Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/P9dvaW4EkKSVZb2FveAQL-8IImQ.roa
File:                     P9dvaW4EkKSVZb2FveAQL-8IImQ.roa (raw, json)
Hash identifier:          mCubAo7PBHsiExzA932k4zRW9GHjS2iufM9Mpu7uOpM=
Subject key identifier:   3F:D7:6F:69:6E:04:90:A4:95:65:BD:85:BD:E0:10:2F:EF:08:22:64
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       0198E088E3FF0226DEFC9E64F54B7710882C
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/P9dvaW4EkKSVZb2FveAQL-8IImQ.roa
Signing time:             Mon 25 Aug 2025 09:22:04 +0000
ROA not before:           Mon 25 Aug 2025 09:22:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202903
IP address blocks:        45.151.54.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 03:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e0:88:e3:ff:02:26:de:fc:9e:64:f5:4b:77:10:88:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Aug 25 09:22:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fd76f696e0490a49565bd85bde0102fef082264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:65:e7:4b:f7:fc:93:84:20:4e:4b:bf:fb:96:
                    9d:59:d8:ff:37:89:9b:aa:1d:01:b0:fa:18:e2:aa:
                    d3:3d:d9:67:44:3e:87:df:ff:25:83:bb:bd:a2:a0:
                    c6:3b:7f:43:e4:46:36:dd:9e:48:11:10:26:3d:d4:
                    93:58:e3:60:d6:32:6a:c0:c5:52:f8:1c:4e:00:5b:
                    a1:32:3b:7d:a1:6c:0b:df:bc:7e:9d:a7:d4:18:af:
                    64:0a:dc:05:8e:00:62:c7:3c:03:79:ab:52:88:49:
                    88:4d:80:1f:7a:bd:56:b9:ea:a6:bd:e3:7f:f7:dc:
                    4e:82:8b:43:ab:1c:b3:1b:87:de:18:d0:85:33:81:
                    a1:ae:fd:ac:66:de:82:a8:fd:3f:1d:3e:e0:65:6a:
                    12:86:b1:c9:cd:fb:49:07:b3:05:03:3b:24:db:80:
                    0e:11:76:58:cb:2e:d1:f0:fb:2f:16:cf:41:b3:06:
                    a1:26:67:07:8c:65:06:7b:23:ff:95:c9:e3:07:f2:
                    5f:b5:a6:64:12:59:6c:38:2d:67:a7:fe:98:de:1d:
                    b6:49:8e:32:b6:9c:b6:c2:ca:94:5c:5d:5c:47:1b:
                    4a:67:a7:cf:0e:7d:1d:76:c6:a1:3a:19:fa:5b:3d:
                    31:56:44:25:7f:30:78:15:4e:bc:6e:fd:80:d2:55:
                    1a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D7:6F:69:6E:04:90:A4:95:65:BD:85:BD:E0:10:2F:EF:08:22:64
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/P9dvaW4EkKSVZb2FveAQL-8IImQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:67:38:8c:fd:d6:6c:a1:0a:00:26:77:1f:45:3e:4b:65:e1:
         3b:da:25:a6:18:aa:4b:31:44:0e:94:1f:0a:e9:36:70:e9:dc:
         43:b2:86:8f:df:f1:73:ca:d8:46:c9:be:47:61:b6:14:73:0d:
         0f:4b:90:ce:dd:5e:72:03:60:11:18:b9:9b:2c:18:7f:90:fe:
         ec:a7:da:cf:ac:fa:84:2d:a7:81:d7:fe:02:50:35:49:30:04:
         ed:27:e9:f2:e8:c4:88:40:95:29:c6:b1:7c:4d:7f:a1:04:1f:
         12:cf:a9:d3:cb:9c:08:c6:9e:78:4e:4a:c2:a3:11:21:ba:2d:
         28:9a:fb:29:9d:8d:af:20:3c:21:15:47:01:5f:dd:99:6c:5c:
         91:f6:1e:8c:d5:26:7e:57:43:43:b0:b6:4e:ae:aa:6e:7a:39:
         73:e8:9d:9f:3e:19:e2:5b:74:5d:7c:ca:fe:86:c4:c8:3f:39:
         02:4b:b0:25:7b:1b:15:41:2e:ef:db:92:2e:b4:88:53:67:29:
         45:ff:1f:20:16:1b:aa:e0:b2:aa:5c:63:38:93:a4:9c:5f:63:
         c5:51:38:02:97:7d:01:5f:7d:65:0d:cc:d5:d8:88:94:f3:c1:
         53:a6:b0:99:9c:cd:31:77:75:4e:4d:f7:af:e2:b5:52:ec:57:
         76:f6:b9:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjgiOP/Aibe/J5k9Ut3EIgsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUwODI1MDkyMjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ3NmY2OTZlMDQ5MGE0OTU2NWJkODViZGUwMTAyZmVmMDgyMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2XnS/f8k4QgTku/+5adWdj/N4mb
qh0BsPoY4qrTPdlnRD6H3/8lg7u9oqDGO39D5EY23Z5IERAmPdSTWONg1jJqwMVS
+BxOAFuhMjt9oWwL37x+nafUGK9kCtwFjgBixzwDeatSiEmITYAfer1WueqmveN/
99xOgotDqxyzG4feGNCFM4Ghrv2sZt6CqP0/HT7gZWoShrHJzftJB7MFAzsk24AO
EXZYyy7R8PsvFs9BswahJmcHjGUGeyP/lcnjB/JftaZkEllsOC1np/6Y3h22SY4y
tpy2wsqUXF1cRxtKZ6fPDn0ddsahOhn6Wz0xVkQlfzB4FU68bv2A0lUafwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD/Xb2luBJCklWW9hb3gEC/vCCJkMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvUDlkdmFXNEVrS1NWWmIyRnZlQVFMLThJSW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZc2MA0G
CSqGSIb3DQEBCwUAA4IBAQA3ZziM/dZsoQoAJncfRT5LZeE72iWmGKpLMUQOlB8K
6TZw6dxDsoaP3/FzythGyb5HYbYUcw0PS5DO3V5yA2ARGLmbLBh/kP7sp9rPrPqE
LaeB1/4CUDVJMATtJ+ny6MSIQJUpxrF8TX+hBB8Sz6nTy5wIxp54TkrCoxEhui0o
mvspnY2vIDwhFUcBX92ZbFyR9h6M1SZ+V0NDsLZOrqpuejlz6J2fPhniW3RdfMr+
hsTIPzkCS7AlexsVQS7v25IutIhTZylF/x8gFhuq4LKqXGM4k6ScX2PFUTgCl30B
X31lDczV2IiU88FTprCZnM0xd3VOTfev4rVS7Fd29rkH
-----END CERTIFICATE-----