Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/qnmXcL8dUJj7rdFkLv5IIJUwDDY.roa
File:                     qnmXcL8dUJj7rdFkLv5IIJUwDDY.roa (raw, json)
Hash identifier:          SbXai8opNHzQzJTVhIMV1eYK9jsCmNmT7MYPyjYeprw=
Subject key identifier:   AA:79:97:70:BF:1D:50:98:FB:AD:D1:64:2E:FE:48:20:95:30:0C:36
Certificate issuer:       /CN=c9b59f41779e6f2435f59f1a171c080a5a7a44d2
Certificate serial:       01942521DDA67508C198DC2BD67009F0FB04
Authority key identifier: C9:B5:9F:41:77:9E:6F:24:35:F5:9F:1A:17:1C:08:0A:5A:7A:44:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/qnmXcL8dUJj7rdFkLv5IIJUwDDY.roa
Signing time:             Thu 02 Jan 2025 03:49:23 +0000
ROA not before:           Thu 02 Jan 2025 03:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210190
IP address blocks:        194.36.44.0/24 maxlen: 24
                          2a0d:8240::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 18:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:dd:a6:75:08:c1:98:dc:2b:d6:70:09:f0:fb:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9b59f41779e6f2435f59f1a171c080a5a7a44d2
        Validity
            Not Before: Jan  2 03:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa799770bf1d5098fbadd1642efe482095300c36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:74:47:5c:1b:04:5d:1a:9a:1e:a7:ed:ff:5e:
                    75:ad:67:84:cc:47:b5:9c:55:48:fa:a6:50:ad:50:
                    b7:d6:5f:f4:15:66:b5:d3:dd:4c:f0:f1:e7:ad:b4:
                    1b:85:38:72:3a:8d:b5:f5:dd:f6:b2:00:95:7b:a5:
                    86:31:7f:4e:65:01:2f:43:01:d1:30:35:c8:0a:a0:
                    43:70:c7:0c:86:80:ba:37:b2:da:94:79:fd:76:3d:
                    c0:d7:d4:ad:46:35:e6:f7:ef:d4:05:4b:98:06:6e:
                    0f:24:a9:a1:4b:7c:a8:19:d3:a6:f8:50:a2:b8:1b:
                    bd:62:2d:6e:5b:c0:27:42:3d:27:74:7b:10:cb:4f:
                    87:eb:95:32:5f:84:4d:e5:0d:85:5e:c5:ae:7e:07:
                    db:0f:cc:8c:66:e4:e2:27:a1:24:86:1d:bb:4b:28:
                    b9:0f:9b:39:9b:93:fa:d6:ec:75:ff:64:26:5b:fd:
                    cd:1f:c8:0e:c5:5a:4e:e6:89:ff:2d:79:35:79:be:
                    4d:32:1e:d4:79:14:8f:55:62:b5:c3:33:2e:f6:ec:
                    73:1d:18:c6:f6:08:86:25:7e:8c:18:b4:d2:3d:d9:
                    b2:e2:1b:93:94:f1:48:a3:b5:fd:79:57:5b:24:43:
                    f1:8b:cb:8c:b5:f5:80:68:7d:86:fb:7b:50:56:14:
                    9e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:79:97:70:BF:1D:50:98:FB:AD:D1:64:2E:FE:48:20:95:30:0C:36
            X509v3 Authority Key Identifier:
                keyid:C9:B5:9F:41:77:9E:6F:24:35:F5:9F:1A:17:1C:08:0A:5A:7A:44:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ybWfQXeebyQ19Z8aFxwIClp6RNI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/qnmXcL8dUJj7rdFkLv5IIJUwDDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/027c8b-4009-4da6-ae97-72367cbb19ef/1/ybWfQXeebyQ19Z8aFxwIClp6RNI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.44.0/24
                IPv6:
                  2a0d:8240::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:e2:9e:f8:7e:cb:fc:25:7f:bd:6b:41:99:c0:ba:1b:6b:ae:
         30:82:86:31:7b:af:ca:eb:c4:50:d5:e0:eb:cf:13:7e:b0:f9:
         35:9f:60:15:d5:fd:d0:58:a6:3e:03:8b:e1:b4:8e:dc:2f:36:
         ff:29:6c:3d:bf:c2:10:31:34:c9:cc:80:c2:1f:78:05:9e:9b:
         9d:17:3c:25:9e:cb:e3:61:c6:a1:d5:52:e1:a7:40:aa:ca:c0:
         f9:15:6c:7d:22:66:49:ac:5b:db:0b:44:d5:60:4b:3c:80:a5:
         77:b3:aa:07:6f:0d:99:0b:22:3e:7b:c1:23:f0:7b:a6:f3:da:
         a5:bf:47:df:36:1b:00:32:31:8a:8b:4a:fc:d3:f0:5e:2e:67:
         7d:24:a6:b9:33:58:ea:07:45:3e:1c:25:b9:e5:0d:59:2d:cd:
         9b:f9:cd:d6:49:d0:c9:61:20:2f:a9:62:95:04:fd:f5:90:70:
         69:95:90:16:e9:3f:d9:d4:45:dd:62:77:5d:4a:54:c8:33:4f:
         51:51:e8:76:bc:d8:52:f6:fb:14:59:f3:e4:c8:ec:9c:26:f5:
         33:da:f9:b8:0d:9f:c1:84:15:b7:3c:50:60:9b:43:39:39:a2:
         fb:b2:17:26:ed:82:20:46:c9:df:66:7d:da:f1:bd:05:4f:50:
         6a:46:18:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlId2mdQjBmNwr1nAJ8PsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YjU5ZjQxNzc5ZTZmMjQzNWY1OWYxYTE3MWMwODBhNWE3
YTQ0ZDIwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTc5OTc3MGJmMWQ1MDk4ZmJhZGQxNjQyZWZlNDgyMDk1MzAwYzM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunRHXBsEXRqaHqft/151rWeEzEe1
nFVI+qZQrVC31l/0FWa1091M8PHnrbQbhThyOo219d32sgCVe6WGMX9OZQEvQwHR
MDXICqBDcMcMhoC6N7LalHn9dj3A19StRjXm9+/UBUuYBm4PJKmhS3yoGdOm+FCi
uBu9Yi1uW8AnQj0ndHsQy0+H65UyX4RN5Q2FXsWufgfbD8yMZuTiJ6Ekhh27Syi5
D5s5m5P61ux1/2QmW/3NH8gOxVpO5on/LXk1eb5NMh7UeRSPVWK1wzMu9uxzHRjG
9giGJX6MGLTSPdmy4huTlPFIo7X9eVdbJEPxi8uMtfWAaH2G+3tQVhSeowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKp5l3C/HVCY+63RZC7+SCCVMAw2MB8GA1UdIwQY
MBaAFMm1n0F3nm8kNfWfGhccCApaekTSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWJXZlFYZWVieVExOVo4YUZ4d0lDbHA2Uk5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wMjdjOGItNDAwOS00ZGE2LWFlOTct
NzIzNjdjYmIxOWVmLzEvcW5tWGNMOGRVSmo3cmRGa0x2NUlJSlV3RERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wMjdjOGItNDAwOS00ZGE2LWFlOTctNzIzNjdjYmIxOWVm
LzEveWJXZlFYZWVieVExOVo4YUZ4d0lDbHA2Uk5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwiQsMA0E
AgACMAcDBQMqDYJAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ4p74fsv8JX+9a0GZwLob
a64wgoYxe6/K68RQ1eDrzxN+sPk1n2AV1f3QWKY+A4vhtI7cLzb/KWw9v8IQMTTJ
zIDCH3gFnpudFzwlnsvjYcah1VLhp0CqysD5FWx9ImZJrFvbC0TVYEs8gKV3s6oH
bw2ZCyI+e8Ej8Hum89qlv0ffNhsAMjGKi0r80/BeLmd9JKa5M1jqB0U+HCW55Q1Z
Lc2b+c3WSdDJYSAvqWKVBP31kHBplZAW6T/Z1EXdYnddSlTIM09RUeh2vNhS9vsU
WfPkyOycJvUz2vm4DZ/BhBW3PFBgm0M5OaL7shcm7YIgRsnfZn3a8b0FT1BqRhgv
-----END CERTIFICATE-----