Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/x9hv5VI53E9lfmCoCZYbXA2hByU.roa
File:                     x9hv5VI53E9lfmCoCZYbXA2hByU.roa (raw, json)
Hash identifier:          /EpYHmEUvDFytn2JV2b/puVDndIWdyEA5WbCaF8KMCM=
Subject key identifier:   C7:D8:6F:E5:52:39:DC:4F:65:7E:60:A8:09:96:1B:5C:0D:A1:07:25
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019644B62704D2A93F34DE04F4B3B822A927
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/x9hv5VI53E9lfmCoCZYbXA2hByU.roa
Signing time:             Thu 17 Apr 2025 17:05:10 +0000
ROA not before:           Thu 17 Apr 2025 17:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42007
IP address blocks:        94.231.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:44:b6:27:04:d2:a9:3f:34:de:04:f4:b3:b8:22:a9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Apr 17 17:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7d86fe55239dc4f657e60a809961b5c0da10725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f5:4e:b8:20:e5:23:e2:5c:65:41:80:3e:7b:
                    3e:2d:68:a4:20:e3:03:87:77:ff:c9:ba:b8:01:dd:
                    f0:a4:d6:3f:8a:d4:31:e5:85:eb:a6:3b:50:df:a3:
                    47:6e:e0:94:3a:9a:c0:0a:4d:f0:42:71:cc:07:69:
                    e5:dd:b5:43:fa:bc:a8:19:50:60:5b:1a:cc:d3:05:
                    45:f7:e3:2c:da:e9:e1:7d:fe:d8:f2:ec:42:0e:0c:
                    e3:71:88:43:ba:c5:01:e6:4b:df:1b:b0:02:f9:a7:
                    30:16:da:d0:a0:d4:5d:6e:f9:71:ca:8a:83:b8:5c:
                    b9:a3:ed:a6:9d:32:8e:c7:b8:a2:9d:f6:a1:fc:4a:
                    96:b7:7a:3c:5e:08:e5:0a:02:62:66:3e:d0:57:c4:
                    f4:39:84:2f:b2:26:a4:77:8f:1a:0d:c5:61:0a:6d:
                    68:fd:ec:07:c4:38:25:98:23:2c:a2:0c:36:8a:30:
                    34:f2:e1:51:21:81:7d:7a:22:78:2d:91:8d:ae:a3:
                    03:64:dc:9b:e2:5a:83:b3:30:74:f0:f2:95:4d:b4:
                    0a:06:5e:65:7c:41:24:5c:88:88:ed:bb:b6:d5:e5:
                    e9:84:e6:6f:cb:61:02:4d:b3:5c:50:bc:af:32:f5:
                    ca:16:a7:cc:5f:bf:55:79:ed:cc:8b:f1:96:a1:5e:
                    ce:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D8:6F:E5:52:39:DC:4F:65:7E:60:A8:09:96:1B:5C:0D:A1:07:25
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/x9hv5VI53E9lfmCoCZYbXA2hByU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:75:47:ce:69:ed:57:d1:fb:18:81:19:e3:4c:1d:75:57:23:
         03:9b:5d:37:dc:6c:32:4e:c7:b7:ed:c3:84:fd:ad:21:92:09:
         db:0a:d4:70:f1:c9:a9:ec:89:d8:e8:14:c3:47:f4:81:69:4c:
         57:f3:1c:74:ef:41:aa:51:91:df:65:bf:a5:50:33:9b:7f:8a:
         87:09:6d:22:5b:58:e0:3c:8c:ad:c0:85:d7:3c:9a:51:3f:bb:
         0f:5d:27:aa:2c:4f:72:67:76:75:bc:de:11:b6:73:54:37:a5:
         68:3a:36:3e:89:0a:c8:6a:a3:23:bc:35:ab:8e:52:8b:f4:fc:
         b8:4f:a3:1c:f3:25:44:d5:c6:59:1e:9f:92:44:b2:10:7d:4c:
         55:9c:2c:f7:79:d2:b7:7d:f2:a2:fe:13:41:62:73:eb:7e:d7:
         1e:56:8e:14:c0:ad:23:4f:cb:79:3b:72:fa:da:2a:5f:38:e5:
         b8:9e:ab:72:af:49:a5:df:4b:dd:a6:c0:45:38:96:68:06:e4:
         f1:b2:b4:6c:ee:ec:74:d1:17:0a:58:0e:88:04:ad:df:68:6a:
         1a:b9:18:4a:8c:1f:c0:87:64:d7:19:a4:a2:d9:86:a1:63:7f:
         c2:2f:d0:f8:11:c4:51:2f:0a:a2:f0:73:c9:f5:72:35:7d:6b:
         77:3b:71:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZEticE0qk/NN4E9LO4IqknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwNDE3MTcwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Q4NmZlNTUyMzlkYzRmNjU3ZTYwYTgwOTk2MWI1YzBkYTEwNzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fVOuCDlI+JcZUGAPns+LWikIOMD
h3f/ybq4Ad3wpNY/itQx5YXrpjtQ36NHbuCUOprACk3wQnHMB2nl3bVD+ryoGVBg
WxrM0wVF9+Ms2unhff7Y8uxCDgzjcYhDusUB5kvfG7AC+acwFtrQoNRdbvlxyoqD
uFy5o+2mnTKOx7iinfah/EqWt3o8XgjlCgJiZj7QV8T0OYQvsiakd48aDcVhCm1o
/ewHxDglmCMsogw2ijA08uFRIYF9eiJ4LZGNrqMDZNyb4lqDszB08PKVTbQKBl5l
fEEkXIiI7bu21eXphOZvy2ECTbNcULyvMvXKFqfMX79Vee3Mi/GWoV7OIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfYb+VSOdxPZX5gqAmWG1wNoQclMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEveDlodjVWSTUzRTlsZm1Db0NaWWJYQTJoQnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuffMA0G
CSqGSIb3DQEBCwUAA4IBAQDJdUfOae1X0fsYgRnjTB11VyMDm1033GwyTse37cOE
/a0hkgnbCtRw8cmp7InY6BTDR/SBaUxX8xx070GqUZHfZb+lUDObf4qHCW0iW1jg
PIytwIXXPJpRP7sPXSeqLE9yZ3Z1vN4RtnNUN6VoOjY+iQrIaqMjvDWrjlKL9Py4
T6Mc8yVE1cZZHp+SRLIQfUxVnCz3edK3ffKi/hNBYnPrftceVo4UwK0jT8t5O3L6
2ipfOOW4nqtyr0ml30vdpsBFOJZoBuTxsrRs7ux00RcKWA6IBK3faGoauRhKjB/A
h2TXGaSi2YahY3/CL9D4EcRRLwqi8HPJ9XI1fWt3O3Hp
-----END CERTIFICATE-----