Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9XlTOy7cvStsx3Xasqbdbzm-Z88.roa
File:                     9XlTOy7cvStsx3Xasqbdbzm-Z88.roa (raw, json)
Hash identifier:          4nh24GFmOLdTzMR1iDFa+FmgfHsPGJ7w7jsScCZNOCo=
Subject key identifier:   F5:79:53:3B:2E:DC:BD:2B:6C:C7:75:DA:B2:A6:DD:6F:39:BE:67:CF
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCFF04964DF546CD6A0FAD8ABAEBC
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9XlTOy7cvStsx3Xasqbdbzm-Z88.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204098
IP address blocks:        94.42.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cf:f0:49:64:df:54:6c:d6:a0:fa:d8:ab:ae:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f579533b2edcbd2b6cc775dab2a6dd6f39be67cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:26:a3:f7:ce:aa:27:9e:4d:e5:f7:11:f9:3f:
                    71:f8:4d:73:7b:b0:7c:c5:4b:70:26:06:2c:01:19:
                    38:97:fc:4d:5b:16:7b:b7:90:61:19:8a:28:13:e4:
                    34:52:be:90:42:6d:e6:0d:43:cd:57:df:84:44:c5:
                    2a:8e:cc:d8:16:2b:82:52:9d:7c:0c:27:ac:bc:6b:
                    38:27:95:be:4a:16:5a:68:ad:52:03:15:bb:48:bf:
                    3f:92:de:1f:5a:7c:f6:a6:80:09:6e:ac:51:e6:bd:
                    9c:94:d7:9a:1f:ea:f1:19:11:4b:a7:76:ac:b1:34:
                    13:3e:48:d0:46:2e:e4:1b:db:1e:be:00:1b:e4:f2:
                    06:00:1f:05:39:bd:4d:b3:86:65:c6:e7:bd:82:05:
                    f2:6f:98:49:c9:70:25:02:16:d2:9f:73:a5:c2:30:
                    81:0f:91:d0:da:74:b2:7c:5f:c4:54:a1:de:fc:de:
                    a5:1a:54:f0:11:e4:cd:50:86:4a:40:80:1f:40:e2:
                    b2:94:8c:34:7b:e5:fb:68:90:12:d4:c4:8d:dc:ab:
                    51:e4:14:44:77:4f:b3:dc:33:f2:64:f2:5e:f0:9f:
                    95:3f:41:6e:ee:ad:03:0c:40:62:69:8b:7d:27:5b:
                    8d:8f:fa:93:00:ad:ab:53:db:71:c8:2c:97:a3:54:
                    d9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:79:53:3B:2E:DC:BD:2B:6C:C7:75:DA:B2:A6:DD:6F:39:BE:67:CF
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9XlTOy7cvStsx3Xasqbdbzm-Z88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.42.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:1c:d6:ca:21:06:8c:be:8c:78:ab:76:2c:98:de:b0:db:5e:
         f9:d0:78:e4:59:bb:b5:c4:d8:99:33:fd:2a:25:e3:36:f9:71:
         3e:98:13:a6:eb:7c:97:d8:ea:45:e5:ca:bb:34:39:aa:7a:81:
         74:39:45:b9:bc:17:12:80:d0:27:41:6d:40:03:1b:9f:ce:57:
         4a:b9:1e:3a:ff:8d:eb:8f:ad:bb:ca:fe:20:9c:62:4f:11:d9:
         fd:98:21:65:2d:22:09:00:d9:cd:98:bf:71:69:31:4d:ea:7d:
         b1:4b:1f:39:7d:c4:42:c9:78:7f:7b:07:9e:aa:f1:5a:96:93:
         d7:cf:9a:a8:e4:57:2e:aa:5a:82:3a:6d:98:11:fe:fa:c0:91:
         5c:62:4a:c9:c1:48:03:8f:26:76:b6:41:f7:9f:2d:a5:39:3a:
         86:ec:5f:0b:e6:e9:00:d0:1a:87:d6:3c:92:4f:7d:48:f7:9f:
         ea:3c:f1:96:2c:75:31:dc:78:41:7e:52:de:f5:c7:4a:48:71:
         db:3b:0c:ec:9a:13:b3:a5:8b:88:53:4c:5a:8e:f4:f3:1b:9e:
         ad:e6:bf:98:da:9f:0d:c0:ed:79:de:81:b8:a6:32:66:e6:24:
         59:41:3e:a3:8a:77:23:85:07:09:46:0e:32:cc:f7:60:94:c4:
         4f:55:a7:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8/wSWTfVGzWoPrYq668MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTc5NTMzYjJlZGNiZDJiNmNjNzc1ZGFiMmE2ZGQ2ZjM5YmU2N2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0iaj986qJ55N5fcR+T9x+E1ze7B8
xUtwJgYsARk4l/xNWxZ7t5BhGYooE+Q0Ur6QQm3mDUPNV9+ERMUqjszYFiuCUp18
DCesvGs4J5W+ShZaaK1SAxW7SL8/kt4fWnz2poAJbqxR5r2clNeaH+rxGRFLp3as
sTQTPkjQRi7kG9sevgAb5PIGAB8FOb1Ns4Zlxue9ggXyb5hJyXAlAhbSn3OlwjCB
D5HQ2nSyfF/EVKHe/N6lGlTwEeTNUIZKQIAfQOKylIw0e+X7aJAS1MSN3KtR5BRE
d0+z3DPyZPJe8J+VP0Fu7q0DDEBiaYt9J1uNj/qTAK2rU9txyCyXo1TZRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPV5Uzsu3L0rbMd12rKm3W85vmfPMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvOVhsVE95N2N2U3RzeDNYYXNxYmRiem0tWjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXiplMA0G
CSqGSIb3DQEBCwUAA4IBAQACHNbKIQaMvox4q3YsmN6w21750HjkWbu1xNiZM/0q
JeM2+XE+mBOm63yX2OpF5cq7NDmqeoF0OUW5vBcSgNAnQW1AAxufzldKuR46/43r
j627yv4gnGJPEdn9mCFlLSIJANnNmL9xaTFN6n2xSx85fcRCyXh/eweeqvFalpPX
z5qo5FcuqlqCOm2YEf76wJFcYkrJwUgDjyZ2tkH3ny2lOTqG7F8L5ukA0BqH1jyS
T31I95/qPPGWLHUx3HhBflLe9cdKSHHbOwzsmhOzpYuIU0xajvTzG56t5r+Y2p8N
wO153oG4pjJm5iRZQT6jincjhQcJRg4yzPdglMRPVaez
-----END CERTIFICATE-----