Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/c39b2f-ce86-40bc-9ee5-9f0ad18f039a/1/RKq6Jd2UH9wWubKSgst7pZ7LyKU.roa
File:                     RKq6Jd2UH9wWubKSgst7pZ7LyKU.roa (raw, json)
Hash identifier:          ifDG8ANyaXOjVuCl1ow9SIV2BWxCkzstlJEhmLPckaQ=
Subject key identifier:   44:AA:BA:25:DD:94:1F:DC:16:B9:B2:92:82:CB:7B:A5:9E:CB:C8:A5
Certificate issuer:       /CN=9eff47f89521d9b492b7d0421bc27691ebf06efd
Certificate serial:       019427B5FD302FF93424992DD88877F32075
Authority key identifier: 9E:FF:47:F8:95:21:D9:B4:92:B7:D0:42:1B:C2:76:91:EB:F0:6E:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nv9H-JUh2bSSt9BCG8J2kevwbv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/c39b2f-ce86-40bc-9ee5-9f0ad18f039a/1/RKq6Jd2UH9wWubKSgst7pZ7LyKU.roa
Signing time:             Thu 02 Jan 2025 15:50:25 +0000
ROA not before:           Thu 02 Jan 2025 15:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34271
IP address blocks:        185.98.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/c39b2f-ce86-40bc-9ee5-9f0ad18f039a/1/nv9H-JUh2bSSt9BCG8J2kevwbv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/c39b2f-ce86-40bc-9ee5-9f0ad18f039a/1/nv9H-JUh2bSSt9BCG8J2kevwbv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nv9H-JUh2bSSt9BCG8J2kevwbv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:fd:30:2f:f9:34:24:99:2d:d8:88:77:f3:20:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9eff47f89521d9b492b7d0421bc27691ebf06efd
        Validity
            Not Before: Jan  2 15:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44aaba25dd941fdc16b9b29282cb7ba59ecbc8a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2c:e6:39:dc:15:81:71:48:d3:a5:1d:e4:11:
                    95:da:07:dd:a9:a7:1e:fb:0e:07:fc:89:16:74:75:
                    9d:5c:b1:5c:2a:8f:af:98:be:26:b8:43:a7:2a:67:
                    c7:a4:a9:9c:e9:9f:0c:48:8b:a7:ad:f4:71:f3:83:
                    da:39:47:d7:81:ac:97:b7:08:cf:41:63:4c:4b:9c:
                    20:15:32:2b:57:4c:c9:de:0e:34:2d:f1:f0:77:df:
                    e2:ae:9a:50:29:40:9b:80:d3:6b:56:34:86:b1:db:
                    26:ed:bc:71:c2:60:67:12:50:6f:af:8d:ca:bd:a9:
                    78:8f:8c:34:a4:b6:f5:59:f1:31:f1:90:fa:e3:f4:
                    ef:a6:b8:9d:09:7c:b1:be:a5:4a:23:27:d2:c2:d5:
                    44:1b:54:6d:68:eb:9a:90:d8:6b:04:f3:58:c2:bb:
                    d4:d0:d1:8d:2d:84:7f:b9:02:11:d1:f9:57:be:25:
                    19:b8:b2:53:c3:51:84:3a:02:0e:76:95:1d:a8:4e:
                    9f:56:7a:86:1b:db:06:ca:73:45:59:a4:60:61:c2:
                    53:ca:5d:88:b9:a5:ce:b2:3f:ea:c0:81:7a:62:19:
                    b4:ca:fa:45:f8:21:78:54:97:e0:09:ba:ac:d4:44:
                    4d:a7:c1:76:70:63:4b:f1:8a:7f:f9:0b:c4:33:9b:
                    c5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AA:BA:25:DD:94:1F:DC:16:B9:B2:92:82:CB:7B:A5:9E:CB:C8:A5
            X509v3 Authority Key Identifier:
                keyid:9E:FF:47:F8:95:21:D9:B4:92:B7:D0:42:1B:C2:76:91:EB:F0:6E:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nv9H-JUh2bSSt9BCG8J2kevwbv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/c39b2f-ce86-40bc-9ee5-9f0ad18f039a/1/RKq6Jd2UH9wWubKSgst7pZ7LyKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/c39b2f-ce86-40bc-9ee5-9f0ad18f039a/1/nv9H-JUh2bSSt9BCG8J2kevwbv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:b8:b8:21:f9:20:2a:5f:21:a7:64:11:32:3a:a8:b5:1d:e9:
         ee:bd:5b:ba:e2:8a:46:42:69:2a:4b:f6:72:cf:af:b2:36:2f:
         8c:5e:1f:94:33:bd:6f:c1:c2:ef:26:cd:01:c9:2a:6c:b8:50:
         c8:6f:8d:86:49:85:8d:7e:83:08:00:3d:d0:ef:f0:f5:38:66:
         2f:69:17:76:52:d7:86:41:14:38:e4:c6:bc:c5:3e:f2:6f:51:
         d0:4b:6b:90:02:24:6e:80:6b:ea:39:b6:39:2e:4a:d7:97:d0:
         4a:aa:42:73:47:05:f4:d3:74:91:b2:43:6a:24:93:eb:e9:d3:
         7c:06:14:8a:2a:70:ea:5e:99:e7:54:39:c1:7d:9a:ce:4c:a5:
         d5:cd:44:e0:bc:71:ed:82:35:06:2c:9f:60:63:5e:11:b1:29:
         82:2f:ff:7b:98:21:3c:ac:05:e0:85:2d:61:65:c2:e6:d8:d8:
         86:b3:e9:8b:1d:f5:d3:f4:e4:a7:5c:ff:1a:ad:53:f6:41:3a:
         35:5d:38:69:a5:e9:11:7b:2f:34:43:e9:a8:c6:4a:71:79:19:
         c2:96:3d:af:cc:11:c6:18:33:36:cf:f8:ab:14:90:1c:ac:f1:
         dc:4e:6a:9c:60:a0:c6:d3:e0:d9:dc:84:61:c9:36:17:d6:aa:
         18:b1:69:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntf0wL/k0JJkt2Ih38yB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllZmY0N2Y4OTUyMWQ5YjQ5MmI3ZDA0MjFiYzI3NjkxZWJm
MDZlZmQwHhcNMjUwMTAyMTU1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFhYmEyNWRkOTQxZmRjMTZiOWIyOTI4MmNiN2JhNTllY2JjOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzizmOdwVgXFI06Ud5BGV2gfdqace
+w4H/IkWdHWdXLFcKo+vmL4muEOnKmfHpKmc6Z8MSIunrfRx84PaOUfXgayXtwjP
QWNMS5wgFTIrV0zJ3g40LfHwd9/irppQKUCbgNNrVjSGsdsm7bxxwmBnElBvr43K
val4j4w0pLb1WfEx8ZD64/TvpridCXyxvqVKIyfSwtVEG1RtaOuakNhrBPNYwrvU
0NGNLYR/uQIR0flXviUZuLJTw1GEOgIOdpUdqE6fVnqGG9sGynNFWaRgYcJTyl2I
uaXOsj/qwIF6Yhm0yvpF+CF4VJfgCbqs1ERNp8F2cGNL8Yp/+QvEM5vFYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESquiXdlB/cFrmykoLLe6Wey8ilMB8GA1UdIwQY
MBaAFJ7/R/iVIdm0krfQQhvCdpHr8G79MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnY5SC1KVWgyYlNTdDlCQ0c4SjJrZXZ3YnYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jMzliMmYtY2U4Ni00MGJjLTllZTUt
OWYwYWQxOGYwMzlhLzEvUktxNkpkMlVIOXdXdWJLU2dzdDdwWjdMeUtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jMzliMmYtY2U4Ni00MGJjLTllZTUtOWYwYWQxOGYwMzlh
LzEvbnY5SC1KVWgyYlNTdDlCQ0c4SjJrZXZ3YnYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWIcMA0G
CSqGSIb3DQEBCwUAA4IBAQAZuLgh+SAqXyGnZBEyOqi1HenuvVu64opGQmkqS/Zy
z6+yNi+MXh+UM71vwcLvJs0BySpsuFDIb42GSYWNfoMIAD3Q7/D1OGYvaRd2UteG
QRQ45Ma8xT7yb1HQS2uQAiRugGvqObY5LkrXl9BKqkJzRwX003SRskNqJJPr6dN8
BhSKKnDqXpnnVDnBfZrOTKXVzUTgvHHtgjUGLJ9gY14RsSmCL/97mCE8rAXghS1h
ZcLm2NiGs+mLHfXT9OSnXP8arVP2QTo1XThppekRey80Q+moxkpxeRnClj2vzBHG
GDM2z/irFJAcrPHcTmqcYKDG0+DZ3IRhyTYX1qoYsWn8
-----END CERTIFICATE-----