signing time:             Thu 02 Jan 2025 09:49:46 +0000
ROA not before:           Thu 02 Jan 2025 09:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205302
IP address blocks:        212.183.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ce:64:5c:a2:a3:11:76:cb:3f:f6:08:aa:62:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  2 09:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f717046adb216ae10edc8411fd6bb8d78ce5db86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b8:e1:02:c8:a1:bf:1f:67:85:dc:fa:12:d4:
                    83:05:db:85:56:6b:75:7e:90:1e:3f:70:b8:b5:f0:
                    36:fd:29:13:c8:e7:2f:1e:31:1a:cd:37:3c:f0:90:
                    ca:cc:6c:f5:ab:54:10:9a:b2:41:21:72:d6:b2:78:
                    93:44:16:5e:38:04:75:5d:62:11:bc:30:79:f8:53:
                    15:22:34:30:08:5c:24:c8:08:bc:6a:f6:c8:3f:c3:
                    45:9b:55:10:3a:7a:bf:e4:c8:79:8f:cf:a7:ac:ea:
                    1f:26:60:33:50:6b:d5:45:30:5f:6b:69:bc:0e:80:
                    fc:04:81:45:04:be:7e:79:2a:f8:02:78:6b:75:ff:
                    fb:a8:1e:d0:df:93:14:0e:93:0c:36:2c:ca:ff:eb:
                    08:14:ee:d2:a4:fd:1e:17:22:63:22:06:8f:16:0f:
                    b0:64:9f:86:eb:a2:0f:02:13:ff:28:f8:59:40:c9:
                    75:57:a9:1e:1a:48:7a:0f:40:9e:95:b3:b2:9e:89:
                    93:f8:ae:fa:80:4c:b1:4f:74:87:e8:e7:02:44:1a:
                    53:57:db:89:f6:63:39:26:96:8d:7f:81:3d:20:c6:
                    7f:e2:a8:2d:62:e8:6e:63:1b:54:d5:01:12:12:cf:
                    0f:fc:e0:30:0b:d7:7a:15:bc:d5:f3:cd:c6:85:c4:
                    29:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:17:04:6A:DB:21:6A:E1:0E:DC:84:11:FD:6B:B8:D7:8C:E5:DB:86
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/9xcEatshauEO3IQR_Wu414zl24Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.183.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:13:97:6d:66:eb:ff:29:c3:e7:46:b4:11:68:11:63:55:f7:
         58:dd:61:1e:16:fe:71:de:eb:e0:40:e7:24:5c:42:28:a1:d4:
         f5:c0:83:82:5c:a7:61:a2:1b:ef:3f:43:f4:ad:45:54:67:75:
         f3:bd:31:75:c7:8b:16:66:38:e4:c3:a3:0d:ed:79:10:4a:87:
         35:05:84:62:48:8f:57:25:bd:12:9c:6f:2f:89:7d:59:4a:09:
         13:08:ad:1b:6c:39:a8:45:a7:fd:46:d9:0c:71:08:97:49:9f:
         f1:4f:b8:4c:8b:19:50:28:a0:b4:cf:c5:c2:20:9a:0e:cd:a3:
         d1:b3:6f:33:06:48:26:90:cf:b2:82:e9:a4:9e:30:88:31:4a:
         0c:54:11:77:8a:ad:f3:c1:91:df:c5:ab:82:6f:5e:81:6f:dd:
         11:ea:eb:57:aa:17:37:54:27:da:51:0c:ff:76:4a:2b:d9:81:
         30:36:4b:74:8b:4c:f0:65:75:6a:f0:83:f2:5f:a3:ac:20:68:
         0b:5c:9e:5c:a2:ec:e6:a6:84:cd:15:2e:02:0a:15:95:ff:d8:
         5b:44:be:54:e3:cc:cd:58:d6:db:fd:25:21:ef:53:9f:0c:23:
         06:a3:89:0a:52:bb:da:62:a0:87:f9:e4:56:c6:07:80:01:ee:
         20:34:9c:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma85kXKKjEXbLP/YIqmIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjUwMTAyMDk0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzE3MDQ2YWRiMjE2YWUxMGVkYzg0MTFmZDZiYjhkNzhjZTVkYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7jhAsihvx9nhdz6EtSDBduFVmt1
fpAeP3C4tfA2/SkTyOcvHjEazTc88JDKzGz1q1QQmrJBIXLWsniTRBZeOAR1XWIR
vDB5+FMVIjQwCFwkyAi8avbIP8NFm1UQOnq/5Mh5j8+nrOofJmAzUGvVRTBfa2m8
DoD8BIFFBL5+eSr4Anhrdf/7qB7Q35MUDpMMNizK/+sIFO7SpP0eFyJjIgaPFg+w
ZJ+G66IPAhP/KPhZQMl1V6keGkh6D0CelbOynomT+K76gEyxT3SH6OcCRBpTV9uJ
9mM5JpaNf4E9IMZ/4qgtYuhuYxtU1QESEs8P/OAwC9d6FbzV883GhcQplwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcXBGrbIWrhDtyEEf1ruNeM5duGMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvOXhjRWF0c2hhdUVPM0lRUl9XdTQxNHpsMjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LcEMA0G
CSqGSIb3DQEBCwUAA4IBAQBjE5dtZuv/KcPnRrQRaBFjVfdY3WEeFv5x3uvgQOck
XEIoodT1wIOCXKdhohvvP0P0rUVUZ3XzvTF1x4sWZjjkw6MN7XkQSoc1BYRiSI9X
Jb0SnG8viX1ZSgkTCK0bbDmoRaf9RtkMcQiXSZ/xT7hMixlQKKC0z8XCIJoOzaPR
s28zBkgmkM+ygumknjCIMUoMVBF3iq3zwZHfxauCb16Bb90R6utXqhc3VCfaUQz/
dkor2YEwNkt0i0zwZXVq8IPyX6OsIGgLXJ5couzmpoTNFS4CChWV/9hbRL5U48zN
WNbb/SUh71OfDCMGo4kKUrvaYqCH+eRWxgeAAe4gNJww
-----END CERTIFICATE-----