Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/9V4SmqCE6G3meEVbNDEJw-a-tnM.roa
File:                     9V4SmqCE6G3meEVbNDEJw-a-tnM.roa (raw, json)
Hash identifier:          ctCr6DFTt9tJAVlbJj9VYTF14MWfZ7Vz58c3aychzao=
Subject key identifier:   F5:5E:12:9A:A0:84:E8:6D:E6:78:45:5B:34:31:09:C3:E6:BE:B6:73
Certificate issuer:       /CN=3ed79628b5a60ff1489f473be12d6cefdee135e6
Certificate serial:       019425FDA4CCB73ED264F62359C30D510CB8
Authority key identifier: 3E:D7:96:28:B5:A6:0F:F1:48:9F:47:3B:E1:2D:6C:EF:DE:E1:35:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/9V4SmqCE6G3meEVbNDEJw-a-tnM.roa
Signing time:             Thu 02 Jan 2025 07:49:27 +0000
ROA not before:           Thu 02 Jan 2025 07:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57514
IP address blocks:        185.225.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 01:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a4:cc:b7:3e:d2:64:f6:23:59:c3:0d:51:0c:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ed79628b5a60ff1489f473be12d6cefdee135e6
        Validity
            Not Before: Jan  2 07:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f55e129aa084e86de678455b343109c3e6beb673
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:86:42:3b:2b:92:7d:58:c5:f4:cb:36:79:bb:
                    4c:15:39:d2:75:8e:30:d4:0e:cc:3f:fc:e3:ea:df:
                    7b:0f:ed:56:de:d7:c6:bb:ad:e5:ff:da:0a:ee:2a:
                    f1:a1:23:5a:5b:a1:cd:4d:eb:d3:be:d0:a7:2a:40:
                    a3:83:3b:6f:c3:80:cf:2f:f3:67:29:de:4f:b3:7e:
                    58:45:48:2d:d2:cc:54:cd:9d:65:c9:89:ba:6a:15:
                    00:ae:5f:16:d1:5c:43:80:aa:3f:80:ce:ff:51:94:
                    b9:f4:07:13:3a:da:b4:42:4d:ea:25:ad:9f:1f:bf:
                    d1:31:1b:f3:b2:9d:6b:41:63:80:c1:60:8c:47:e2:
                    2f:74:96:9e:a1:06:bf:de:a7:76:0f:08:b1:85:3b:
                    67:2e:be:61:61:24:1d:e2:3b:62:9c:1e:30:6d:92:
                    c5:35:f3:30:4a:65:91:97:0f:fd:42:ac:7f:52:9e:
                    8b:a3:62:06:86:f6:5f:a0:b5:ef:17:e0:b1:c3:01:
                    fa:9d:b3:23:c4:e6:7f:29:8f:7f:31:44:e4:f4:7f:
                    4f:1a:82:04:e5:38:2a:55:1a:d8:a9:59:2a:32:21:
                    3d:da:d2:ec:29:f2:b3:ac:76:a1:d8:2b:86:89:40:
                    f7:d3:aa:b3:45:8e:56:19:a8:30:64:a1:31:49:29:
                    93:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:5E:12:9A:A0:84:E8:6D:E6:78:45:5B:34:31:09:C3:E6:BE:B6:73
            X509v3 Authority Key Identifier:
                keyid:3E:D7:96:28:B5:A6:0F:F1:48:9F:47:3B:E1:2D:6C:EF:DE:E1:35:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/9V4SmqCE6G3meEVbNDEJw-a-tnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:55:89:62:ec:20:d2:f1:0f:8c:60:7a:6a:8b:b4:a5:e8:a8:
         14:34:39:66:2e:e1:7d:46:6b:86:e9:f5:ae:3b:74:b9:09:71:
         19:3b:d9:f8:73:62:d0:b7:0b:13:aa:a0:fc:65:9b:ca:c0:b1:
         d5:83:d3:c5:cb:ca:ec:9a:ac:ef:96:13:88:94:99:b1:51:6d:
         35:b0:6d:92:15:ac:eb:0d:df:27:82:6b:16:53:1f:fd:0f:0e:
         dd:75:f8:55:73:99:94:70:53:71:e7:ec:c1:eb:3e:85:87:bd:
         d2:8d:d2:10:c9:0a:1b:f4:03:3e:89:cc:33:b5:7c:d2:b1:9d:
         a9:4f:e8:90:94:af:36:e0:11:ed:eb:f2:0f:1e:83:ac:8b:28:
         4c:81:22:cc:0f:c4:9d:78:fb:72:d0:25:ec:29:6a:b8:b7:c9:
         e1:55:b0:5b:d0:5b:69:41:49:7c:d9:1a:13:3a:6f:2d:0f:ed:
         c0:a7:73:d1:8a:69:47:3a:4b:bf:51:4e:8b:ff:ff:b9:16:6b:
         98:f3:fb:8e:03:85:d1:be:8a:e6:75:f4:68:0a:b1:49:b9:1e:
         a8:86:ca:ad:f7:f7:46:50:e3:44:ee:cb:8b:f3:b2:c1:7f:7d:
         8e:15:bb:65:87:f0:a4:61:0c:ac:be:0c:82:ff:8b:cb:5a:cc:
         76:b5:bd:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/aTMtz7SZPYjWcMNUQy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZDc5NjI4YjVhNjBmZjE0ODlmNDczYmUxMmQ2Y2VmZGVl
MTM1ZTYwHhcNMjUwMTAyMDc0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTVlMTI5YWEwODRlODZkZTY3ODQ1NWIzNDMxMDljM2U2YmViNjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4ZCOyuSfVjF9Ms2ebtMFTnSdY4w
1A7MP/zj6t97D+1W3tfGu63l/9oK7irxoSNaW6HNTevTvtCnKkCjgztvw4DPL/Nn
Kd5Ps35YRUgt0sxUzZ1lyYm6ahUArl8W0VxDgKo/gM7/UZS59AcTOtq0Qk3qJa2f
H7/RMRvzsp1rQWOAwWCMR+IvdJaeoQa/3qd2DwixhTtnLr5hYSQd4jtinB4wbZLF
NfMwSmWRlw/9Qqx/Up6Lo2IGhvZfoLXvF+CxwwH6nbMjxOZ/KY9/MUTk9H9PGoIE
5TgqVRrYqVkqMiE92tLsKfKzrHah2CuGiUD306qzRY5WGagwZKExSSmTTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVeEpqghOht5nhFWzQxCcPmvrZzMB8GA1UdIwQY
MBaAFD7Xlii1pg/xSJ9HO+EtbO/e4TXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHRlV0tMV21EX0ZJbjBjNzRTMXM3OTdoTmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC83ODgxZDAtOTQzYi00YWI1LWFkM2Mt
MjY4NDQyYmQ3OTk5LzEvOVY0U21xQ0U2RzNtZUVWYk5ERUp3LWEtdG5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC83ODgxZDAtOTQzYi00YWI1LWFkM2MtMjY4NDQyYmQ3OTk5
LzEvUHRlV0tMV21EX0ZJbjBjNzRTMXM3OTdoTmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueFMMA0G
CSqGSIb3DQEBCwUAA4IBAQCoVYli7CDS8Q+MYHpqi7Sl6KgUNDlmLuF9RmuG6fWu
O3S5CXEZO9n4c2LQtwsTqqD8ZZvKwLHVg9PFy8rsmqzvlhOIlJmxUW01sG2SFazr
Dd8ngmsWUx/9Dw7ddfhVc5mUcFNx5+zB6z6Fh73SjdIQyQob9AM+icwztXzSsZ2p
T+iQlK824BHt6/IPHoOsiyhMgSLMD8SdePty0CXsKWq4t8nhVbBb0FtpQUl82RoT
Om8tD+3Ap3PRimlHOku/UU6L//+5FmuY8/uOA4XRvormdfRoCrFJuR6ohsqt9/dG
UONE7suL87LBf32OFbtlh/CkYQysvgyC/4vLWsx2tb1o
-----END CERTIFICATE-----