Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/kD9wFsIkyemJmyZR5NsOicAOk6Q.roa
File:                     kD9wFsIkyemJmyZR5NsOicAOk6Q.roa (raw, json)
Hash identifier:          5lwx2dujcX+QPN65pRSgkqXQZ6JloT7CVxLAGTDZ7oM=
Subject key identifier:   90:3F:70:16:C2:24:C9:E9:89:9B:26:51:E4:DB:0E:89:C0:0E:93:A4
Certificate issuer:       /CN=ab06c8f2247d22041c82e555667881e50f9154ab
Certificate serial:       0194266A1399D899A21533C0B2D22C7728DE
Authority key identifier: AB:06:C8:F2:24:7D:22:04:1C:82:E5:55:66:78:81:E5:0F:91:54:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/kD9wFsIkyemJmyZR5NsOicAOk6Q.roa
Signing time:             Thu 02 Jan 2025 09:47:53 +0000
ROA not before:           Thu 02 Jan 2025 09:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205112
IP address blocks:        185.138.54.0/24 maxlen: 24
                          2a07:a40:c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:13:99:d8:99:a2:15:33:c0:b2:d2:2c:77:28:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab06c8f2247d22041c82e555667881e50f9154ab
        Validity
            Not Before: Jan  2 09:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=903f7016c224c9e9899b2651e4db0e89c00e93a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:39:28:99:a9:7a:71:c1:26:c3:6f:85:6e:e3:
                    46:48:59:4a:42:22:a0:cd:98:d3:87:84:d4:fb:33:
                    91:d4:ce:b9:0f:18:9e:f5:de:db:10:94:2b:65:3a:
                    e3:48:c4:fd:e6:21:37:18:c3:31:26:05:5d:bf:dd:
                    32:3b:89:12:41:fd:03:9f:27:03:df:86:c6:dc:e3:
                    a8:57:38:c1:e6:f6:45:a1:60:89:63:13:7b:b5:70:
                    c5:ac:01:6e:ad:ec:ab:d3:5a:c0:b1:26:de:81:96:
                    04:f9:f6:3b:64:c6:a8:c4:ca:7d:55:3a:59:05:2f:
                    b0:d1:13:59:6c:c7:2b:51:9a:25:dd:b6:ec:4e:be:
                    74:e3:93:e5:a5:8a:1a:ab:cf:e5:6e:23:9d:67:07:
                    0e:d0:0d:da:04:0e:95:df:e1:20:91:7a:0f:41:a4:
                    5b:7c:0f:2d:53:28:b7:bf:21:a5:61:c0:a7:de:b4:
                    1e:52:7e:32:c9:06:0f:3a:36:f5:e5:4a:0b:69:10:
                    9d:ff:d8:9d:c9:62:1b:ff:80:3b:9b:bd:59:f2:28:
                    0c:59:4d:52:92:5c:a8:e4:69:14:55:57:54:2b:53:
                    18:8f:06:18:05:24:71:55:d9:c6:d4:e5:b0:65:06:
                    14:4d:50:73:68:e3:e9:b2:bc:07:2b:b0:08:46:4d:
                    e9:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3F:70:16:C2:24:C9:E9:89:9B:26:51:E4:DB:0E:89:C0:0E:93:A4
            X509v3 Authority Key Identifier:
                keyid:AB:06:C8:F2:24:7D:22:04:1C:82:E5:55:66:78:81:E5:0F:91:54:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwbI8iR9IgQcguVVZniB5Q-RVKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/kD9wFsIkyemJmyZR5NsOicAOk6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a94dea-2ffc-408d-aa9d-1ae36a4469fd/1/qwbI8iR9IgQcguVVZniB5Q-RVKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.54.0/24
                IPv6:
                  2a07:a40:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:aa:61:95:04:6d:6e:d6:7c:c3:2e:2e:e9:dc:cf:d7:bd:f4:
         a4:ad:03:02:19:21:0c:3b:65:f4:d5:a6:57:1e:f4:03:73:e8:
         80:8a:31:c7:d9:df:f7:fd:aa:1e:76:cf:2e:14:25:56:ef:38:
         c9:5c:35:c1:51:d9:19:82:30:b0:14:25:4a:40:1c:9c:f5:c2:
         85:b4:28:41:56:d2:a0:de:5a:d1:51:67:33:70:ed:3c:44:b4:
         1a:cc:2d:5d:d8:c8:b6:41:fd:6d:bd:24:99:e2:5e:67:8f:03:
         b7:a4:28:72:80:82:c7:99:81:1c:7b:eb:de:82:28:82:99:c2:
         5a:f9:45:ec:01:e8:ca:52:df:7d:29:4a:c5:f8:ec:59:26:be:
         85:e2:c1:5c:5b:a6:77:76:84:f3:4c:e3:5f:39:24:1b:e7:d3:
         f6:5c:92:b1:c1:38:10:ab:67:e2:bb:4b:90:49:3d:3c:27:d0:
         68:f8:04:c5:de:c1:e9:b2:3f:ed:03:cf:36:cf:08:e7:77:f7:
         ee:cb:eb:58:02:59:fa:f3:a1:f0:b0:20:a8:38:23:80:6d:e2:
         b9:bb:82:d3:3e:ac:63:d3:4c:a8:0a:1d:ed:16:a1:57:45:50:
         a4:3c:06:d0:57:b7:97:44:37:f2:dc:a4:b2:47:8d:bc:de:4a:
         88:79:4c:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmahOZ2JmiFTPAstIsdyjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDZjOGYyMjQ3ZDIyMDQxYzgyZTU1NTY2Nzg4MWU1MGY5
MTU0YWIwHhcNMjUwMTAyMDk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDNmNzAxNmMyMjRjOWU5ODk5YjI2NTFlNGRiMGU4OWMwMGU5M2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTkomal6ccEmw2+FbuNGSFlKQiKg
zZjTh4TU+zOR1M65Dxie9d7bEJQrZTrjSMT95iE3GMMxJgVdv90yO4kSQf0DnycD
34bG3OOoVzjB5vZFoWCJYxN7tXDFrAFureyr01rAsSbegZYE+fY7ZMaoxMp9VTpZ
BS+w0RNZbMcrUZol3bbsTr5045PlpYoaq8/lbiOdZwcO0A3aBA6V3+EgkXoPQaRb
fA8tUyi3vyGlYcCn3rQeUn4yyQYPOjb15UoLaRCd/9idyWIb/4A7m71Z8igMWU1S
klyo5GkUVVdUK1MYjwYYBSRxVdnG1OWwZQYUTVBzaOPpsrwHK7AIRk3ptQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJA/cBbCJMnpiZsmUeTbDonADpOkMB8GA1UdIwQY
MBaAFKsGyPIkfSIEHILlVWZ4geUPkVSrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdiSThpUjlJZ1FjZ3VWVlpuaUI1US1SVktzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hOTRkZWEtMmZmYy00MDhkLWFhOWQt
MWFlMzZhNDQ2OWZkLzEva0Q5d0ZzSWt5ZW1KbXlaUjVOc09pY0FPazZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hOTRkZWEtMmZmYy00MDhkLWFhOWQtMWFlMzZhNDQ2OWZk
LzEvcXdiSThpUjlJZ1FjZ3VWVlpuaUI1US1SVktzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYo2MA8E
AgACMAkDBwAqBwpAAAwwDQYJKoZIhvcNAQELBQADggEBAF6qYZUEbW7WfMMuLunc
z9e99KStAwIZIQw7ZfTVplce9ANz6ICKMcfZ3/f9qh52zy4UJVbvOMlcNcFR2RmC
MLAUJUpAHJz1woW0KEFW0qDeWtFRZzNw7TxEtBrMLV3YyLZB/W29JJniXmePA7ek
KHKAgseZgRx7696CKIKZwlr5RewB6MpS330pSsX47FkmvoXiwVxbpnd2hPNM4185
JBvn0/ZckrHBOBCrZ+K7S5BJPTwn0Gj4BMXewemyP+0DzzbPCOd39+7L61gCWfrz
ofCwIKg4I4Bt4rm7gtM+rGPTTKgKHe0WoVdFUKQ8BtBXt5dEN/LcpLJHjbzeSoh5
TKA=
-----END CERTIFICATE-----