Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/9qXJnie35SdfH2J2EgodKBngTzA.roa
File:                     9qXJnie35SdfH2J2EgodKBngTzA.roa (raw, json)
Hash identifier:          jwDaD5ZgcucjZdcdoISWLpA3Zdrcncz7G1jWAlDHN4k=
Subject key identifier:   F6:A5:C9:9E:27:B7:E5:27:5F:1F:62:76:12:0A:1D:28:19:E0:4F:30
Certificate issuer:       /CN=a6785773df313b91711bf6bc5b149ecc246b9e89
Certificate serial:       0194A94BD38772EFD541F9C5C01B51CC9AA6
Authority key identifier: A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/9qXJnie35SdfH2J2EgodKBngTzA.roa
Signing time:             Mon 27 Jan 2025 19:45:06 +0000
ROA not before:           Mon 27 Jan 2025 19:45:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208570
IP address blocks:        185.239.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a9:4b:d3:87:72:ef:d5:41:f9:c5:c0:1b:51:cc:9a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6785773df313b91711bf6bc5b149ecc246b9e89
        Validity
            Not Before: Jan 27 19:45:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6a5c99e27b7e5275f1f6276120a1d2819e04f30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:97:8a:ac:79:4e:27:ab:98:f4:60:8d:19:fc:
                    bd:ac:aa:28:bd:79:fb:30:34:51:01:5c:cb:65:10:
                    67:64:bc:40:12:9d:1e:d9:85:42:ef:ad:15:94:24:
                    dc:80:4b:11:df:b1:95:6a:d7:68:2f:5b:f3:95:ef:
                    8c:3e:50:56:e3:c7:00:18:c8:14:ad:67:52:98:2e:
                    c2:ac:9e:1a:07:11:63:f2:91:75:b9:7d:67:f4:e9:
                    75:dd:72:50:6f:35:ac:1b:37:4b:27:cc:0d:7e:0d:
                    66:af:70:98:e2:f3:c7:78:a0:43:50:27:98:49:13:
                    53:7a:37:ec:72:e8:f2:41:1c:21:ef:18:cf:af:6b:
                    f0:9b:d7:1c:33:f4:09:2d:53:f7:5a:70:1a:9f:9e:
                    02:17:9d:c1:dc:e0:f7:b5:42:7b:3f:db:7c:35:34:
                    14:46:10:d4:71:4d:8f:2a:b8:bc:c2:eb:97:bd:b6:
                    55:08:29:ee:ec:0c:0f:eb:b2:19:a7:2a:c4:89:08:
                    64:4d:2f:d0:d4:af:10:38:cb:0b:0b:c1:09:47:39:
                    01:9f:67:9c:90:47:eb:b0:b5:f5:06:a3:7a:fd:cf:
                    28:36:6a:07:32:f1:fc:2b:25:32:7e:15:3f:3e:e0:
                    3c:2e:4e:fd:67:1a:13:80:44:54:31:38:6f:d0:9c:
                    7f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:A5:C9:9E:27:B7:E5:27:5F:1F:62:76:12:0A:1D:28:19:E0:4F:30
            X509v3 Authority Key Identifier:
                keyid:A6:78:57:73:DF:31:3B:91:71:1B:F6:BC:5B:14:9E:CC:24:6B:9E:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pnhXc98xO5FxG_a8WxSezCRrnok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/9qXJnie35SdfH2J2EgodKBngTzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ae9211-c52d-480d-a591-d75869c0c71e/1/pnhXc98xO5FxG_a8WxSezCRrnok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:41:bc:0e:61:e0:ea:9a:50:68:50:06:4a:02:d9:e8:b0:06:
         97:df:8a:77:18:b1:d0:b6:ce:13:6e:3b:94:59:e7:12:cc:f3:
         1f:b4:55:61:0d:8c:5f:79:ee:c0:38:ae:6c:10:be:fb:35:15:
         3a:a2:89:1e:39:f2:8c:d1:43:a4:2f:23:c2:9d:d8:a6:65:16:
         c0:73:d6:52:75:6d:bf:bf:ce:b7:b0:d9:ea:5f:cb:53:75:a5:
         1d:7e:b6:ae:cc:de:d7:b3:b4:c7:02:13:f9:fd:f5:13:76:56:
         a1:16:46:8f:f9:94:62:2c:b8:9d:1a:3d:a6:d5:bf:38:78:86:
         02:02:eb:94:77:46:63:2a:cc:c5:22:a5:7e:3d:5e:b0:39:b8:
         c8:3c:76:30:b2:fe:a5:bb:6c:5f:51:d7:56:60:22:5c:6d:c1:
         82:c7:c6:0c:da:ed:4e:43:07:73:9b:bb:0c:93:db:f0:78:4a:
         bb:68:fb:11:bf:5a:39:db:86:d4:14:27:f5:fc:9d:a0:06:d9:
         77:85:78:01:9d:8a:10:84:39:ed:0c:bd:27:53:0e:23:24:8a:
         fe:16:a5:0b:95:ac:44:39:f2:d8:a4:89:7f:e9:36:bd:7b:60:
         e6:a8:6f:72:7c:25:0c:a9:1f:df:fc:50:be:30:b7:24:24:91:
         a7:dc:eb:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSpS9OHcu/VQfnFwBtRzJqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2Nzg1NzczZGYzMTNiOTE3MTFiZjZiYzViMTQ5ZWNjMjQ2
YjllODkwHhcNMjUwMTI3MTk0NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmE1Yzk5ZTI3YjdlNTI3NWYxZjYyNzYxMjBhMWQyODE5ZTA0ZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJeKrHlOJ6uY9GCNGfy9rKoovXn7
MDRRAVzLZRBnZLxAEp0e2YVC760VlCTcgEsR37GVatdoL1vzle+MPlBW48cAGMgU
rWdSmC7CrJ4aBxFj8pF1uX1n9Ol13XJQbzWsGzdLJ8wNfg1mr3CY4vPHeKBDUCeY
SRNTejfscujyQRwh7xjPr2vwm9ccM/QJLVP3WnAan54CF53B3OD3tUJ7P9t8NTQU
RhDUcU2PKri8wuuXvbZVCCnu7AwP67IZpyrEiQhkTS/Q1K8QOMsLC8EJRzkBn2ec
kEfrsLX1BqN6/c8oNmoHMvH8KyUyfhU/PuA8Lk79ZxoTgERUMThv0Jx/KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPalyZ4nt+UnXx9idhIKHSgZ4E8wMB8GA1UdIwQY
MBaAFKZ4V3PfMTuRcRv2vFsUnswka56JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEt
ZDc1ODY5YzBjNzFlLzEvOXFYSm5pZTM1U2RmSDJKMkVnb2RLQm5nVHpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hZTkyMTEtYzUyZC00ODBkLWE1OTEtZDc1ODY5YzBjNzFl
LzEvcG5oWGM5OHhPNUZ4R19hOFd4U2V6Q1Jybm9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue+xMA0G
CSqGSIb3DQEBCwUAA4IBAQDPQbwOYeDqmlBoUAZKAtnosAaX34p3GLHQts4TbjuU
WecSzPMftFVhDYxfee7AOK5sEL77NRU6ookeOfKM0UOkLyPCndimZRbAc9ZSdW2/
v863sNnqX8tTdaUdfrauzN7Xs7THAhP5/fUTdlahFkaP+ZRiLLidGj2m1b84eIYC
AuuUd0ZjKszFIqV+PV6wObjIPHYwsv6lu2xfUddWYCJcbcGCx8YM2u1OQwdzm7sM
k9vweEq7aPsRv1o524bUFCf1/J2gBtl3hXgBnYoQhDntDL0nUw4jJIr+FqULlaxE
OfLYpIl/6Ta9e2DmqG9yfCUMqR/f/FC+MLckJJGn3Ot9
-----END CERTIFICATE-----