Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/9uAJrIJKgOtOq3ATLuk4JEqJnwE.roa
File:                     9uAJrIJKgOtOq3ATLuk4JEqJnwE.roa (raw, json)
Hash identifier:          ps7+JDVzTyszBozCz4/MWq6V+oPhM0t6V9fw2FhYV+o=
Subject key identifier:   F6:E0:09:AC:82:4A:80:EB:4E:AB:70:13:2E:E9:38:24:4A:89:9F:01
Certificate issuer:       /CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
Certificate serial:       0195543083F09510CBA70979CC1A2825CCDD
Authority key identifier: B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/9uAJrIJKgOtOq3ATLuk4JEqJnwE.roa
Signing time:             Sun 02 Mar 2025 00:10:20 +0000
ROA not before:           Sun 02 Mar 2025 00:10:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36352
IP address blocks:        45.89.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:54:30:83:f0:95:10:cb:a7:09:79:cc:1a:28:25:cc:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b93d4908d9c43a85f85be19334a26f5d51350bcb
        Validity
            Not Before: Mar  2 00:10:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6e009ac824a80eb4eab70132ee938244a899f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:71:3e:eb:26:f7:df:91:75:79:fb:36:96:37:
                    fb:80:d4:33:f4:eb:8d:42:4c:3c:2c:56:c8:3a:4f:
                    1b:08:3c:e7:8b:66:b3:18:cb:43:30:e5:15:07:eb:
                    d8:37:86:0f:48:38:a0:af:32:7c:26:a9:e4:59:a1:
                    95:9b:f9:af:ce:bc:49:ea:bf:eb:6b:76:4f:7a:1f:
                    e9:74:3f:71:01:21:47:a3:15:ab:34:2a:77:74:10:
                    ae:31:29:1a:cc:15:9a:09:14:9c:66:bc:2a:1d:5a:
                    28:07:41:0b:20:db:36:45:a5:a6:69:8a:64:86:b1:
                    d9:7e:43:11:67:1e:3b:74:64:4d:01:92:af:a6:7c:
                    fb:a2:16:89:c6:3b:3b:68:f2:f8:5c:8f:1e:e6:cb:
                    64:79:56:63:3a:48:ac:d8:a7:86:e2:f7:a7:2f:82:
                    20:36:bf:c3:98:8b:93:2b:fa:01:1c:b3:0a:27:3f:
                    95:68:94:54:37:40:39:87:c5:e9:7d:ab:28:c0:d6:
                    1f:ca:69:4d:e5:d0:c9:38:7c:4a:35:84:b1:11:69:
                    d8:dd:89:c0:da:9c:b8:0f:a4:7c:0c:6d:ab:cf:bc:
                    6f:c3:94:eb:0c:89:34:51:0e:1d:bb:69:1a:7b:db:
                    75:fa:7c:da:d8:43:12:d5:fa:0f:63:b4:64:89:69:
                    00:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E0:09:AC:82:4A:80:EB:4E:AB:70:13:2E:E9:38:24:4A:89:9F:01
            X509v3 Authority Key Identifier:
                keyid:B9:3D:49:08:D9:C4:3A:85:F8:5B:E1:93:34:A2:6F:5D:51:35:0B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uT1JCNnEOoX4W-GTNKJvXVE1C8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/9uAJrIJKgOtOq3ATLuk4JEqJnwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/1d7b0c-2251-4dd3-8690-52874611cd21/1/uT1JCNnEOoX4W-GTNKJvXVE1C8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:84:ca:41:5d:ff:d9:4d:5b:e8:90:05:2f:cc:da:fe:85:5a:
         10:d1:9e:b0:cb:c6:47:bd:29:de:c6:2b:9c:1e:92:74:c4:ea:
         2a:7a:6b:8a:1d:64:b2:b5:96:6b:cd:ef:e3:4f:ac:e6:bb:eb:
         fc:e7:ee:63:92:d1:da:cc:f7:fc:53:dd:9d:d6:a4:5c:7f:92:
         5c:ee:9e:23:40:76:79:10:64:64:23:41:6d:c9:9c:f5:02:16:
         de:81:8d:36:a9:fd:90:cc:45:cf:d1:2d:4b:7f:db:bb:ef:1e:
         65:33:be:61:3f:40:31:0a:43:05:c3:23:56:b9:63:dd:8d:15:
         43:c7:94:c0:eb:15:75:93:27:63:26:cd:e7:06:7b:12:10:cf:
         0b:ce:56:9a:9d:b7:9d:49:1e:44:9b:8a:a1:63:3a:56:b4:83:
         80:1a:9e:ab:08:e2:07:af:1c:5f:82:a6:df:7f:55:7d:8d:ad:
         c9:31:98:e8:e3:0f:21:60:09:66:65:a6:d5:37:13:c4:92:d8:
         f2:5d:74:fe:34:8b:5b:8b:6b:29:62:e6:76:45:5a:f2:28:d4:
         de:59:97:c1:cd:3d:f6:a7:0c:f9:cb:07:68:7a:b3:1f:77:e8:
         38:8e:50:84:c2:8f:77:80:e7:81:5f:34:53:61:1e:e2:96:c8:
         76:2f:f9:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVUMIPwlRDLpwl5zBooJczdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5M2Q0OTA4ZDljNDNhODVmODViZTE5MzM0YTI2ZjVkNTEz
NTBiY2IwHhcNMjUwMzAyMDAxMDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmUwMDlhYzgyNGE4MGViNGVhYjcwMTMyZWU5MzgyNDRhODk5ZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnE+6yb335F1efs2ljf7gNQz9OuN
Qkw8LFbIOk8bCDzni2azGMtDMOUVB+vYN4YPSDigrzJ8JqnkWaGVm/mvzrxJ6r/r
a3ZPeh/pdD9xASFHoxWrNCp3dBCuMSkazBWaCRScZrwqHVooB0ELINs2RaWmaYpk
hrHZfkMRZx47dGRNAZKvpnz7ohaJxjs7aPL4XI8e5stkeVZjOkis2KeG4venL4Ig
Nr/DmIuTK/oBHLMKJz+VaJRUN0A5h8XpfasowNYfymlN5dDJOHxKNYSxEWnY3YnA
2py4D6R8DG2rz7xvw5TrDIk0UQ4du2kae9t1+nza2EMS1foPY7RkiWkAUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbgCayCSoDrTqtwEy7pOCRKiZ8BMB8GA1UdIwQY
MBaAFLk9SQjZxDqF+FvhkzSib11RNQvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAt
NTI4NzQ2MTFjZDIxLzEvOXVBSnJJSktnT3RPcTNBVEx1azRKRXFKbndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8xZDdiMGMtMjI1MS00ZGQzLTg2OTAtNTI4NzQ2MTFjZDIx
LzEvdVQxSkNObkVPb1g0Vy1HVE5LSnZYVkUxQzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVnfMA0G
CSqGSIb3DQEBCwUAA4IBAQBnhMpBXf/ZTVvokAUvzNr+hVoQ0Z6wy8ZHvSnexiuc
HpJ0xOoqemuKHWSytZZrze/jT6zmu+v85+5jktHazPf8U92d1qRcf5Jc7p4jQHZ5
EGRkI0FtyZz1AhbegY02qf2QzEXP0S1Lf9u77x5lM75hP0AxCkMFwyNWuWPdjRVD
x5TA6xV1kydjJs3nBnsSEM8LzlaanbedSR5Em4qhYzpWtIOAGp6rCOIHrxxfgqbf
f1V9ja3JMZjo4w8hYAlmZabVNxPEktjyXXT+NItbi2spYuZ2RVryKNTeWZfBzT32
pwz5ywdoerMfd+g4jlCEwo93gOeBXzRTYR7ilsh2L/kt
-----END CERTIFICATE-----