Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/20eaa9-3620-4bb5-b42f-db5125df34cd/1/R9C9RHOYfHsQX3_4qdQpXgxkEVg.roa
File:                     R9C9RHOYfHsQX3_4qdQpXgxkEVg.roa (raw, json)
Hash identifier:          TG8phgVc45ubyKw+a5c8BVXvVbA9fhRO3sFvs8XmDD0=
Subject key identifier:   47:D0:BD:44:73:98:7C:7B:10:5F:7F:F8:A9:D4:29:5E:0C:64:11:58
Certificate issuer:       /CN=f555ba6e2b3db5521dbc7062a58c16dda1b9f22d
Certificate serial:       019425FC23E26A839360C43FEFC72BD1A31F
Authority key identifier: F5:55:BA:6E:2B:3D:B5:52:1D:BC:70:62:A5:8C:16:DD:A1:B9:F2:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9VW6bis9tVIdvHBipYwW3aG58i0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/20eaa9-3620-4bb5-b42f-db5125df34cd/1/R9C9RHOYfHsQX3_4qdQpXgxkEVg.roa
Signing time:             Thu 02 Jan 2025 07:47:48 +0000
ROA not before:           Thu 02 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39217
IP address blocks:        185.98.74.0/24 maxlen: 24
                          185.98.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/20eaa9-3620-4bb5-b42f-db5125df34cd/1/9VW6bis9tVIdvHBipYwW3aG58i0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/20eaa9-3620-4bb5-b42f-db5125df34cd/1/9VW6bis9tVIdvHBipYwW3aG58i0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9VW6bis9tVIdvHBipYwW3aG58i0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:23:e2:6a:83:93:60:c4:3f:ef:c7:2b:d1:a3:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f555ba6e2b3db5521dbc7062a58c16dda1b9f22d
        Validity
            Not Before: Jan  2 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47d0bd4473987c7b105f7ff8a9d4295e0c641158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f4:26:ad:ed:b4:9b:20:4c:98:0c:62:02:18:
                    16:d5:85:8b:13:15:c9:7e:69:84:6d:01:b5:05:d3:
                    24:7b:4d:72:8a:0e:de:d7:d0:3a:bf:42:81:da:e3:
                    e4:35:a0:fe:f7:76:2f:19:06:06:fb:55:aa:cb:2c:
                    55:73:f7:56:ec:7e:05:b8:5a:0d:5e:45:34:19:c2:
                    59:0c:01:09:7a:62:95:8d:25:48:ab:79:c7:4e:c3:
                    d0:76:5d:06:3a:7e:35:7e:e4:54:54:cb:23:f0:6e:
                    47:fb:2a:e1:e7:ab:13:9c:c8:b6:95:6c:14:d4:ee:
                    bc:65:4d:10:97:98:7b:56:3c:39:d2:a4:c2:22:ef:
                    e5:77:40:32:36:71:8b:de:f0:cb:db:72:f3:3c:83:
                    4b:3c:64:da:71:6d:03:91:7c:09:52:7b:2c:36:ca:
                    99:bd:1d:ae:d3:4f:1a:81:38:2d:95:b5:85:5e:29:
                    81:ac:4d:ea:70:3c:83:56:e9:6f:c2:83:ad:dc:d4:
                    17:a6:cd:b8:51:f6:c2:1c:6f:61:c3:f1:8b:34:02:
                    89:e8:f3:03:18:3a:5d:7b:66:0f:72:f6:fb:7d:75:
                    48:fe:e7:71:33:44:be:9b:24:64:75:5e:39:e8:37:
                    ad:98:6b:25:64:ce:f6:d3:1a:fe:98:1a:17:fa:c7:
                    28:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D0:BD:44:73:98:7C:7B:10:5F:7F:F8:A9:D4:29:5E:0C:64:11:58
            X509v3 Authority Key Identifier:
                keyid:F5:55:BA:6E:2B:3D:B5:52:1D:BC:70:62:A5:8C:16:DD:A1:B9:F2:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9VW6bis9tVIdvHBipYwW3aG58i0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/20eaa9-3620-4bb5-b42f-db5125df34cd/1/R9C9RHOYfHsQX3_4qdQpXgxkEVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/20eaa9-3620-4bb5-b42f-db5125df34cd/1/9VW6bis9tVIdvHBipYwW3aG58i0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         66:2e:8f:c1:17:57:7a:c9:b0:03:54:dd:7b:5e:1d:fd:ce:c6:
         da:64:d6:d1:ef:ea:a7:fe:5f:1a:c4:21:5e:9e:3f:a6:0a:d3:
         d3:5c:52:ef:7b:56:71:b4:1a:84:29:7c:e5:a2:aa:ff:42:9a:
         c6:db:11:44:a1:e2:55:6a:67:cd:da:22:25:63:cc:cb:a4:46:
         01:93:11:70:3e:15:9f:de:db:92:3c:75:92:df:06:a2:82:d2:
         ed:ad:d3:1e:eb:1b:7b:e8:88:e9:07:69:9c:cd:0d:0f:55:ad:
         e2:e9:d7:6e:b8:7e:c3:4a:d5:75:f3:96:5f:1d:55:c9:f2:5f:
         00:21:ee:b7:88:2f:d5:6f:ab:16:99:94:fd:2d:fd:72:5a:6f:
         b0:53:7f:47:09:c0:88:c6:e5:20:fe:51:2e:9a:8a:06:bf:fd:
         e5:40:f9:ef:54:a4:11:47:55:a4:c2:65:83:8c:4e:c1:29:65:
         96:fd:ab:e0:2b:32:01:14:f3:5e:ed:16:77:a9:c3:90:fe:64:
         9e:fe:ad:ab:df:e9:bd:77:fa:61:3d:58:4d:0a:e8:06:61:43:
         ad:cc:ff:10:d7:5c:4c:2f:ad:fa:ed:58:74:87:a5:6f:ec:d5:
         81:14:fc:13:6d:0a:5b:f8:53:2a:c3:e3:29:c6:6f:2e:ea:45:
         71:bd:d5:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/CPiaoOTYMQ/78cr0aMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NTViYTZlMmIzZGI1NTIxZGJjNzA2MmE1OGMxNmRkYTFi
OWYyMmQwHhcNMjUwMTAyMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2QwYmQ0NDczOTg3YzdiMTA1ZjdmZjhhOWQ0Mjk1ZTBjNjQxMTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvQmre20myBMmAxiAhgW1YWLExXJ
fmmEbQG1BdMke01yig7e19A6v0KB2uPkNaD+93YvGQYG+1WqyyxVc/dW7H4FuFoN
XkU0GcJZDAEJemKVjSVIq3nHTsPQdl0GOn41fuRUVMsj8G5H+yrh56sTnMi2lWwU
1O68ZU0Ql5h7Vjw50qTCIu/ld0AyNnGL3vDL23LzPINLPGTacW0DkXwJUnssNsqZ
vR2u008agTgtlbWFXimBrE3qcDyDVulvwoOt3NQXps24UfbCHG9hw/GLNAKJ6PMD
GDpde2YPcvb7fXVI/udxM0S+myRkdV456DetmGslZM720xr+mBoX+scoaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfQvURzmHx7EF9/+KnUKV4MZBFYMB8GA1UdIwQY
MBaAFPVVum4rPbVSHbxwYqWMFt2hufItMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVZXNmJpczl0VklkdkhCaXBZd1czYUc1OGkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMGVhYTktMzYyMC00YmI1LWI0MmYt
ZGI1MTI1ZGYzNGNkLzEvUjlDOVJIT1lmSHNRWDNfNHFkUXBYZ3hrRVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMGVhYTktMzYyMC00YmI1LWI0MmYtZGI1MTI1ZGYzNGNk
LzEvOVZXNmJpczl0VklkdkhCaXBZd1czYUc1OGkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWJKMA0G
CSqGSIb3DQEBCwUAA4IBAQBmLo/BF1d6ybADVN17Xh39zsbaZNbR7+qn/l8axCFe
nj+mCtPTXFLve1ZxtBqEKXzloqr/QprG2xFEoeJVamfN2iIlY8zLpEYBkxFwPhWf
3tuSPHWS3waigtLtrdMe6xt76IjpB2mczQ0PVa3i6dduuH7DStV185ZfHVXJ8l8A
Ie63iC/Vb6sWmZT9Lf1yWm+wU39HCcCIxuUg/lEumooGv/3lQPnvVKQRR1WkwmWD
jE7BKWWW/avgKzIBFPNe7RZ3qcOQ/mSe/q2r3+m9d/phPVhNCugGYUOtzP8Q11xM
L6367Vh0h6Vv7NWBFPwTbQpb+FMqw+Mpxm8u6kVxvdUu
-----END CERTIFICATE-----