Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/G3AgkSKzlQVVbdRD6eEypeJ5E5M.roa
File:                     G3AgkSKzlQVVbdRD6eEypeJ5E5M.roa (raw, json)
Hash identifier:          31Wbft135lAj6RvQzASMjBguHP4eX2M1a4vm+r9VPa8=
Subject key identifier:   1B:70:20:91:22:B3:95:05:55:6D:D4:43:E9:E1:32:A5:E2:79:13:93
Certificate issuer:       /CN=eecc4cf37241ced1467c918aa276d388b0a82ed5
Certificate serial:       019424B3779F53D87D52E1A9F8D9ED3322A8
Authority key identifier: EE:CC:4C:F3:72:41:CE:D1:46:7C:91:8A:A2:76:D3:88:B0:A8:2E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7sxM83JBztFGfJGKonbTiLCoLtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/G3AgkSKzlQVVbdRD6eEypeJ5E5M.roa
Signing time:             Thu 02 Jan 2025 01:48:48 +0000
ROA not before:           Thu 02 Jan 2025 01:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35489
IP address blocks:        93.93.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/7sxM83JBztFGfJGKonbTiLCoLtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/7sxM83JBztFGfJGKonbTiLCoLtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7sxM83JBztFGfJGKonbTiLCoLtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:77:9f:53:d8:7d:52:e1:a9:f8:d9:ed:33:22:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eecc4cf37241ced1467c918aa276d388b0a82ed5
        Validity
            Not Before: Jan  2 01:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b70209122b39505556dd443e9e132a5e2791393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d0:16:91:76:da:21:da:5f:f5:4a:8f:b5:ad:
                    b1:bf:42:11:9f:9a:90:75:b0:30:a5:90:6e:c1:a2:
                    69:ec:ea:1b:45:10:0a:33:cf:38:a9:12:ba:dd:0a:
                    c5:77:48:dd:bd:ba:73:9d:7e:f3:a5:63:0d:d3:35:
                    ed:7d:4b:36:7c:db:ea:39:a2:d2:cd:32:ba:70:91:
                    06:26:9b:13:e2:69:75:b8:5e:9a:8d:e4:a4:4e:a9:
                    28:01:b8:bd:2e:67:98:f1:62:da:5f:13:b6:2a:fe:
                    41:cf:c9:94:2c:f8:99:67:ff:73:9b:3e:8d:f5:50:
                    08:ac:88:bb:44:42:f2:5f:21:46:34:96:93:e0:1e:
                    f7:bd:fe:fa:70:88:0f:28:31:33:22:d0:70:ce:74:
                    10:0e:95:78:a2:03:3e:99:96:8b:d3:b4:c7:05:7d:
                    47:91:8f:f4:4a:f6:32:bf:ff:80:a2:dd:40:92:f5:
                    35:62:48:d2:d0:db:bb:0e:aa:b9:92:13:a4:59:bc:
                    38:52:86:a4:fb:78:23:3f:71:f3:15:b6:55:0f:22:
                    12:b2:84:3d:93:79:1b:4d:fc:1c:58:83:ca:c3:d9:
                    fa:55:b3:0a:36:65:e2:fc:ad:4b:6f:be:b7:68:68:
                    7d:ef:a6:36:87:4b:bd:18:68:f1:73:f0:eb:fd:86:
                    9c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:70:20:91:22:B3:95:05:55:6D:D4:43:E9:E1:32:A5:E2:79:13:93
            X509v3 Authority Key Identifier:
                keyid:EE:CC:4C:F3:72:41:CE:D1:46:7C:91:8A:A2:76:D3:88:B0:A8:2E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7sxM83JBztFGfJGKonbTiLCoLtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/G3AgkSKzlQVVbdRD6eEypeJ5E5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/cf7d93-a076-49ff-9baf-5a37af43904c/1/7sxM83JBztFGfJGKonbTiLCoLtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.93.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:23:0d:b1:2d:1d:a8:36:9d:3b:b1:d2:60:36:e0:89:a2:5f:
         82:d8:38:90:19:a5:c2:bb:a5:35:58:02:c3:33:ad:82:89:b4:
         79:77:ff:aa:b1:1a:b8:8d:ce:e8:cf:10:83:e7:4f:c9:ca:1f:
         03:a3:d0:c7:6d:b4:49:23:71:cf:53:bd:9b:58:ad:c7:24:d9:
         17:ac:1d:5a:1d:fe:ef:75:c9:57:67:59:f8:c1:98:82:47:92:
         b1:8e:db:a0:13:c2:10:b0:d1:17:83:64:3a:c1:83:e2:0b:ae:
         01:e2:c2:b5:a1:8a:55:82:b7:58:f0:fa:45:45:9b:e9:70:45:
         c1:63:ed:44:9b:f0:e0:74:38:ff:9d:20:80:84:e7:ed:28:09:
         f0:05:99:21:d0:06:54:ef:db:80:51:42:20:f0:73:9f:13:85:
         54:98:41:d7:e0:1e:7f:d5:58:45:7f:8c:97:ff:d7:c1:51:bb:
         fd:d7:5d:99:c9:f7:05:98:2f:ae:86:04:6d:28:30:71:57:13:
         5b:f0:63:d5:29:b3:08:76:d3:91:0a:15:51:04:98:14:d2:cf:
         da:bb:9a:c5:bc:d9:ca:19:fc:72:bc:d9:08:2b:cf:9a:73:ba:
         fc:9c:71:dc:19:9c:71:08:4e:1b:0f:99:2e:ef:fe:63:e1:06:
         9c:eb:b1:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks3efU9h9UuGp+NntMyKoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlY2M0Y2YzNzI0MWNlZDE0NjdjOTE4YWEyNzZkMzg4YjBh
ODJlZDUwHhcNMjUwMTAyMDE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjcwMjA5MTIyYjM5NTA1NTU2ZGQ0NDNlOWUxMzJhNWUyNzkxMzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9AWkXbaIdpf9UqPta2xv0IRn5qQ
dbAwpZBuwaJp7OobRRAKM884qRK63QrFd0jdvbpznX7zpWMN0zXtfUs2fNvqOaLS
zTK6cJEGJpsT4ml1uF6ajeSkTqkoAbi9LmeY8WLaXxO2Kv5Bz8mULPiZZ/9zmz6N
9VAIrIi7RELyXyFGNJaT4B73vf76cIgPKDEzItBwznQQDpV4ogM+mZaL07THBX1H
kY/0SvYyv/+Aot1AkvU1YkjS0Nu7Dqq5khOkWbw4Uoak+3gjP3HzFbZVDyISsoQ9
k3kbTfwcWIPKw9n6VbMKNmXi/K1Lb763aGh976Y2h0u9GGjxc/Dr/YacfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtwIJEis5UFVW3UQ+nhMqXieROTMB8GA1UdIwQY
MBaAFO7MTPNyQc7RRnyRiqJ204iwqC7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3N4TTgzSkJ6dEZHZkpHS29uYlRpTENvTHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9jZjdkOTMtYTA3Ni00OWZmLTliYWYt
NWEzN2FmNDM5MDRjLzEvRzNBZ2tTS3psUVZWYmRSRDZlRXlwZUo1RTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9jZjdkOTMtYTA3Ni00OWZmLTliYWYtNWEzN2FmNDM5MDRj
LzEvN3N4TTgzSkJ6dEZHZkpHS29uYlRpTENvTHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXV0JMA0G
CSqGSIb3DQEBCwUAA4IBAQACIw2xLR2oNp07sdJgNuCJol+C2DiQGaXCu6U1WALD
M62CibR5d/+qsRq4jc7ozxCD50/Jyh8Do9DHbbRJI3HPU72bWK3HJNkXrB1aHf7v
dclXZ1n4wZiCR5KxjtugE8IQsNEXg2Q6wYPiC64B4sK1oYpVgrdY8PpFRZvpcEXB
Y+1Em/DgdDj/nSCAhOftKAnwBZkh0AZU79uAUUIg8HOfE4VUmEHX4B5/1VhFf4yX
/9fBUbv9112ZyfcFmC+uhgRtKDBxVxNb8GPVKbMIdtORChVRBJgU0s/au5rFvNnK
GfxyvNkIK8+ac7r8nHHcGZxxCE4bD5ku7/5j4Qac67E1
-----END CERTIFICATE-----