Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/F9AhQNt9Udb849dXCdScX4FqhCA.roa
File:                     F9AhQNt9Udb849dXCdScX4FqhCA.roa (raw, json)
Hash identifier:          px1gv2xGNlwFH8D+WdL+fioWoJ0lDCB6LorhXUTwMrQ=
Subject key identifier:   17:D0:21:40:DB:7D:51:D6:FC:E3:D7:57:09:D4:9C:5F:81:6A:84:20
Certificate issuer:       /CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
Certificate serial:       019420D6467CEAA8B1D2D084834849C91AC6
Authority key identifier: AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/F9AhQNt9Udb849dXCdScX4FqhCA.roa
Signing time:             Wed 01 Jan 2025 07:48:21 +0000
ROA not before:           Wed 01 Jan 2025 07:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12406
IP address blocks:        194.158.192.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:46:7c:ea:a8:b1:d2:d0:84:83:48:49:c9:1a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
        Validity
            Not Before: Jan  1 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17d02140db7d51d6fce3d75709d49c5f816a8420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:25:cd:07:9d:36:7a:be:5d:6b:83:1d:00:21:
                    92:8d:f7:f1:9a:a9:92:83:dd:25:7e:03:c0:28:d6:
                    5c:4c:25:5c:61:ee:ff:07:5f:ec:7f:76:c4:4a:ae:
                    18:62:9c:2b:a1:87:86:d0:db:ab:5e:7c:cd:12:5f:
                    10:24:39:46:c7:04:1c:01:20:3d:8e:37:6c:b8:2f:
                    80:aa:c9:0a:28:28:20:2d:7a:cd:2f:14:93:4b:e7:
                    a6:d8:da:d8:81:8b:48:f5:42:f0:15:a9:da:0e:d6:
                    94:07:99:1c:de:42:08:31:b0:1d:db:27:42:24:43:
                    de:68:6c:51:e5:eb:c2:c8:39:2d:7c:7f:51:f6:91:
                    85:1c:26:ab:c8:99:6c:89:06:4b:fe:fe:e0:9c:05:
                    7f:59:68:73:38:a1:3f:da:1e:0c:f8:ae:8c:dc:c4:
                    0b:d0:f8:55:ec:cb:ec:58:9e:b6:09:0c:22:ba:96:
                    f3:bf:be:43:dd:cf:7f:0a:6f:e5:de:99:69:03:42:
                    d2:4d:4b:4b:da:84:b1:80:ef:69:99:3a:19:f1:e6:
                    14:a6:a9:03:a0:7c:08:a1:8c:18:71:b6:28:ec:ef:
                    d2:a9:04:0f:43:b2:30:7e:f1:12:35:4e:76:97:ec:
                    a0:29:63:10:99:c8:e6:39:d0:51:38:3e:5d:68:6e:
                    9c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:D0:21:40:DB:7D:51:D6:FC:E3:D7:57:09:D4:9C:5F:81:6A:84:20
            X509v3 Authority Key Identifier:
                keyid:AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/F9AhQNt9Udb849dXCdScX4FqhCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.158.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         56:18:8d:0e:65:d9:c9:cb:7c:2f:3f:d9:20:e6:34:30:fe:73:
         61:06:ca:c4:ec:e5:4c:ff:c8:d5:fb:77:78:f9:ae:fb:cb:07:
         63:de:d6:b3:92:61:22:d7:37:66:0b:7f:22:10:a3:a0:00:4e:
         d7:13:db:70:e8:dc:61:3b:16:c7:59:89:f6:a3:fb:ae:33:99:
         70:f7:c3:f7:60:53:3d:78:3c:54:34:1e:8b:48:f8:a8:b1:6e:
         73:83:60:19:db:be:dd:b3:6e:2a:0d:fc:82:16:68:6b:0a:e0:
         e4:ad:00:f2:81:cb:bc:30:6a:d9:d3:2c:0f:1a:2c:a0:95:05:
         f4:82:4c:73:97:f9:c9:60:9e:16:24:e3:b0:4c:f1:29:04:61:
         02:83:51:9c:ea:60:5d:98:b5:42:64:71:ff:94:a8:2d:42:a3:
         d2:a1:55:1a:80:6a:9b:8a:1b:e5:51:55:58:96:2c:a7:5a:3b:
         32:12:38:66:59:83:50:c9:ed:19:b5:4e:6f:18:80:93:79:c8:
         81:ff:48:17:1a:c3:82:f5:4c:c9:4e:12:62:7f:1b:ef:d4:6f:
         7b:b6:d2:c9:68:cc:2a:c9:72:1b:e2:07:b2:fb:e2:b0:49:dd:
         64:15:93:3f:6e:15:af:09:a6:81:72:7e:8c:91:9d:21:21:bf:
         ea:bd:db:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kZ86qix0tCEg0hJyRrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODgyY2Q2ZDE5NmFlMWY5Njg3MmFjYWU3ODMyMWJlN2E5
MmI4ZWIwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2QwMjE0MGRiN2Q1MWQ2ZmNlM2Q3NTcwOWQ0OWM1ZjgxNmE4NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSXNB502er5da4MdACGSjffxmqmS
g90lfgPAKNZcTCVcYe7/B1/sf3bESq4YYpwroYeG0NurXnzNEl8QJDlGxwQcASA9
jjdsuC+AqskKKCggLXrNLxSTS+em2NrYgYtI9ULwFanaDtaUB5kc3kIIMbAd2ydC
JEPeaGxR5evCyDktfH9R9pGFHCaryJlsiQZL/v7gnAV/WWhzOKE/2h4M+K6M3MQL
0PhV7MvsWJ62CQwiupbzv75D3c9/Cm/l3plpA0LSTUtL2oSxgO9pmToZ8eYUpqkD
oHwIoYwYcbYo7O/SqQQPQ7IwfvESNU52l+ygKWMQmcjmOdBROD5daG6cBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBfQIUDbfVHW/OPXVwnUnF+BaoQgMB8GA1UdIwQY
MBaAFKuILNbRlq4flocqyueDIb56krjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTct
OTUwYzE4MDU5NmQwLzEvRjlBaFFOdDlVZGI4NDlkWENkU2NYNEZxaENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTctOTUwYzE4MDU5NmQw
LzEvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFwp7AMA0G
CSqGSIb3DQEBCwUAA4IBAQBWGI0OZdnJy3wvP9kg5jQw/nNhBsrE7OVM/8jV+3d4
+a77ywdj3tazkmEi1zdmC38iEKOgAE7XE9tw6NxhOxbHWYn2o/uuM5lw98P3YFM9
eDxUNB6LSPiosW5zg2AZ277ds24qDfyCFmhrCuDkrQDygcu8MGrZ0ywPGiyglQX0
gkxzl/nJYJ4WJOOwTPEpBGECg1Gc6mBdmLVCZHH/lKgtQqPSoVUagGqbihvlUVVY
liynWjsyEjhmWYNQye0ZtU5vGICTeciB/0gXGsOC9UzJThJifxvv1G97ttLJaMwq
yXIb4gey++KwSd1kFZM/bhWvCaaBcn6MkZ0hIb/qvdsG
-----END CERTIFICATE-----