Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/t9Y7BeYu12mZq7yxIRtEySM1Rtc.roa
File:                     t9Y7BeYu12mZq7yxIRtEySM1Rtc.roa (raw, json)
Hash identifier:          pHqieJKSJe/cYuypW4oPbapHkZUvdCP0qK0tLzbxp4k=
Subject key identifier:   B7:D6:3B:05:E6:2E:D7:69:99:AB:BC:B1:21:1B:44:C9:23:35:46:D7
Certificate issuer:       /CN=96bbd1bfca2f8a1578faab5b10c0fc355561cc65
Certificate serial:       0194AC115CAB05D75D7A00AE9785497DF644
Authority key identifier: 96:BB:D1:BF:CA:2F:8A:15:78:FA:AB:5B:10:C0:FC:35:55:61:CC:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lrvRv8ovihV4-qtbEMD8NVVhzGU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/t9Y7BeYu12mZq7yxIRtEySM1Rtc.roa
Signing time:             Tue 28 Jan 2025 08:40:06 +0000
ROA not before:           Tue 28 Jan 2025 08:40:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216282
IP address blocks:        185.98.161.0/24 maxlen: 24
                          195.184.234.0/24 maxlen: 24
                          2a13:e1c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/lrvRv8ovihV4-qtbEMD8NVVhzGU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/lrvRv8ovihV4-qtbEMD8NVVhzGU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lrvRv8ovihV4-qtbEMD8NVVhzGU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:11:5c:ab:05:d7:5d:7a:00:ae:97:85:49:7d:f6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96bbd1bfca2f8a1578faab5b10c0fc355561cc65
        Validity
            Not Before: Jan 28 08:40:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7d63b05e62ed76999abbcb1211b44c9233546d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1c:04:83:30:f0:59:82:e3:83:e8:46:ce:48:
                    48:5d:0f:8f:59:ed:3a:4a:97:5f:e4:75:43:4f:65:
                    2e:2c:6f:46:43:63:8c:45:f0:4d:7a:de:aa:f7:b9:
                    72:4f:ce:a0:d6:f3:02:fa:57:0b:6b:a9:56:c2:2f:
                    26:af:58:9b:70:fb:16:8d:1e:15:83:9e:f9:5c:6e:
                    91:1e:27:f9:90:d8:b9:38:05:56:57:b5:b1:9c:ef:
                    ac:10:32:5a:70:aa:de:83:f7:7c:33:4c:ee:ca:80:
                    dc:97:8c:22:15:59:ec:75:3b:a4:fd:c5:0a:aa:58:
                    05:4e:d9:08:cf:95:6e:69:96:ea:f1:5c:92:a2:1d:
                    ce:50:d9:3f:44:2f:06:5b:00:35:aa:de:3d:c3:7e:
                    d9:56:ee:69:a1:98:e3:57:a2:91:45:f5:1f:cf:66:
                    7a:35:42:f3:65:4b:af:b2:39:27:fc:29:33:fb:9a:
                    84:b2:f1:0e:2e:6c:9c:d8:06:e9:15:b3:e9:f2:69:
                    5d:96:9f:ec:74:84:e4:05:e3:ce:ee:e3:dd:9a:62:
                    59:0d:d4:21:eb:60:20:10:ca:0a:d5:69:9a:e7:0c:
                    64:55:8b:42:76:8b:0c:08:f8:76:a5:0d:56:2e:9b:
                    71:bd:85:ff:65:a1:66:15:0f:12:30:9b:82:a9:a8:
                    3e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:D6:3B:05:E6:2E:D7:69:99:AB:BC:B1:21:1B:44:C9:23:35:46:D7
            X509v3 Authority Key Identifier:
                keyid:96:BB:D1:BF:CA:2F:8A:15:78:FA:AB:5B:10:C0:FC:35:55:61:CC:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lrvRv8ovihV4-qtbEMD8NVVhzGU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/t9Y7BeYu12mZq7yxIRtEySM1Rtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/73f5b5-293d-4035-92ac-a87e2872ad8a/1/lrvRv8ovihV4-qtbEMD8NVVhzGU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.161.0/24
                  195.184.234.0/24
                IPv6:
                  2a13:e1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:d2:fd:ba:92:dd:94:d4:2a:8a:08:c2:70:e2:3e:82:1a:dd:
         ff:51:83:22:01:63:98:d2:47:2c:51:69:74:08:62:6e:86:d9:
         1c:ce:23:92:5e:9b:3f:cb:b6:b8:e8:74:e9:17:69:b9:a6:98:
         8b:8c:79:a6:c1:1b:14:72:ba:c1:64:5b:d6:e9:5a:69:10:45:
         03:99:2b:2f:5a:d1:e6:41:7e:ab:77:2d:c4:cd:d2:4d:68:22:
         e6:9d:84:68:70:e8:95:7c:ea:2d:20:e0:3a:b2:34:02:1e:d8:
         b7:64:9a:62:5d:ee:b3:03:81:46:bd:41:b2:56:ef:34:93:64:
         8d:0e:dd:a4:9b:11:6d:eb:93:1a:a0:8e:a7:0f:e2:da:55:f8:
         a9:6a:ab:7c:0e:e6:44:15:7a:d7:80:8b:06:39:82:40:b0:5e:
         01:b3:e3:19:3d:4b:00:a4:fb:e0:74:e7:71:dd:3e:b1:29:f7:
         08:6b:8e:5c:14:7f:10:86:30:22:9c:87:ca:80:34:c6:9e:c7:
         3a:7a:0b:05:4c:96:95:1f:e1:c1:05:ce:4f:91:ee:62:19:7a:
         48:f5:04:e9:8b:8a:56:80:2b:b5:c2:13:93:57:47:0d:d1:70:
         77:30:83:51:e9:35:54:b9:c5:d4:12:38:f6:b2:98:08:60:da:
         bd:b9:35:e7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZSsEVyrBdddegCul4VJffZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2YmJkMWJmY2EyZjhhMTU3OGZhYWI1YjEwYzBmYzM1NTU2
MWNjNjUwHhcNMjUwMTI4MDg0MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2Q2M2IwNWU2MmVkNzY5OTlhYmJjYjEyMTFiNDRjOTIzMzU0NmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRwEgzDwWYLjg+hGzkhIXQ+PWe06
Spdf5HVDT2UuLG9GQ2OMRfBNet6q97lyT86g1vMC+lcLa6lWwi8mr1ibcPsWjR4V
g575XG6RHif5kNi5OAVWV7WxnO+sEDJacKreg/d8M0zuyoDcl4wiFVnsdTuk/cUK
qlgFTtkIz5VuaZbq8VySoh3OUNk/RC8GWwA1qt49w37ZVu5poZjjV6KRRfUfz2Z6
NULzZUuvsjkn/Ckz+5qEsvEOLmyc2AbpFbPp8mldlp/sdITkBePO7uPdmmJZDdQh
62AgEMoK1Wma5wxkVYtCdosMCPh2pQ1WLptxvYX/ZaFmFQ8SMJuCqag+0wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLfWOwXmLtdpmau8sSEbRMkjNUbXMB8GA1UdIwQY
MBaAFJa70b/KL4oVePqrWxDA/DVVYcxlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHJ2UnY4b3ZpaFY0LXF0YkVNRDhOVlZoekdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83M2Y1YjUtMjkzZC00MDM1LTkyYWMt
YTg3ZTI4NzJhZDhhLzEvdDlZN0JlWXUxMm1acTd5eElSdEV5U00xUnRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83M2Y1YjUtMjkzZC00MDM1LTkyYWMtYTg3ZTI4NzJhZDhh
LzEvbHJ2UnY4b3ZpaFY0LXF0YkVNRDhOVlZoekdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuWKhAwQA
w7jqMA0EAgACMAcDBQMqE+HAMA0GCSqGSIb3DQEBCwUAA4IBAQAt0v26kt2U1CqK
CMJw4j6CGt3/UYMiAWOY0kcsUWl0CGJuhtkcziOSXps/y7a46HTpF2m5ppiLjHmm
wRsUcrrBZFvW6VppEEUDmSsvWtHmQX6rdy3EzdJNaCLmnYRocOiVfOotIOA6sjQC
Hti3ZJpiXe6zA4FGvUGyVu80k2SNDt2kmxFt65MaoI6nD+LaVfipaqt8DuZEFXrX
gIsGOYJAsF4Bs+MZPUsApPvgdOdx3T6xKfcIa45cFH8QhjAinIfKgDTGnsc6egsF
TJaVH+HBBc5Pke5iGXpI9QTpi4pWgCu1whOTV0cN0XB3MINR6TVUucXUEjj2spgI
YNq9uTXn
-----END CERTIFICATE-----