Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/cf4946-f5c2-45aa-9a41-f44299865a28/1/aX_b4UaRWSPBF6_UJgMjS5N9O-c.roa
File:                     aX_b4UaRWSPBF6_UJgMjS5N9O-c.roa (raw, json)
Hash identifier:          YV9fhTwKDLCkfBPeMSZl5AvTP7h0hbaT54bWMdXdAUo=
Subject key identifier:   69:7F:DB:E1:46:91:59:23:C1:17:AF:D4:26:03:23:4B:93:7D:3B:E7
Certificate issuer:       /CN=9280fdc9e7a86430c8e28f5e349e317fbb8a1ca9
Certificate serial:       0195A321662A1974F0A3EDB5B7F003BF35E4
Authority key identifier: 92:80:FD:C9:E7:A8:64:30:C8:E2:8F:5E:34:9E:31:7F:BB:8A:1C:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/koD9yeeoZDDI4o9eNJ4xf7uKHKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/cf4946-f5c2-45aa-9a41-f44299865a28/1/aX_b4UaRWSPBF6_UJgMjS5N9O-c.roa
Signing time:             Mon 17 Mar 2025 08:03:49 +0000
ROA not before:           Mon 17 Mar 2025 08:03:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25400
IP address blocks:        185.169.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/cf4946-f5c2-45aa-9a41-f44299865a28/1/koD9yeeoZDDI4o9eNJ4xf7uKHKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/cf4946-f5c2-45aa-9a41-f44299865a28/1/koD9yeeoZDDI4o9eNJ4xf7uKHKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/koD9yeeoZDDI4o9eNJ4xf7uKHKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:21:66:2a:19:74:f0:a3:ed:b5:b7:f0:03:bf:35:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9280fdc9e7a86430c8e28f5e349e317fbb8a1ca9
        Validity
            Not Before: Mar 17 08:03:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=697fdbe146915923c117afd42603234b937d3be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:87:c2:d5:5f:f6:1f:35:34:45:e9:b9:0c:e9:
                    a0:4e:d7:29:7b:9b:8a:2a:64:f0:1e:b2:d4:a6:f4:
                    c5:11:a3:d8:95:a8:2f:cc:34:32:7c:97:c1:19:f3:
                    cb:48:57:1e:53:c2:1b:24:18:06:85:08:b5:a4:aa:
                    e2:4b:15:7d:e1:42:13:2b:82:3d:37:80:1c:5d:9e:
                    53:f4:19:82:78:ff:06:3c:fb:f7:cf:49:6d:ea:2f:
                    a2:03:96:e4:24:62:67:66:fe:9b:2e:6d:4f:cf:b9:
                    a7:69:34:e1:cf:4c:2d:b9:52:3b:4d:a0:4c:27:fb:
                    6f:bf:b5:fa:3c:51:36:2b:97:94:a8:11:0b:2e:ec:
                    18:3c:63:c5:21:82:53:1a:43:89:22:53:37:c8:89:
                    a5:3c:e2:08:c2:dd:80:80:0f:d5:db:12:03:fe:d8:
                    89:1b:89:5e:5d:54:3a:7f:94:15:4d:b5:9a:e6:55:
                    8d:fa:95:cf:e8:0b:54:06:2b:b5:52:f2:06:82:28:
                    dd:7a:b8:9b:60:46:6d:4e:5a:ec:2d:ab:33:e4:ba:
                    d4:ec:71:13:38:9d:f5:74:cd:22:b0:12:c7:ae:9c:
                    41:8c:05:54:52:85:18:83:f1:7c:b6:7d:b4:24:73:
                    e2:30:6a:99:b1:8c:24:ee:f7:fc:20:6d:8f:9a:19:
                    75:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:7F:DB:E1:46:91:59:23:C1:17:AF:D4:26:03:23:4B:93:7D:3B:E7
            X509v3 Authority Key Identifier:
                keyid:92:80:FD:C9:E7:A8:64:30:C8:E2:8F:5E:34:9E:31:7F:BB:8A:1C:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/koD9yeeoZDDI4o9eNJ4xf7uKHKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/cf4946-f5c2-45aa-9a41-f44299865a28/1/aX_b4UaRWSPBF6_UJgMjS5N9O-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/cf4946-f5c2-45aa-9a41-f44299865a28/1/koD9yeeoZDDI4o9eNJ4xf7uKHKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:dd:90:59:a0:ce:5e:f0:09:fd:b9:48:b0:7e:98:77:e0:72:
         aa:0d:8b:c6:5f:9d:cc:e3:02:3f:28:e5:3b:6a:56:bb:e4:56:
         64:7b:6c:44:ac:3b:23:9b:25:7a:42:f4:c1:e6:54:c5:83:5d:
         3b:03:f2:1b:ef:88:31:47:36:a9:17:63:63:c3:17:00:92:ec:
         e7:2d:69:24:8c:40:59:a2:3e:18:75:81:a2:f1:2b:4a:ac:21:
         a8:2b:f3:6a:bf:d5:90:33:68:be:11:08:49:22:34:67:e7:24:
         4e:e0:a3:2e:f2:ab:59:1a:28:c2:0a:85:ab:f8:a4:a2:ce:dd:
         14:84:38:f5:7a:60:71:56:0c:c3:dd:9b:c5:e0:b0:76:92:2a:
         38:e5:0d:38:a0:6a:20:d1:35:77:91:fc:6a:90:e6:a2:5b:b6:
         8c:cd:80:e6:19:0c:a6:0c:3a:63:d8:5f:21:93:70:71:0a:a3:
         a7:71:74:09:6c:20:ec:61:65:b2:5e:d5:70:cf:b2:ed:21:be:
         55:64:e8:4b:1d:3e:5c:60:bc:fd:ae:cf:c9:a3:16:f3:90:f2:
         45:00:fe:99:9b:9f:50:6d:c4:cf:20:2b:af:f8:57:01:71:38:
         99:22:44:d8:d7:86:3b:29:0d:55:35:cd:b8:d8:10:4e:4c:f1:
         73:5b:1e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWjIWYqGXTwo+21t/ADvzXkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyODBmZGM5ZTdhODY0MzBjOGUyOGY1ZTM0OWUzMTdmYmI4
YTFjYTkwHhcNMjUwMzE3MDgwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTdmZGJlMTQ2OTE1OTIzYzExN2FmZDQyNjAzMjM0YjkzN2QzYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlIfC1V/2HzU0Rem5DOmgTtcpe5uK
KmTwHrLUpvTFEaPYlagvzDQyfJfBGfPLSFceU8IbJBgGhQi1pKriSxV94UITK4I9
N4AcXZ5T9BmCeP8GPPv3z0lt6i+iA5bkJGJnZv6bLm1Pz7mnaTThz0wtuVI7TaBM
J/tvv7X6PFE2K5eUqBELLuwYPGPFIYJTGkOJIlM3yImlPOIIwt2AgA/V2xID/tiJ
G4leXVQ6f5QVTbWa5lWN+pXP6AtUBiu1UvIGgijderibYEZtTlrsLasz5LrU7HET
OJ31dM0isBLHrpxBjAVUUoUYg/F8tn20JHPiMGqZsYwk7vf8IG2Pmhl1fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGl/2+FGkVkjwRev1CYDI0uTfTvnMB8GA1UdIwQY
MBaAFJKA/cnnqGQwyOKPXjSeMX+7ihypMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva29EOXllZW9aRERJNG85ZU5KNHhmN3VLSEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9jZjQ5NDYtZjVjMi00NWFhLTlhNDEt
ZjQ0Mjk5ODY1YTI4LzEvYVhfYjRVYVJXU1BCRjZfVUpnTWpTNU45Ty1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9jZjQ5NDYtZjVjMi00NWFhLTlhNDEtZjQ0Mjk5ODY1YTI4
LzEva29EOXllZW9aRERJNG85ZU5KNHhmN3VLSEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuamuMA0G
CSqGSIb3DQEBCwUAA4IBAQCb3ZBZoM5e8An9uUiwfph34HKqDYvGX53M4wI/KOU7
ala75FZke2xErDsjmyV6QvTB5lTFg107A/Ib74gxRzapF2NjwxcAkuznLWkkjEBZ
oj4YdYGi8StKrCGoK/Nqv9WQM2i+EQhJIjRn5yRO4KMu8qtZGijCCoWr+KSizt0U
hDj1emBxVgzD3ZvF4LB2kio45Q04oGog0TV3kfxqkOaiW7aMzYDmGQymDDpj2F8h
k3BxCqOncXQJbCDsYWWyXtVwz7LtIb5VZOhLHT5cYLz9rs/JoxbzkPJFAP6Zm59Q
bcTPICuv+FcBcTiZIkTY14Y7KQ1VNc242BBOTPFzWx6t
-----END CERTIFICATE-----