Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/csdHd_e7Tx65D2MBS9ZtbLUxU90.roa
File:                     csdHd_e7Tx65D2MBS9ZtbLUxU90.roa (raw, json)
Hash identifier:          fNuNtwuPS3v94+W5VQY9K+dMsKggefc0dwxaWQUAwyY=
Subject key identifier:   72:C7:47:77:F7:BB:4F:1E:B9:0F:63:01:4B:D6:6D:6C:B5:31:53:DD
Certificate issuer:       /CN=adfd90cb35742f9e581e8cbdf0e3e123a849c830
Certificate serial:       019420684FFBA03F886B0E99346B18977867
Authority key identifier: AD:FD:90:CB:35:74:2F:9E:58:1E:8C:BD:F0:E3:E1:23:A8:49:C8:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rf2QyzV0L55YHoy98OPhI6hJyDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/csdHd_e7Tx65D2MBS9ZtbLUxU90.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        193.26.9.0/24 maxlen: 24
                          2001:678:d24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/rf2QyzV0L55YHoy98OPhI6hJyDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/rf2QyzV0L55YHoy98OPhI6hJyDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rf2QyzV0L55YHoy98OPhI6hJyDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4f:fb:a0:3f:88:6b:0e:99:34:6b:18:97:78:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adfd90cb35742f9e581e8cbdf0e3e123a849c830
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72c74777f7bb4f1eb90f63014bd66d6cb53153dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f9:9d:59:11:ce:8c:e1:57:4b:58:bf:27:71:
                    b0:57:9b:57:f4:41:8f:b0:d5:9a:be:5f:f9:6f:7a:
                    66:8a:46:7b:52:11:8b:e4:8b:57:a9:0f:8c:69:e3:
                    7c:c2:9b:93:d2:5d:17:04:7b:ab:3b:9b:f2:68:1c:
                    f0:7d:b5:85:c8:bc:e4:60:14:32:78:72:61:d7:fa:
                    52:71:76:42:70:13:5b:40:ff:f8:6d:c4:3a:bb:ab:
                    1c:4f:ef:37:94:cc:27:e0:ae:ca:86:36:53:2c:f8:
                    57:c8:3f:97:fd:41:30:91:4e:36:68:d2:e0:d1:5a:
                    37:e3:cc:3f:88:3f:a9:4f:e1:7f:5a:9c:0c:3c:2e:
                    cd:8d:41:68:8b:8f:67:0c:a0:e1:eb:d4:33:41:32:
                    5a:1b:a1:ab:7b:b1:03:2b:d8:4e:7f:b7:bb:d2:5b:
                    45:5c:ca:68:40:d8:fa:a1:1d:1d:1d:a0:5f:44:b2:
                    c3:e1:10:40:c9:cf:95:c4:68:9b:8c:42:68:e7:ea:
                    82:5d:8f:10:fc:c5:4e:8f:ce:6c:6a:7f:40:53:c2:
                    59:9a:10:c2:d3:09:01:e4:df:63:5c:3b:26:73:26:
                    61:38:df:51:e5:c3:69:b1:71:00:10:8a:50:6e:2a:
                    dc:e3:f5:9c:ab:50:cc:ff:60:50:3a:8f:ad:52:43:
                    7b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C7:47:77:F7:BB:4F:1E:B9:0F:63:01:4B:D6:6D:6C:B5:31:53:DD
            X509v3 Authority Key Identifier:
                keyid:AD:FD:90:CB:35:74:2F:9E:58:1E:8C:BD:F0:E3:E1:23:A8:49:C8:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rf2QyzV0L55YHoy98OPhI6hJyDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/csdHd_e7Tx65D2MBS9ZtbLUxU90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/7e224d-f154-4f75-a2a8-eb7ec4d7dca8/1/rf2QyzV0L55YHoy98OPhI6hJyDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.9.0/24
                IPv6:
                  2001:678:d24::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:f3:32:af:df:55:f8:3a:ee:ab:02:d2:a7:36:7a:7d:4b:48:
         5f:37:48:62:59:e5:bc:49:aa:1a:5c:40:f3:a1:6f:3b:03:99:
         52:cc:32:5f:ed:7f:66:56:c0:18:d3:3c:2b:d6:35:8b:9d:25:
         a2:5c:14:8d:d5:61:68:c8:43:50:17:e8:0d:1f:9f:47:12:eb:
         7a:20:55:f2:9b:6c:ce:e4:04:b4:ce:4c:4a:e8:fb:5c:48:18:
         c8:35:ca:a1:ad:a2:07:fd:1f:45:9d:cf:8c:cd:57:f6:33:40:
         6a:f0:eb:59:bc:4a:9d:8c:21:73:71:aa:c2:5d:4e:08:03:41:
         c1:cf:56:89:26:4a:44:8e:42:bd:18:6b:72:00:fe:74:14:6f:
         de:2b:0e:53:89:af:21:e1:c3:e0:2f:3d:72:b8:04:ac:1c:68:
         1a:0c:11:47:77:43:e0:f4:c5:89:46:27:20:d2:fe:e3:78:32:
         d8:fc:82:8b:4d:57:f8:04:cc:d9:21:29:d9:5b:2e:f0:e0:60:
         ea:1b:d7:f6:80:3e:67:e8:85:1c:c6:83:d6:c3:11:e6:2b:c6:
         e5:08:8a:03:09:30:28:4f:2e:1a:98:67:7f:62:ff:bd:e0:00:
         07:c8:21:eb:9f:7b:fe:d7:59:23:bd:72:99:ad:2e:91:41:a9:
         27:99:55:0c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQgaE/7oD+Iaw6ZNGsYl3hnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZmQ5MGNiMzU3NDJmOWU1ODFlOGNiZGYwZTNlMTIzYTg0
OWM4MzAwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmM3NDc3N2Y3YmI0ZjFlYjkwZjYzMDE0YmQ2NmQ2Y2I1MzE1M2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfmdWRHOjOFXS1i/J3GwV5tX9EGP
sNWavl/5b3pmikZ7UhGL5ItXqQ+MaeN8wpuT0l0XBHurO5vyaBzwfbWFyLzkYBQy
eHJh1/pScXZCcBNbQP/4bcQ6u6scT+83lMwn4K7KhjZTLPhXyD+X/UEwkU42aNLg
0Vo348w/iD+pT+F/WpwMPC7NjUFoi49nDKDh69QzQTJaG6Gre7EDK9hOf7e70ltF
XMpoQNj6oR0dHaBfRLLD4RBAyc+VxGibjEJo5+qCXY8Q/MVOj85san9AU8JZmhDC
0wkB5N9jXDsmcyZhON9R5cNpsXEAEIpQbirc4/Wcq1DM/2BQOo+tUkN7MQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHLHR3f3u08euQ9jAUvWbWy1MVPdMB8GA1UdIwQY
MBaAFK39kMs1dC+eWB6MvfDj4SOoScgwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmYyUXl6VjBMNTVZSG95OThPUGhJNmhKeURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi83ZTIyNGQtZjE1NC00Zjc1LWEyYTgt
ZWI3ZWM0ZDdkY2E4LzEvY3NkSGRfZTdUeDY1RDJNQlM5WnRiTFV4VTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi83ZTIyNGQtZjE1NC00Zjc1LWEyYTgtZWI3ZWM0ZDdkY2E4
LzEvcmYyUXl6VjBMNTVZSG95OThPUGhJNmhKeURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwRoJMA8E
AgACMAkDBwAgAQZ4DSQwDQYJKoZIhvcNAQELBQADggEBAA3zMq/fVfg67qsC0qc2
en1LSF83SGJZ5bxJqhpcQPOhbzsDmVLMMl/tf2ZWwBjTPCvWNYudJaJcFI3VYWjI
Q1AX6A0fn0cS63ogVfKbbM7kBLTOTEro+1xIGMg1yqGtogf9H0Wdz4zNV/YzQGrw
61m8Sp2MIXNxqsJdTggDQcHPVokmSkSOQr0Ya3IA/nQUb94rDlOJryHhw+AvPXK4
BKwcaBoMEUd3Q+D0xYlGJyDS/uN4Mtj8gotNV/gEzNkhKdlbLvDgYOob1/aAPmfo
hRzGg9bDEeYrxuUIigMJMChPLhqYZ39i/73gAAfIIeufe/7XWSO9cpmtLpFBqSeZ
VQw=
-----END CERTIFICATE-----