Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9WpN2V0n5LpyeXNxQ_XGkqWSc-U.roa
File:                     9WpN2V0n5LpyeXNxQ_XGkqWSc-U.roa (raw, json)
Hash identifier:          vjvYyfoDBCLTeJA+mXufW57vjQpEiI3QplZpleWOMu8=
Subject key identifier:   F5:6A:4D:D9:5D:27:E4:BA:72:79:73:71:43:F5:C6:92:A5:92:73:E5
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019919F5D168D93791735CB081CD86997B9F
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9WpN2V0n5LpyeXNxQ_XGkqWSc-U.roa
Signing time:             Fri 05 Sep 2025 12:59:24 +0000
ROA not before:           Fri 05 Sep 2025 12:59:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198361
IP address blocks:        45.9.28.0/24 maxlen: 24
                          45.88.138.0/24 maxlen: 24
                          77.83.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:f5:d1:68:d9:37:91:73:5c:b0:81:cd:86:99:7b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep  5 12:59:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f56a4dd95d27e4ba7279737143f5c692a59273e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1e:e2:cd:14:2a:89:99:99:98:ed:1b:59:d0:
                    d1:c0:ff:cf:56:0e:46:0b:5e:19:0d:d9:31:f8:83:
                    7e:42:10:ad:38:8f:41:06:2b:a8:b5:9a:a5:fe:79:
                    e9:0d:ec:f8:01:b2:ec:a4:fa:41:94:7c:4d:7b:2b:
                    ca:52:fb:4d:9e:08:c8:b7:d5:82:ff:8f:44:a9:a6:
                    06:7c:43:89:78:b5:06:f1:03:b5:d0:7f:45:f9:e3:
                    22:78:f0:77:3f:39:39:cd:6a:96:cb:19:c5:d5:f7:
                    ed:53:8d:ce:40:62:83:3b:7b:5d:5b:fc:c1:15:c4:
                    83:7d:cc:54:d6:12:e4:b4:5f:e3:c9:8c:3a:76:1a:
                    7e:50:f1:df:10:92:56:19:3e:50:6e:f4:c0:19:3c:
                    da:91:92:d1:cb:5a:68:0e:21:91:69:7b:f2:8c:37:
                    ce:02:04:1f:31:54:47:e6:60:a6:b2:f3:c1:ab:c0:
                    c5:2a:43:d5:4c:47:33:fe:4e:6c:8f:2a:e1:9b:7f:
                    05:fe:8e:23:68:33:b0:9d:07:ab:25:12:eb:ae:62:
                    78:ea:fd:79:96:a3:6a:d7:1e:ed:46:5a:13:ab:82:
                    53:b9:ba:f1:28:be:c9:2b:57:47:d4:cb:05:a0:a0:
                    14:f7:a2:81:5c:db:65:83:dc:cf:33:75:73:a0:69:
                    2c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6A:4D:D9:5D:27:E4:BA:72:79:73:71:43:F5:C6:92:A5:92:73:E5
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9WpN2V0n5LpyeXNxQ_XGkqWSc-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.28.0/24
                  45.88.138.0/24
                  77.83.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:b9:ce:cd:3e:b1:9c:37:c2:46:13:82:f3:f0:79:b9:2f:e7:
         e4:93:5c:92:08:59:c8:b7:d1:82:14:65:80:58:b2:c2:52:d1:
         f9:70:e6:a9:79:ca:b0:a2:43:2a:71:79:e1:eb:c3:82:a3:e4:
         2e:74:96:97:cc:b8:62:86:d2:bf:bc:57:aa:e9:6d:b5:c5:e8:
         e1:ec:a6:0e:4f:90:ee:39:4d:00:5f:71:57:32:8c:9e:14:97:
         c4:b6:c7:fb:c5:3f:98:41:bb:c1:32:f6:84:87:eb:55:69:4e:
         62:81:90:1f:8c:f6:bb:49:fa:d3:af:5a:5b:88:fd:a0:64:5b:
         26:8b:e7:6e:9e:02:7e:e2:60:a5:15:f7:48:3b:f6:37:34:a7:
         08:6c:d6:10:fd:ce:56:15:d6:12:b4:0b:fa:6e:b9:64:d9:49:
         50:0a:3a:98:ed:cc:0e:c3:32:e1:be:e7:c7:01:5c:7f:9c:b2:
         f9:54:98:eb:f2:1f:1e:05:1b:42:40:35:1c:3a:bb:2c:8e:3c:
         be:19:00:be:7d:1a:82:35:21:d1:29:94:ef:e6:67:5f:b3:65:
         8b:26:6c:9a:8c:3c:34:93:8a:af:4a:c9:5c:af:28:06:c7:a6:
         df:d9:fc:25:a1:d9:98:11:01:0b:ba:37:17:ab:41:6f:fa:e4:
         82:d9:e4:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkZ9dFo2TeRc1ywgc2GmXufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwOTA1MTI1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZhNGRkOTVkMjdlNGJhNzI3OTczNzE0M2Y1YzY5MmE1OTI3M2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmx7izRQqiZmZmO0bWdDRwP/PVg5G
C14ZDdkx+IN+QhCtOI9BBiuotZql/nnpDez4AbLspPpBlHxNeyvKUvtNngjIt9WC
/49EqaYGfEOJeLUG8QO10H9F+eMiePB3Pzk5zWqWyxnF1fftU43OQGKDO3tdW/zB
FcSDfcxU1hLktF/jyYw6dhp+UPHfEJJWGT5QbvTAGTzakZLRy1poDiGRaXvyjDfO
AgQfMVRH5mCmsvPBq8DFKkPVTEcz/k5sjyrhm38F/o4jaDOwnQerJRLrrmJ46v15
lqNq1x7tRloTq4JTubrxKL7JK1dH1MsFoKAU96KBXNtlg9zPM3VzoGksrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPVqTdldJ+S6cnlzcUP1xpKlknPlMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOVdwTjJWMG41THB5ZVhOeFFfWEdrcVdTYy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQkcAwQA
LViKAwQATVMmMA0GCSqGSIb3DQEBCwUAA4IBAQCPuc7NPrGcN8JGE4Lz8Hm5L+fk
k1ySCFnIt9GCFGWAWLLCUtH5cOapecqwokMqcXnh68OCo+QudJaXzLhihtK/vFeq
6W21xejh7KYOT5DuOU0AX3FXMoyeFJfEtsf7xT+YQbvBMvaEh+tVaU5igZAfjPa7
SfrTr1pbiP2gZFsmi+dungJ+4mClFfdIO/Y3NKcIbNYQ/c5WFdYStAv6brlk2UlQ
CjqY7cwOwzLhvufHAVx/nLL5VJjr8h8eBRtCQDUcOrssjjy+GQC+fRqCNSHRKZTv
5mdfs2WLJmyajDw0k4qvSslcrygGx6bf2fwlodmYEQELujcXq0Fv+uSC2eRu
-----END CERTIFICATE-----