Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/9UunLY0e7RvMMeMDRjD3u7_pf2Y.roa
File:                     9UunLY0e7RvMMeMDRjD3u7_pf2Y.roa (raw, json)
Hash identifier:          7lRPIrPRKCCE3BPTd9dDNpxXDgXsPWg+ml+ju6JbueA=
Subject key identifier:   F5:4B:A7:2D:8D:1E:ED:1B:CC:31:E3:03:46:30:F7:BB:BF:E9:7F:66
Certificate issuer:       /CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
Certificate serial:       019424B276CBE96A153A2D5744EFC7CD73C5
Authority key identifier: BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/9UunLY0e7RvMMeMDRjD3u7_pf2Y.roa
Signing time:             Thu 02 Jan 2025 01:47:43 +0000
ROA not before:           Thu 02 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43847
IP address blocks:        45.149.216.0/23 maxlen: 23
                          2a0f:7600::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 10:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:76:cb:e9:6a:15:3a:2d:57:44:ef:c7:cd:73:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd81ca90cc5224586afebab1c78b1790268d5c1
        Validity
            Not Before: Jan  2 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f54ba72d8d1eed1bcc31e3034630f7bbbfe97f66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:62:7c:5b:c8:d4:29:b0:d8:5c:4c:2e:bb:27:
                    42:ba:1a:1a:e1:80:db:cc:76:26:69:6c:66:66:82:
                    89:f9:dd:f4:51:d3:28:48:2a:00:a5:d6:ca:db:91:
                    a0:be:14:9b:bc:14:de:9c:19:a2:c2:c2:1c:e5:bf:
                    e5:5d:19:a4:84:32:35:0f:60:d1:c6:8c:a7:3b:d5:
                    a9:ba:92:0e:b1:b7:62:1f:ef:90:7d:ad:68:ce:14:
                    ea:5a:14:01:c7:5f:d6:45:ae:a5:0e:f5:b4:9d:db:
                    87:da:37:68:3a:a9:2b:3c:d6:9e:08:a0:c8:48:72:
                    e6:50:83:64:6c:b3:89:a1:13:6c:8d:e4:54:88:b1:
                    3a:52:75:8f:22:23:68:cf:5f:8a:ac:6f:db:ca:77:
                    cc:94:b5:85:fa:35:38:0b:4b:5a:c2:83:ee:28:34:
                    65:d3:06:4b:db:39:1d:21:3f:4d:09:03:4f:bf:46:
                    54:c1:ed:cb:be:ee:86:eb:2d:33:39:8b:11:ae:c8:
                    ee:f1:69:d6:11:63:17:c0:06:eb:23:a1:7d:30:a4:
                    f9:cd:50:2f:33:cc:a8:3d:28:fb:0f:dc:df:ab:4b:
                    f0:87:7c:e2:ae:02:5f:2f:f4:81:c9:24:bc:52:c1:
                    86:c5:09:3e:30:41:c9:13:63:4b:4f:84:87:7f:26:
                    83:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:4B:A7:2D:8D:1E:ED:1B:CC:31:E3:03:46:30:F7:BB:BF:E9:7F:66
            X509v3 Authority Key Identifier:
                keyid:BF:D8:1C:A9:0C:C5:22:45:86:AF:EB:AB:1C:78:B1:79:02:68:D5:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9gcqQzFIkWGr-urHHixeQJo1cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/9UunLY0e7RvMMeMDRjD3u7_pf2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/25a59c-c2fc-4fd4-96f7-84adcbf5ac55/1/v9gcqQzFIkWGr-urHHixeQJo1cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.216.0/23
                IPv6:
                  2a0f:7600::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:65:7c:1f:da:cf:42:6f:d5:99:9c:bb:c5:67:3d:52:39:d8:
         5f:ff:46:ea:75:f3:b3:5e:fc:11:f7:c8:d8:e0:31:39:ea:08:
         4a:2a:3b:51:a6:33:23:5f:58:48:ff:d2:b7:e2:d9:95:75:0c:
         fc:8e:d2:74:2c:cb:7e:b9:b1:9e:5f:27:e8:61:9c:ff:ce:fc:
         02:42:62:ad:87:69:6f:7a:18:91:20:4b:47:ce:86:9e:62:33:
         ca:e8:47:ba:0b:0f:cf:36:f5:95:d9:a1:9e:a6:69:73:27:3b:
         c2:58:da:31:3b:55:ec:95:55:47:cd:b7:a1:70:ea:4e:7c:b2:
         cc:fc:a8:e4:6a:40:19:7c:ed:d9:31:f1:3a:1c:45:70:38:55:
         9c:37:c1:cd:16:55:63:0b:5f:3a:0d:69:78:da:dc:44:1c:09:
         12:36:6c:55:d4:6e:02:32:4f:55:58:fc:ae:14:d9:38:45:15:
         ee:ee:1f:47:14:f9:c2:60:44:bf:19:54:9f:d9:0a:d0:17:be:
         22:2f:e7:22:75:97:2f:78:79:36:da:a1:08:c2:a7:f0:17:22:
         59:ee:20:9f:7c:85:5c:1b:16:c2:06:04:47:f3:fd:39:b9:4a:
         a7:bb:44:8a:4d:f9:e2:0c:82:80:54:8d:ec:d0:5a:74:0c:62:
         3c:2b:32:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQksnbL6WoVOi1XRO/HzXPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDgxY2E5MGNjNTIyNDU4NmFmZWJhYjFjNzhiMTc5MDI2
OGQ1YzEwHhcNMjUwMTAyMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTRiYTcyZDhkMWVlZDFiY2MzMWUzMDM0NjMwZjdiYmJmZTk3ZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWJ8W8jUKbDYXEwuuydCuhoa4YDb
zHYmaWxmZoKJ+d30UdMoSCoApdbK25GgvhSbvBTenBmiwsIc5b/lXRmkhDI1D2DR
xoynO9WpupIOsbdiH++Qfa1ozhTqWhQBx1/WRa6lDvW0nduH2jdoOqkrPNaeCKDI
SHLmUINkbLOJoRNsjeRUiLE6UnWPIiNoz1+KrG/bynfMlLWF+jU4C0tawoPuKDRl
0wZL2zkdIT9NCQNPv0ZUwe3Lvu6G6y0zOYsRrsju8WnWEWMXwAbrI6F9MKT5zVAv
M8yoPSj7D9zfq0vwh3zirgJfL/SBySS8UsGGxQk+MEHJE2NLT4SHfyaDpQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPVLpy2NHu0bzDHjA0Yw97u/6X9mMB8GA1UdIwQY
MBaAFL/YHKkMxSJFhq/rqxx4sXkCaNXBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2Zjct
ODRhZGNiZjVhYzU1LzEvOVV1bkxZMGU3UnZNTWVNRFJqRDN1N19wZjJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yNWE1OWMtYzJmYy00ZmQ0LTk2ZjctODRhZGNiZjVhYzU1
LzEvdjlnY3FRekZJa1dHci11ckhIaXhlUUpvMWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLZXYMA0E
AgACMAcDBQAqD3YAMA0GCSqGSIb3DQEBCwUAA4IBAQAVZXwf2s9Cb9WZnLvFZz1S
Odhf/0bqdfOzXvwR98jY4DE56ghKKjtRpjMjX1hI/9K34tmVdQz8jtJ0LMt+ubGe
XyfoYZz/zvwCQmKth2lvehiRIEtHzoaeYjPK6Ee6Cw/PNvWV2aGepmlzJzvCWNox
O1XslVVHzbehcOpOfLLM/KjkakAZfO3ZMfE6HEVwOFWcN8HNFlVjC186DWl42txE
HAkSNmxV1G4CMk9VWPyuFNk4RRXu7h9HFPnCYES/GVSf2QrQF74iL+cidZcveHk2
2qEIwqfwFyJZ7iCffIVcGxbCBgRH8/05uUqnu0SKTfniDIKAVI3s0Fp0DGI8KzJz
-----END CERTIFICATE-----