Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/9EySi5v3kgKf55_WnEy5Sq0kn-E.roa
File:                     9EySi5v3kgKf55_WnEy5Sq0kn-E.roa (raw, json)
Hash identifier:          oUVGFfPRJjQhnddKcz1XXOwKzQbtPqL+f9+Nwb2NEX8=
Subject key identifier:   F4:4C:92:8B:9B:F7:92:02:9F:E7:9F:D6:9C:4C:B9:4A:AD:24:9F:E1
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019427B5B82C8E4C58FF02D58BD35F8572A0
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/9EySi5v3kgKf55_WnEy5Sq0kn-E.roa
Signing time:             Thu 02 Jan 2025 15:50:08 +0000
ROA not before:           Thu 02 Jan 2025 15:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199654
IP address blocks:        80.246.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 08:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b8:2c:8e:4c:58:ff:02:d5:8b:d3:5f:85:72:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jan  2 15:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f44c928b9bf792029fe79fd69c4cb94aad249fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:09:52:18:11:46:7c:a6:49:f2:1e:15:6c:f9:
                    3d:62:ca:62:c4:2f:00:12:db:9e:d5:aa:96:d7:0b:
                    56:08:4b:6f:80:34:a0:6b:38:03:6b:eb:b3:45:98:
                    06:5f:ae:24:ae:fa:c6:c7:db:6a:cf:23:9f:de:96:
                    31:4e:7f:48:18:33:df:3d:c2:45:01:bd:90:78:02:
                    54:27:98:fe:26:5d:43:88:61:89:a9:9b:c0:85:6a:
                    51:06:b2:85:10:d9:cd:6f:75:6a:2f:84:62:02:80:
                    8d:5e:69:5e:43:e3:e5:7e:60:0e:91:5a:54:22:36:
                    c8:bc:5d:1a:b1:01:2a:ce:ed:33:97:63:34:d7:60:
                    98:48:e0:3f:45:31:e8:61:e2:a7:75:3e:a5:f3:88:
                    ab:4f:24:c0:0d:97:c0:dc:58:ae:a4:6c:0e:e8:ac:
                    69:f0:1d:ea:16:a1:da:fd:93:67:3b:36:d1:9c:37:
                    c6:1d:b2:35:e0:a1:a5:b9:dc:19:e8:91:0a:42:c9:
                    75:47:a8:b6:d7:27:a1:78:0e:2d:57:67:1f:7a:f3:
                    92:51:c6:85:da:e8:3b:67:0b:1e:ca:a4:86:eb:92:
                    f1:22:a0:37:d0:e7:9b:2c:db:50:26:fa:22:d9:2b:
                    59:71:0c:f7:b8:97:d6:0a:99:68:99:fb:ac:85:27:
                    b8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4C:92:8B:9B:F7:92:02:9F:E7:9F:D6:9C:4C:B9:4A:AD:24:9F:E1
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/9EySi5v3kgKf55_WnEy5Sq0kn-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:6c:25:de:d6:ab:33:86:91:85:a1:7e:75:60:b6:48:32:a5:
         63:d7:a4:ee:95:45:8d:33:14:f9:da:a5:a7:bd:1d:16:5f:1c:
         bf:f7:8e:ac:b8:79:a3:03:51:58:5a:27:ff:b0:92:38:58:ca:
         3a:50:a3:fa:17:ca:ce:99:55:06:6a:ee:74:58:ea:98:e6:24:
         d1:77:be:1a:33:2c:75:c7:ca:ee:af:2b:5f:b0:3c:1f:5f:c6:
         a7:ae:a6:0a:59:8c:16:bc:b5:b7:cf:43:26:74:76:04:54:e6:
         57:a2:3b:c4:ee:1f:2d:3d:a5:0c:c2:f3:52:59:52:54:9a:c8:
         a6:7b:6b:89:e0:c9:aa:df:2c:bf:dc:07:bc:8a:9a:2c:45:5a:
         27:bf:65:b1:96:0c:2e:a1:27:d1:f9:6f:ad:5e:4c:6b:ff:ca:
         5f:5b:01:3f:ec:5e:38:4a:c9:50:bd:e5:2a:8d:1d:67:48:74:
         fd:fb:97:50:2e:22:da:68:41:0c:a4:2a:5c:51:f4:58:a7:85:
         e2:be:5d:d0:49:c8:0f:65:81:12:a6:0a:17:f7:42:9d:b8:d8:
         49:76:c7:05:2b:02:f3:eb:5a:6b:78:55:6e:e0:2e:25:1e:30:
         0a:0c:44:05:1a:bd:dc:31:69:50:58:04:98:a1:53:4a:f9:54:
         d6:a6:eb:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbgsjkxY/wLVi9NfhXKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwMTAyMTU1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRjOTI4YjliZjc5MjAyOWZlNzlmZDY5YzRjYjk0YWFkMjQ5ZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwlSGBFGfKZJ8h4VbPk9YspixC8A
Etue1aqW1wtWCEtvgDSgazgDa+uzRZgGX64krvrGx9tqzyOf3pYxTn9IGDPfPcJF
Ab2QeAJUJ5j+Jl1DiGGJqZvAhWpRBrKFENnNb3VqL4RiAoCNXmleQ+PlfmAOkVpU
IjbIvF0asQEqzu0zl2M012CYSOA/RTHoYeKndT6l84irTyTADZfA3FiupGwO6Kxp
8B3qFqHa/ZNnOzbRnDfGHbI14KGludwZ6JEKQsl1R6i21yeheA4tV2cfevOSUcaF
2ug7ZwseyqSG65LxIqA30OebLNtQJvoi2StZcQz3uJfWCplomfushSe4oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRMkoub95ICn+ef1pxMuUqtJJ/hMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvOUV5U2k1djNrZ0tmNTVfV25FeTVTcTBrbi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPblMA0G
CSqGSIb3DQEBCwUAA4IBAQCHbCXe1qszhpGFoX51YLZIMqVj16TulUWNMxT52qWn
vR0WXxy/946suHmjA1FYWif/sJI4WMo6UKP6F8rOmVUGau50WOqY5iTRd74aMyx1
x8rurytfsDwfX8anrqYKWYwWvLW3z0MmdHYEVOZXojvE7h8tPaUMwvNSWVJUmsim
e2uJ4Mmq3yy/3Ae8iposRVonv2WxlgwuoSfR+W+tXkxr/8pfWwE/7F44SslQveUq
jR1nSHT9+5dQLiLaaEEMpCpcUfRYp4Xivl3QScgPZYESpgoX90KduNhJdscFKwLz
61preFVu4C4lHjAKDEQFGr3cMWlQWASYoVNK+VTWpuuu
-----END CERTIFICATE-----