Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/9Mc_YHkeRnOleVXlULa1kHSDpsY.roa
File:                     9Mc_YHkeRnOleVXlULa1kHSDpsY.roa (raw, json)
Hash identifier:          vM50N/l+aDNC1xeVIe5zjbI+WcZUV2cPPG76tUoJrmA=
Subject key identifier:   F4:C7:3F:60:79:1E:46:73:A5:79:55:E5:50:B6:B5:90:74:83:A6:C6
Certificate issuer:       /CN=f2262faf4376420024aad72983ac3e87944ea7a5
Certificate serial:       0196CAAA25398062D270869791C84716108F
Authority key identifier: F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/9Mc_YHkeRnOleVXlULa1kHSDpsY.roa
Signing time:             Tue 13 May 2025 17:21:10 +0000
ROA not before:           Tue 13 May 2025 17:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15614
IP address blocks:        193.35.44.0/24 maxlen: 24
                          2a04:2a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 06:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ca:aa:25:39:80:62:d2:70:86:97:91:c8:47:16:10:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2262faf4376420024aad72983ac3e87944ea7a5
        Validity
            Not Before: May 13 17:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4c73f60791e4673a57955e550b6b5907483a6c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:41:b9:a3:7a:15:b1:65:f4:88:2a:79:e1:
                    11:e5:ea:4e:12:20:68:3e:46:b3:a4:39:c1:73:f2:
                    0e:dc:2b:33:39:6f:57:fb:33:6f:49:13:73:b4:f9:
                    ef:34:2a:17:b7:44:c1:91:a7:48:88:98:66:ff:68:
                    16:c4:bc:3c:d8:97:7e:7a:f2:be:ba:9a:d4:17:b8:
                    2c:c0:ab:59:1f:b7:f7:24:81:92:ed:96:ff:2d:bc:
                    fd:52:f4:00:e6:33:6f:f9:03:af:39:f3:06:1c:b3:
                    4f:5c:1f:d0:fe:89:08:77:82:3a:8a:5a:36:e3:58:
                    61:61:c0:90:d7:8f:39:c9:2a:2f:45:15:7b:92:32:
                    48:6f:f6:a9:14:e3:82:26:6c:cc:b3:62:69:0c:5d:
                    1c:09:bb:0b:c2:d0:e8:5e:41:e5:34:1e:5a:d8:59:
                    7b:f2:73:df:c1:e7:a6:95:b0:b3:0d:48:b2:3f:d5:
                    02:41:ec:c4:03:9b:39:1d:c8:80:92:65:af:4b:0b:
                    59:99:4f:08:6d:c7:b3:10:06:9a:18:f8:87:45:6c:
                    e9:83:74:8e:2a:b9:25:1e:7f:d8:68:cc:5f:e2:b7:
                    07:dc:88:15:ed:73:d3:88:a8:4b:d4:54:bd:91:aa:
                    2c:c7:85:92:c5:bb:0c:26:4c:75:64:1d:d7:af:55:
                    db:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C7:3F:60:79:1E:46:73:A5:79:55:E5:50:B6:B5:90:74:83:A6:C6
            X509v3 Authority Key Identifier:
                keyid:F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/9Mc_YHkeRnOleVXlULa1kHSDpsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.44.0/24
                IPv6:
                  2a04:2a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:4b:2f:1a:4b:22:2b:fd:fd:3a:98:d5:aa:10:a5:d8:b0:fa:
         7f:81:8a:97:ac:e7:be:92:02:55:8f:61:59:75:44:8d:c7:84:
         ef:a4:bf:f3:0c:ac:a9:4e:5a:cb:33:4e:a3:c2:69:1b:d3:d9:
         df:9e:57:b7:e8:73:57:dd:df:02:78:2d:88:1c:28:ab:81:b0:
         4d:41:9f:e2:68:12:c1:f3:fa:13:b7:e5:6f:1b:6b:3e:7e:91:
         97:c3:89:64:cf:d8:55:01:06:b0:88:ba:f9:1c:91:2b:c9:66:
         7f:d2:21:a9:c8:22:e9:3a:12:ba:60:50:7a:51:f4:a4:6c:a3:
         e4:9c:16:2d:2e:38:fa:21:48:49:74:05:c8:2e:31:0a:8d:9e:
         28:d6:85:4c:9e:b1:6a:76:c2:7e:a7:92:09:03:6d:aa:46:8d:
         ec:2f:5d:68:08:4b:a4:bb:61:f4:14:9f:9e:2c:f7:f7:0f:70:
         a9:7b:3b:a3:7a:ef:ed:1d:6d:c8:d9:0b:d7:5d:34:e7:0f:32:
         1e:0d:28:7e:bf:8b:7d:55:f8:b6:72:8d:96:95:ab:5e:ec:2d:
         01:1d:bb:7d:16:ff:eb:94:c4:10:06:c1:c6:62:c1:a3:65:ad:
         8e:67:22:07:59:d9:27:1c:a4:02:69:fe:bb:bd:58:ca:2e:5d:
         45:ef:72:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZbKqiU5gGLScIaXkchHFhCPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjYyZmFmNDM3NjQyMDAyNGFhZDcyOTgzYWMzZTg3OTQ0
ZWE3YTUwHhcNMjUwNTEzMTcyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGM3M2Y2MDc5MWU0NjczYTU3OTU1ZTU1MGI2YjU5MDc0ODNhNmM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArElBuaN6FbFl9IgqeeER5epOEiBo
PkazpDnBc/IO3CszOW9X+zNvSRNztPnvNCoXt0TBkadIiJhm/2gWxLw82Jd+evK+
uprUF7gswKtZH7f3JIGS7Zb/Lbz9UvQA5jNv+QOvOfMGHLNPXB/Q/okId4I6ilo2
41hhYcCQ1485ySovRRV7kjJIb/apFOOCJmzMs2JpDF0cCbsLwtDoXkHlNB5a2Fl7
8nPfweemlbCzDUiyP9UCQezEA5s5HciAkmWvSwtZmU8IbcezEAaaGPiHRWzpg3SO
KrklHn/YaMxf4rcH3IgV7XPTiKhL1FS9kaosx4WSxbsMJkx1ZB3Xr1XbnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPTHP2B5HkZzpXlV5VC2tZB0g6bGMB8GA1UdIwQY
MBaAFPImL69DdkIAJKrXKYOsPoeUTqelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMt
YmFkYWZjYTM5NDRmLzEvOU1jX1lIa2VSbk9sZVZYbFVMYTFrSFNEcHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMtYmFkYWZjYTM5NDRm
LzEvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwSMsMA0E
AgACMAcDBQMqBCpAMA0GCSqGSIb3DQEBCwUAA4IBAQAySy8aSyIr/f06mNWqEKXY
sPp/gYqXrOe+kgJVj2FZdUSNx4TvpL/zDKypTlrLM06jwmkb09nfnle36HNX3d8C
eC2IHCirgbBNQZ/iaBLB8/oTt+VvG2s+fpGXw4lkz9hVAQawiLr5HJEryWZ/0iGp
yCLpOhK6YFB6UfSkbKPknBYtLjj6IUhJdAXILjEKjZ4o1oVMnrFqdsJ+p5IJA22q
Ro3sL11oCEuku2H0FJ+eLPf3D3Cpezujeu/tHW3I2QvXXTTnDzIeDSh+v4t9Vfi2
co2Wlate7C0BHbt9Fv/rlMQQBsHGYsGjZa2OZyIHWdknHKQCaf67vVjKLl1F73KT
-----END CERTIFICATE-----