Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/027688-d39c-484a-a450-73dced39707f/1/9Bw4s7L1PZyJ0cmK8dHggvZkyc8.roa
File:                     9Bw4s7L1PZyJ0cmK8dHggvZkyc8.roa (raw, json)
Hash identifier:          k8G5zSf+pp8Di/1i1Rk8bBBXkqYoG95ba1/+ZDXAe1E=
Subject key identifier:   F4:1C:38:B3:B2:F5:3D:9C:89:D1:C9:8A:F1:D1:E0:82:F6:64:C9:CF
Certificate issuer:       /CN=9202036a43dad06b6c2cc64bde767870676f87b3
Certificate serial:       019423D73E2F803E98C9084400DA465ABA0A
Authority key identifier: 92:02:03:6A:43:DA:D0:6B:6C:2C:C6:4B:DE:76:78:70:67:6F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kgIDakPa0GtsLMZL3nZ4cGdvh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/027688-d39c-484a-a450-73dced39707f/1/9Bw4s7L1PZyJ0cmK8dHggvZkyc8.roa
Signing time:             Wed 01 Jan 2025 21:48:16 +0000
ROA not before:           Wed 01 Jan 2025 21:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29027
IP address blocks:        185.103.88.0/24 maxlen: 24
                          185.103.89.0/24 maxlen: 24
                          185.103.90.0/24 maxlen: 24
                          185.103.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/027688-d39c-484a-a450-73dced39707f/1/kgIDakPa0GtsLMZL3nZ4cGdvh7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/027688-d39c-484a-a450-73dced39707f/1/kgIDakPa0GtsLMZL3nZ4cGdvh7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kgIDakPa0GtsLMZL3nZ4cGdvh7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:3e:2f:80:3e:98:c9:08:44:00:da:46:5a:ba:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9202036a43dad06b6c2cc64bde767870676f87b3
        Validity
            Not Before: Jan  1 21:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f41c38b3b2f53d9c89d1c98af1d1e082f664c9cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:35:a0:93:e8:06:74:04:f4:73:c4:2d:3a:34:
                    8d:63:73:93:83:d2:42:10:e0:c0:8d:ca:a7:8b:ee:
                    3b:cf:5c:b0:cc:be:4c:fe:a3:09:3e:85:c4:42:f9:
                    c1:b0:6d:d2:7e:0e:b6:44:8d:01:0f:d1:9e:76:8d:
                    0a:ef:24:56:76:65:1d:30:66:b0:8e:7c:77:3a:d4:
                    15:76:cf:0e:10:bd:b3:7e:3f:63:67:ad:64:f8:d3:
                    42:4c:b5:d9:95:1b:52:84:1a:89:59:3e:47:28:73:
                    56:f2:13:ef:4c:4d:10:3e:e6:a2:31:f3:cf:8a:d1:
                    3a:be:21:c3:8e:17:23:df:a4:69:ca:aa:21:e3:ea:
                    ae:7c:3b:d9:4b:42:04:c3:6f:39:3d:a1:9d:2c:d2:
                    45:06:01:ac:00:df:3b:70:16:05:f5:96:6b:bc:43:
                    ca:92:d8:00:23:a0:ef:65:c5:eb:a9:a8:9a:bb:d9:
                    9c:05:2b:46:4d:29:76:da:74:91:2b:f9:23:fb:45:
                    60:d1:cd:dc:63:56:46:5d:d2:08:0c:cc:9e:58:c5:
                    24:f7:18:f3:43:20:f9:0e:fd:a5:f8:7d:7e:46:26:
                    2c:48:8b:88:45:b0:cb:88:00:23:01:dd:93:4e:9b:
                    f9:86:b0:61:08:6a:77:1b:21:72:40:9a:35:41:a4:
                    1a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1C:38:B3:B2:F5:3D:9C:89:D1:C9:8A:F1:D1:E0:82:F6:64:C9:CF
            X509v3 Authority Key Identifier:
                keyid:92:02:03:6A:43:DA:D0:6B:6C:2C:C6:4B:DE:76:78:70:67:6F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kgIDakPa0GtsLMZL3nZ4cGdvh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/027688-d39c-484a-a450-73dced39707f/1/9Bw4s7L1PZyJ0cmK8dHggvZkyc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/027688-d39c-484a-a450-73dced39707f/1/kgIDakPa0GtsLMZL3nZ4cGdvh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:25:c2:aa:91:b8:5e:df:d9:07:7b:e4:5f:29:0d:18:46:c3:
         17:b5:3b:8b:f4:3b:d3:e7:d3:11:dc:c7:78:ae:b0:60:1d:c5:
         46:09:f1:1c:d1:99:4d:c5:08:99:70:ee:0b:3b:90:26:1c:af:
         39:b6:4a:8c:f4:de:c4:57:99:ee:8d:74:c0:ff:2e:b1:40:c3:
         f8:7a:67:bf:1c:18:ea:e6:74:cd:de:f9:eb:36:7d:a6:7a:0e:
         72:ae:69:89:f9:6e:09:64:9d:d3:33:99:10:0c:77:c7:d9:d2:
         85:46:94:e5:82:bc:1f:70:c3:ce:d7:33:55:6b:28:82:e1:67:
         f0:95:3f:5f:d3:e3:41:b9:ad:bd:36:9e:b1:3f:98:cb:dc:ff:
         72:2c:76:4e:72:ac:67:7c:77:9d:17:14:6a:3a:15:5e:b5:8a:
         d5:cf:cc:68:cf:53:bf:3b:9c:aa:43:d0:82:60:00:44:04:ce:
         00:bb:c7:40:9c:b7:ce:70:45:dc:47:ad:dc:1b:3e:af:8b:46:
         51:80:0f:60:12:0a:52:bb:55:89:21:46:97:af:a1:47:f5:38:
         d8:92:2a:db:c0:cc:b2:4d:fc:e0:de:c2:81:88:55:f1:ad:83:
         01:ef:67:df:4c:12:3e:7f:c9:9b:a8:c9:4f:72:7a:67:a9:10:
         3d:7c:aa:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1z4vgD6YyQhEANpGWroKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMDIwMzZhNDNkYWQwNmI2YzJjYzY0YmRlNzY3ODcwNjc2
Zjg3YjMwHhcNMjUwMTAxMjE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFjMzhiM2IyZjUzZDljODlkMWM5OGFmMWQxZTA4MmY2NjRjOWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjWgk+gGdAT0c8QtOjSNY3OTg9JC
EODAjcqni+47z1ywzL5M/qMJPoXEQvnBsG3Sfg62RI0BD9Gedo0K7yRWdmUdMGaw
jnx3OtQVds8OEL2zfj9jZ61k+NNCTLXZlRtShBqJWT5HKHNW8hPvTE0QPuaiMfPP
itE6viHDjhcj36Rpyqoh4+qufDvZS0IEw285PaGdLNJFBgGsAN87cBYF9ZZrvEPK
ktgAI6DvZcXrqaiau9mcBStGTSl22nSRK/kj+0Vg0c3cY1ZGXdIIDMyeWMUk9xjz
QyD5Dv2l+H1+RiYsSIuIRbDLiAAjAd2TTpv5hrBhCGp3GyFyQJo1QaQa/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQcOLOy9T2cidHJivHR4IL2ZMnPMB8GA1UdIwQY
MBaAFJICA2pD2tBrbCzGS952eHBnb4ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2dJRGFrUGEwR3RzTE1aTDNuWjRjR2R2aDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8wMjc2ODgtZDM5Yy00ODRhLWE0NTAt
NzNkY2VkMzk3MDdmLzEvOUJ3NHM3TDFQWnlKMGNtSzhkSGdndlpreWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8wMjc2ODgtZDM5Yy00ODRhLWE0NTAtNzNkY2VkMzk3MDdm
LzEva2dJRGFrUGEwR3RzTE1aTDNuWjRjR2R2aDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWdYMA0G
CSqGSIb3DQEBCwUAA4IBAQAtJcKqkbhe39kHe+RfKQ0YRsMXtTuL9DvT59MR3Md4
rrBgHcVGCfEc0ZlNxQiZcO4LO5AmHK85tkqM9N7EV5nujXTA/y6xQMP4eme/HBjq
5nTN3vnrNn2meg5yrmmJ+W4JZJ3TM5kQDHfH2dKFRpTlgrwfcMPO1zNVayiC4Wfw
lT9f0+NBua29Np6xP5jL3P9yLHZOcqxnfHedFxRqOhVetYrVz8xoz1O/O5yqQ9CC
YABEBM4Au8dAnLfOcEXcR63cGz6vi0ZRgA9gEgpSu1WJIUaXr6FH9TjYkirbwMyy
Tfzg3sKBiFXxrYMB72ffTBI+f8mbqMlPcnpnqRA9fKrw
-----END CERTIFICATE-----