Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/c9T1Kx5A7nWBX74YKnmxrK2YxWk.roa
File:                     c9T1Kx5A7nWBX74YKnmxrK2YxWk.roa (raw, json)
Hash identifier:          z4gK4/Y9ltoru7dKh2/m8n1YWOzp0cICAUx0PffNJmo=
Subject key identifier:   73:D4:F5:2B:1E:40:EE:75:81:5F:BE:18:2A:79:B1:AC:AD:98:C5:69
Certificate issuer:       /CN=ce8d92ace08011c4d0aec8f22865715bd91a0122
Certificate serial:       0194266B4C4AF7993A295AAD8817EC05D872
Authority key identifier: CE:8D:92:AC:E0:80:11:C4:D0:AE:C8:F2:28:65:71:5B:D9:1A:01:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zo2SrOCAEcTQrsjyKGVxW9kaASI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/c9T1Kx5A7nWBX74YKnmxrK2YxWk.roa
Signing time:             Thu 02 Jan 2025 09:49:13 +0000
ROA not before:           Thu 02 Jan 2025 09:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202657
IP address blocks:        185.158.64.0/22 maxlen: 32
                          2a07:aa80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zo2SrOCAEcTQrsjyKGVxW9kaASI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4c:4a:f7:99:3a:29:5a:ad:88:17:ec:05:d8:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce8d92ace08011c4d0aec8f22865715bd91a0122
        Validity
            Not Before: Jan  2 09:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73d4f52b1e40ee75815fbe182a79b1acad98c569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c4:3c:43:4e:7c:ed:5c:32:90:24:f6:5c:99:
                    c6:ae:a3:d5:99:72:fb:b8:cf:da:90:c8:b6:4f:60:
                    9c:42:4c:b4:ed:45:93:c9:ec:7e:fa:af:9f:5b:e8:
                    3e:6e:8b:a6:1f:d2:6f:35:c6:ae:2f:b0:c9:f0:c6:
                    b1:4e:d2:00:62:ea:db:13:70:9b:4a:2a:85:8d:38:
                    ad:5b:0f:1f:af:44:20:ac:ec:6e:66:ee:9e:2d:d4:
                    b7:0e:71:6d:96:d6:f1:bd:3c:b5:3c:b2:13:19:24:
                    fb:04:03:b4:df:84:16:60:23:10:92:52:a8:f7:64:
                    87:ad:0c:eb:10:82:84:29:ef:ee:8e:f2:7a:c9:0c:
                    21:c5:0b:d4:9f:ae:15:bd:6b:7f:ac:01:17:dc:b4:
                    82:13:74:5a:5a:d5:a4:83:17:5d:97:be:02:68:b8:
                    06:d0:a1:d9:17:32:ea:b1:8d:af:21:8a:42:83:26:
                    1d:3e:57:13:fc:7b:0e:39:9b:21:ae:f7:1b:ca:2f:
                    96:60:32:b1:98:0a:87:93:53:de:0d:d6:eb:2b:8e:
                    e3:a9:d2:71:f9:00:ff:7a:54:53:59:45:cc:28:5a:
                    c4:af:d8:13:09:2a:6c:e0:58:7e:c8:e5:fb:32:e7:
                    51:93:9f:0d:42:a9:94:64:f5:83:d9:19:85:e3:f1:
                    41:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D4:F5:2B:1E:40:EE:75:81:5F:BE:18:2A:79:B1:AC:AD:98:C5:69
            X509v3 Authority Key Identifier:
                keyid:CE:8D:92:AC:E0:80:11:C4:D0:AE:C8:F2:28:65:71:5B:D9:1A:01:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zo2SrOCAEcTQrsjyKGVxW9kaASI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/c9T1Kx5A7nWBX74YKnmxrK2YxWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/143d0b-7755-4250-8a8c-545449e49f73/1/zo2SrOCAEcTQrsjyKGVxW9kaASI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.64.0/22
                IPv6:
                  2a07:aa80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:2d:b1:e9:dc:c2:ea:fe:f9:dc:32:54:44:af:5f:a0:9c:a5:
         ba:15:d9:e6:8d:51:bb:88:8a:4d:5c:18:70:46:8d:8c:87:2c:
         ae:bb:5c:e9:a8:f7:c4:09:a3:f2:dc:c5:5d:c3:97:a1:53:6e:
         8e:ea:90:ef:b0:11:4c:f7:cc:c2:ff:d3:aa:37:4a:15:da:96:
         fa:55:ca:73:a2:9c:cf:f9:6d:61:bb:ad:9c:d1:4d:a4:46:1b:
         1b:59:67:5e:dc:38:d3:5d:5d:17:17:fe:36:5c:94:62:4b:be:
         19:d2:b5:c3:27:15:e8:5c:ca:b6:e4:3f:bb:8e:8f:c3:3d:70:
         7c:d1:f2:09:53:39:3e:7a:71:de:ec:ad:30:40:92:61:db:ac:
         f8:d7:99:12:da:be:e7:b3:ec:25:d7:ec:86:51:d9:d1:3d:87:
         3f:42:0d:d6:12:ac:2a:d0:55:d7:0a:a3:f1:74:78:e3:a2:43:
         31:ae:38:a8:91:32:20:42:dc:df:80:76:33:1a:56:85:e5:ac:
         13:5c:36:51:57:67:79:30:4d:b5:ff:1d:7a:24:c6:c3:ed:e2:
         5f:e9:54:8c:0e:6e:97:de:17:47:20:c8:92:26:3e:06:fb:b8:
         37:f2:62:d3:a4:6f:18:c2:9f:70:aa:80:0c:9b:d4:82:1d:df:
         03:4e:2c:10
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma0xK95k6KVqtiBfsBdhyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOGQ5MmFjZTA4MDExYzRkMGFlYzhmMjI4NjU3MTViZDkx
YTAxMjIwHhcNMjUwMTAyMDk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2Q0ZjUyYjFlNDBlZTc1ODE1ZmJlMTgyYTc5YjFhY2FkOThjNTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcQ8Q0587VwykCT2XJnGrqPVmXL7
uM/akMi2T2CcQky07UWTyex++q+fW+g+boumH9JvNcauL7DJ8MaxTtIAYurbE3Cb
SiqFjTitWw8fr0QgrOxuZu6eLdS3DnFtltbxvTy1PLITGST7BAO034QWYCMQklKo
92SHrQzrEIKEKe/ujvJ6yQwhxQvUn64VvWt/rAEX3LSCE3RaWtWkgxddl74CaLgG
0KHZFzLqsY2vIYpCgyYdPlcT/HsOOZshrvcbyi+WYDKxmAqHk1PeDdbrK47jqdJx
+QD/elRTWUXMKFrEr9gTCSps4Fh+yOX7MudRk58NQqmUZPWD2RmF4/FBcwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHPU9SseQO51gV++GCp5saytmMVpMB8GA1UdIwQY
MBaAFM6NkqzggBHE0K7I8ihlcVvZGgEiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem8yU3JPQ0FFY1RRcnNqeUtHVnhXOWthQVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8xNDNkMGItNzc1NS00MjUwLThhOGMt
NTQ1NDQ5ZTQ5ZjczLzEvYzlUMUt4NUE3bldCWDc0WUtubXhySzJZeFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8xNDNkMGItNzc1NS00MjUwLThhOGMtNTQ1NDQ5ZTQ5Zjcz
LzEvem8yU3JPQ0FFY1RRcnNqeUtHVnhXOWthQVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ5AMA0E
AgACMAcDBQMqB6qAMA0GCSqGSIb3DQEBCwUAA4IBAQCgLbHp3MLq/vncMlREr1+g
nKW6FdnmjVG7iIpNXBhwRo2Mhyyuu1zpqPfECaPy3MVdw5ehU26O6pDvsBFM98zC
/9OqN0oV2pb6VcpzopzP+W1hu62c0U2kRhsbWWde3DjTXV0XF/42XJRiS74Z0rXD
JxXoXMq25D+7jo/DPXB80fIJUzk+enHe7K0wQJJh26z415kS2r7ns+wl1+yGUdnR
PYc/Qg3WEqwq0FXXCqPxdHjjokMxrjiokTIgQtzfgHYzGlaF5awTXDZRV2d5ME21
/x16JMbD7eJf6VSMDm6X3hdHIMiSJj4G+7g38mLTpG8Ywp9wqoAMm9SCHd8DTiwQ
-----END CERTIFICATE-----