Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c66606-2ae8-4ada-b35b-c2e8a0303fc3/1/9yA1BkRviJoFuz4ovXK7z_9dmsQ.roa
File:                     9yA1BkRviJoFuz4ovXK7z_9dmsQ.roa (raw, json)
Hash identifier:          TmOG+5LxnyALDVOkw9CXFcKpknkNr7jhmiggKOWlYA0=
Subject key identifier:   F7:20:35:06:44:6F:88:9A:05:BB:3E:28:BD:72:BB:CF:FF:5D:9A:C4
Certificate issuer:       /CN=27b2133219989e6a32d71158d0852a516eb6f79f
Certificate serial:       019421444E75EAECCF0D4D69C00E17734B58
Authority key identifier: 27:B2:13:32:19:98:9E:6A:32:D7:11:58:D0:85:2A:51:6E:B6:F7:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J7ITMhmYnmoy1xFY0IUqUW62958.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c66606-2ae8-4ada-b35b-c2e8a0303fc3/1/9yA1BkRviJoFuz4ovXK7z_9dmsQ.roa
Signing time:             Wed 01 Jan 2025 09:48:32 +0000
ROA not before:           Wed 01 Jan 2025 09:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202675
IP address blocks:        185.17.106.0/23 maxlen: 24
                          185.56.218.0/23 maxlen: 24
                          2a02:5620::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c66606-2ae8-4ada-b35b-c2e8a0303fc3/1/J7ITMhmYnmoy1xFY0IUqUW62958.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c66606-2ae8-4ada-b35b-c2e8a0303fc3/1/J7ITMhmYnmoy1xFY0IUqUW62958.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J7ITMhmYnmoy1xFY0IUqUW62958.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4e:75:ea:ec:cf:0d:4d:69:c0:0e:17:73:4b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27b2133219989e6a32d71158d0852a516eb6f79f
        Validity
            Not Before: Jan  1 09:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7203506446f889a05bb3e28bd72bbcfff5d9ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d5:6e:16:00:6d:f1:ab:48:9e:e5:21:ac:80:
                    0e:49:08:57:93:d4:3e:12:d9:c0:fe:c8:15:0d:c7:
                    85:06:00:e0:26:93:f4:a3:8f:75:8e:e4:16:a7:5c:
                    02:55:7b:95:2f:85:f0:72:69:52:2e:27:67:3f:8a:
                    ce:62:c8:0a:42:42:0a:e2:94:84:33:23:a8:84:8f:
                    80:ba:b8:1f:64:bb:c0:3d:fb:94:85:43:2d:80:93:
                    b5:9f:07:b0:f2:c2:45:6b:53:a8:03:0f:1c:f6:cd:
                    78:2b:55:95:1a:82:77:51:53:3a:e3:fb:9f:7e:5d:
                    32:2e:80:78:72:ed:09:c1:7e:53:40:f6:c1:73:12:
                    3d:da:1d:70:de:f2:aa:51:45:86:e3:3b:f6:df:c5:
                    41:3a:2e:a6:90:f6:5e:43:8a:f3:03:97:40:4e:f9:
                    2a:92:6b:50:cb:ad:f1:84:63:63:dc:80:b1:ed:fc:
                    f7:93:08:ce:f7:4f:f6:1a:6d:44:8a:d3:6f:ff:01:
                    50:ab:42:63:a7:15:a9:a5:17:42:2f:26:5c:c1:4a:
                    af:6f:98:ee:b5:37:76:fb:9a:53:a8:6e:1b:22:07:
                    b8:01:49:41:b8:98:8e:d5:6b:2d:8a:8b:8f:f7:32:
                    e1:27:4f:27:f5:a0:c3:62:51:4f:db:20:cd:ea:09:
                    7e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:20:35:06:44:6F:88:9A:05:BB:3E:28:BD:72:BB:CF:FF:5D:9A:C4
            X509v3 Authority Key Identifier:
                keyid:27:B2:13:32:19:98:9E:6A:32:D7:11:58:D0:85:2A:51:6E:B6:F7:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J7ITMhmYnmoy1xFY0IUqUW62958.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c66606-2ae8-4ada-b35b-c2e8a0303fc3/1/9yA1BkRviJoFuz4ovXK7z_9dmsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c66606-2ae8-4ada-b35b-c2e8a0303fc3/1/J7ITMhmYnmoy1xFY0IUqUW62958.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.106.0/23
                  185.56.218.0/23
                IPv6:
                  2a02:5620::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:d8:6e:4e:81:d3:8c:5d:5f:3f:61:6a:7b:0a:37:e5:96:93:
         72:81:4c:c4:b1:66:d1:b3:d4:61:6f:e4:82:07:86:21:59:16:
         32:2d:f5:ea:83:6a:2c:c8:ba:8c:75:e3:ae:04:38:33:ce:9d:
         6b:00:25:13:65:32:78:52:3e:98:a7:7c:77:4a:a4:16:4c:0e:
         45:c9:63:f3:cb:ce:15:79:af:5b:3d:ac:21:e5:c9:a6:de:ff:
         3f:48:90:d8:bc:9c:f9:bc:e5:8a:c1:35:f0:18:33:b6:4b:d7:
         fd:3c:0e:e9:39:f4:39:20:52:4e:4d:0d:30:56:6b:dd:02:2b:
         3d:f2:2d:30:74:26:65:1a:14:50:5e:34:2f:02:e2:8d:f5:72:
         a2:3a:86:cb:42:35:8b:e8:fe:c9:51:9f:b8:14:65:ef:32:d4:
         fb:b5:a5:10:a4:dc:e5:56:6b:6f:de:ab:a4:5c:1b:eb:0c:93:
         36:ee:2b:86:c8:f6:9e:e1:89:f6:c9:1e:c8:e4:b9:85:8c:41:
         6b:bb:38:89:21:e7:66:c4:4a:01:ca:15:0c:01:42:86:b7:83:
         31:c8:5b:3f:c3:b5:5d:0d:14:a2:f2:a8:b8:61:1e:b2:da:2b:
         59:25:d4:45:82:51:b1:b5:ca:fa:9b:aa:18:5c:17:65:d9:9f:
         68:d0:ca:56
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhRE516uzPDU1pwA4Xc0tYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YjIxMzMyMTk5ODllNmEzMmQ3MTE1OGQwODUyYTUxNmVi
NmY3OWYwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzIwMzUwNjQ0NmY4ODlhMDViYjNlMjhiZDcyYmJjZmZmNWQ5YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtVuFgBt8atInuUhrIAOSQhXk9Q+
EtnA/sgVDceFBgDgJpP0o491juQWp1wCVXuVL4XwcmlSLidnP4rOYsgKQkIK4pSE
MyOohI+AurgfZLvAPfuUhUMtgJO1nwew8sJFa1OoAw8c9s14K1WVGoJ3UVM64/uf
fl0yLoB4cu0JwX5TQPbBcxI92h1w3vKqUUWG4zv238VBOi6mkPZeQ4rzA5dATvkq
kmtQy63xhGNj3ICx7fz3kwjO90/2Gm1EitNv/wFQq0JjpxWppRdCLyZcwUqvb5ju
tTd2+5pTqG4bIge4AUlBuJiO1WstiouP9zLhJ08n9aDDYlFP2yDN6gl+EQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPcgNQZEb4iaBbs+KL1yu8//XZrEMB8GA1UdIwQY
MBaAFCeyEzIZmJ5qMtcRWNCFKlFutvefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjdJVE1obVlubW95MXhGWTBJVXFVVzYyOTU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jNjY2MDYtMmFlOC00YWRhLWIzNWIt
YzJlOGEwMzAzZmMzLzEvOXlBMUJrUnZpSm9GdXo0b3ZYSzd6XzlkbXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jNjY2MDYtMmFlOC00YWRhLWIzNWItYzJlOGEwMzAzZmMz
LzEvSjdJVE1obVlubW95MXhGWTBJVXFVVzYyOTU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBuRFqAwQB
uTjaMA0EAgACMAcDBQAqAlYgMA0GCSqGSIb3DQEBCwUAA4IBAQBH2G5OgdOMXV8/
YWp7CjfllpNygUzEsWbRs9Rhb+SCB4YhWRYyLfXqg2osyLqMdeOuBDgzzp1rACUT
ZTJ4Uj6Yp3x3SqQWTA5FyWPzy84Vea9bPawh5cmm3v8/SJDYvJz5vOWKwTXwGDO2
S9f9PA7pOfQ5IFJOTQ0wVmvdAis98i0wdCZlGhRQXjQvAuKN9XKiOobLQjWL6P7J
UZ+4FGXvMtT7taUQpNzlVmtv3qukXBvrDJM27iuGyPae4Yn2yR7I5LmFjEFruziJ
IedmxEoByhUMAUKGt4MxyFs/w7VdDRSi8qi4YR6y2itZJdRFglGxtcr6m6oYXBdl
2Z9o0MpW
-----END CERTIFICATE-----