Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9UIWvr1OfNDaGDV1NFy_9NnoTYM.roa
File:                     9UIWvr1OfNDaGDV1NFy_9NnoTYM.roa (raw, json)
Hash identifier:          tixaefTMG5hslITfoqhr1S/+epdx4nSuGQbGRhnUPxs=
Subject key identifier:   F5:42:16:BE:BD:4E:7C:D0:DA:18:35:75:34:5C:BF:F4:D9:E8:4D:83
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       01950600FE78936A95C09FBD63B9597C8143
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9UIWvr1OfNDaGDV1NFy_9NnoTYM.roa
Signing time:             Fri 14 Feb 2025 19:48:03 +0000
ROA not before:           Fri 14 Feb 2025 19:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214794
IP address blocks:        185.176.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:06:00:fe:78:93:6a:95:c0:9f:bd:63:b9:59:7c:81:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Feb 14 19:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f54216bebd4e7cd0da183575345cbff4d9e84d83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7e:48:55:12:c0:3d:61:4c:b4:4e:99:80:83:
                    73:95:0d:a8:e5:c7:22:7a:d2:ad:9e:33:d6:84:c9:
                    7d:02:c4:73:62:86:a3:e5:66:93:31:11:14:57:a6:
                    73:24:55:99:ec:84:86:79:55:ff:a3:f2:e2:d1:5f:
                    69:21:4c:27:e7:7f:c0:09:e1:65:4f:a6:7d:5e:4b:
                    72:9f:81:1d:32:2e:c1:2b:4e:11:ee:f9:c2:37:fd:
                    e5:63:db:79:b7:10:52:d2:ce:47:45:cc:ea:a0:f9:
                    8a:d3:7e:d6:80:0e:82:a4:f4:7f:00:b5:9f:be:11:
                    a0:78:8e:df:fd:dc:5d:8a:28:0a:08:71:65:0a:0c:
                    1e:41:38:e5:93:be:7f:71:ac:e8:ad:f2:81:4c:be:
                    6f:e4:7b:c0:0f:57:ff:82:2b:36:5d:15:28:91:eb:
                    68:12:0a:03:f0:12:b4:e1:11:60:24:4f:61:4e:25:
                    f7:6d:e5:59:14:55:1e:68:c5:f3:aa:5b:36:07:16:
                    7a:7d:e4:9c:57:5d:c8:e1:aa:4c:f4:2e:b8:c9:81:
                    e4:a7:2a:49:4c:b9:be:3b:42:e9:72:97:e0:f3:a8:
                    bd:e2:e7:73:9d:89:34:ee:3f:be:e6:18:c0:26:fb:
                    73:a1:ad:6b:e0:0a:b5:50:60:a8:a5:71:c9:63:b3:
                    1e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:42:16:BE:BD:4E:7C:D0:DA:18:35:75:34:5C:BF:F4:D9:E8:4D:83
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9UIWvr1OfNDaGDV1NFy_9NnoTYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:05:51:5e:2a:8b:2b:b9:60:ca:88:c2:ae:be:c8:26:52:95:
         c5:83:4d:99:e5:cb:9d:f4:11:40:44:7a:ac:29:17:97:48:3e:
         17:1b:40:d2:e0:2f:7e:9a:f7:27:b1:88:52:2c:ed:60:0d:ab:
         2c:8d:ff:7f:4e:54:f7:6b:22:4e:a0:5d:c1:d5:e0:18:77:05:
         a8:ca:f3:73:ae:8e:00:24:1c:41:da:80:23:5f:7f:c5:a1:fa:
         3e:8b:98:5b:2c:cb:d7:72:af:fc:bc:13:4b:41:81:5d:b7:2a:
         ac:d5:c6:8f:5f:0b:61:8a:ef:ab:67:b8:2c:05:c2:87:44:fd:
         36:d2:d2:3c:35:1b:40:d0:bc:b4:77:1a:d5:23:7a:e2:de:34:
         2c:60:2c:00:b9:3f:82:87:34:54:b9:5f:b6:78:c0:8c:dc:3a:
         8f:b3:08:4a:09:74:58:39:4b:4c:c4:14:6b:46:19:ea:4b:ce:
         28:35:ac:80:ac:ab:b9:0a:49:f6:1f:e8:1e:25:b1:9b:e6:84:
         5d:33:3f:5d:99:c7:a6:27:78:62:f2:e6:6b:2c:10:84:8c:4a:
         ac:24:70:c5:dd:fd:3e:40:1c:d4:1e:01:25:1c:dd:90:81:56:
         4a:df:23:fa:af:49:0d:83:e3:60:c2:a4:87:2b:82:20:9b:a9:
         1a:23:37:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUGAP54k2qVwJ+9Y7lZfIFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMjE0MTk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQyMTZiZWJkNGU3Y2QwZGExODM1NzUzNDVjYmZmNGQ5ZTg0ZDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp35IVRLAPWFMtE6ZgINzlQ2o5cci
etKtnjPWhMl9AsRzYoaj5WaTMREUV6ZzJFWZ7ISGeVX/o/Li0V9pIUwn53/ACeFl
T6Z9Xktyn4EdMi7BK04R7vnCN/3lY9t5txBS0s5HRczqoPmK037WgA6CpPR/ALWf
vhGgeI7f/dxdiigKCHFlCgweQTjlk75/cazorfKBTL5v5HvAD1f/gis2XRUoketo
EgoD8BK04RFgJE9hTiX3beVZFFUeaMXzqls2BxZ6feScV13I4apM9C64yYHkpypJ
TLm+O0Lpcpfg86i94udznYk07j++5hjAJvtzoa1r4Aq1UGCopXHJY7MeVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVCFr69TnzQ2hg1dTRcv/TZ6E2DMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOVVJV3ZyMU9mTkRhR0RWMU5GeV85Tm5vVFlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubBcMA0G
CSqGSIb3DQEBCwUAA4IBAQBmBVFeKosruWDKiMKuvsgmUpXFg02Z5cud9BFARHqs
KReXSD4XG0DS4C9+mvcnsYhSLO1gDassjf9/TlT3ayJOoF3B1eAYdwWoyvNzro4A
JBxB2oAjX3/Fofo+i5hbLMvXcq/8vBNLQYFdtyqs1caPXwthiu+rZ7gsBcKHRP02
0tI8NRtA0Ly0dxrVI3ri3jQsYCwAuT+ChzRUuV+2eMCM3DqPswhKCXRYOUtMxBRr
RhnqS84oNayArKu5Ckn2H+geJbGb5oRdMz9dmcemJ3hi8uZrLBCEjEqsJHDF3f0+
QBzUHgElHN2QgVZK3yP6r0kNg+NgwqSHK4Igm6kaIzcm
-----END CERTIFICATE-----