Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/E9yjq7sNmTyPb-NC6kzqBRLzrkw.roa
File:                     E9yjq7sNmTyPb-NC6kzqBRLzrkw.roa (raw, json)
Hash identifier:          Fv8DNDjTn+xqZTnmPhsaO+M3G5osAwVvGy2YaFQtoP4=
Subject key identifier:   13:DC:A3:AB:BB:0D:99:3C:8F:6F:E3:42:EA:4C:EA:05:12:F3:AE:4C
Certificate issuer:       /CN=9bd6c860342cc799c28074f699768a8ecbdaa52e
Certificate serial:       01942444E0F07449B77040AA6C4E87BD2D7C
Authority key identifier: 9B:D6:C8:60:34:2C:C7:99:C2:80:74:F6:99:76:8A:8E:CB:DA:A5:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9bIYDQsx5nCgHT2mXaKjsvapS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/E9yjq7sNmTyPb-NC6kzqBRLzrkw.roa
Signing time:             Wed 01 Jan 2025 23:48:01 +0000
ROA not before:           Wed 01 Jan 2025 23:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56642
IP address blocks:        92.118.152.0/23 maxlen: 23
                          92.118.154.0/23 maxlen: 23
                          185.155.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/m9bIYDQsx5nCgHT2mXaKjsvapS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/m9bIYDQsx5nCgHT2mXaKjsvapS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9bIYDQsx5nCgHT2mXaKjsvapS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:e0:f0:74:49:b7:70:40:aa:6c:4e:87:bd:2d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd6c860342cc799c28074f699768a8ecbdaa52e
        Validity
            Not Before: Jan  1 23:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13dca3abbb0d993c8f6fe342ea4cea0512f3ae4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:68:50:3a:3b:77:8f:5e:3a:4f:c0:94:17:e6:
                    bc:f5:f4:14:61:75:aa:f4:33:c8:27:ad:9e:65:c4:
                    c7:b3:98:a2:78:a7:08:f7:51:bb:1c:ef:ce:27:48:
                    c9:df:21:91:57:5e:3f:07:76:92:af:69:52:5f:43:
                    b0:ff:cb:5e:0d:c2:e6:96:fa:26:e8:d0:94:12:fa:
                    04:98:62:3d:fa:be:21:f8:ba:76:c2:3d:17:47:22:
                    07:01:af:82:5e:55:00:eb:12:8f:58:0e:2d:d2:c1:
                    7d:da:43:35:8c:ee:41:de:cc:46:46:63:61:27:4c:
                    26:97:e2:3a:12:67:2e:88:da:d8:db:ab:10:ec:3b:
                    09:78:4e:27:5d:70:e5:3a:bb:19:92:61:11:3f:5a:
                    e2:1b:96:f1:41:bf:d0:71:bb:14:30:2c:f6:29:86:
                    72:80:7f:ae:6d:95:1c:79:fb:63:44:6e:4a:c4:6e:
                    41:b5:e5:6b:a2:76:f7:76:9f:41:e0:81:c8:bb:ff:
                    83:6b:46:49:47:ab:5f:5e:48:55:49:70:cb:91:fd:
                    e7:65:fb:ab:3d:ea:91:5f:13:06:ab:0e:c7:49:44:
                    a0:70:a1:af:e4:7f:40:1f:0b:d8:07:43:af:7b:30:
                    24:61:19:c8:75:20:b7:e6:f6:23:02:6d:c8:9e:4c:
                    12:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:DC:A3:AB:BB:0D:99:3C:8F:6F:E3:42:EA:4C:EA:05:12:F3:AE:4C
            X509v3 Authority Key Identifier:
                keyid:9B:D6:C8:60:34:2C:C7:99:C2:80:74:F6:99:76:8A:8E:CB:DA:A5:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9bIYDQsx5nCgHT2mXaKjsvapS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/E9yjq7sNmTyPb-NC6kzqBRLzrkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/afa69d-e143-4bf7-b743-42e3ef4f8b91/1/m9bIYDQsx5nCgHT2mXaKjsvapS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.152.0/22
                  185.155.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:8a:0f:93:1d:1d:1b:f8:2a:13:49:e7:9a:0c:40:cc:cb:a3:
         82:f7:3f:97:ce:86:4c:bb:29:bc:7b:af:ac:a1:aa:c5:0b:57:
         9e:9f:22:af:0a:03:84:c5:d7:76:7d:db:34:e0:ce:9a:6b:df:
         6c:df:72:d2:3c:d4:56:67:90:25:45:74:4a:e2:56:47:a1:ae:
         10:92:ea:66:18:c4:d4:bd:17:55:2d:28:10:13:f7:97:60:d7:
         4b:f6:cb:ce:6e:b5:b4:47:0a:81:d4:0e:66:00:c0:da:c1:04:
         5e:f9:73:92:18:20:a3:1f:cf:39:98:60:f4:9a:cd:fa:cc:44:
         f1:47:88:ce:1d:8f:e8:f8:f4:28:6c:eb:db:12:16:d1:4c:70:
         e2:d4:ff:b1:f2:35:99:ed:a5:43:64:0a:e4:ba:43:af:f7:3b:
         56:b8:c6:9f:1f:3b:33:9a:94:e0:8c:c3:43:76:9a:c7:3a:04:
         67:f0:54:90:18:27:bd:ef:2d:68:60:95:17:d3:27:19:a5:d4:
         c8:d3:6f:9b:51:13:8d:dd:f3:5f:3b:4d:84:fa:b7:ac:33:24:
         95:e5:f1:44:f5:ca:da:94:ce:d0:b4:48:b2:6f:8a:2c:1b:79:
         01:b5:a9:df:34:e2:75:d3:a8:5f:c0:75:33:7e:f9:e0:1f:04:
         18:5f:52:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRODwdEm3cECqbE6HvS18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZDZjODYwMzQyY2M3OTljMjgwNzRmNjk5NzY4YThlY2Jk
YWE1MmUwHhcNMjUwMTAxMjM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2RjYTNhYmJiMGQ5OTNjOGY2ZmUzNDJlYTRjZWEwNTEyZjNhZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWhQOjt3j146T8CUF+a89fQUYXWq
9DPIJ62eZcTHs5iieKcI91G7HO/OJ0jJ3yGRV14/B3aSr2lSX0Ow/8teDcLmlvom
6NCUEvoEmGI9+r4h+Lp2wj0XRyIHAa+CXlUA6xKPWA4t0sF92kM1jO5B3sxGRmNh
J0wml+I6EmcuiNrY26sQ7DsJeE4nXXDlOrsZkmERP1riG5bxQb/QcbsUMCz2KYZy
gH+ubZUceftjRG5KxG5BteVronb3dp9B4IHIu/+Da0ZJR6tfXkhVSXDLkf3nZfur
PeqRXxMGqw7HSUSgcKGv5H9AHwvYB0OvezAkYRnIdSC35vYjAm3InkwSVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBPco6u7DZk8j2/jQupM6gUS865MMB8GA1UdIwQY
MBaAFJvWyGA0LMeZwoB09pl2io7L2qUuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTliSVlEUXN4NW5DZ0hUMm1YYUtqc3ZhcFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hZmE2OWQtZTE0My00YmY3LWI3NDMt
NDJlM2VmNGY4YjkxLzEvRTl5anE3c05tVHlQYi1OQzZrenFCUkx6cmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hZmE2OWQtZTE0My00YmY3LWI3NDMtNDJlM2VmNGY4Yjkx
LzEvbTliSVlEUXN4NW5DZ0hUMm1YYUtqc3ZhcFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCXHaYAwQC
uZv4MA0GCSqGSIb3DQEBCwUAA4IBAQBzig+THR0b+CoTSeeaDEDMy6OC9z+XzoZM
uym8e6+soarFC1eenyKvCgOExdd2fds04M6aa99s33LSPNRWZ5AlRXRK4lZHoa4Q
kupmGMTUvRdVLSgQE/eXYNdL9svObrW0RwqB1A5mAMDawQRe+XOSGCCjH885mGD0
ms36zETxR4jOHY/o+PQobOvbEhbRTHDi1P+x8jWZ7aVDZArkukOv9ztWuMafHzsz
mpTgjMNDdprHOgRn8FSQGCe97y1oYJUX0ycZpdTI02+bURON3fNfO02E+resMySV
5fFE9cralM7QtEiyb4osG3kBtanfNOJ106hfwHUzfvngHwQYX1Kn
-----END CERTIFICATE-----