Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/9_F1V2cr-2qmu0BHm3AVSU-qPxM.roa
File:                     9_F1V2cr-2qmu0BHm3AVSU-qPxM.roa (raw, json)
Hash identifier:          GRV3fAC1E+nhKcHh6o0uVmcQSg4jOW4KJF2Imhd7LJ0=
Subject key identifier:   F7:F1:75:57:67:2B:FB:6A:A6:BB:40:47:9B:70:15:49:4F:AA:3F:13
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       019623A2C4A9B78D1C878B47B91B46A5F92B
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/9_F1V2cr-2qmu0BHm3AVSU-qPxM.roa
Signing time:             Fri 11 Apr 2025 06:56:31 +0000
ROA not before:           Fri 11 Apr 2025 06:56:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        193.37.196.0/24 maxlen: 24
                          194.41.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:23:a2:c4:a9:b7:8d:1c:87:8b:47:b9:1b:46:a5:f9:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Apr 11 06:56:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7f17557672bfb6aa6bb40479b7015494faa3f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:25:21:7e:2c:1a:5d:b1:02:19:60:63:6c:8c:
                    9e:94:b4:4d:cb:cb:80:fe:53:77:e1:b2:ec:94:a2:
                    73:06:76:8f:88:68:3e:97:17:9b:af:58:d5:16:38:
                    0e:bc:60:a3:f7:99:a6:99:17:4c:be:06:a4:ce:0e:
                    4d:40:a8:dd:0e:dd:53:6d:8c:c7:24:91:3c:60:3c:
                    31:d6:95:43:87:94:68:fd:89:d1:34:63:43:42:34:
                    3a:c3:db:45:4a:38:00:56:d0:ba:fb:26:97:51:ff:
                    a4:09:70:c5:c7:95:11:20:c8:4f:84:ad:bb:96:22:
                    8c:6e:57:5a:d3:51:47:1f:7f:b1:74:2b:48:ae:d1:
                    54:ce:a2:02:40:8b:75:a4:b0:b1:8d:88:00:a2:c2:
                    e1:34:80:61:ea:34:69:ed:ad:81:ef:0b:0c:af:47:
                    fc:b5:1c:dd:ff:15:4e:48:6e:6d:59:17:a5:13:c9:
                    52:5f:35:7f:56:01:f9:57:96:95:1c:9e:1d:25:10:
                    45:b4:9c:75:69:c4:c8:38:6d:e0:07:4a:63:03:03:
                    b5:74:d7:0a:84:51:c8:9a:fe:72:0c:f0:c6:6d:92:
                    99:4d:39:53:25:c3:e8:1e:53:5f:6b:e6:c3:9c:80:
                    87:55:e8:93:f2:d7:6f:58:0c:86:bf:8f:be:b3:88:
                    78:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:F1:75:57:67:2B:FB:6A:A6:BB:40:47:9B:70:15:49:4F:AA:3F:13
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/9_F1V2cr-2qmu0BHm3AVSU-qPxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.196.0/24
                  194.41.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:ab:ab:d1:d5:d8:8e:57:f5:01:48:8d:72:e9:d2:a4:47:38:
         5c:22:7c:ae:9f:d7:48:74:cb:75:0a:03:8a:f7:39:22:05:45:
         73:0b:f0:95:a5:aa:ec:6d:ed:ad:f1:bc:b7:cd:ca:99:2d:02:
         38:29:87:ee:86:02:3e:e8:17:bc:67:df:5c:4a:ac:65:0a:9e:
         94:b9:0b:cb:64:91:b0:0c:4f:34:10:d4:ef:b7:b8:a8:8a:84:
         03:f6:c6:2d:d2:00:c5:7f:ff:d6:9a:e4:bc:d2:ad:49:e8:f0:
         a7:35:03:60:86:3c:9f:e7:15:cf:07:f7:fc:93:92:af:b8:86:
         d3:e7:a0:a4:e3:45:d9:6f:da:2d:7e:e6:ae:ea:b9:98:92:c6:
         a3:f6:61:48:f3:f9:4c:97:8d:58:62:e2:b5:ea:e6:10:ca:7c:
         24:5c:54:e1:91:bb:4a:32:7b:b7:e1:44:8e:cc:c6:65:40:4d:
         99:71:1c:b3:16:38:0a:46:b6:a1:99:7a:9c:66:6f:22:0a:b7:
         7d:1b:79:87:cb:fa:48:84:23:95:b8:42:05:17:d3:f8:bc:69:
         28:ab:c4:21:60:85:0e:02:af:f6:4e:64:df:23:c6:d6:aa:3d:
         92:03:79:05:e6:ea:5e:9a:da:22:01:de:9c:58:23:73:9a:ae:
         9e:1f:ea:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYjosSpt40ch4tHuRtGpfkrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwNDExMDY1NjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2YxNzU1NzY3MmJmYjZhYTZiYjQwNDc5YjcwMTU0OTRmYWEzZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SUhfiwaXbECGWBjbIyelLRNy8uA
/lN34bLslKJzBnaPiGg+lxebr1jVFjgOvGCj95mmmRdMvgakzg5NQKjdDt1TbYzH
JJE8YDwx1pVDh5Ro/YnRNGNDQjQ6w9tFSjgAVtC6+yaXUf+kCXDFx5URIMhPhK27
liKMblda01FHH3+xdCtIrtFUzqICQIt1pLCxjYgAosLhNIBh6jRp7a2B7wsMr0f8
tRzd/xVOSG5tWRelE8lSXzV/VgH5V5aVHJ4dJRBFtJx1acTIOG3gB0pjAwO1dNcK
hFHImv5yDPDGbZKZTTlTJcPoHlNfa+bDnICHVeiT8tdvWAyGv4++s4h4rQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPfxdVdnK/tqprtAR5twFUlPqj8TMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvOV9GMVYyY3ItMnFtdTBCSG0zQVZTVS1xUHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSXEAwQA
wilxMA0GCSqGSIb3DQEBCwUAA4IBAQALq6vR1diOV/UBSI1y6dKkRzhcInyun9dI
dMt1CgOK9zkiBUVzC/CVparsbe2t8by3zcqZLQI4KYfuhgI+6Be8Z99cSqxlCp6U
uQvLZJGwDE80ENTvt7ioioQD9sYt0gDFf//WmuS80q1J6PCnNQNghjyf5xXPB/f8
k5KvuIbT56Ck40XZb9otfuau6rmYksaj9mFI8/lMl41YYuK16uYQynwkXFThkbtK
Mnu34USOzMZlQE2ZcRyzFjgKRrahmXqcZm8iCrd9G3mHy/pIhCOVuEIFF9P4vGko
q8QhYIUOAq/2TmTfI8bWqj2SA3kF5upemtoiAd6cWCNzmq6eH+or
-----END CERTIFICATE-----