Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/1-Vqync9hKf6VKIrN5RpK5cxJuZ4.roa
File:                     1-Vqync9hKf6VKIrN5RpK5cxJuZ4.roa (raw, json)
Hash identifier:          MtCth/AQ0N933cYX7VqkRS/iFY3KEw9X6YIsPg3Pp/U=
Subject key identifier:   F9:5A:B2:9D:CF:61:29:FE:95:28:8A:CD:E5:1A:4A:E5:CC:49:B9:9E
Certificate issuer:       /CN=9d36e91b62d3dc7c137a28aaa006ede9b9ea1fe4
Certificate serial:       019424B3B486179D69216ADDB096E1D1ED0D
Authority key identifier: 9D:36:E9:1B:62:D3:DC:7C:13:7A:28:AA:A0:06:ED:E9:B9:EA:1F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/1-Vqync9hKf6VKIrN5RpK5cxJuZ4.roa
Signing time:             Thu 02 Jan 2025 01:49:04 +0000
ROA not before:           Thu 02 Jan 2025 01:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12930
IP address blocks:        128.65.128.0/21 maxlen: 21
                          185.102.228.0/22 maxlen: 22
                          2a03:8a80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b4:86:17:9d:69:21:6a:dd:b0:96:e1:d1:ed:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d36e91b62d3dc7c137a28aaa006ede9b9ea1fe4
        Validity
            Not Before: Jan  2 01:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f95ab29dcf6129fe95288acde51a4ae5cc49b99e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:72:a1:1e:78:23:5e:6c:e2:b3:da:d5:ea:3a:
                    e2:71:30:ca:b5:fd:8c:10:91:ee:ab:0a:5e:3e:89:
                    f9:7c:96:33:cf:59:c6:98:a3:ff:ec:3f:13:72:67:
                    bc:f2:82:ee:5f:d8:ac:ef:16:4f:e0:92:58:d6:31:
                    b0:39:e8:6b:25:98:55:bc:dc:50:73:e9:11:60:c4:
                    08:f3:9b:c1:3f:c1:13:0b:1c:53:82:4c:15:57:d9:
                    f0:dd:44:0c:b6:41:1f:ea:b5:28:d6:34:19:9d:76:
                    d3:c3:2e:b6:43:e0:1b:20:ac:40:5e:df:a7:86:55:
                    cf:6a:2e:63:fb:e8:20:06:f7:ad:c0:ae:18:ad:d8:
                    28:8a:6c:c5:92:39:02:91:86:26:38:8d:b8:4f:32:
                    5a:8c:b0:bb:71:f0:ed:85:8d:96:92:e1:62:c9:b8:
                    90:07:4b:12:95:9f:65:c3:95:49:32:c4:36:70:61:
                    d5:ae:73:62:9f:0d:c6:8a:8f:f5:bc:79:20:7a:46:
                    0b:d0:54:a1:46:db:9b:aa:e5:5a:04:c2:be:7c:44:
                    91:ca:dc:6b:b6:14:d1:5a:20:c7:7d:30:cd:8f:b3:
                    b0:17:b1:03:6a:a7:47:48:d2:c5:dd:8e:51:1a:c9:
                    35:cb:f7:ec:1b:c9:ec:79:eb:03:ed:49:e7:01:46:
                    91:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:5A:B2:9D:CF:61:29:FE:95:28:8A:CD:E5:1A:4A:E5:CC:49:B9:9E
            X509v3 Authority Key Identifier:
                keyid:9D:36:E9:1B:62:D3:DC:7C:13:7A:28:AA:A0:06:ED:E9:B9:EA:1F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/1-Vqync9hKf6VKIrN5RpK5cxJuZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/c284cd-b2b7-4911-b20b-b2cea7690837/1/nTbpG2LT3HwTeiiqoAbt6bnqH-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.128.0/21
                  185.102.228.0/22
                IPv6:
                  2a03:8a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:fd:31:ad:4d:32:f4:a7:d9:3a:ad:79:21:c6:52:86:97:9c:
         ce:59:78:c9:0f:5f:53:ae:5f:9e:4b:98:03:58:6e:5a:95:45:
         b5:53:1c:48:3b:a6:e4:97:b1:35:3a:7b:3d:76:ae:e5:a3:0b:
         8b:f7:aa:23:4d:59:da:b7:df:df:35:c1:2c:38:73:b8:6a:1a:
         fa:66:82:0f:07:27:61:40:a6:1a:d9:bf:4a:83:2b:d1:d8:af:
         2c:df:cc:b4:12:ac:f8:6a:29:31:f5:c9:c7:e7:c0:af:e1:c3:
         e5:ba:a7:b4:b3:f1:0e:fd:90:f1:58:fa:71:16:d4:e2:48:82:
         c8:5f:d6:f6:67:fe:4e:54:13:30:ac:05:9a:07:96:28:31:96:
         8e:e4:29:21:1a:bc:45:c1:70:1a:f8:81:2a:47:06:34:c3:a6:
         97:b8:f6:36:1f:22:5a:a3:78:79:ff:a7:11:f5:72:e0:d8:90:
         0e:46:e8:3d:e8:61:ef:ea:ee:99:a1:63:91:ca:4a:5b:c2:85:
         0f:4d:ed:ab:1e:ae:4d:af:1d:f2:91:32:7f:7d:5e:ec:c5:9c:
         f4:a0:5b:74:16:46:c8:1c:78:f6:60:5a:77:37:b3:49:a1:c3:
         35:c1:86:30:76:a3:49:83:1a:19:dc:3f:7a:a7:9f:4a:23:af:
         6c:ff:63:55
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQks7SGF51pIWrdsJbh0e0NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMzZlOTFiNjJkM2RjN2MxMzdhMjhhYWEwMDZlZGU5Yjll
YTFmZTQwHhcNMjUwMTAyMDE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTVhYjI5ZGNmNjEyOWZlOTUyODhhY2RlNTFhNGFlNWNjNDliOTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HKhHngjXmzis9rV6jricTDKtf2M
EJHuqwpePon5fJYzz1nGmKP/7D8Tcme88oLuX9is7xZP4JJY1jGwOehrJZhVvNxQ
c+kRYMQI85vBP8ETCxxTgkwVV9nw3UQMtkEf6rUo1jQZnXbTwy62Q+AbIKxAXt+n
hlXPai5j++ggBvetwK4YrdgoimzFkjkCkYYmOI24TzJajLC7cfDthY2WkuFiybiQ
B0sSlZ9lw5VJMsQ2cGHVrnNinw3Gio/1vHkgekYL0FShRtubquVaBMK+fESRytxr
thTRWiDHfTDNj7OwF7EDaqdHSNLF3Y5RGsk1y/fsG8nseesD7UnnAUaRPwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPlasp3PYSn+lSiKzeUaSuXMSbmeMB8GA1UdIwQY
MBaAFJ026Rti09x8E3ooqqAG7em56h/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblRicEcyTFQzSHdUZWlpcW9BYnQ2Ym5xSC1RLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9jMjg0Y2QtYjJiNy00OTExLWIyMGIt
YjJjZWE3NjkwODM3LzEvMS1WcXluYzloS2Y2VktJck41UnBLNWN4SnVaNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjkvYzI4NGNkLWIyYjctNDkxMS1iMjBiLWIyY2VhNzY5MDgz
Ny8xL25UYnBHMkxUM0h3VGVpaXFvQWJ0NmJucUgtUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEA4BBgAME
Arlm5DANBAIAAjAHAwUAKgOKgDANBgkqhkiG9w0BAQsFAAOCAQEAgf0xrU0y9KfZ
Oq15IcZShpeczll4yQ9fU65fnkuYA1huWpVFtVMcSDum5JexNTp7PXau5aMLi/eq
I01Z2rff3zXBLDhzuGoa+maCDwcnYUCmGtm/SoMr0divLN/MtBKs+GopMfXJx+fA
r+HD5bqntLPxDv2Q8Vj6cRbU4kiCyF/W9mf+TlQTMKwFmgeWKDGWjuQpIRq8RcFw
GviBKkcGNMOml7j2Nh8iWqN4ef+nEfVy4NiQDkboPehh7+rumaFjkcpKW8KFD03t
qx6uTa8d8pEyf31e7MWc9KBbdBZGyBx49mBadzezSaHDNcGGMHajSYMaGdw/eqef
SiOvbP9jVQ==
-----END CERTIFICATE-----