Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/yFaejGd1ihLnr_W4Yz27u8hyN7I.roa
File:                     yFaejGd1ihLnr_W4Yz27u8hyN7I.roa (raw, json)
Hash identifier:          oi+5QdtL9il5kTDZnRMrfLCqvTGCtM8RRqlcIwS13NU=
Subject key identifier:   C8:56:9E:8C:67:75:8A:12:E7:AF:F5:B8:63:3D:BB:BB:C8:72:37:B2
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01953E615C6F9EB2ABB630C480F3504D1A3D
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/yFaejGd1ihLnr_W4Yz27u8hyN7I.roa
Signing time:             Tue 25 Feb 2025 18:32:02 +0000
ROA not before:           Tue 25 Feb 2025 18:32:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        5.181.87.0/24 maxlen: 24
                          45.9.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3e:61:5c:6f:9e:b2:ab:b6:30:c4:80:f3:50:4d:1a:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Feb 25 18:32:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8569e8c67758a12e7aff5b8633dbbbbc87237b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:50:f0:3b:4b:8d:a2:11:fe:89:44:b9:b5:32:
                    ad:74:9c:13:49:27:83:e1:52:18:1d:af:db:9c:2b:
                    a8:ea:ae:4b:bd:7f:83:fd:05:7c:13:f1:eb:ca:1b:
                    c2:14:fb:a4:10:59:b9:8b:fb:2a:35:c4:7f:df:52:
                    36:33:ba:59:dd:62:d8:1a:84:8d:7c:e4:3e:f5:91:
                    e6:16:30:37:a4:7f:f6:28:c8:83:c5:ec:38:19:44:
                    9a:93:2f:fb:22:7c:79:8c:ed:89:5e:9d:2c:73:cc:
                    e3:9e:2e:0b:e2:0c:27:8e:7f:d2:5e:0c:69:9b:1f:
                    a0:81:80:84:06:03:d4:9e:f6:3a:d3:11:1d:c1:82:
                    02:52:15:32:9b:51:a4:29:d6:89:f3:d7:0a:de:dd:
                    2d:06:5c:31:97:eb:47:1e:88:d6:95:d9:10:52:eb:
                    19:2c:85:5d:e8:10:07:1a:11:d0:00:7b:55:0a:8c:
                    cb:5e:81:d3:e4:5a:64:b2:c4:63:89:c8:a5:79:1a:
                    03:50:a0:55:10:da:52:d8:df:c6:78:92:bf:05:ff:
                    2a:6b:68:43:43:71:ae:f4:5d:dd:ec:10:fe:bb:c3:
                    a7:25:e2:87:79:85:6e:f8:d8:cb:c3:65:64:c9:f1:
                    b9:af:83:8f:bd:ac:04:3d:ab:78:d5:79:37:32:41:
                    a6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:56:9E:8C:67:75:8A:12:E7:AF:F5:B8:63:3D:BB:BB:C8:72:37:B2
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/yFaejGd1ihLnr_W4Yz27u8hyN7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.87.0/24
                  45.9.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:45:b4:c2:74:fc:61:59:24:83:41:fa:4c:f0:da:9f:5e:d1:
         7f:c3:52:3a:f7:89:b7:b9:46:c4:a3:e2:89:de:c1:7b:50:02:
         21:60:f6:24:37:3e:63:87:74:b8:ef:4d:e7:c6:e7:a9:7b:28:
         27:6b:62:fa:56:94:62:10:4a:99:7f:a0:89:88:1a:4a:ec:8f:
         eb:f7:c3:e3:8b:70:91:1b:b0:c6:e7:d5:c7:72:68:94:c0:42:
         46:09:84:db:6c:b7:7c:59:c6:6c:df:9f:7f:ab:f2:b7:f3:a1:
         9a:df:80:ea:94:05:5e:5a:32:cc:00:22:eb:3f:45:e6:6e:b4:
         27:d6:97:53:4f:50:a7:aa:bf:74:41:66:be:1e:19:d3:88:a7:
         4c:c6:e0:53:e8:0e:5d:53:34:08:dc:2e:c5:0d:73:49:6b:54:
         3c:bf:87:13:5c:2c:a2:e7:b9:61:da:66:79:51:cd:a6:d4:9c:
         c7:53:cd:79:b1:d2:eb:bd:d0:6e:2f:50:56:04:43:d9:0d:1a:
         b9:0d:ce:77:4c:76:9f:07:7c:89:87:e9:d8:65:cd:cb:08:fc:
         9a:11:76:44:7d:e4:72:6e:42:3f:cc:ad:d5:82:ae:01:d9:87:
         4b:11:09:29:3e:4a:6b:45:64:b8:4b:b0:75:36:64:49:63:75:
         1f:3d:70:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZU+YVxvnrKrtjDEgPNQTRo9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMjI1MTgzMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODU2OWU4YzY3NzU4YTEyZTdhZmY1Yjg2MzNkYmJiYmM4NzIzN2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8FDwO0uNohH+iUS5tTKtdJwTSSeD
4VIYHa/bnCuo6q5LvX+D/QV8E/HryhvCFPukEFm5i/sqNcR/31I2M7pZ3WLYGoSN
fOQ+9ZHmFjA3pH/2KMiDxew4GUSaky/7Inx5jO2JXp0sc8zjni4L4gwnjn/SXgxp
mx+ggYCEBgPUnvY60xEdwYICUhUym1GkKdaJ89cK3t0tBlwxl+tHHojWldkQUusZ
LIVd6BAHGhHQAHtVCozLXoHT5FpkssRjicileRoDUKBVENpS2N/GeJK/Bf8qa2hD
Q3Gu9F3d7BD+u8OnJeKHeYVu+NjLw2VkyfG5r4OPvawEPat41Xk3MkGmVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMhWnoxndYoS56/1uGM9u7vIcjeyMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEveUZhZWpHZDFpaExucl9XNFl6Mjd1OGh5TjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbVXAwQA
LQkeMA0GCSqGSIb3DQEBCwUAA4IBAQCFRbTCdPxhWSSDQfpM8NqfXtF/w1I694m3
uUbEo+KJ3sF7UAIhYPYkNz5jh3S4703nxuepeygna2L6VpRiEEqZf6CJiBpK7I/r
98Pji3CRG7DG59XHcmiUwEJGCYTbbLd8WcZs359/q/K386Ga34DqlAVeWjLMACLr
P0XmbrQn1pdTT1Cnqr90QWa+HhnTiKdMxuBT6A5dUzQI3C7FDXNJa1Q8v4cTXCyi
57lh2mZ5Uc2m1JzHU815sdLrvdBuL1BWBEPZDRq5Dc53THafB3yJh+nYZc3LCPya
EXZEfeRybkI/zK3Vgq4B2YdLEQkpPkprRWS4S7B1NmRJY3UfPXBx
-----END CERTIFICATE-----