Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/9AkjaJRYRIOTmgf4F3gyV6pdFkQ.roa
File:                     9AkjaJRYRIOTmgf4F3gyV6pdFkQ.roa (raw, json)
Hash identifier:          N1lZUtbJEJkRSUYDq/VJK4cR/RojBk8ALOORTw9wVk8=
Subject key identifier:   F4:09:23:68:94:58:44:83:93:9A:07:F8:17:78:32:57:AA:5D:16:44
Certificate issuer:       /CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
Certificate serial:       019422FC18A23FB90A1743F9445E86662EDE
Authority key identifier: 3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/9AkjaJRYRIOTmgf4F3gyV6pdFkQ.roa
Signing time:             Wed 01 Jan 2025 17:48:54 +0000
ROA not before:           Wed 01 Jan 2025 17:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33824
IP address blocks:        212.19.63.96/29 maxlen: 32
                          2a02:2e0:413::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:18:a2:3f:b9:0a:17:43:f9:44:5e:86:66:2e:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d8ba0a52c42129af1d4f743feb33bb144d4bb5c
        Validity
            Not Before: Jan  1 17:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f409236894584483939a07f817783257aa5d1644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:92:36:f1:ee:8b:21:b7:45:6a:4e:13:67:7d:
                    c1:fa:24:6e:c5:ed:54:4b:bc:00:6e:66:a9:87:be:
                    dd:7d:68:ff:cc:c7:42:fd:fe:23:57:8b:89:b3:77:
                    aa:c6:e5:75:8f:3b:2c:00:a5:44:77:66:1d:05:19:
                    bd:54:57:53:5f:72:7e:56:5e:45:5f:23:02:b1:d4:
                    a6:de:c7:07:0e:70:75:ad:90:1e:e1:c3:51:87:2e:
                    63:7f:fb:ab:37:8e:c6:8c:73:e7:f7:8f:23:80:88:
                    ff:44:9b:a1:db:32:f6:2a:87:04:ee:d8:6c:21:bf:
                    f7:a8:85:d4:ae:1d:c2:b2:a4:79:67:d0:fa:92:f7:
                    fa:3a:ad:70:3b:14:fb:22:6d:ff:02:dc:12:4f:cc:
                    18:4d:a0:9d:fa:fa:ca:e9:e3:bb:2b:70:58:26:b0:
                    de:77:1b:e3:8f:b3:b7:3a:20:ea:70:f5:f9:d6:06:
                    41:1c:b6:d2:55:d5:d4:fc:e1:eb:45:95:31:4c:85:
                    a3:20:73:cf:ed:3f:ee:6c:9a:af:ad:f1:bd:e7:44:
                    88:a7:7c:a4:e2:61:57:a8:c0:bc:31:65:eb:03:13:
                    19:90:ab:8e:0a:41:b8:52:21:8a:02:b1:7f:3e:7f:
                    fb:11:30:7f:e7:73:6e:bc:2f:52:72:52:04:fe:a7:
                    58:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:09:23:68:94:58:44:83:93:9A:07:F8:17:78:32:57:AA:5D:16:44
            X509v3 Authority Key Identifier:
                keyid:3D:8B:A0:A5:2C:42:12:9A:F1:D4:F7:43:FE:B3:3B:B1:44:D4:BB:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYugpSxCEprx1PdD_rM7sUTUu1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/9AkjaJRYRIOTmgf4F3gyV6pdFkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ff6f4a-8d5f-45b2-875c-a5683844e792/1/PYugpSxCEprx1PdD_rM7sUTUu1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.19.63.96/29
                IPv6:
                  2a02:2e0:413::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:cb:65:27:b1:2a:b0:ed:66:f0:2d:e9:77:64:cc:70:0c:b2:
         2e:bf:61:2c:ba:b6:95:fe:4a:bd:d1:d8:87:64:b8:6b:8b:a6:
         24:36:a4:af:ae:93:3f:80:e7:13:d4:42:e0:62:cb:52:07:fc:
         f1:3a:b2:2c:ba:ef:57:06:5f:c2:4f:94:b4:f9:27:09:8f:bc:
         f8:22:bf:18:1c:ca:55:68:2c:3d:4b:11:35:8a:10:b0:98:f1:
         26:ab:6c:1b:73:27:a3:47:27:e9:91:de:ce:45:c0:c2:13:62:
         d8:c7:14:67:28:66:5e:89:04:37:85:8e:45:cd:54:dc:d5:d0:
         76:24:43:16:4a:ef:de:29:5f:ac:68:d8:d9:9c:26:c5:75:f1:
         87:57:d7:d6:f0:87:60:2a:9b:e1:aa:ed:8d:df:bf:58:25:7a:
         39:5d:70:dd:03:3b:cb:57:48:3e:0a:94:31:fa:7e:2a:8f:98:
         d8:e9:a7:b7:ea:c8:e2:c5:2f:1f:4f:30:f5:03:91:6e:31:6b:
         87:a1:97:dc:0c:42:70:9c:77:21:17:bb:59:96:26:ff:31:d2:
         cb:08:64:26:c6:be:54:77:f5:cb:ea:42:18:33:cb:8f:43:e0:
         fc:e1:0f:9e:15:3b:9e:c7:b2:02:99:45:1e:88:e4:b1:68:5e:
         28:32:6a:ff
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQi/BiiP7kKF0P5RF6GZi7eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOGJhMGE1MmM0MjEyOWFmMWQ0Zjc0M2ZlYjMzYmIxNDRk
NGJiNWMwHhcNMjUwMTAxMTc0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDA5MjM2ODk0NTg0NDgzOTM5YTA3ZjgxNzc4MzI1N2FhNWQxNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5I28e6LIbdFak4TZ33B+iRuxe1U
S7wAbmaph77dfWj/zMdC/f4jV4uJs3eqxuV1jzssAKVEd2YdBRm9VFdTX3J+Vl5F
XyMCsdSm3scHDnB1rZAe4cNRhy5jf/urN47GjHPn948jgIj/RJuh2zL2KocE7ths
Ib/3qIXUrh3CsqR5Z9D6kvf6Oq1wOxT7Im3/AtwST8wYTaCd+vrK6eO7K3BYJrDe
dxvjj7O3OiDqcPX51gZBHLbSVdXU/OHrRZUxTIWjIHPP7T/ubJqvrfG950SIp3yk
4mFXqMC8MWXrAxMZkKuOCkG4UiGKArF/Pn/7ETB/53NuvC9SclIE/qdYUQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPQJI2iUWESDk5oH+Bd4MleqXRZEMB8GA1UdIwQY
MBaAFD2LoKUsQhKa8dT3Q/6zO7FE1LtcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMt
YTU2ODM4NDRlNzkyLzEvOUFramFKUllSSU9UbWdmNEYzZ3lWNnBkRmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mZjZmNGEtOGQ1Zi00NWIyLTg3NWMtYTU2ODM4NDRlNzky
LzEvUFl1Z3BTeENFcHJ4MVBkRF9yTTdzVVRVdTF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDANBAIAATAHAwUD1BM/YDAP
BAIAAjAJAwcAKgIC4AQTMA0GCSqGSIb3DQEBCwUAA4IBAQCMy2UnsSqw7WbwLel3
ZMxwDLIuv2EsuraV/kq90diHZLhri6YkNqSvrpM/gOcT1ELgYstSB/zxOrIsuu9X
Bl/CT5S0+ScJj7z4Ir8YHMpVaCw9SxE1ihCwmPEmq2wbcyejRyfpkd7ORcDCE2LY
xxRnKGZeiQQ3hY5FzVTc1dB2JEMWSu/eKV+saNjZnCbFdfGHV9fW8IdgKpvhqu2N
379YJXo5XXDdAzvLV0g+CpQx+n4qj5jY6ae36sjixS8fTzD1A5FuMWuHoZfcDEJw
nHchF7tZlib/MdLLCGQmxr5Ud/XL6kIYM8uPQ+D84Q+eFTuex7ICmUUeiOSxaF4o
Mmr/
-----END CERTIFICATE-----