Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/EU9ZI9FwGK9Je2LIHv8oyryDbQ0.roa
File:                     EU9ZI9FwGK9Je2LIHv8oyryDbQ0.roa (raw, json)
Hash identifier:          lg1hblUtV5bfdjAsYpP/FKql2pfxKFHlS2JkI4euny0=
Subject key identifier:   11:4F:59:23:D1:70:18:AF:49:7B:62:C8:1E:FF:28:CA:BC:83:6D:0D
Certificate issuer:       /CN=0f9c77a1dcdb8eed62cd3ca80a5144dc4e243f4e
Certificate serial:       019421B19946CC85374B50BEAE82AEAD5AC1
Authority key identifier: 0F:9C:77:A1:DC:DB:8E:ED:62:CD:3C:A8:0A:51:44:DC:4E:24:3F:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/EU9ZI9FwGK9Je2LIHv8oyryDbQ0.roa
Signing time:             Wed 01 Jan 2025 11:47:54 +0000
ROA not before:           Wed 01 Jan 2025 11:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15924
IP address blocks:        195.177.230.0/24 maxlen: 24
                          195.177.231.0/24 maxlen: 24
                          195.178.104.0/24 maxlen: 24
                          195.178.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:99:46:cc:85:37:4b:50:be:ae:82:ae:ad:5a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f9c77a1dcdb8eed62cd3ca80a5144dc4e243f4e
        Validity
            Not Before: Jan  1 11:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=114f5923d17018af497b62c81eff28cabc836d0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f6:5c:c9:a8:4a:6e:d7:bc:62:2b:15:2f:5a:
                    69:ff:9b:83:b1:cc:3a:e3:00:c8:d5:31:e2:1a:4a:
                    52:2b:f8:5c:f4:0f:3d:64:ef:eb:b6:b7:24:df:0a:
                    fd:81:6e:ba:df:39:ce:6a:8b:3d:04:18:e7:91:31:
                    c6:61:74:cd:f8:1c:8b:25:b4:f5:5f:e9:1c:6d:ed:
                    b9:5d:51:4d:99:05:4a:09:94:11:92:fa:22:63:75:
                    4d:a5:a4:55:c3:18:81:a0:55:03:eb:f3:c5:98:0b:
                    72:0c:d6:06:0a:8b:74:0a:5f:0b:fb:9a:f5:e6:67:
                    60:af:a6:45:cb:51:66:8b:0a:70:4f:6e:bf:bb:7c:
                    ee:42:2e:ee:a7:ca:2d:60:ba:8b:6e:84:35:4b:df:
                    5a:73:11:0f:2b:96:a5:29:84:5a:a6:50:97:a9:c7:
                    e6:1d:bf:f6:4e:8c:8c:32:9e:ea:ff:a1:f8:96:5e:
                    f3:70:5e:ec:19:2c:e1:2d:cf:58:ab:c8:d0:45:44:
                    a8:1d:0c:a1:57:a6:83:49:7a:22:fb:73:9a:9f:7f:
                    a4:54:0f:d8:be:7b:88:0d:21:17:66:5c:69:72:a8:
                    ea:d1:08:57:7a:ed:b3:5a:f6:d2:95:18:a1:3d:b2:
                    f8:64:fc:44:9e:ea:73:bf:5c:5d:15:06:8b:6d:9e:
                    ae:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:4F:59:23:D1:70:18:AF:49:7B:62:C8:1E:FF:28:CA:BC:83:6D:0D
            X509v3 Authority Key Identifier:
                keyid:0F:9C:77:A1:DC:DB:8E:ED:62:CD:3C:A8:0A:51:44:DC:4E:24:3F:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5x3odzbju1izTyoClFE3E4kP04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/EU9ZI9FwGK9Je2LIHv8oyryDbQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/9d0e14-113b-4cba-8308-acc56977b6f4/1/D5x3odzbju1izTyoClFE3E4kP04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.177.230.0/23
                  195.178.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         be:87:07:bc:6b:9d:3e:72:01:56:9a:f4:7a:7b:d3:e6:6d:66:
         80:75:da:4a:c0:f2:75:b5:61:d9:55:12:3f:98:24:fe:57:03:
         85:aa:fc:d7:19:83:1f:26:fc:1b:bf:56:c5:79:9e:3a:33:4f:
         52:61:86:23:c6:95:13:03:dd:e0:92:fe:0b:f3:39:ba:c5:c2:
         5f:a6:94:38:29:b1:55:bc:55:21:69:90:3c:40:59:2a:0c:c0:
         b2:ce:56:35:c6:ff:e2:0e:0d:f3:df:ea:f0:19:f6:ed:33:0d:
         c6:11:90:35:4c:81:98:bc:01:72:c3:1e:35:c2:2e:58:ad:f1:
         29:01:81:59:7d:9b:29:02:29:04:6e:61:b0:a1:cb:22:2e:17:
         c2:a0:4f:f2:0b:8b:fd:5e:69:68:12:f5:91:d0:69:b8:a3:00:
         df:2f:95:bc:3a:27:e1:eb:dd:4c:0a:2d:87:80:70:fe:47:aa:
         13:a7:f4:33:a6:11:78:07:0c:76:e1:fd:df:94:ae:36:a0:66:
         c9:d7:c0:7e:5b:a0:35:3d:4d:63:8b:70:06:76:9a:3c:b4:87:
         3a:63:26:8e:4a:3b:de:03:0f:47:ad:95:29:a0:d3:8b:1a:b3:
         62:f3:2e:28:49:f4:05:5c:12:62:6e:d7:f2:60:25:9f:90:25:
         e5:6b:4b:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhsZlGzIU3S1C+roKurVrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOWM3N2ExZGNkYjhlZWQ2MmNkM2NhODBhNTE0NGRjNGUy
NDNmNGUwHhcNMjUwMTAxMTE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTRmNTkyM2QxNzAxOGFmNDk3YjYyYzgxZWZmMjhjYWJjODM2ZDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/ZcyahKbte8YisVL1pp/5uDscw6
4wDI1THiGkpSK/hc9A89ZO/rtrck3wr9gW663znOaos9BBjnkTHGYXTN+ByLJbT1
X+kcbe25XVFNmQVKCZQRkvoiY3VNpaRVwxiBoFUD6/PFmAtyDNYGCot0Cl8L+5r1
5mdgr6ZFy1FmiwpwT26/u3zuQi7up8otYLqLboQ1S99acxEPK5alKYRaplCXqcfm
Hb/2ToyMMp7q/6H4ll7zcF7sGSzhLc9Yq8jQRUSoHQyhV6aDSXoi+3Oan3+kVA/Y
vnuIDSEXZlxpcqjq0QhXeu2zWvbSlRihPbL4ZPxEnupzv1xdFQaLbZ6uJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBFPWSPRcBivSXtiyB7/KMq8g20NMB8GA1UdIwQY
MBaAFA+cd6Hc247tYs08qApRRNxOJD9OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDV4M29kemJqdTFpelR5b0NsRkUzRTRrUDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85ZDBlMTQtMTEzYi00Y2JhLTgzMDgt
YWNjNTY5NzdiNmY0LzEvRVU5Wkk5RndHSzlKZTJMSUh2OG95cnlEYlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85ZDBlMTQtMTEzYi00Y2JhLTgzMDgtYWNjNTY5NzdiNmY0
LzEvRDV4M29kemJqdTFpelR5b0NsRkUzRTRrUDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw7HmAwQB
w7JoMA0GCSqGSIb3DQEBCwUAA4IBAQC+hwe8a50+cgFWmvR6e9PmbWaAddpKwPJ1
tWHZVRI/mCT+VwOFqvzXGYMfJvwbv1bFeZ46M09SYYYjxpUTA93gkv4L8zm6xcJf
ppQ4KbFVvFUhaZA8QFkqDMCyzlY1xv/iDg3z3+rwGfbtMw3GEZA1TIGYvAFywx41
wi5YrfEpAYFZfZspAikEbmGwocsiLhfCoE/yC4v9XmloEvWR0Gm4owDfL5W8Oifh
691MCi2HgHD+R6oTp/QzphF4Bwx24f3flK42oGbJ18B+W6A1PU1ji3AGdpo8tIc6
YyaOSjveAw9HrZUpoNOLGrNi8y4oSfQFXBJibtfyYCWfkCXla0t9
-----END CERTIFICATE-----