Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/G9TzS_JKF-xrHisLyJoTKAn4mdM.roa
File:                     G9TzS_JKF-xrHisLyJoTKAn4mdM.roa (raw, json)
Hash identifier:          MxwBJUCTUR/t3ggoItSIruyTquvVzIW04TVN5/t6tE4=
Subject key identifier:   1B:D4:F3:4B:F2:4A:17:EC:6B:1E:2B:0B:C8:9A:13:28:09:F8:99:D3
Certificate issuer:       /CN=ce958f181fb507a0a2a821856b8be0d54b118b85
Certificate serial:       01942745B9243AE44D01D6B85F457BD402BD
Authority key identifier: CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/G9TzS_JKF-xrHisLyJoTKAn4mdM.roa
Signing time:             Thu 02 Jan 2025 13:47:48 +0000
ROA not before:           Thu 02 Jan 2025 13:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6282
IP address blocks:        185.168.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:b9:24:3a:e4:4d:01:d6:b8:5f:45:7b:d4:02:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce958f181fb507a0a2a821856b8be0d54b118b85
        Validity
            Not Before: Jan  2 13:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bd4f34bf24a17ec6b1e2b0bc89a132809f899d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:97:f7:50:3b:67:9e:a3:7d:02:d3:ce:1d:7b:
                    04:df:44:fb:92:a8:7f:f4:b6:c8:1c:47:7c:07:f9:
                    fd:7a:d2:1f:d2:b8:fe:3e:3d:50:19:10:8d:91:47:
                    aa:9d:e8:f2:b5:1a:ce:d1:56:06:1d:75:a8:40:76:
                    a0:ae:f1:fe:a3:dc:77:70:32:93:6f:bd:b8:72:60:
                    1c:86:9d:29:59:ec:c3:ec:69:ab:77:db:d7:0b:86:
                    84:57:5a:71:1b:78:58:ba:bf:4c:d0:9d:57:00:d3:
                    47:d3:04:fd:e1:65:e5:00:ce:57:cd:97:7a:8c:c6:
                    a0:2c:57:4e:3b:9d:ea:5f:67:3f:85:27:60:85:d6:
                    6a:c4:16:e1:8e:33:fa:3d:d4:33:75:08:94:7c:a8:
                    20:5c:d5:b2:83:de:51:6b:f2:d3:9d:c7:70:ed:e8:
                    eb:e2:4d:90:cc:0c:e0:52:2a:a2:8f:5c:2b:b5:eb:
                    86:2a:97:e5:4a:5b:84:39:52:75:f2:c1:2e:e1:e9:
                    c2:4d:a4:3c:18:01:2c:79:c4:b1:db:f2:ae:84:12:
                    aa:25:fd:9a:b6:ad:e1:78:fa:5e:84:a9:4e:a5:b0:
                    a7:18:44:b4:50:cb:0c:52:e2:46:91:f7:91:b7:46:
                    54:b6:23:cd:7a:b7:ad:74:7a:43:fb:d2:da:c3:be:
                    0f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D4:F3:4B:F2:4A:17:EC:6B:1E:2B:0B:C8:9A:13:28:09:F8:99:D3
            X509v3 Authority Key Identifier:
                keyid:CE:95:8F:18:1F:B5:07:A0:A2:A8:21:85:6B:8B:E0:D5:4B:11:8B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zpWPGB-1B6CiqCGFa4vg1UsRi4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/G9TzS_JKF-xrHisLyJoTKAn4mdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/3d9bfa-cfd0-44a8-842e-0dbb3b8db15f/1/zpWPGB-1B6CiqCGFa4vg1UsRi4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:f2:d3:e7:d3:2b:f3:0a:2b:4e:cb:f5:4a:8c:44:31:e6:ea:
         77:f2:fb:6e:9b:64:84:fb:5b:0c:48:67:a0:46:69:41:47:bb:
         1d:30:b8:9f:68:7e:aa:39:d8:0e:1e:e8:4a:44:dd:8f:98:54:
         fe:a8:a8:ba:17:26:9e:69:be:22:20:6e:ac:f6:5d:9f:51:c7:
         aa:97:26:24:a2:b0:35:dc:a2:be:6c:4f:4d:9e:46:ef:15:7a:
         25:c5:8a:44:82:c5:1b:09:32:27:16:f6:f9:6b:c0:a9:08:3b:
         54:4d:09:f3:b2:99:02:8d:02:23:18:69:e1:d4:0c:90:33:c8:
         e0:3f:c8:f7:8a:29:ac:05:84:60:9d:73:ee:73:72:32:0e:97:
         8d:d2:13:25:cc:68:00:90:1f:80:83:ab:10:77:92:bb:12:94:
         34:57:51:b1:88:f7:58:f1:14:53:9b:08:51:69:35:d0:ae:08:
         73:64:e1:4e:d7:d1:a8:c6:f9:60:37:39:05:8b:b1:f1:12:16:
         b5:cf:f7:cf:a5:7b:d3:3d:bc:68:e3:c1:1b:b6:7a:fb:44:51:
         74:a9:1b:c3:a6:34:f9:4e:60:3f:66:a2:22:62:d5:94:3d:be:
         ee:3f:2f:5f:a8:69:95:95:39:45:8f:a7:04:9c:34:14:1f:3f:
         f3:1e:e9:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRbkkOuRNAda4X0V71AK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlOTU4ZjE4MWZiNTA3YTBhMmE4MjE4NTZiOGJlMGQ1NGIx
MThiODUwHhcNMjUwMTAyMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQ0ZjM0YmYyNGExN2VjNmIxZTJiMGJjODlhMTMyODA5Zjg5OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZf3UDtnnqN9AtPOHXsE30T7kqh/
9LbIHEd8B/n9etIf0rj+Pj1QGRCNkUeqnejytRrO0VYGHXWoQHagrvH+o9x3cDKT
b724cmAchp0pWezD7Gmrd9vXC4aEV1pxG3hYur9M0J1XANNH0wT94WXlAM5XzZd6
jMagLFdOO53qX2c/hSdghdZqxBbhjjP6PdQzdQiUfKggXNWyg95Ra/LTncdw7ejr
4k2QzAzgUiqij1wrteuGKpflSluEOVJ18sEu4enCTaQ8GAEsecSx2/KuhBKqJf2a
tq3hePpehKlOpbCnGES0UMsMUuJGkfeRt0ZUtiPNeretdHpD+9Law74P8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvU80vyShfsax4rC8iaEygJ+JnTMB8GA1UdIwQY
MBaAFM6VjxgftQegoqghhWuL4NVLEYuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUt
MGRiYjNiOGRiMTVmLzEvRzlUelNfSktGLXhySGlzTHlKb1RLQW40bWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8zZDliZmEtY2ZkMC00NGE4LTg0MmUtMGRiYjNiOGRiMTVm
LzEvenBXUEdCLTFCNkNpcUNHRmE0dmcxVXNSaTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaidMA0G
CSqGSIb3DQEBCwUAA4IBAQBH8tPn0yvzCitOy/VKjEQx5up38vtum2SE+1sMSGeg
RmlBR7sdMLifaH6qOdgOHuhKRN2PmFT+qKi6Fyaeab4iIG6s9l2fUceqlyYkorA1
3KK+bE9NnkbvFXolxYpEgsUbCTInFvb5a8CpCDtUTQnzspkCjQIjGGnh1AyQM8jg
P8j3iimsBYRgnXPuc3IyDpeN0hMlzGgAkB+Ag6sQd5K7EpQ0V1GxiPdY8RRTmwhR
aTXQrghzZOFO19GoxvlgNzkFi7HxEha1z/fPpXvTPbxo48Ebtnr7RFF0qRvDpjT5
TmA/ZqIiYtWUPb7uPy9fqGmVlTlFj6cEnDQUHz/zHumO
-----END CERTIFICATE-----