Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1-TiCaqN63y014VBjU4cN2TUy_V8.roa
File:                     1-TiCaqN63y014VBjU4cN2TUy_V8.roa (raw, json)
Hash identifier:          R9/uJWNYkuWkn9362/6eXHCOuC8x3gv8eszIJhtU6eQ=
Subject key identifier:   F9:38:82:6A:A3:7A:DF:2D:35:E1:50:63:53:87:0D:D9:35:32:FD:5F
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0194228DD4B81FE0D6E72D2A00CB0D05E17A
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1-TiCaqN63y014VBjU4cN2TUy_V8.roa
Signing time:             Wed 01 Jan 2025 15:48:27 +0000
ROA not before:           Wed 01 Jan 2025 15:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        194.59.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:d4:b8:1f:e0:d6:e7:2d:2a:00:cb:0d:05:e1:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Jan  1 15:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f938826aa37adf2d35e1506353870dd93532fd5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c6:31:0c:e8:30:6c:69:42:a3:da:6c:4f:24:
                    22:46:00:6e:a5:1b:d6:f9:c4:69:7a:32:5d:8c:50:
                    d9:ba:a8:f7:11:7b:d7:45:9e:7e:4b:c5:a8:75:2a:
                    65:59:7b:b1:ab:76:3d:6e:9a:d3:cf:9a:2a:70:3d:
                    b7:0d:73:59:4a:15:df:67:59:b6:37:65:cc:0b:8f:
                    6d:5c:d4:14:7b:93:8a:80:de:fe:0d:1d:9c:ae:28:
                    b9:95:86:2a:01:0b:47:28:39:f0:c5:61:9c:12:cb:
                    b6:86:fe:52:88:6a:80:96:76:29:5a:f1:b8:97:19:
                    e4:d6:e1:f9:f2:de:b1:eb:af:64:dd:7e:00:c4:a8:
                    6f:fb:95:24:bf:85:de:c1:b3:54:bf:08:43:31:d9:
                    ee:0f:7a:3d:31:93:9f:ec:56:b3:cd:30:6e:84:90:
                    21:49:84:5b:38:58:2d:8d:20:05:23:0e:27:0c:82:
                    71:2c:a0:84:8e:a1:4a:48:2e:1f:46:d2:c8:76:0e:
                    34:a7:89:76:e9:c3:d3:37:c8:45:6a:50:89:c9:dc:
                    bf:17:9b:93:fb:9a:f6:cf:57:1e:71:22:48:2d:23:
                    c0:b8:7f:b5:69:75:fd:b7:5c:c5:08:8b:da:d9:74:
                    5f:e6:38:fb:e0:42:76:e8:dd:94:cd:75:74:32:7b:
                    9b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:38:82:6A:A3:7A:DF:2D:35:E1:50:63:53:87:0D:D9:35:32:FD:5F
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/1-TiCaqN63y014VBjU4cN2TUy_V8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:88:72:33:17:3e:2b:13:68:f2:42:db:c4:2d:a3:85:03:a6:
         ea:c9:93:cd:b3:73:31:d7:85:7f:a5:1a:5b:cb:3b:c8:7c:e1:
         94:cf:ad:2f:f5:1d:04:60:cf:8c:ad:15:b4:0d:e0:a8:ea:2e:
         72:4f:08:e1:48:a2:f4:9d:eb:02:fe:b4:cf:67:c4:2b:8e:57:
         f9:0b:c2:a4:49:89:c0:b4:f8:fb:12:2f:d2:72:1f:02:f2:92:
         59:82:c1:f3:77:95:4a:d3:8d:1a:59:53:0f:72:5b:cb:c7:90:
         88:dc:33:29:88:28:5f:e7:f6:82:08:b3:4d:dc:58:84:05:d0:
         ae:00:b6:c3:4e:96:9e:be:b7:80:95:e9:6e:2f:bf:62:16:2b:
         d7:26:14:2a:f2:aa:12:cc:9e:06:0a:ce:dc:78:31:b2:30:59:
         13:6c:d7:2d:f0:7f:1c:37:f5:46:0c:91:45:17:ca:c9:d3:77:
         b6:7e:c8:13:4d:1c:87:fa:77:46:d9:a0:2b:14:27:c7:e5:21:
         c4:4b:10:26:14:e9:a7:81:c1:b9:c7:88:f0:92:ba:c3:fe:fc:
         a5:63:43:b1:79:91:75:db:d3:04:c0:58:75:40:b0:bf:df:b0:
         d3:7d:30:87:d3:e3:7f:27:37:34:d8:64:24:41:96:05:cd:f7:
         42:fd:41:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijdS4H+DW5y0qAMsNBeF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwMTAxMTU0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTM4ODI2YWEzN2FkZjJkMzVlMTUwNjM1Mzg3MGRkOTM1MzJmZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcYxDOgwbGlCo9psTyQiRgBupRvW
+cRpejJdjFDZuqj3EXvXRZ5+S8WodSplWXuxq3Y9bprTz5oqcD23DXNZShXfZ1m2
N2XMC49tXNQUe5OKgN7+DR2crii5lYYqAQtHKDnwxWGcEsu2hv5SiGqAlnYpWvG4
lxnk1uH58t6x669k3X4AxKhv+5Ukv4XewbNUvwhDMdnuD3o9MZOf7FazzTBuhJAh
SYRbOFgtjSAFIw4nDIJxLKCEjqFKSC4fRtLIdg40p4l26cPTN8hFalCJydy/F5uT
+5r2z1cecSJILSPAuH+1aXX9t1zFCIva2XRf5jj74EJ26N2UzXV0MnubOwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPk4gmqjet8tNeFQY1OHDdk1Mv1fMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvMS1UaUNhcU42M3kwMTRWQmpVNGNOMlRVeV9WOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmEvYzVhOWUzLTY3MjItNGI2YS1iZTU4LWFkYTVjMjBlM2Y3
Yi8xL0hIclhkVWVWM2RZRjhvZzR1M3pEV2Q5Nkptby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI7CTAN
BgkqhkiG9w0BAQsFAAOCAQEAcYhyMxc+KxNo8kLbxC2jhQOm6smTzbNzMdeFf6Ua
W8s7yHzhlM+tL/UdBGDPjK0VtA3gqOouck8I4Uii9J3rAv60z2fEK45X+QvCpEmJ
wLT4+xIv0nIfAvKSWYLB83eVStONGllTD3Jby8eQiNwzKYgoX+f2ggizTdxYhAXQ
rgC2w06Wnr63gJXpbi+/YhYr1yYUKvKqEsyeBgrO3HgxsjBZE2zXLfB/HDf1RgyR
RRfKydN3tn7IE00ch/p3RtmgKxQnx+UhxEsQJhTpp4HBuceI8JK6w/78pWNDsXmR
ddvTBMBYdUCwv9+w030wh9Pjfyc3NNhkJEGWBc33Qv1Bkg==
-----END CERTIFICATE-----