Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/sJt9u9UsBddUUUsQ_-BORY7GHTY.roa
File:                     sJt9u9UsBddUUUsQ_-BORY7GHTY.roa (raw, json)
Hash identifier:          FTKLG7B4Wmn+mJn4Y/9akPBbCZreC+K9o5hZdWyvz7M=
Subject key identifier:   B0:9B:7D:BB:D5:2C:05:D7:54:51:4B:10:FF:E0:4E:45:8E:C6:1D:36
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       0194266C659DE4A6DCF990442483141A6398
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/sJt9u9UsBddUUUsQ_-BORY7GHTY.roa
Signing time:             Thu 02 Jan 2025 09:50:25 +0000
ROA not before:           Thu 02 Jan 2025 09:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24762
IP address blocks:        87.117.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:65:9d:e4:a6:dc:f9:90:44:24:83:14:1a:63:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 09:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b09b7dbbd52c05d754514b10ffe04e458ec61d36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:05:e3:c3:86:81:39:89:e9:48:b5:f5:20:e9:
                    56:35:9a:f3:24:a2:d6:44:5c:57:43:bd:e5:74:90:
                    f2:a5:4c:90:cd:66:0d:b4:52:90:b3:4c:80:e2:89:
                    bd:95:22:66:fb:c3:d3:10:04:94:1f:3e:50:28:7a:
                    5e:4c:fd:43:24:bf:e5:ac:3c:b2:d3:88:64:cc:fd:
                    47:c2:78:05:41:c5:93:42:14:20:84:c2:36:95:49:
                    14:78:76:ac:8c:e7:d9:3d:bd:0c:05:bb:76:72:de:
                    e2:28:1d:e4:90:f9:00:60:0d:bb:6a:65:63:75:62:
                    b2:47:1c:e3:82:e9:5e:7f:08:0b:ab:d5:32:65:35:
                    c7:c8:b3:d0:45:b4:f1:89:ca:89:b4:9f:28:a7:31:
                    42:58:6f:b1:11:98:6d:8c:15:05:df:8c:0c:e0:3e:
                    3b:a0:84:d7:14:6c:81:d0:39:c6:87:d2:70:98:1b:
                    f0:40:4e:92:51:93:95:81:92:d8:b6:6e:9b:fe:a0:
                    dd:ff:8d:28:ab:e6:14:f0:f8:81:d0:31:be:7f:eb:
                    dd:cd:c6:7d:d5:b0:ed:c7:14:53:c0:e2:3f:2d:a8:
                    1b:14:c3:c6:30:41:d6:9b:9f:fd:34:fb:34:65:e3:
                    64:03:7a:87:15:64:0a:cc:c6:c3:9e:59:5d:c4:dc:
                    a5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:9B:7D:BB:D5:2C:05:D7:54:51:4B:10:FF:E0:4E:45:8E:C6:1D:36
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/sJt9u9UsBddUUUsQ_-BORY7GHTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.117.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:16:b4:af:0a:44:63:dd:2d:65:84:84:01:53:a2:dc:f6:12:
         4a:05:11:73:b4:3f:1e:31:38:d3:97:43:5b:b0:79:80:20:4d:
         4d:40:f4:74:71:8c:e1:02:22:5e:1f:dd:91:de:c5:dc:4b:99:
         3d:f2:89:f6:e5:5b:1d:3b:d6:5d:a8:e4:5b:16:12:4e:9c:b1:
         5b:b1:00:b8:50:63:dd:30:5f:4e:12:24:73:35:1d:89:e9:7f:
         7a:eb:4a:00:1b:ca:35:18:c6:9d:b3:b3:64:eb:b6:29:6e:97:
         d1:a2:f6:0f:1e:dc:44:b0:29:27:c0:ba:94:89:0c:59:1f:65:
         e7:2f:94:a6:99:42:c0:3a:da:8b:d5:ff:b1:51:83:31:36:a8:
         4b:0c:00:53:b8:5b:95:50:0c:74:00:97:e9:67:4d:9f:75:ca:
         18:5e:c2:b7:e9:16:cc:79:df:52:1d:94:6b:14:02:c4:65:07:
         92:b0:55:55:2d:5a:4c:67:1c:a8:ab:3c:b2:02:cd:ba:06:74:
         59:0a:74:02:0f:15:4b:da:71:3d:fc:8f:d3:f8:f2:f0:b0:29:
         0e:ee:ed:41:59:40:1c:17:2c:cd:26:4a:ea:0a:53:b0:ba:dd:
         34:d8:fa:ea:7a:7a:2f:a6:05:47:ff:3d:ec:ed:40:50:66:a9:
         a0:8e:9d:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbGWd5Kbc+ZBEJIMUGmOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjUwMTAyMDk1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDliN2RiYmQ1MmMwNWQ3NTQ1MTRiMTBmZmUwNGU0NThlYzYxZDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAXjw4aBOYnpSLX1IOlWNZrzJKLW
RFxXQ73ldJDypUyQzWYNtFKQs0yA4om9lSJm+8PTEASUHz5QKHpeTP1DJL/lrDyy
04hkzP1HwngFQcWTQhQghMI2lUkUeHasjOfZPb0MBbt2ct7iKB3kkPkAYA27amVj
dWKyRxzjgulefwgLq9UyZTXHyLPQRbTxicqJtJ8opzFCWG+xEZhtjBUF34wM4D47
oITXFGyB0DnGh9JwmBvwQE6SUZOVgZLYtm6b/qDd/40oq+YU8PiB0DG+f+vdzcZ9
1bDtxxRTwOI/LagbFMPGMEHWm5/9NPs0ZeNkA3qHFWQKzMbDnlldxNylQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCbfbvVLAXXVFFLEP/gTkWOxh02MB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvc0p0OXU5VXNCZGRVVVVzUV8tQk9SWTdHSFRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV3WEMA0G
CSqGSIb3DQEBCwUAA4IBAQBzFrSvCkRj3S1lhIQBU6Lc9hJKBRFztD8eMTjTl0Nb
sHmAIE1NQPR0cYzhAiJeH92R3sXcS5k98on25VsdO9ZdqORbFhJOnLFbsQC4UGPd
MF9OEiRzNR2J6X9660oAG8o1GMads7Nk67YpbpfRovYPHtxEsCknwLqUiQxZH2Xn
L5SmmULAOtqL1f+xUYMxNqhLDABTuFuVUAx0AJfpZ02fdcoYXsK36RbMed9SHZRr
FALEZQeSsFVVLVpMZxyoqzyyAs26BnRZCnQCDxVL2nE9/I/T+PLwsCkO7u1BWUAc
FyzNJkrqClOwut002PrqenovpgVH/z3s7UBQZqmgjp0X
-----END CERTIFICATE-----