Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/9-nqsKi4Ev5jKkuKWzG_WIBo83k.roa
File:                     9-nqsKi4Ev5jKkuKWzG_WIBo83k.roa (raw, json)
Hash identifier:          SHAm2ssxR7ZkFZ7Brw788jEHfHi8MZS6JxMLuTDqDJs=
Subject key identifier:   F7:E9:EA:B0:A8:B8:12:FE:63:2A:4B:8A:5B:31:BF:58:80:68:F3:79
Certificate issuer:       /CN=af3038a717b154e1cfa47116832da26f28b2a304
Certificate serial:       019427B681D1DF34366DBEC912EF879F1E8A
Authority key identifier: AF:30:38:A7:17:B1:54:E1:CF:A4:71:16:83:2D:A2:6F:28:B2:A3:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rzA4pxexVOHPpHEWgy2ibyiyowQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/9-nqsKi4Ev5jKkuKWzG_WIBo83k.roa
Signing time:             Thu 02 Jan 2025 15:50:59 +0000
ROA not before:           Thu 02 Jan 2025 15:50:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49214
IP address blocks:        217.22.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/rzA4pxexVOHPpHEWgy2ibyiyowQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/rzA4pxexVOHPpHEWgy2ibyiyowQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rzA4pxexVOHPpHEWgy2ibyiyowQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:81:d1:df:34:36:6d:be:c9:12:ef:87:9f:1e:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af3038a717b154e1cfa47116832da26f28b2a304
        Validity
            Not Before: Jan  2 15:50:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7e9eab0a8b812fe632a4b8a5b31bf588068f379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f3:32:2c:12:a0:33:24:cf:ab:fe:2c:56:25:
                    5a:51:dc:aa:49:29:09:87:70:2f:50:b7:c2:9d:7b:
                    82:86:da:1f:80:88:64:d3:22:c7:7b:59:d0:0a:57:
                    e9:1c:7e:69:25:6d:bc:01:66:ff:69:68:cd:dc:3b:
                    37:20:75:fe:db:4e:a2:ca:a6:f9:7f:0e:43:13:8a:
                    89:3e:cf:e8:8b:77:4b:53:35:b7:e1:03:54:d7:72:
                    95:b0:9c:5a:98:6b:d7:44:ff:6a:ca:db:17:48:7e:
                    cb:dd:d8:ab:1c:7a:2d:50:a3:5f:f2:62:7e:35:20:
                    d2:ec:07:cd:ec:bf:5f:20:29:74:46:b3:0d:80:80:
                    f2:f7:87:a2:d5:fa:98:ce:78:51:06:55:de:5b:b1:
                    92:c9:58:bb:33:3d:b5:f2:e5:a7:9d:f4:e0:3d:9f:
                    e1:2b:28:df:b6:e9:cb:56:f4:20:63:40:42:08:f4:
                    5a:bb:91:a8:83:92:73:77:04:fa:21:ca:a6:8c:9b:
                    2d:52:fd:70:4f:1d:93:d7:fb:d1:5d:7b:43:8c:c1:
                    72:a8:45:e4:2b:e3:bf:c4:e8:d5:dc:08:6e:ae:d5:
                    57:0d:c7:fc:22:8c:c6:9b:9f:e3:3f:92:5d:22:a6:
                    8d:62:ef:9f:34:8e:c0:6c:9c:d7:ec:08:3a:24:c4:
                    69:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:E9:EA:B0:A8:B8:12:FE:63:2A:4B:8A:5B:31:BF:58:80:68:F3:79
            X509v3 Authority Key Identifier:
                keyid:AF:30:38:A7:17:B1:54:E1:CF:A4:71:16:83:2D:A2:6F:28:B2:A3:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rzA4pxexVOHPpHEWgy2ibyiyowQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/9-nqsKi4Ev5jKkuKWzG_WIBo83k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/6cfb78-63bc-4820-b903-860c49d0eb6a/1/rzA4pxexVOHPpHEWgy2ibyiyowQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.22.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         81:c1:c9:b8:1d:d6:47:ea:49:59:9b:8f:42:f8:ab:bc:70:2e:
         47:9b:44:93:c1:a1:63:b8:44:d4:99:6f:45:af:cf:53:68:f5:
         c2:ad:2e:d0:8a:e8:26:db:e0:40:29:86:6c:cf:c9:91:1e:1f:
         cb:f5:46:43:48:57:3b:85:32:f9:12:b6:3c:72:c9:7e:ab:2b:
         62:bf:81:b1:dc:eb:15:be:6c:cf:7d:a9:15:ad:c7:bd:44:e6:
         71:90:6a:42:4b:bd:83:a3:91:63:86:7e:de:02:41:0a:b1:c5:
         8e:1d:81:f8:21:74:35:a3:68:b2:89:27:95:63:f2:f5:c5:2a:
         19:8c:cd:06:ee:83:4d:22:a2:c5:ad:9d:99:12:3c:96:25:3c:
         1d:6e:4e:5b:ce:26:60:3f:90:10:eb:bd:15:67:f4:4e:5a:88:
         60:9e:f2:2f:ec:9f:8f:4e:76:a5:2e:11:79:fe:71:18:ee:75:
         11:fd:7e:15:00:d4:88:99:9d:c4:02:9a:c8:81:92:14:ef:94:
         76:b7:7b:15:de:76:e4:b5:97:e2:6b:70:39:1e:da:dd:ec:29:
         45:f5:89:a3:d1:38:68:fc:da:aa:81:33:08:37:8b:75:2b:65:
         c5:27:74:75:c6:06:6f:ef:eb:0c:bb:65:0e:71:c6:ce:25:22:
         6b:71:b8:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntoHR3zQ2bb7JEu+Hnx6KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMzAzOGE3MTdiMTU0ZTFjZmE0NzExNjgzMmRhMjZmMjhi
MmEzMDQwHhcNMjUwMTAyMTU1MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2U5ZWFiMGE4YjgxMmZlNjMyYTRiOGE1YjMxYmY1ODgwNjhmMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PMyLBKgMyTPq/4sViVaUdyqSSkJ
h3AvULfCnXuChtofgIhk0yLHe1nQClfpHH5pJW28AWb/aWjN3Ds3IHX+206iyqb5
fw5DE4qJPs/oi3dLUzW34QNU13KVsJxamGvXRP9qytsXSH7L3dirHHotUKNf8mJ+
NSDS7AfN7L9fICl0RrMNgIDy94ei1fqYznhRBlXeW7GSyVi7Mz218uWnnfTgPZ/h
KyjftunLVvQgY0BCCPRau5Gog5JzdwT6IcqmjJstUv1wTx2T1/vRXXtDjMFyqEXk
K+O/xOjV3AhurtVXDcf8IozGm5/jP5JdIqaNYu+fNI7AbJzX7Ag6JMRpaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfp6rCouBL+YypLilsxv1iAaPN5MB8GA1UdIwQY
MBaAFK8wOKcXsVThz6RxFoMtom8osqMEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnpBNHB4ZXhWT0hQcEhFV2d5MmlieWl5b3dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy82Y2ZiNzgtNjNiYy00ODIwLWI5MDMt
ODYwYzQ5ZDBlYjZhLzEvOS1ucXNLaTRFdjVqS2t1S1d6R19XSUJvODNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy82Y2ZiNzgtNjNiYy00ODIwLWI5MDMtODYwYzQ5ZDBlYjZh
LzEvcnpBNHB4ZXhWT0hQcEhFV2d5MmlieWl5b3dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2RYgMA0G
CSqGSIb3DQEBCwUAA4IBAQCBwcm4HdZH6klZm49C+Ku8cC5Hm0STwaFjuETUmW9F
r89TaPXCrS7Qiugm2+BAKYZsz8mRHh/L9UZDSFc7hTL5ErY8csl+qytiv4Gx3OsV
vmzPfakVrce9ROZxkGpCS72Do5Fjhn7eAkEKscWOHYH4IXQ1o2iyiSeVY/L1xSoZ
jM0G7oNNIqLFrZ2ZEjyWJTwdbk5bziZgP5AQ670VZ/ROWohgnvIv7J+PTnalLhF5
/nEY7nUR/X4VANSImZ3EAprIgZIU75R2t3sV3nbktZfia3A5Htrd7ClF9Ymj0Tho
/NqqgTMIN4t1K2XFJ3R1xgZv7+sMu2UOccbOJSJrcbhG
-----END CERTIFICATE-----