Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/9v9F6byAQksSBFNGlQ8QaN71XEQ.roa
File:                     9v9F6byAQksSBFNGlQ8QaN71XEQ.roa (raw, json)
Hash identifier:          5v1gSXjMN7IydbyUxiMaItvfFYvunGl+iStX5MAZBj8=
Subject key identifier:   F6:FF:45:E9:BC:80:42:4B:12:04:53:46:95:0F:10:68:DE:F5:5C:44
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0196E78935BF21197C227E23613BBBB7C2E8
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/9v9F6byAQksSBFNGlQ8QaN71XEQ.roa
Signing time:             Mon 19 May 2025 07:54:11 +0000
ROA not before:           Mon 19 May 2025 07:54:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46844
IP address blocks:        37.9.44.0/22 maxlen: 22
                          91.243.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 11:19:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:89:35:bf:21:19:7c:22:7e:23:61:3b:bb:b7:c2:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: May 19 07:54:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6ff45e9bc80424b12045346950f1068def55c44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e7:f1:d1:88:a8:d5:34:6e:ff:0d:3b:f9:1d:
                    9c:80:53:1d:66:19:cb:d5:05:1f:21:27:21:8c:01:
                    96:4c:41:c0:0b:94:06:9d:7c:22:53:7b:03:f0:9e:
                    f4:31:17:05:5f:dc:0f:2c:8c:32:d2:8e:96:25:18:
                    f9:3f:35:ac:f0:9f:bd:81:16:4e:7a:81:ac:b1:66:
                    ae:f3:c9:ca:7d:1a:49:78:5f:f9:60:b8:85:eb:6a:
                    64:f6:2a:e8:c9:8c:0e:bb:a3:6e:22:4f:ea:15:e5:
                    1d:ba:cf:9e:2f:12:71:ff:6c:51:c8:19:fc:82:35:
                    2b:e3:3a:df:f8:3f:ca:13:89:af:fa:c7:e3:97:a4:
                    cb:73:36:52:5d:dd:11:28:8b:8a:5f:7e:5a:5a:cd:
                    18:26:3e:33:ed:83:f1:31:fc:73:29:23:1e:0e:5b:
                    f3:be:2c:82:2c:44:2d:67:5e:64:bf:d7:f2:ea:5a:
                    94:e7:ba:2e:d5:bb:45:73:fd:50:6f:7b:31:e1:66:
                    4d:68:00:b0:0a:03:60:81:a7:ed:66:92:b0:0a:d3:
                    38:02:47:ef:e2:18:19:7a:af:87:e5:55:8e:df:de:
                    08:d4:ae:57:93:57:3a:a5:5c:1b:80:5a:d2:5f:45:
                    af:c4:16:05:ea:f9:b5:77:a5:b0:5c:e4:06:41:7f:
                    1d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:FF:45:E9:BC:80:42:4B:12:04:53:46:95:0F:10:68:DE:F5:5C:44
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/9v9F6byAQksSBFNGlQ8QaN71XEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.9.44.0/22
                  91.243.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:11:64:d8:97:fa:55:5c:80:0e:7c:41:4a:3b:88:1e:6e:68:
         07:cb:ea:26:d8:32:60:18:68:ba:eb:74:6c:d5:d1:27:b2:aa:
         06:e6:6d:b0:f9:82:08:69:c0:11:62:61:b0:50:20:29:70:6a:
         26:06:2d:fb:f0:4f:92:37:8f:3c:61:8e:99:90:37:6b:a5:3d:
         c9:33:c9:48:d9:a3:bf:51:70:08:e1:b3:c8:8a:1f:f8:b3:4d:
         c8:4f:44:07:20:41:d6:0e:41:91:d0:cb:aa:fb:72:06:d0:91:
         b7:51:f6:35:c5:fe:c8:91:77:35:2c:68:08:a0:62:fb:74:56:
         f6:11:9a:69:da:45:e3:34:8a:23:65:cb:5a:61:3e:c0:32:99:
         01:04:40:69:7d:db:a3:13:bd:df:32:b2:ec:e6:34:67:5b:f0:
         f0:24:31:dd:60:dd:87:d5:6d:43:20:7a:7c:4f:1e:9a:b3:24:
         f7:8b:fb:47:f9:f3:50:bf:6f:77:f8:91:ba:47:0a:5d:c2:82:
         8b:13:f8:83:80:f3:56:f9:13:6d:40:32:48:61:37:a3:23:ab:
         bc:65:c8:76:29:72:f3:ed:5e:83:03:a9:09:c1:74:20:f7:3b:
         f0:13:e3:90:6f:ab:9d:89:2d:cf:ac:c2:ac:ed:78:81:37:53:
         ed:78:ca:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbniTW/IRl8In4jYTu7t8LoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNTE5MDc1NDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmZmNDVlOWJjODA0MjRiMTIwNDUzNDY5NTBmMTA2OGRlZjU1YzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtufx0Yio1TRu/w07+R2cgFMdZhnL
1QUfISchjAGWTEHAC5QGnXwiU3sD8J70MRcFX9wPLIwy0o6WJRj5PzWs8J+9gRZO
eoGssWau88nKfRpJeF/5YLiF62pk9iroyYwOu6NuIk/qFeUdus+eLxJx/2xRyBn8
gjUr4zrf+D/KE4mv+sfjl6TLczZSXd0RKIuKX35aWs0YJj4z7YPxMfxzKSMeDlvz
viyCLEQtZ15kv9fy6lqU57ou1btFc/1Qb3sx4WZNaACwCgNggaftZpKwCtM4Akfv
4hgZeq+H5VWO394I1K5Xk1c6pVwbgFrSX0WvxBYF6vm1d6WwXOQGQX8dDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPb/Rem8gEJLEgRTRpUPEGje9VxEMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvOXY5RjZieUFRa3NTQkZOR2xROFFhTjcxWEVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJQksAwQA
W/NZMA0GCSqGSIb3DQEBCwUAA4IBAQBfEWTYl/pVXIAOfEFKO4gebmgHy+om2DJg
GGi663Rs1dEnsqoG5m2w+YIIacARYmGwUCApcGomBi378E+SN488YY6ZkDdrpT3J
M8lI2aO/UXAI4bPIih/4s03IT0QHIEHWDkGR0Muq+3IG0JG3UfY1xf7IkXc1LGgI
oGL7dFb2EZpp2kXjNIojZctaYT7AMpkBBEBpfdujE73fMrLs5jRnW/DwJDHdYN2H
1W1DIHp8Tx6asyT3i/tH+fNQv293+JG6RwpdwoKLE/iDgPNW+RNtQDJIYTejI6u8
Zch2KXLz7V6DA6kJwXQg9zvwE+OQb6udiS3PrMKs7XiBN1PteMov
-----END CERTIFICATE-----