Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/p51-PJoT-E47Il5-C4i0wMvLMrQ.roa
File:                     p51-PJoT-E47Il5-C4i0wMvLMrQ.roa (raw, json)
Hash identifier:          v6b35eBQ2NIYxUqWiW7LPB2L21OTBBy59B+EGu/7XOc=
Subject key identifier:   A7:9D:7E:3C:9A:13:F8:4E:3B:22:5E:7E:0B:88:B4:C0:CB:CB:32:B4
Certificate issuer:       /CN=d25622457a1be33a01258866a067e0447dfd8964
Certificate serial:       01982E1725D7BCF0417B722CF47394BEDF88
Authority key identifier: D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/p51-PJoT-E47Il5-C4i0wMvLMrQ.roa
Signing time:             Mon 21 Jul 2025 17:45:25 +0000
ROA not before:           Mon 21 Jul 2025 17:45:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44559
IP address blocks:        185.234.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2e:17:25:d7:bc:f0:41:7b:72:2c:f4:73:94:be:df:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25622457a1be33a01258866a067e0447dfd8964
        Validity
            Not Before: Jul 21 17:45:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a79d7e3c9a13f84e3b225e7e0b88b4c0cbcb32b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1a:e7:da:72:7f:89:ff:90:81:21:0c:4c:fb:
                    76:af:58:62:68:c7:1c:7c:8b:c7:a4:95:85:32:9f:
                    5b:b5:2a:9a:13:54:e3:f8:df:e5:ac:47:75:e0:9a:
                    8f:a6:1f:35:dc:3e:fe:a9:0e:0b:58:1f:05:76:ab:
                    ab:1b:da:b8:fe:ac:50:b5:98:96:f8:39:77:34:31:
                    06:19:ad:74:3c:57:89:5b:e0:d7:84:81:68:46:86:
                    8c:e7:4b:ea:70:c9:1c:42:c2:14:e7:da:01:9a:b7:
                    cb:17:fb:eb:d7:31:4b:17:f5:3c:b7:68:c9:9f:be:
                    bb:10:ab:de:60:d3:bb:08:a9:3f:84:48:be:c5:c5:
                    4c:e6:1d:38:8d:7f:f8:b3:ff:31:29:ed:4f:e5:e8:
                    24:d9:70:d2:80:d6:eb:f2:cf:42:69:74:90:3b:1d:
                    af:8e:c5:7d:05:2b:d4:2d:aa:4a:13:36:40:b9:f4:
                    59:05:cf:c4:5d:3e:39:21:6f:8b:bb:36:f8:3e:6f:
                    3c:3b:4d:57:7a:a2:4b:56:4d:fa:02:5c:12:6b:03:
                    0e:17:e5:ba:d4:aa:18:e3:40:7b:75:d5:01:de:d3:
                    fc:42:a2:3b:0f:5a:d8:99:46:c0:e7:25:93:8c:b2:
                    1e:0a:22:b9:07:bf:8b:f2:de:0c:0c:90:39:49:47:
                    ea:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:9D:7E:3C:9A:13:F8:4E:3B:22:5E:7E:0B:88:B4:C0:CB:CB:32:B4
            X509v3 Authority Key Identifier:
                keyid:D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/p51-PJoT-E47Il5-C4i0wMvLMrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:41:e7:15:b6:06:b3:92:b0:b0:66:10:12:5a:e1:32:06:93:
         51:f8:c7:bd:b5:0b:d3:49:60:22:ba:cd:28:7f:51:41:f6:43:
         88:2a:11:6f:e1:56:0a:e9:54:2f:4b:5f:4a:d9:eb:6e:3c:46:
         ad:98:dd:ff:43:2f:e0:9e:73:0f:79:1c:1c:23:05:a4:73:52:
         17:17:09:3f:61:c5:7a:08:69:84:ff:a8:3b:c7:0f:00:3a:c6:
         86:2e:9d:22:41:f4:f5:5a:c3:b2:a1:5e:bc:8b:bc:48:3a:df:
         3c:c6:07:87:a5:4c:e6:44:8b:d3:7d:34:09:e3:0a:6d:9d:89:
         47:f3:49:ff:59:8a:06:77:a1:21:20:1d:9d:9b:01:b8:03:56:
         c8:9b:04:cb:fd:9e:02:22:28:53:e9:51:27:a9:c7:c1:34:c6:
         23:d1:c5:a5:56:40:4b:60:c9:5f:35:ac:21:a1:3a:ad:58:25:
         2d:98:23:30:08:e9:44:13:94:2c:ad:a4:41:85:0c:87:32:73:
         80:23:76:f0:54:0e:6d:86:61:47:64:ef:f3:59:4c:2b:bf:76:
         49:7c:4e:0e:5d:bb:fd:68:99:29:ac:a4:0d:42:7e:9a:4e:99:
         cd:f1:11:d9:81:50:85:01:ac:bd:4e:c4:35:44:92:a0:49:db:
         0a:b1:7e:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZguFyXXvPBBe3Is9HOUvt+IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTYyMjQ1N2ExYmUzM2EwMTI1ODg2NmEwNjdlMDQ0N2Rm
ZDg5NjQwHhcNMjUwNzIxMTc0NTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzlkN2UzYzlhMTNmODRlM2IyMjVlN2UwYjg4YjRjMGNiY2IzMmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthrn2nJ/if+QgSEMTPt2r1hiaMcc
fIvHpJWFMp9btSqaE1Tj+N/lrEd14JqPph813D7+qQ4LWB8FdqurG9q4/qxQtZiW
+Dl3NDEGGa10PFeJW+DXhIFoRoaM50vqcMkcQsIU59oBmrfLF/vr1zFLF/U8t2jJ
n767EKveYNO7CKk/hEi+xcVM5h04jX/4s/8xKe1P5egk2XDSgNbr8s9CaXSQOx2v
jsV9BSvULapKEzZAufRZBc/EXT45IW+Luzb4Pm88O01XeqJLVk36AlwSawMOF+W6
1KoY40B7ddUB3tP8QqI7D1rYmUbA5yWTjLIeCiK5B7+L8t4MDJA5SUfqaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKedfjyaE/hOOyJefguItMDLyzK0MB8GA1UdIwQY
MBaAFNJWIkV6G+M6ASWIZqBn4ER9/YlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMt
NDU1NzllNDE4ZmY3LzEvcDUxLVBKb1QtRTQ3SWw1LUM0aTB3TXZMTXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMtNDU1NzllNDE4ZmY3
LzEvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueoJMA0G
CSqGSIb3DQEBCwUAA4IBAQAPQecVtgazkrCwZhASWuEyBpNR+Me9tQvTSWAius0o
f1FB9kOIKhFv4VYK6VQvS19K2etuPEatmN3/Qy/gnnMPeRwcIwWkc1IXFwk/YcV6
CGmE/6g7xw8AOsaGLp0iQfT1WsOyoV68i7xIOt88xgeHpUzmRIvTfTQJ4wptnYlH
80n/WYoGd6EhIB2dmwG4A1bImwTL/Z4CIihT6VEnqcfBNMYj0cWlVkBLYMlfNawh
oTqtWCUtmCMwCOlEE5QsraRBhQyHMnOAI3bwVA5thmFHZO/zWUwrv3ZJfE4OXbv9
aJkprKQNQn6aTpnN8RHZgVCFAay9TsQ1RJKgSdsKsX4x
-----END CERTIFICATE-----