Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/q9Fght0eWnwg9L4cOjC-8MWuD_0.roa
File:                     q9Fght0eWnwg9L4cOjC-8MWuD_0.roa (raw, json)
Hash identifier:          DogNwIUzNPICLsbvaitegQlMAv0jPMlhURxKnx1oUnY=
Subject key identifier:   AB:D1:60:86:DD:1E:5A:7C:20:F4:BE:1C:3A:30:BE:F0:C5:AE:0F:FD
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       01971781D8CBA7DF84B33A5B45A09E090EF9
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/q9Fght0eWnwg9L4cOjC-8MWuD_0.roa
Signing time:             Wed 28 May 2025 15:27:54 +0000
ROA not before:           Wed 28 May 2025 15:27:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204707
IP address blocks:        94.131.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:81:d8:cb:a7:df:84:b3:3a:5b:45:a0:9e:09:0e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: May 28 15:27:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abd16086dd1e5a7c20f4be1c3a30bef0c5ae0ffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:87:40:73:95:67:db:a5:83:5e:80:43:92:fb:
                    75:80:af:e9:62:74:9f:29:d3:b1:69:f9:ba:c5:67:
                    2c:48:da:9a:df:ca:c0:76:a6:8a:e0:16:bb:b7:86:
                    ed:d6:db:53:ff:74:9c:ba:58:1c:55:08:90:ca:49:
                    4c:a8:56:8e:a7:6f:cb:45:30:26:31:07:e5:83:7f:
                    49:34:88:a0:e7:4a:46:d8:af:cd:9b:92:41:5e:e3:
                    59:9c:e7:2d:d8:6f:c2:2c:83:2f:51:81:5e:d5:51:
                    69:9c:11:66:54:91:9e:84:d0:7c:82:d5:99:42:87:
                    d3:7c:1f:b5:cd:78:ad:08:1a:b6:de:24:38:28:f9:
                    22:ff:19:84:90:cb:92:be:67:84:5b:a2:d0:ca:b3:
                    43:a5:c7:a9:0b:96:ae:d7:6c:90:07:28:51:bd:06:
                    9a:0d:80:43:04:09:14:e2:18:32:9d:7e:8c:6f:bb:
                    43:96:14:d7:bd:37:b6:e5:dd:a7:cd:48:62:61:7d:
                    2f:b3:a6:7e:f5:9e:ea:28:41:c4:7e:b0:49:e5:81:
                    cd:d4:cc:dd:ea:f8:67:7e:9d:54:48:ad:de:f7:38:
                    88:67:22:03:06:ee:75:d0:e8:d0:7b:01:6d:b1:35:
                    d2:84:a5:be:44:87:f0:74:96:d7:91:c2:18:ec:37:
                    53:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D1:60:86:DD:1E:5A:7C:20:F4:BE:1C:3A:30:BE:F0:C5:AE:0F:FD
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/q9Fght0eWnwg9L4cOjC-8MWuD_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:8c:50:b0:eb:96:e3:69:1f:3b:07:2c:ef:9b:7e:61:7a:cf:
         2e:05:bc:5c:da:e6:13:8f:6a:1b:3a:dd:41:19:2f:0e:c8:9c:
         18:0b:9b:91:7b:1e:54:2e:4e:49:6e:68:4b:a5:d5:78:7f:d5:
         71:45:2d:14:70:58:6c:42:3d:3e:6e:b5:c5:a2:e7:13:e1:94:
         08:a6:2f:46:5b:4a:02:87:af:c8:80:4b:d3:b6:b1:fb:ba:56:
         1f:a5:53:4b:50:d1:57:76:71:4c:e4:87:29:ed:9d:b7:a4:a6:
         62:6b:ec:21:c9:f8:ad:08:57:aa:86:0a:82:ab:46:c3:d2:2d:
         3d:db:3e:57:f9:46:70:78:7b:16:a1:04:2c:eb:7a:39:b3:ad:
         73:21:74:e3:fb:0c:a4:e9:33:4b:f9:ae:d6:2c:e6:1c:5c:40:
         2c:db:5c:ed:8a:e6:68:19:85:36:97:ed:bd:0e:72:8a:59:34:
         3d:b1:55:bf:e5:68:cd:2b:54:43:57:7a:bb:f4:5a:03:74:c2:
         f3:87:56:c6:99:17:88:53:1d:bd:9b:77:d3:a2:65:ee:64:fe:
         d8:22:df:93:b7:f9:ea:93:4a:9e:c8:62:22:3d:20:3e:8f:4d:
         b5:11:ea:ea:60:d1:ec:a9:58:82:56:9b:ab:cd:06:db:9e:43:
         1a:3c:3a:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcXgdjLp9+EszpbRaCeCQ75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwNTI4MTUyNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQxNjA4NmRkMWU1YTdjMjBmNGJlMWMzYTMwYmVmMGM1YWUwZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoodAc5Vn26WDXoBDkvt1gK/pYnSf
KdOxafm6xWcsSNqa38rAdqaK4Ba7t4bt1ttT/3SculgcVQiQyklMqFaOp2/LRTAm
MQflg39JNIig50pG2K/Nm5JBXuNZnOct2G/CLIMvUYFe1VFpnBFmVJGehNB8gtWZ
QofTfB+1zXitCBq23iQ4KPki/xmEkMuSvmeEW6LQyrNDpcepC5au12yQByhRvQaa
DYBDBAkU4hgynX6Mb7tDlhTXvTe25d2nzUhiYX0vs6Z+9Z7qKEHEfrBJ5YHN1Mzd
6vhnfp1USK3e9ziIZyIDBu510OjQewFtsTXShKW+RIfwdJbXkcIY7DdTCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvRYIbdHlp8IPS+HDowvvDFrg/9MB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvcTlGZ2h0MGVXbndnOUw0Y09qQy04TVd1RF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoPMMA0G
CSqGSIb3DQEBCwUAA4IBAQCKjFCw65bjaR87Byzvm35hes8uBbxc2uYTj2obOt1B
GS8OyJwYC5uRex5ULk5JbmhLpdV4f9VxRS0UcFhsQj0+brXFoucT4ZQIpi9GW0oC
h6/IgEvTtrH7ulYfpVNLUNFXdnFM5Icp7Z23pKZia+whyfitCFeqhgqCq0bD0i09
2z5X+UZweHsWoQQs63o5s61zIXTj+wyk6TNL+a7WLOYcXEAs21ztiuZoGYU2l+29
DnKKWTQ9sVW/5WjNK1RDV3q79FoDdMLzh1bGmReIUx29m3fTomXuZP7YIt+Tt/nq
k0qeyGIiPSA+j021EerqYNHsqViCVpurzQbbnkMaPDpH
-----END CERTIFICATE-----