Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/F76FpI_z3pp7FvEBXhJ_sZMIEq4.roa
File:                     F76FpI_z3pp7FvEBXhJ_sZMIEq4.roa (raw, json)
Hash identifier:          1qsVc/WLV0a8wJB91bXtNOSX8a5UYSQoJwoErMzZDKk=
Subject key identifier:   17:BE:85:A4:8F:F3:DE:9A:7B:16:F1:01:5E:12:7F:B1:93:08:12:AE
Certificate issuer:       /CN=9ca319ea51c8003aad94a8e27ce69492aa2e33a8
Certificate serial:       019682D9719B7041EAF7B33837E360222079
Authority key identifier: 9C:A3:19:EA:51:C8:00:3A:AD:94:A8:E2:7C:E6:94:92:AA:2E:33:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nKMZ6lHIADqtlKjifOaUkqouM6g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/F76FpI_z3pp7FvEBXhJ_sZMIEq4.roa
Signing time:             Tue 29 Apr 2025 18:40:10 +0000
ROA not before:           Tue 29 Apr 2025 18:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34578
IP address blocks:        159.144.0.0/16 maxlen: 16
                          192.112.254.0/24 maxlen: 24
                          2a00:9480::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/nKMZ6lHIADqtlKjifOaUkqouM6g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/nKMZ6lHIADqtlKjifOaUkqouM6g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nKMZ6lHIADqtlKjifOaUkqouM6g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 18 May 2025 00:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:d9:71:9b:70:41:ea:f7:b3:38:37:e3:60:22:20:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ca319ea51c8003aad94a8e27ce69492aa2e33a8
        Validity
            Not Before: Apr 29 18:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17be85a48ff3de9a7b16f1015e127fb1930812ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:2d:d0:bd:f3:1c:29:d8:d4:dc:46:98:00:
                    02:73:64:ae:20:a0:1e:d6:e8:a9:0f:29:9f:72:07:
                    43:59:90:1a:e2:ca:91:6c:79:3a:93:89:2b:ad:5e:
                    18:3a:44:bd:dd:c3:98:11:b1:c9:fd:ab:64:9b:10:
                    e2:97:99:fe:0a:f3:c8:85:83:8a:de:3f:08:03:97:
                    09:6e:68:f0:6b:75:56:40:f4:28:1f:3b:f5:2c:f2:
                    a8:32:c3:74:13:33:b4:da:04:63:ed:cf:72:21:53:
                    1a:1e:00:d0:f1:4a:31:6c:03:80:cb:8c:52:47:06:
                    4e:4b:ed:f5:ad:6c:aa:39:9c:52:1f:ed:bb:69:a4:
                    e2:e7:74:95:46:5f:28:f5:d6:0b:1b:07:c5:ec:4d:
                    ac:59:e8:96:d4:14:f6:dc:fd:ae:d5:1a:ad:c3:28:
                    a2:70:00:91:db:73:59:ed:54:25:1b:57:dd:e9:95:
                    bd:93:ff:e5:3a:44:00:a3:94:18:20:8a:b3:04:c6:
                    67:ec:d0:b9:f6:43:d6:af:2f:06:5f:14:46:4a:db:
                    a4:d3:74:77:b0:c7:c4:00:10:2f:3d:ca:3f:c5:ec:
                    30:f0:98:70:88:85:96:db:2e:9d:ea:20:95:ba:0e:
                    e1:7a:e4:66:a8:cc:83:50:7c:09:15:55:68:cb:3c:
                    6c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BE:85:A4:8F:F3:DE:9A:7B:16:F1:01:5E:12:7F:B1:93:08:12:AE
            X509v3 Authority Key Identifier:
                keyid:9C:A3:19:EA:51:C8:00:3A:AD:94:A8:E2:7C:E6:94:92:AA:2E:33:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nKMZ6lHIADqtlKjifOaUkqouM6g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/F76FpI_z3pp7FvEBXhJ_sZMIEq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/61494c-0744-4991-ab67-0ad3c7962c09/1/nKMZ6lHIADqtlKjifOaUkqouM6g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.144.0.0/16
                  192.112.254.0/24
                IPv6:
                  2a00:9480::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:8b:5d:b7:f4:74:5d:b3:1b:56:e0:b1:fe:58:7c:dc:c7:64:
         bf:a8:23:f6:b6:57:c7:55:82:14:34:a3:1e:55:12:24:3a:08:
         96:bd:35:3a:5c:fc:e7:4c:45:e8:0c:77:b8:91:2e:aa:53:5e:
         d6:06:56:39:b2:9e:0a:b2:0e:72:78:aa:4a:c6:53:ec:2a:46:
         f0:2e:ee:16:0f:d2:13:01:d9:1d:85:02:e4:4c:03:7e:75:9b:
         61:f7:3a:91:2a:1c:b2:ea:5f:3f:00:d3:ff:39:bb:1f:51:00:
         c2:f8:17:f4:67:d2:24:00:f6:c3:da:57:11:b4:81:f9:f8:ef:
         74:c3:f6:29:b9:d5:36:20:00:8f:44:93:88:88:a0:89:68:00:
         ea:84:5e:11:58:f9:f3:c8:ad:c7:2e:85:4c:43:25:eb:fb:03:
         66:6e:22:7a:30:a9:d4:2c:1e:83:be:77:01:8b:c0:96:89:0c:
         29:9b:39:6b:18:a9:9e:75:39:9d:e8:1e:57:a4:d7:d0:5f:86:
         c9:7a:57:3a:03:68:69:a6:ea:00:43:62:52:e1:b2:3f:c2:a0:
         37:b0:04:e5:ec:c3:f1:d0:6c:00:83:3c:ce:40:97:84:44:58:
         a2:e0:17:32:0a:63:38:fa:a8:77:59:c1:e6:17:14:29:fd:e3:
         1c:0a:6a:8a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZaC2XGbcEHq97M4N+NgIiB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYTMxOWVhNTFjODAwM2FhZDk0YThlMjdjZTY5NDkyYWEy
ZTMzYTgwHhcNMjUwNDI5MTg0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2JlODVhNDhmZjNkZTlhN2IxNmYxMDE1ZTEyN2ZiMTkzMDgxMmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfAt0L3zHCnY1NxGmAACc2SuIKAe
1uipDymfcgdDWZAa4sqRbHk6k4krrV4YOkS93cOYEbHJ/atkmxDil5n+CvPIhYOK
3j8IA5cJbmjwa3VWQPQoHzv1LPKoMsN0EzO02gRj7c9yIVMaHgDQ8UoxbAOAy4xS
RwZOS+31rWyqOZxSH+27aaTi53SVRl8o9dYLGwfF7E2sWeiW1BT23P2u1Rqtwyii
cACR23NZ7VQlG1fd6ZW9k//lOkQAo5QYIIqzBMZn7NC59kPWry8GXxRGStuk03R3
sMfEABAvPco/xeww8JhwiIWW2y6d6iCVug7heuRmqMyDUHwJFVVoyzxssQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFBe+haSP896aexbxAV4Sf7GTCBKuMB8GA1UdIwQY
MBaAFJyjGepRyAA6rZSo4nzmlJKqLjOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbktNWjZsSElBRHF0bEtqaWZPYVVrcW91TTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82MTQ5NGMtMDc0NC00OTkxLWFiNjct
MGFkM2M3OTYyYzA5LzEvRjc2RnBJX3ozcHA3RnZFQlhoSl9zWk1JRXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82MTQ5NGMtMDc0NC00OTkxLWFiNjctMGFkM2M3OTYyYzA5
LzEvbktNWjZsSElBRHF0bEtqaWZPYVVrcW91TTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAn5ADBADA
cP4wDQQCAAIwBwMFACoAlIAwDQYJKoZIhvcNAQELBQADggEBADeLXbf0dF2zG1bg
sf5YfNzHZL+oI/a2V8dVghQ0ox5VEiQ6CJa9NTpc/OdMRegMd7iRLqpTXtYGVjmy
ngqyDnJ4qkrGU+wqRvAu7hYP0hMB2R2FAuRMA351m2H3OpEqHLLqXz8A0/85ux9R
AML4F/Rn0iQA9sPaVxG0gfn473TD9im51TYgAI9Ek4iIoIloAOqEXhFY+fPIrccu
hUxDJev7A2ZuInowqdQsHoO+dwGLwJaJDCmbOWsYqZ51OZ3oHlek19Bfhsl6VzoD
aGmm6gBDYlLhsj/CoDewBOXsw/HQbACDPM5Al4REWKLgFzIKYzj6qHdZweYXFCn9
4xwKaoo=
-----END CERTIFICATE-----