Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/22885a-42c8-47e2-90ad-16e8fe3c506f/1/9Aeacxzy-u4aevKcCQ9nXd_FU7Q.roa
File:                     9Aeacxzy-u4aevKcCQ9nXd_FU7Q.roa (raw, json)
Hash identifier:          vKC+rREuRemLdV33ThPXHvcW71bg+LHpzDOvqZUoqy4=
Subject key identifier:   F4:07:9A:73:1C:F2:FA:EE:1A:7A:F2:9C:09:0F:67:5D:DF:C5:53:B4
Certificate issuer:       /CN=cb997cd14f3a6bc344a2c938ee0fdeb54d221240
Certificate serial:       019424B27711B04B132BBA57EF2A8D21A934
Authority key identifier: CB:99:7C:D1:4F:3A:6B:C3:44:A2:C9:38:EE:0F:DE:B5:4D:22:12:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y5l80U86a8NEosk47g_etU0iEkA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/22885a-42c8-47e2-90ad-16e8fe3c506f/1/9Aeacxzy-u4aevKcCQ9nXd_FU7Q.roa
Signing time:             Thu 02 Jan 2025 01:47:43 +0000
ROA not before:           Thu 02 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34877
IP address blocks:        194.169.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/22885a-42c8-47e2-90ad-16e8fe3c506f/1/y5l80U86a8NEosk47g_etU0iEkA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/22885a-42c8-47e2-90ad-16e8fe3c506f/1/y5l80U86a8NEosk47g_etU0iEkA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y5l80U86a8NEosk47g_etU0iEkA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:77:11:b0:4b:13:2b:ba:57:ef:2a:8d:21:a9:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb997cd14f3a6bc344a2c938ee0fdeb54d221240
        Validity
            Not Before: Jan  2 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4079a731cf2faee1a7af29c090f675ddfc553b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:28:c5:13:91:1d:f0:a0:b5:e6:94:0c:06:e6:
                    74:53:1e:6b:ba:0f:27:c0:4b:b4:c7:e9:0f:c4:db:
                    dc:a0:1c:10:c6:58:00:02:ba:f3:db:25:02:13:64:
                    a6:58:37:da:5e:06:fe:8b:e7:3e:9a:35:35:67:23:
                    30:e4:68:1d:a0:b9:d3:b5:a4:53:6d:dc:d3:20:90:
                    01:25:ab:c8:4e:e5:5d:f2:31:11:ca:d8:02:43:d2:
                    62:88:0a:e6:58:e2:fa:f5:d2:0c:5e:61:0a:8f:33:
                    58:c1:36:0c:a8:81:6a:a5:ed:ff:4d:a1:3e:1b:96:
                    dd:61:f4:78:38:e7:f8:d6:83:6e:20:0c:07:f0:a4:
                    06:e0:1d:8d:58:b2:aa:13:b1:3d:d6:d8:93:4c:6e:
                    dd:7d:f3:0f:77:18:b7:11:6f:0a:cc:57:92:47:d4:
                    c8:0a:13:62:14:c0:78:a5:a2:24:aa:85:2e:62:34:
                    9d:9a:fc:91:d5:0a:84:d2:9a:ca:eb:f5:c4:d9:ac:
                    29:04:68:e1:23:5f:49:db:8d:ac:4d:f7:99:e5:c6:
                    97:ef:ae:ee:51:b1:0a:cc:af:4e:30:3a:35:ec:98:
                    4f:ce:df:48:67:84:84:f3:4c:53:66:b6:58:49:c7:
                    3b:74:5d:ab:f6:94:9e:8e:d3:50:50:85:06:db:de:
                    7e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:07:9A:73:1C:F2:FA:EE:1A:7A:F2:9C:09:0F:67:5D:DF:C5:53:B4
            X509v3 Authority Key Identifier:
                keyid:CB:99:7C:D1:4F:3A:6B:C3:44:A2:C9:38:EE:0F:DE:B5:4D:22:12:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y5l80U86a8NEosk47g_etU0iEkA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/22885a-42c8-47e2-90ad-16e8fe3c506f/1/9Aeacxzy-u4aevKcCQ9nXd_FU7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/22885a-42c8-47e2-90ad-16e8fe3c506f/1/y5l80U86a8NEosk47g_etU0iEkA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:7b:e8:7a:d0:82:99:07:c7:84:b5:88:35:d8:0a:4d:b6:47:
         a8:f4:48:53:f3:be:d3:96:31:35:0c:24:1f:77:86:31:ac:f1:
         a6:39:c7:a2:9c:fb:8b:ac:34:34:c2:9f:ab:8f:a6:14:ec:de:
         b7:01:d7:95:99:78:01:80:e9:65:6f:b4:c6:31:ae:52:be:a9:
         aa:1c:39:28:c5:6b:c7:3a:21:8b:e3:1c:29:09:d3:39:a8:f7:
         6a:97:8c:9a:86:89:01:4f:91:60:84:4b:e3:6c:66:51:2f:84:
         14:fa:2c:52:72:f2:3a:c2:f7:46:2e:c8:1d:29:96:36:71:fa:
         3e:8e:ad:92:ca:df:5d:be:e8:31:bb:af:ed:05:a1:df:22:eb:
         cf:4a:73:1a:19:52:73:67:00:2a:f4:fc:20:86:55:82:e6:2a:
         c0:be:1a:c3:f7:71:ed:c8:88:60:a0:a0:cf:60:3c:6f:1a:63:
         8c:1f:e4:84:f9:2c:8c:10:04:cf:56:ef:81:09:b5:f9:91:1c:
         5b:e0:d3:70:4c:ee:72:c5:73:4d:ef:c4:4a:59:6f:84:55:74:
         5c:76:5a:64:ac:15:f5:ed:e6:a7:5d:14:49:b0:69:9e:bb:b5:
         de:e4:88:1a:04:d0:88:52:8e:7b:26:39:3f:bc:0e:8a:d3:c1:
         d8:37:23:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksncRsEsTK7pX7yqNIak0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiOTk3Y2QxNGYzYTZiYzM0NGEyYzkzOGVlMGZkZWI1NGQy
MjEyNDAwHhcNMjUwMTAyMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDA3OWE3MzFjZjJmYWVlMWE3YWYyOWMwOTBmNjc1ZGRmYzU1M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwijFE5Ed8KC15pQMBuZ0Ux5rug8n
wEu0x+kPxNvcoBwQxlgAArrz2yUCE2SmWDfaXgb+i+c+mjU1ZyMw5GgdoLnTtaRT
bdzTIJABJavITuVd8jERytgCQ9JiiArmWOL69dIMXmEKjzNYwTYMqIFqpe3/TaE+
G5bdYfR4OOf41oNuIAwH8KQG4B2NWLKqE7E91tiTTG7dffMPdxi3EW8KzFeSR9TI
ChNiFMB4paIkqoUuYjSdmvyR1QqE0prK6/XE2awpBGjhI19J242sTfeZ5caX767u
UbEKzK9OMDo17JhPzt9IZ4SE80xTZrZYScc7dF2r9pSejtNQUIUG295+CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQHmnMc8vruGnrynAkPZ13fxVO0MB8GA1UdIwQY
MBaAFMuZfNFPOmvDRKLJOO4P3rVNIhJAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTVsODBVODZhOE5Fb3NrNDdnX2V0VTBpRWtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8yMjg4NWEtNDJjOC00N2UyLTkwYWQt
MTZlOGZlM2M1MDZmLzEvOUFlYWN4enktdTRhZXZLY0NROW5YZF9GVTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8yMjg4NWEtNDJjOC00N2UyLTkwYWQtMTZlOGZlM2M1MDZm
LzEveTVsODBVODZhOE5Fb3NrNDdnX2V0VTBpRWtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnSMA0G
CSqGSIb3DQEBCwUAA4IBAQCBe+h60IKZB8eEtYg12ApNtkeo9EhT877TljE1DCQf
d4YxrPGmOceinPuLrDQ0wp+rj6YU7N63AdeVmXgBgOllb7TGMa5SvqmqHDkoxWvH
OiGL4xwpCdM5qPdql4yahokBT5FghEvjbGZRL4QU+ixScvI6wvdGLsgdKZY2cfo+
jq2Syt9dvugxu6/tBaHfIuvPSnMaGVJzZwAq9PwghlWC5irAvhrD93HtyIhgoKDP
YDxvGmOMH+SE+SyMEATPVu+BCbX5kRxb4NNwTO5yxXNN78RKWW+EVXRcdlpkrBX1
7eanXRRJsGmeu7Xe5IgaBNCIUo57Jjk/vA6K08HYNyOr
-----END CERTIFICATE-----