Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/_fyahMfmK4-VxvJPLWP9dqaotco.roa
File:                     _fyahMfmK4-VxvJPLWP9dqaotco.roa (raw, json)
Hash identifier:          eUt7PYZNYVds2azz3QTgBzjBZ0nr09NgV6M2a2qvcwA=
Subject key identifier:   FD:FC:9A:84:C7:E6:2B:8F:95:C6:F2:4F:2D:63:FD:76:A6:A8:B5:CA
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019A5E50B1C86EA225390CE96BCAA82D377E
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/_fyahMfmK4-VxvJPLWP9dqaotco.roa
Signing time:             Fri 07 Nov 2025 12:35:37 +0000
ROA not before:           Fri 07 Nov 2025 12:35:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60647
IP address blocks:        45.9.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 12:35:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:50:b1:c8:6e:a2:25:39:0c:e9:6b:ca:a8:2d:37:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  7 12:35:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdfc9a84c7e62b8f95c6f24f2d63fd76a6a8b5ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:7f:67:97:7e:74:8e:f9:4e:eb:3c:2b:81:3e:
                    78:13:a2:a1:d6:48:dd:ff:54:4d:c7:66:b8:e1:68:
                    d0:dd:3a:76:a0:01:82:3d:39:b3:bd:5e:f8:32:18:
                    66:b4:d1:ac:05:54:73:d0:1a:bb:88:39:da:2c:a3:
                    fc:2d:1a:e1:d0:08:b9:5e:28:7d:f0:3f:bd:b7:4a:
                    4d:48:c1:ae:c7:84:26:78:45:55:98:88:ad:b7:ad:
                    d8:f2:0d:ad:ca:b0:45:85:5a:a4:01:27:65:15:98:
                    42:0b:b3:4d:ba:f6:e6:2d:f1:b8:22:71:99:48:f1:
                    f5:65:78:09:cb:1a:08:f3:7f:99:19:9a:32:d3:bb:
                    67:39:0c:7f:93:5d:d8:9c:95:c0:2a:9c:36:cf:08:
                    73:4a:4f:01:60:05:02:08:b3:1e:b8:89:ad:6d:cd:
                    7f:e1:44:a9:b6:9f:96:1a:79:39:58:9b:9a:ae:01:
                    bb:67:12:df:58:72:45:b1:80:77:99:5d:67:2c:d9:
                    dd:4f:a4:9d:0d:d1:fc:35:49:5d:fd:54:1c:b2:7c:
                    ae:d3:82:20:f9:f1:71:09:6c:cc:f6:c6:ec:83:a0:
                    35:f1:c0:ae:bb:d2:16:af:fb:e5:da:69:7e:11:b8:
                    ba:ea:32:08:0f:a3:b8:b7:04:46:ec:15:24:bc:2b:
                    5f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FC:9A:84:C7:E6:2B:8F:95:C6:F2:4F:2D:63:FD:76:A6:A8:B5:CA
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/_fyahMfmK4-VxvJPLWP9dqaotco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:12:f9:95:df:a8:eb:48:03:1d:d4:20:1f:38:8c:1f:bc:e6:
         f3:27:58:6c:74:44:0d:0d:8b:a4:0a:a2:7f:0b:b1:c7:68:da:
         bd:be:57:0c:61:4c:f9:e9:73:65:43:f6:eb:2f:82:4f:2d:0b:
         39:d3:45:18:ea:85:14:23:2e:09:ae:52:25:ce:35:c8:44:3c:
         ad:4e:53:0f:b7:05:f9:03:ea:15:d6:a8:4b:09:ff:db:03:4d:
         10:bd:d9:ba:25:63:c3:b3:3a:29:fc:4b:aa:82:ba:b8:71:44:
         bd:ad:4d:89:11:ab:88:4e:f1:d4:57:24:d4:35:ca:df:af:02:
         1a:1e:87:98:d6:63:81:21:13:02:a0:a6:b9:18:dd:af:f5:dc:
         38:5f:2e:a4:24:56:26:d1:d2:60:e3:f9:b1:05:7d:d7:b3:6b:
         34:81:9b:82:10:9c:35:5f:6e:74:a2:40:27:e2:d7:c1:13:e4:
         c2:6b:d0:68:3d:96:4a:82:4b:7c:81:87:b1:5c:ee:d7:09:f1:
         ee:33:08:8f:91:64:c5:31:ac:1a:7c:49:ff:b5:c3:d2:33:48:
         42:62:ee:b8:18:59:a1:33:44:ab:0f:e4:d5:3d:17:c8:f3:45:
         58:ec:7e:58:a5:38:dc:44:b5:bb:1b:38:66:7b:43:0b:94:6e:
         e5:a4:19:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpeULHIbqIlOQzpa8qoLTd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMTA3MTIzNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGZjOWE4NGM3ZTYyYjhmOTVjNmYyNGYyZDYzZmQ3NmE2YThiNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh39nl350jvlO6zwrgT54E6Kh1kjd
/1RNx2a44WjQ3Tp2oAGCPTmzvV74MhhmtNGsBVRz0Bq7iDnaLKP8LRrh0Ai5Xih9
8D+9t0pNSMGux4QmeEVVmIitt63Y8g2tyrBFhVqkASdlFZhCC7NNuvbmLfG4InGZ
SPH1ZXgJyxoI83+ZGZoy07tnOQx/k13YnJXAKpw2zwhzSk8BYAUCCLMeuImtbc1/
4USptp+WGnk5WJuargG7ZxLfWHJFsYB3mV1nLNndT6SdDdH8NUld/VQcsnyu04Ig
+fFxCWzM9sbsg6A18cCuu9IWr/vl2ml+Ebi66jIID6O4twRG7BUkvCtfrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP38moTH5iuPlcbyTy1j/XamqLXKMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvX2Z5YWhNZm1LNC1WeHZKUExXUDlkcWFvdGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkeMA0G
CSqGSIb3DQEBCwUAA4IBAQCaEvmV36jrSAMd1CAfOIwfvObzJ1hsdEQNDYukCqJ/
C7HHaNq9vlcMYUz56XNlQ/brL4JPLQs500UY6oUUIy4JrlIlzjXIRDytTlMPtwX5
A+oV1qhLCf/bA00Qvdm6JWPDszop/Euqgrq4cUS9rU2JEauITvHUVyTUNcrfrwIa
HoeY1mOBIRMCoKa5GN2v9dw4Xy6kJFYm0dJg4/mxBX3Xs2s0gZuCEJw1X250okAn
4tfBE+TCa9BoPZZKgkt8gYexXO7XCfHuMwiPkWTFMawafEn/tcPSM0hCYu64GFmh
M0SrD+TVPRfI80VY7H5YpTjcRLW7Gzhme0MLlG7lpBmx
-----END CERTIFICATE-----