Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/p9yFoBCMLxcx2kyLnzIglbUZt8Q.roa
File:                     p9yFoBCMLxcx2kyLnzIglbUZt8Q.roa (raw, json)
Hash identifier:          fbxtSkZt340A9KV6V1MZj2gG37RK0K88NQoLtoEEGa0=
Subject key identifier:   A7:DC:85:A0:10:8C:2F:17:31:DA:4C:8B:9F:32:20:95:B5:19:B7:C4
Certificate issuer:       /CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
Certificate serial:       0197C32EA1C3E8DFA2EB6916E9F8D8A7710E
Authority key identifier: 72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/p9yFoBCMLxcx2kyLnzIglbUZt8Q.roa
Signing time:             Mon 30 Jun 2025 23:31:42 +0000
ROA not before:           Mon 30 Jun 2025 23:31:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202834
IP address blocks:        45.94.16.0/24 maxlen: 24
                          2001:913:9000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 09:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c3:2e:a1:c3:e8:df:a2:eb:69:16:e9:f8:d8:a7:71:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ed2fbb7213fbf32ad4c087f8b0b22cecef4fea
        Validity
            Not Before: Jun 30 23:31:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7dc85a0108c2f1731da4c8b9f322095b519b7c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:55:65:05:7d:1c:62:5f:db:a3:83:df:b9:e5:
                    cb:c1:39:5e:55:7d:0a:9b:b1:46:7d:d0:e6:6b:95:
                    47:1c:f0:95:4d:9a:83:8f:7a:5e:d0:57:04:0a:72:
                    b8:d3:68:cc:86:a6:62:d3:d6:1e:4b:e1:5e:ed:c9:
                    8c:27:87:3c:ed:6a:26:c3:8d:15:36:c8:0c:f3:62:
                    f1:41:4d:6f:74:93:1f:0d:90:98:48:8a:ad:20:e6:
                    89:8a:9b:32:9b:58:0f:e8:2d:97:b5:c2:0b:56:3e:
                    43:dc:9f:4f:44:37:f7:d7:9e:7b:25:5b:c1:f3:ed:
                    9a:2a:f9:86:51:42:31:09:ab:a6:ae:ac:7f:d5:9a:
                    76:d5:2d:e5:9f:a2:1b:a7:40:48:da:f0:c1:90:01:
                    28:61:81:66:6b:27:dc:5d:1c:a9:90:c2:94:d1:13:
                    59:d2:b3:7b:44:f3:26:b6:ff:69:ca:4f:26:bd:8f:
                    be:77:11:2e:42:64:fd:57:c2:6e:8e:bd:50:6d:ed:
                    3b:b0:58:fa:e0:d2:3c:82:08:38:b0:69:65:9e:71:
                    ee:e1:1a:f3:ee:38:ce:b8:6c:9e:83:47:1a:9d:62:
                    85:68:4a:62:7b:0f:88:88:6f:d2:7a:17:c2:09:27:
                    ef:32:c5:c2:a7:21:ef:12:eb:9b:4b:93:8c:84:b3:
                    71:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:DC:85:A0:10:8C:2F:17:31:DA:4C:8B:9F:32:20:95:B5:19:B7:C4
            X509v3 Authority Key Identifier:
                keyid:72:ED:2F:BB:72:13:FB:F3:2A:D4:C0:87:F8:B0:B2:2C:EC:EF:4F:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/p9yFoBCMLxcx2kyLnzIglbUZt8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/e5a892-23f5-49fa-b6a9-a65233b3e975/1/cu0vu3IT-_Mq1MCH-LCyLOzvT-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.16.0/24
                IPv6:
                  2001:913:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         5f:56:61:37:3f:8a:38:71:3e:f4:2a:11:71:95:e6:27:71:49:
         9b:f5:26:28:6c:6e:7f:13:87:a2:d4:6e:41:7a:0b:da:0f:96:
         bb:39:a5:87:17:aa:a7:3a:d8:0d:d2:11:36:29:2e:32:5b:d5:
         59:c0:f7:91:6c:26:79:7e:1e:1c:d3:38:d3:e6:8f:a0:10:f5:
         c6:2d:78:ed:b7:fc:61:08:9a:ff:c4:07:5a:09:13:70:46:5b:
         e5:54:ab:05:78:cd:b3:d4:a3:43:b5:bc:1a:dc:46:81:5e:ac:
         25:1d:00:c1:20:62:c4:e7:e3:c4:48:5b:bc:d9:6d:6a:8a:f9:
         19:28:fe:58:42:5c:17:f8:c4:8c:17:29:2b:2c:0e:69:c8:47:
         00:a9:5a:74:c4:6b:e2:d8:79:0e:cf:b2:f9:7c:0b:dd:0e:5a:
         5e:cb:23:6e:e1:b9:ae:d8:d1:ca:d2:9f:39:30:01:e9:7d:6e:
         8b:f3:43:48:72:3f:41:cc:6c:8e:e2:f9:a6:36:8c:e4:e6:dd:
         fa:57:53:88:dc:3c:7d:19:21:be:30:6c:0a:ef:51:8e:09:fa:
         25:81:cf:8e:13:57:9b:8b:d2:d0:2d:1e:60:b6:58:6d:3a:c0:
         31:d6:a8:6b:c2:b5:a4:28:97:8a:d5:18:ef:26:00:5b:5f:dc:
         02:a0:22:55
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZfDLqHD6N+i62kW6fjYp3EOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZWQyZmJiNzIxM2ZiZjMyYWQ0YzA4N2Y4YjBiMjJjZWNl
ZjRmZWEwHhcNMjUwNjMwMjMzMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2RjODVhMDEwOGMyZjE3MzFkYTRjOGI5ZjMyMjA5NWI1MTliN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVVlBX0cYl/bo4PfueXLwTleVX0K
m7FGfdDma5VHHPCVTZqDj3pe0FcECnK402jMhqZi09YeS+Fe7cmMJ4c87Womw40V
NsgM82LxQU1vdJMfDZCYSIqtIOaJipsym1gP6C2XtcILVj5D3J9PRDf31557JVvB
8+2aKvmGUUIxCaumrqx/1Zp21S3ln6Ibp0BI2vDBkAEoYYFmayfcXRypkMKU0RNZ
0rN7RPMmtv9pyk8mvY++dxEuQmT9V8Jujr1Qbe07sFj64NI8ggg4sGllnnHu4Rrz
7jjOuGyeg0canWKFaEpiew+IiG/SehfCCSfvMsXCpyHvEuubS5OMhLNxvwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKfchaAQjC8XMdpMi58yIJW1GbfEMB8GA1UdIwQY
MBaAFHLtL7tyE/vzKtTAh/iwsizs70/qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTkt
YTY1MjMzYjNlOTc1LzEvcDl5Rm9CQ01MeGN4Mmt5TG56SWdsYlVadDhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9lNWE4OTItMjNmNS00OWZhLWI2YTktYTY1MjMzYjNlOTc1
LzEvY3UwdnUzSVQtX01xMU1DSC1MQ3lMT3p2VC1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALV4QMA4E
AgACMAgDBgQgAQkTkDANBgkqhkiG9w0BAQsFAAOCAQEAX1ZhNz+KOHE+9CoRcZXm
J3FJm/UmKGxufxOHotRuQXoL2g+WuzmlhxeqpzrYDdIRNikuMlvVWcD3kWwmeX4e
HNM40+aPoBD1xi147bf8YQia/8QHWgkTcEZb5VSrBXjNs9SjQ7W8GtxGgV6sJR0A
wSBixOfjxEhbvNltaor5GSj+WEJcF/jEjBcpKywOachHAKladMRr4th5Ds+y+XwL
3Q5aXssjbuG5rtjRytKfOTAB6X1ui/NDSHI/QcxsjuL5pjaM5Obd+ldTiNw8fRkh
vjBsCu9Rjgn6JYHPjhNXm4vS0C0eYLZYbTrAMdaoa8K1pCiXitUY7yYAW1/cAqAi
VQ==
-----END CERTIFICATE-----