Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/2_G9MV3MarApcSIaC14zzAbTXto.roa
File:                     2_G9MV3MarApcSIaC14zzAbTXto.roa (raw, json)
Hash identifier:          Xsc0Q6TWSpbouB+us1TXP5dMLNVqwF4nhlITaZf4sco=
Subject key identifier:   DB:F1:BD:31:5D:CC:6A:B0:29:71:22:1A:0B:5E:33:CC:06:D3:5E:DA
Certificate issuer:       /CN=f2fe6f2a937838df2b15da1743bcd9fb0e29cf2e
Certificate serial:       0197E9305791E3F23B397FBAF8E6EA13ECA0
Authority key identifier: F2:FE:6F:2A:93:78:38:DF:2B:15:DA:17:43:BC:D9:FB:0E:29:CF:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/2_G9MV3MarApcSIaC14zzAbTXto.roa
Signing time:             Tue 08 Jul 2025 08:39:08 +0000
ROA not before:           Tue 08 Jul 2025 08:39:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15763
IP address blocks:        45.82.172.0/24 maxlen: 24
                          45.82.173.0/24 maxlen: 24
                          45.82.174.0/24 maxlen: 24
                          45.82.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e9:30:57:91:e3:f2:3b:39:7f:ba:f8:e6:ea:13:ec:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2fe6f2a937838df2b15da1743bcd9fb0e29cf2e
        Validity
            Not Before: Jul  8 08:39:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbf1bd315dcc6ab02971221a0b5e33cc06d35eda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c0:fc:18:2a:70:08:8f:86:01:06:90:f2:e0:
                    31:c8:48:53:c3:10:f1:99:f7:0d:10:a0:2a:3d:22:
                    92:b3:1e:61:53:0f:81:72:58:d6:1d:9d:77:2d:14:
                    a3:59:20:c0:a3:b5:94:05:c8:bc:1c:32:84:e0:f7:
                    eb:cb:0e:95:e9:6c:c7:a3:22:58:94:a6:63:a4:9c:
                    33:09:31:ed:7f:93:8b:dc:06:53:dc:ce:5c:28:03:
                    45:31:fc:9f:58:ab:64:99:72:16:9d:50:e3:bb:7c:
                    3f:5b:4a:3f:b1:23:0c:80:66:8c:65:d1:82:0b:52:
                    04:b5:c9:c3:51:8c:20:8c:62:dc:f8:69:0e:9f:4d:
                    55:23:87:bc:a4:fb:e3:40:d2:67:6e:b2:54:86:db:
                    81:34:76:63:44:88:e1:cc:ea:63:ee:0a:0f:22:8c:
                    e4:45:78:95:21:2d:8b:6e:fe:10:e3:60:72:13:71:
                    ea:05:f0:ef:b6:cb:95:35:bd:a2:9b:d5:eb:3a:86:
                    8f:d0:33:42:4b:80:e8:d0:c8:d6:83:45:e7:52:37:
                    cd:4f:fe:f4:40:f5:12:1a:df:02:ce:0f:36:4d:3e:
                    99:5c:e5:c2:d0:ad:c7:2e:d4:4d:5a:b9:c5:83:5b:
                    8e:a4:c9:36:5a:c3:24:f5:21:f8:9b:85:e8:3f:c9:
                    7d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F1:BD:31:5D:CC:6A:B0:29:71:22:1A:0B:5E:33:CC:06:D3:5E:DA
            X509v3 Authority Key Identifier:
                keyid:F2:FE:6F:2A:93:78:38:DF:2B:15:DA:17:43:BC:D9:FB:0E:29:CF:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/2_G9MV3MarApcSIaC14zzAbTXto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b9:4a:58:df:7b:bb:83:f0:ff:76:35:cb:95:89:e3:c6:4c:ce:
         27:f6:83:9d:8a:12:a2:6a:70:29:e0:8a:d0:a2:63:ac:20:04:
         4f:7a:57:88:d7:d3:ae:71:50:55:f5:eb:02:df:d3:57:73:b9:
         9f:ec:94:cd:8f:7b:f0:bd:7e:c9:f5:18:3e:77:61:bc:98:07:
         ab:d6:32:ef:e9:6c:6a:ef:c6:7b:d3:4e:2d:62:b6:ac:6a:29:
         36:2c:5b:2d:b0:8f:ea:fc:bf:38:c0:be:f4:5c:f4:8d:f4:4f:
         81:eb:dc:fd:e6:d2:a6:1f:c4:7a:ab:d4:84:d5:48:ed:c8:4c:
         c8:31:b6:b6:86:58:b9:05:38:51:9f:a0:7c:62:92:a5:47:1d:
         bf:bd:42:61:ad:22:ea:c7:35:82:ad:e1:21:d0:2c:27:d8:17:
         d5:f8:30:91:93:f4:59:24:7f:5a:bc:46:9b:68:8b:30:4f:8c:
         8d:5a:88:70:79:ad:c9:4b:6c:4a:07:37:27:73:86:34:8b:30:
         10:57:f5:df:50:91:24:19:d6:bd:d1:5a:ef:ae:1e:ac:57:96:
         c9:53:2d:ee:52:57:b5:11:f9:92:ec:1f:74:34:4c:34:5a:c0:
         16:d0:54:ff:06:4e:bd:f5:13:32:5d:aa:62:38:7b:89:61:29:
         2e:c6:bb:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfpMFeR4/I7OX+6+ObqE+ygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZmU2ZjJhOTM3ODM4ZGYyYjE1ZGExNzQzYmNkOWZiMGUy
OWNmMmUwHhcNMjUwNzA4MDgzOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmYxYmQzMTVkY2M2YWIwMjk3MTIyMWEwYjVlMzNjYzA2ZDM1ZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsD8GCpwCI+GAQaQ8uAxyEhTwxDx
mfcNEKAqPSKSsx5hUw+BcljWHZ13LRSjWSDAo7WUBci8HDKE4Pfryw6V6WzHoyJY
lKZjpJwzCTHtf5OL3AZT3M5cKANFMfyfWKtkmXIWnVDju3w/W0o/sSMMgGaMZdGC
C1IEtcnDUYwgjGLc+GkOn01VI4e8pPvjQNJnbrJUhtuBNHZjRIjhzOpj7goPIozk
RXiVIS2Lbv4Q42ByE3HqBfDvtsuVNb2im9XrOoaP0DNCS4Do0MjWg0XnUjfNT/70
QPUSGt8Czg82TT6ZXOXC0K3HLtRNWrnFg1uOpMk2WsMk9SH4m4XoP8l9NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvxvTFdzGqwKXEiGgteM8wG017aMB8GA1UdIwQY
MBaAFPL+byqTeDjfKxXaF0O82fsOKc8uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHY1dktwTjRPTjhyRmRvWFE3elotdzRwenk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8yYWI3ODUtMmY4Ni00ODllLWFjMWMt
YjcyNTU3NjY4YjAxLzEvMl9HOU1WM01hckFwY1NJYUMxNHp6QWJUWHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8yYWI3ODUtMmY4Ni00ODllLWFjMWMtYjcyNTU3NjY4YjAx
LzEvOHY1dktwTjRPTjhyRmRvWFE3elotdzRwenk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVKsMA0G
CSqGSIb3DQEBCwUAA4IBAQC5Sljfe7uD8P92NcuViePGTM4n9oOdihKianAp4IrQ
omOsIARPeleI19OucVBV9esC39NXc7mf7JTNj3vwvX7J9Rg+d2G8mAer1jLv6Wxq
78Z7004tYrasaik2LFstsI/q/L84wL70XPSN9E+B69z95tKmH8R6q9SE1UjtyEzI
Mba2hli5BThRn6B8YpKlRx2/vUJhrSLqxzWCreEh0Cwn2BfV+DCRk/RZJH9avEab
aIswT4yNWohwea3JS2xKBzcnc4Y0izAQV/XfUJEkGda90Vrvrh6sV5bJUy3uUle1
EfmS7B90NEw0WsAW0FT/Bk699RMyXapiOHuJYSkuxrv2
-----END CERTIFICATE-----