Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/1-W9cHcvV8JFePY5KxwQPK_z_50A.roa
File:                     1-W9cHcvV8JFePY5KxwQPK_z_50A.roa (raw, json)
Hash identifier:          xzstVORMzW16rlK4wqPMjVUo3Za+7869ev93irlGTgQ=
Subject key identifier:   F9:6F:5C:1D:CB:D5:F0:91:5E:3D:8E:4A:C7:04:0F:2B:FC:FF:E7:40
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C52388F477A464FA579273741F855
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/1-W9cHcvV8JFePY5KxwQPK_z_50A.roa
Signing time:             Thu 02 Jan 2025 09:50:20 +0000
ROA not before:           Thu 02 Jan 2025 09:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8382
IP address blocks:        195.46.126.0/24 maxlen: 24
                          213.228.120.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:52:38:8f:47:7a:46:4f:a5:79:27:37:41:f8:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f96f5c1dcbd5f0915e3d8e4ac7040f2bfcffe740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cc:b0:ad:cd:81:f7:ee:66:a2:f9:79:e3:71:
                    e6:b9:89:b8:d4:bb:c7:ad:1a:89:32:ae:d4:74:8b:
                    00:f3:56:2c:eb:6e:67:95:4f:24:96:0a:99:fc:37:
                    42:6f:6b:61:b3:59:7e:de:e1:86:72:54:89:c9:fb:
                    33:14:2f:52:ad:f8:52:2c:da:30:c1:e0:7f:33:e8:
                    54:00:67:c2:70:15:04:d7:f1:03:2f:b1:f1:d4:f4:
                    e7:39:f2:7c:30:4d:ea:ee:e7:74:a2:3b:ee:65:e6:
                    ad:d8:17:cd:fc:e3:87:94:8a:8d:b0:4f:04:9d:d4:
                    7b:7d:a9:96:33:1d:c2:8b:a0:64:91:9c:3b:f1:a2:
                    32:7f:79:c8:9f:94:9b:74:1c:77:94:9a:a6:87:34:
                    be:23:bb:d8:50:62:33:04:9d:73:ac:13:b1:71:5a:
                    3a:d6:80:20:43:82:f8:e1:8f:b2:81:69:da:d6:f1:
                    d1:3a:08:7d:b4:31:b6:f8:cc:f3:ed:ae:70:10:a4:
                    a6:89:95:98:86:26:e9:f7:c9:9d:24:95:70:09:f9:
                    4c:a7:cd:9a:6d:47:30:ee:12:4e:93:1e:b7:eb:ac:
                    20:75:52:23:97:52:64:91:57:99:45:14:fa:fd:4a:
                    ac:fc:05:2b:98:87:ab:e5:93:ee:21:97:64:b1:92:
                    0b:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6F:5C:1D:CB:D5:F0:91:5E:3D:8E:4A:C7:04:0F:2B:FC:FF:E7:40
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/1-W9cHcvV8JFePY5KxwQPK_z_50A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.46.126.0/24
                  213.228.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         54:3d:a9:9f:5b:28:30:17:4c:28:aa:1f:48:20:20:d5:78:b6:
         fc:e7:6d:6b:0f:62:5d:43:6f:24:7d:1c:cf:1d:b0:c5:cf:40:
         2a:19:0c:c1:d3:9d:ef:7d:65:ad:34:58:aa:b6:97:0f:dd:82:
         52:67:d6:9e:98:3e:be:ba:7c:15:38:fe:7b:01:b9:f4:31:99:
         60:b8:43:f4:5b:15:91:8c:a7:c4:da:90:eb:e9:60:1d:48:df:
         98:79:66:ba:02:21:65:d5:90:9f:0c:a4:82:d4:f0:dd:96:81:
         34:3e:c4:b8:49:72:ba:87:a9:c1:f2:9c:a7:68:85:a8:c0:72:
         55:3f:b7:5b:05:c8:9e:fb:6c:f5:2e:22:58:3a:89:bd:23:79:
         70:5e:04:29:75:d9:2a:8e:84:b2:dd:e1:67:5b:01:a2:ed:fd:
         4c:66:ff:09:80:b6:78:19:ce:09:8c:85:ae:26:7d:89:9c:90:
         d1:4c:f5:94:37:08:b5:07:c2:86:e7:cd:31:d5:f7:57:bd:75:
         f6:ce:b2:13:f2:47:24:d6:2d:28:f0:28:6d:2f:e9:99:17:7e:
         36:60:9e:82:03:50:00:be:54:1c:e1:a8:f6:c8:af:1f:94:fb:
         d1:bb:4f:5c:68:71:cd:78:a0:0f:ce:ad:f5:e7:9b:9b:61:1d:
         92:79:38:6a
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQmbFI4j0d6Rk+leSc3QfhVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZmNWMxZGNiZDVmMDkxNWUzZDhlNGFjNzA0MGYyYmZjZmZlNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMywrc2B9+5movl543HmuYm41LvH
rRqJMq7UdIsA81Ys625nlU8klgqZ/DdCb2ths1l+3uGGclSJyfszFC9SrfhSLNow
weB/M+hUAGfCcBUE1/EDL7Hx1PTnOfJ8ME3q7ud0ojvuZeat2BfN/OOHlIqNsE8E
ndR7famWMx3Ci6BkkZw78aIyf3nIn5SbdBx3lJqmhzS+I7vYUGIzBJ1zrBOxcVo6
1oAgQ4L44Y+ygWna1vHROgh9tDG2+Mzz7a5wEKSmiZWYhibp98mdJJVwCflMp82a
bUcw7hJOkx6366wgdVIjl1JkkVeZRRT6/Uqs/AUrmIer5ZPuIZdksZILOwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPlvXB3L1fCRXj2OSscEDyv8/+dAMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvMS1XOWNIY3ZWOEpGZVBZNUt4d1FQS196XzUwQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmQvOWExZDQ0LTg2MDktNGU1ZS1iYTk0LTVhODZjMjc1N2Mx
ZS8xL1h1VXh1YXdwa05hYWlsd3dJLWN1YllRZWJBay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAMMufgME
A9XkeDANBgkqhkiG9w0BAQsFAAOCAQEAVD2pn1soMBdMKKofSCAg1Xi2/Odtaw9i
XUNvJH0czx2wxc9AKhkMwdOd731lrTRYqraXD92CUmfWnpg+vrp8FTj+ewG59DGZ
YLhD9FsVkYynxNqQ6+lgHUjfmHlmugIhZdWQnwykgtTw3ZaBND7EuElyuoepwfKc
p2iFqMByVT+3WwXInvts9S4iWDqJvSN5cF4EKXXZKo6Est3hZ1sBou39TGb/CYC2
eBnOCYyFriZ9iZyQ0Uz1lDcItQfChufNMdX3V7119s6yE/JHJNYtKPAobS/pmRd+
NmCeggNQAL5UHOGo9sivH5T70btPXGhxzXigD86t9eebm2Edknk4ag==
-----END CERTIFICATE-----