Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ms9J_lkzJUc1PlPtCHGRd-S1WbM.roa
File:                     ms9J_lkzJUc1PlPtCHGRd-S1WbM.roa (raw, json)
Hash identifier:          c4CvUrcWF3YxJ86jWtuqaYhzAZweWLDMjEKOcOkdOrg=
Subject key identifier:   9A:CF:49:FE:59:33:25:47:35:3E:53:ED:08:71:91:77:E4:B5:59:B3
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01967B4ED40D4E19E0AE3FDB86B5C1D6CC40
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ms9J_lkzJUc1PlPtCHGRd-S1WbM.roa
Signing time:             Mon 28 Apr 2025 07:31:25 +0000
ROA not before:           Mon 28 Apr 2025 07:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        167.160.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 05:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:4e:d4:0d:4e:19:e0:ae:3f:db:86:b5:c1:d6:cc:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Apr 28 07:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9acf49fe59332547353e53ed08719177e4b559b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:30:a6:bf:c7:98:bf:8a:10:3d:4e:ca:75:f7:
                    81:2a:2f:04:74:0a:60:11:ef:f8:63:5a:20:fd:0f:
                    53:b4:6d:20:d0:62:c8:f5:08:61:97:22:cf:88:04:
                    d9:c8:48:c6:9d:9b:f2:70:8e:7c:75:77:f6:63:1b:
                    79:a4:58:ac:11:dc:36:ef:f3:14:e3:f8:d7:5a:25:
                    5b:8f:3d:5a:36:47:d3:33:7a:f1:c5:c9:88:32:b1:
                    a4:87:2b:c1:76:01:b4:c5:ec:cb:48:ef:47:fd:8e:
                    8b:3a:6a:11:f4:54:5e:a7:1c:52:b8:76:16:37:de:
                    29:b2:d4:94:42:20:08:17:a1:bf:86:1b:4e:d9:15:
                    42:52:00:a0:c8:9d:54:20:28:65:e9:74:ab:c7:7d:
                    db:28:0b:0b:a6:d9:ef:38:99:91:76:6c:a5:40:ca:
                    04:33:16:31:83:8b:7b:df:9f:0f:cd:2c:52:b9:2a:
                    79:86:e9:f9:7a:6e:4b:4e:79:b1:6f:07:01:a5:16:
                    cb:90:01:b4:26:b3:5c:10:07:bb:03:49:81:77:19:
                    94:8a:2d:01:8b:92:f0:4b:a5:d5:5a:1b:b2:34:1c:
                    75:c8:e4:66:a3:11:1e:52:65:c9:67:eb:6d:63:b3:
                    ba:fb:5e:24:35:80:c0:be:ba:0a:36:8c:77:15:13:
                    06:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:CF:49:FE:59:33:25:47:35:3E:53:ED:08:71:91:77:E4:B5:59:B3
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/ms9J_lkzJUc1PlPtCHGRd-S1WbM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.160.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:70:ec:08:49:58:80:cb:ba:2f:2b:23:75:ca:6b:e2:4e:ba:
         77:78:c1:8b:b8:75:3f:5b:ab:94:04:6f:3d:db:44:2a:76:22:
         ce:ca:12:96:63:b9:b7:8e:d6:75:7c:5c:5b:d3:3b:b9:32:d1:
         a6:bf:22:7d:83:72:8a:d3:1c:dc:90:6f:8c:39:d1:36:d0:4a:
         72:c4:58:6b:50:8a:fe:8f:aa:ab:18:51:00:db:88:be:a9:b0:
         9d:3f:ed:50:0a:2c:a7:7d:93:09:c4:06:b6:2a:0e:6d:d5:81:
         77:a0:4e:8d:16:63:47:4b:78:e4:d6:cf:d7:87:b4:f0:0d:dd:
         40:7f:d2:78:68:21:c3:f3:c6:d3:85:4e:25:27:9f:20:ed:73:
         02:f2:d4:83:8c:33:18:40:5a:1f:3f:fc:29:43:d1:77:9d:4f:
         75:9b:6a:5d:c8:51:dc:80:b6:ee:0a:ca:04:02:90:db:4a:ee:
         7d:73:c1:fc:62:03:7f:f3:5e:d1:c7:fe:53:1e:33:7d:a3:fe:
         be:c5:2b:aa:af:22:4c:ee:20:20:ca:ef:de:f2:9a:f2:71:a2:
         6a:25:0f:e7:a0:bc:20:84:ec:eb:fd:92:d9:9e:d5:c4:d3:1e:
         e0:75:94:01:81:98:76:92:bf:98:b0:23:5c:9e:0f:77:1f:44:
         a4:40:d1:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7TtQNThngrj/bhrXB1sxAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwNDI4MDczMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWNmNDlmZTU5MzMyNTQ3MzUzZTUzZWQwODcxOTE3N2U0YjU1OWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjCmv8eYv4oQPU7KdfeBKi8EdApg
Ee/4Y1og/Q9TtG0g0GLI9QhhlyLPiATZyEjGnZvycI58dXf2Yxt5pFisEdw27/MU
4/jXWiVbjz1aNkfTM3rxxcmIMrGkhyvBdgG0xezLSO9H/Y6LOmoR9FRepxxSuHYW
N94pstSUQiAIF6G/hhtO2RVCUgCgyJ1UIChl6XSrx33bKAsLptnvOJmRdmylQMoE
MxYxg4t7358PzSxSuSp5hun5em5LTnmxbwcBpRbLkAG0JrNcEAe7A0mBdxmUii0B
i5LwS6XVWhuyNBx1yORmoxEeUmXJZ+ttY7O6+14kNYDAvroKNox3FRMGiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrPSf5ZMyVHNT5T7QhxkXfktVmzMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvbXM5Sl9sa3pKVWMxUGxQdENIR1JkLVMxV2JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp6ANMA0G
CSqGSIb3DQEBCwUAA4IBAQDacOwISViAy7ovKyN1ymviTrp3eMGLuHU/W6uUBG89
20QqdiLOyhKWY7m3jtZ1fFxb0zu5MtGmvyJ9g3KK0xzckG+MOdE20EpyxFhrUIr+
j6qrGFEA24i+qbCdP+1QCiynfZMJxAa2Kg5t1YF3oE6NFmNHS3jk1s/Xh7TwDd1A
f9J4aCHD88bThU4lJ58g7XMC8tSDjDMYQFofP/wpQ9F3nU91m2pdyFHcgLbuCsoE
ApDbSu59c8H8YgN/817Rx/5THjN9o/6+xSuqryJM7iAgyu/e8prycaJqJQ/noLwg
hOzr/ZLZntXE0x7gdZQBgZh2kr+YsCNcng93H0SkQNF9
-----END CERTIFICATE-----