Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Qi9XVq-dT2o75N7dfhs2g5GBACU.roa
File:                     Qi9XVq-dT2o75N7dfhs2g5GBACU.roa (raw, json)
Hash identifier:          ZA6fIgi4q3HA9rAbCvC+Xiwj/72PmBX2B2EUlsP/w2Q=
Subject key identifier:   42:2F:57:56:AF:9D:4F:6A:3B:E4:DE:DD:7E:1B:36:83:91:81:00:25
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       019424B39103489E2B8E02C7B741FE0674BE
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Qi9XVq-dT2o75N7dfhs2g5GBACU.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208346
IP address blocks:        94.154.132.0/24 maxlen: 24
                          94.154.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:91:03:48:9e:2b:8e:02:c7:b7:41:fe:06:74:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=422f5756af9d4f6a3be4dedd7e1b368391810025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cd:99:2c:56:b5:ed:6b:3e:cf:fb:7e:d4:e7:
                    72:68:67:28:7f:e6:af:a3:bb:17:5c:17:78:2b:f3:
                    7c:f0:52:86:ba:98:1c:0e:e0:63:6c:d2:1d:3a:66:
                    b7:68:3f:49:2d:53:c5:e8:85:9b:66:84:1a:a0:12:
                    1a:64:ea:51:09:92:48:87:bf:b2:41:aa:d3:36:43:
                    0a:df:5f:45:0d:4d:c8:b2:86:82:3b:db:54:07:45:
                    d6:75:78:9d:1e:f0:e3:58:72:04:68:11:ae:4c:b6:
                    52:63:3e:5c:75:d7:38:2d:50:78:86:cb:e5:84:b1:
                    b2:0e:cd:e9:45:ea:46:8b:63:52:bb:2f:2c:93:d0:
                    19:88:c0:31:cf:a4:b2:1f:ff:bf:9f:8b:04:67:96:
                    27:0c:b6:be:1b:fa:26:b2:44:cb:cb:c4:7a:53:58:
                    a9:4f:81:ef:87:f6:04:10:67:d2:7f:b4:39:78:e5:
                    ee:63:db:33:fb:88:73:f9:d9:8d:40:be:4e:95:42:
                    2d:d3:b5:eb:f3:be:bf:ae:04:b4:7a:fd:e1:1b:36:
                    fd:db:7b:67:2e:64:c3:c1:74:39:b3:da:e2:e5:4f:
                    10:7d:b0:79:1f:04:3c:10:a4:5a:68:4a:7d:48:89:
                    21:41:46:61:ed:87:2d:8a:7b:e5:c8:4b:48:07:42:
                    8b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:2F:57:56:AF:9D:4F:6A:3B:E4:DE:DD:7E:1B:36:83:91:81:00:25
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Qi9XVq-dT2o75N7dfhs2g5GBACU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:82:81:7c:f9:6d:e0:9e:d9:13:56:e2:7a:78:12:39:57:1b:
         00:f7:5b:7c:6e:b0:79:eb:bf:00:21:54:9a:fd:0d:8d:c0:75:
         9b:3e:58:f3:5f:f2:7c:f7:5e:0f:a2:8c:3f:07:92:80:43:b2:
         65:31:6f:52:07:fe:a5:3e:11:e4:02:65:da:6c:b8:83:50:f9:
         2d:bf:4e:7e:a1:f6:4f:5f:32:c1:1c:d1:2f:21:b5:10:a1:cc:
         69:ef:02:6d:9d:1b:6a:21:95:d8:cf:a4:f9:07:f1:5c:36:ec:
         e6:f3:a3:3d:c0:a9:d9:f1:c3:84:1e:0c:4a:f3:fb:b2:47:05:
         fe:2d:e6:46:ff:55:e6:76:3e:a3:c9:c8:d7:0a:bd:34:7e:bc:
         7a:e7:29:20:11:f0:ad:6c:88:53:d3:fa:45:98:4c:7e:0a:f8:
         91:b7:8a:33:74:7c:0d:13:12:da:1e:b6:84:69:e0:e4:1c:a0:
         aa:2d:13:ee:52:13:87:7c:84:74:51:f8:1e:5f:97:78:7c:37:
         77:60:02:8a:14:08:21:bb:e1:74:7a:05:c7:2c:20:d2:b4:66:
         98:45:dc:a6:ec:6a:2e:50:27:25:74:25:34:8f:81:ab:5a:7b:
         65:9f:2d:4c:83:57:a4:70:a2:2b:b9:ca:17:9a:db:19:05:9e:
         1d:51:30:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks5EDSJ4rjgLHt0H+BnS+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjJmNTc1NmFmOWQ0ZjZhM2JlNGRlZGQ3ZTFiMzY4MzkxODEwMDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM2ZLFa17Ws+z/t+1OdyaGcof+av
o7sXXBd4K/N88FKGupgcDuBjbNIdOma3aD9JLVPF6IWbZoQaoBIaZOpRCZJIh7+y
QarTNkMK319FDU3IsoaCO9tUB0XWdXidHvDjWHIEaBGuTLZSYz5cddc4LVB4hsvl
hLGyDs3pRepGi2NSuy8sk9AZiMAxz6SyH/+/n4sEZ5YnDLa+G/omskTLy8R6U1ip
T4Hvh/YEEGfSf7Q5eOXuY9sz+4hz+dmNQL5OlUIt07Xr876/rgS0ev3hGzb923tn
LmTDwXQ5s9ri5U8QfbB5HwQ8EKRaaEp9SIkhQUZh7YctinvlyEtIB0KLOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEIvV1avnU9qO+Te3X4bNoORgQAlMB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvUWk5WFZxLWRUMm83NU43ZGZoczJnNUdCQUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXpqEMA0G
CSqGSIb3DQEBCwUAA4IBAQBTgoF8+W3gntkTVuJ6eBI5VxsA91t8brB5678AIVSa
/Q2NwHWbPljzX/J8914Poow/B5KAQ7JlMW9SB/6lPhHkAmXabLiDUPktv05+ofZP
XzLBHNEvIbUQocxp7wJtnRtqIZXYz6T5B/FcNuzm86M9wKnZ8cOEHgxK8/uyRwX+
LeZG/1Xmdj6jycjXCr00frx65ykgEfCtbIhT0/pFmEx+CviRt4ozdHwNExLaHraE
aeDkHKCqLRPuUhOHfIR0UfgeX5d4fDd3YAKKFAghu+F0egXHLCDStGaYRdym7Gou
UCcldCU0j4GrWntlny1Mg1ekcKIrucoXmtsZBZ4dUTAs
-----END CERTIFICATE-----