Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qP9D7gypa_wVIF4vtmUCbPlJWGA.roa
File:                     qP9D7gypa_wVIF4vtmUCbPlJWGA.roa (raw, json)
Hash identifier:          9ET2Em/DQHh5fX2iNDHzRXDF/GNJQVFshCCpC2GCjo8=
Subject key identifier:   A8:FF:43:EE:0C:A9:6B:FC:15:20:5E:2F:B6:65:02:6C:F9:49:58:60
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019919F5D348F829D1C59EE864F2BF6D74E8
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qP9D7gypa_wVIF4vtmUCbPlJWGA.roa
Signing time:             Fri 05 Sep 2025 12:59:24 +0000
ROA not before:           Fri 05 Sep 2025 12:59:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216045
IP address blocks:        2.56.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:19:f5:d3:48:f8:29:d1:c5:9e:e8:64:f2:bf:6d:74:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep  5 12:59:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8ff43ee0ca96bfc15205e2fb665026cf9495860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:eb:67:e9:ff:78:ad:ba:c0:1a:91:27:f8:3a:
                    0c:d1:06:cc:33:f4:6d:fb:1c:bf:09:d1:ba:08:10:
                    7e:cc:5c:1c:c5:e5:a7:5d:61:59:8c:aa:cb:5e:ff:
                    19:49:83:b1:7f:54:21:b8:ea:e5:d1:36:6a:b2:67:
                    00:ed:78:01:45:8a:62:80:42:b5:63:ce:3d:9d:bd:
                    b7:01:8c:31:26:9f:ef:f1:73:f0:0d:47:a1:fb:3a:
                    9e:e9:30:60:d4:67:5a:0c:01:2d:2b:5c:2e:3a:25:
                    6e:82:f1:18:cb:72:9f:48:fd:f5:8c:ca:62:13:4f:
                    f3:08:78:76:b3:21:7a:38:d2:db:2d:e4:d2:6b:89:
                    d9:e6:35:bc:e5:ed:90:e8:e0:8e:50:b5:18:fa:b9:
                    fd:d8:f9:47:c0:cf:fb:19:9b:07:9f:f0:4e:be:9e:
                    f0:22:9f:de:bd:5b:96:43:28:2b:73:da:ab:26:e4:
                    a0:02:77:6c:90:ba:2d:dd:36:c5:db:91:10:da:28:
                    5b:90:8d:ae:7e:3f:6f:47:7f:86:af:a6:e4:bd:5c:
                    63:cb:c7:7a:89:7b:42:13:07:0e:7e:ba:93:ef:8f:
                    be:5d:49:39:4f:02:8c:22:13:10:be:36:6e:2a:56:
                    af:e6:f2:71:06:d7:21:9e:28:20:87:0b:66:24:6f:
                    a1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:FF:43:EE:0C:A9:6B:FC:15:20:5E:2F:B6:65:02:6C:F9:49:58:60
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/qP9D7gypa_wVIF4vtmUCbPlJWGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:38:fe:a3:a3:40:ae:33:1e:d5:9a:c1:81:0d:ed:47:b6:e7:
         f5:aa:02:ad:49:63:6f:41:74:7a:42:81:25:c7:db:d6:1e:59:
         c5:e4:88:a1:1d:65:0e:20:8c:2d:09:ed:92:14:0d:f3:cd:4c:
         cd:6f:d5:93:ff:0f:ce:d4:28:90:65:ce:7b:a5:5a:67:77:cd:
         df:94:a2:fe:e4:74:24:37:97:bd:f9:4b:cb:fa:df:ba:2e:92:
         84:93:4d:89:a1:df:a8:29:47:65:c7:98:81:2c:8d:d6:74:c0:
         f6:a4:e0:30:25:ec:de:4b:af:dd:98:e4:08:72:2a:a5:1b:03:
         ca:ad:35:51:49:e9:04:ae:1b:d4:0f:4b:d4:9a:6f:bc:ea:bc:
         99:08:ba:1b:e0:51:dc:b7:1b:5a:39:70:e1:7d:8e:ee:78:b0:
         e4:de:72:37:96:a1:a4:70:99:93:d9:80:5a:b7:fc:c3:c3:90:
         43:2d:a2:b6:f1:5b:2c:1c:0e:0b:18:22:d6:f3:ef:04:3f:65:
         be:ad:83:b6:97:bb:6d:b4:7a:01:90:d9:80:1e:ba:90:66:38:
         71:a3:f6:3d:81:d3:43:33:8e:2e:06:2c:a8:a5:3d:89:79:a5:
         00:1c:14:fe:ed:bc:dc:05:bc:45:46:dd:11:1f:13:4a:cf:08:
         d2:9e:30:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkZ9dNI+CnRxZ7oZPK/bXToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwOTA1MTI1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGZmNDNlZTBjYTk2YmZjMTUyMDVlMmZiNjY1MDI2Y2Y5NDk1ODYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOtn6f94rbrAGpEn+DoM0QbMM/Rt
+xy/CdG6CBB+zFwcxeWnXWFZjKrLXv8ZSYOxf1QhuOrl0TZqsmcA7XgBRYpigEK1
Y849nb23AYwxJp/v8XPwDUeh+zqe6TBg1GdaDAEtK1wuOiVugvEYy3KfSP31jMpi
E0/zCHh2syF6ONLbLeTSa4nZ5jW85e2Q6OCOULUY+rn92PlHwM/7GZsHn/BOvp7w
Ip/evVuWQygrc9qrJuSgAndskLot3TbF25EQ2ihbkI2ufj9vR3+Gr6bkvVxjy8d6
iXtCEwcOfrqT74++XUk5TwKMIhMQvjZuKlav5vJxBtchnigghwtmJG+hHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKj/Q+4MqWv8FSBeL7ZlAmz5SVhgMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvcVA5RDdneXBhX3dWSUY0dnRtVUNiUGxKV0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhvMA0G
CSqGSIb3DQEBCwUAA4IBAQBqOP6jo0CuMx7VmsGBDe1Htuf1qgKtSWNvQXR6QoEl
x9vWHlnF5IihHWUOIIwtCe2SFA3zzUzNb9WT/w/O1CiQZc57pVpnd83flKL+5HQk
N5e9+UvL+t+6LpKEk02Jod+oKUdlx5iBLI3WdMD2pOAwJezeS6/dmOQIciqlGwPK
rTVRSekErhvUD0vUmm+86ryZCLob4FHctxtaOXDhfY7ueLDk3nI3lqGkcJmT2YBa
t/zDw5BDLaK28VssHA4LGCLW8+8EP2W+rYO2l7tttHoBkNmAHrqQZjhxo/Y9gdND
M44uBiyopT2JeaUAHBT+7bzcBbxFRt0RHxNKzwjSnjC1
-----END CERTIFICATE-----