Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/j9UwCmxlipTxOVkJ4tPcOkhObBg.roa
File:                     j9UwCmxlipTxOVkJ4tPcOkhObBg.roa (raw, json)
Hash identifier:          TNSuDDHFWzAOl8J0VGWO14teLAdIPe7SryxmTWxtgPs=
Subject key identifier:   8F:D5:30:0A:6C:65:8A:94:F1:39:59:09:E2:D3:DC:3A:48:4E:6C:18
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01975447BFEC42AFE2288128273EB09DFFFE
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/j9UwCmxlipTxOVkJ4tPcOkhObBg.roa
Signing time:             Mon 09 Jun 2025 10:41:17 +0000
ROA not before:           Mon 09 Jun 2025 10:41:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197343
IP address blocks:        5.56.128.0/22 maxlen: 22
                          37.32.40.0/22 maxlen: 24
                          37.32.40.0/24 maxlen: 24
                          37.32.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:54:47:bf:ec:42:af:e2:28:81:28:27:3e:b0:9d:ff:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jun  9 10:41:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fd5300a6c658a94f1395909e2d3dc3a484e6c18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0f:b5:42:83:b7:8d:c7:fc:8e:36:30:b7:07:
                    f4:42:1a:a9:f7:1d:df:d3:6d:27:c1:c3:c3:41:b8:
                    e1:ac:65:59:76:f7:10:26:63:cf:a1:9a:da:7a:61:
                    9a:c0:52:86:ea:3e:ee:4f:03:e8:49:78:f9:8f:b4:
                    37:34:e0:1c:03:f4:be:ff:02:f5:b9:70:e0:bc:0a:
                    0c:47:0c:1f:3d:b0:38:fb:ac:68:aa:6b:d8:d4:db:
                    b3:70:a7:9c:fd:68:94:ee:13:b7:3e:65:03:39:96:
                    75:22:eb:21:3e:91:b0:55:86:13:5f:22:b9:73:25:
                    c5:74:34:23:f9:4c:15:5e:55:9f:bf:78:22:a7:7e:
                    1e:28:3b:05:a7:b4:60:04:32:93:a7:dd:0e:05:2c:
                    ce:87:ec:74:60:e4:bb:bc:76:3b:40:0b:69:aa:83:
                    f5:3d:4b:fd:3e:11:bd:83:1f:d0:3a:2b:80:17:c3:
                    07:35:de:54:d0:2e:52:8c:ef:c7:4d:0a:cb:27:5c:
                    b0:a8:91:24:0d:b4:ba:65:7e:c3:b7:f4:f1:11:ca:
                    aa:1c:7d:14:f9:a2:f8:09:6d:b1:1b:2b:95:93:a7:
                    3a:01:af:fb:3e:b8:6a:6a:8d:43:65:c7:e7:f9:7c:
                    7f:58:c5:8f:4c:14:de:1d:d9:00:4e:88:f2:12:d7:
                    97:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D5:30:0A:6C:65:8A:94:F1:39:59:09:E2:D3:DC:3A:48:4E:6C:18
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/j9UwCmxlipTxOVkJ4tPcOkhObBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22
                  37.32.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:94:90:91:2b:2b:54:ad:19:c2:27:50:16:21:b4:2c:e6:a3:
         44:91:42:71:0e:68:dc:e3:dc:e7:01:c8:4f:e6:89:82:d3:fb:
         d7:8d:9f:3b:45:2c:11:1f:3c:e8:46:74:81:c7:53:2d:23:a7:
         00:73:7c:a1:89:da:b0:44:41:1d:9e:2f:79:3f:52:d0:7e:e1:
         0c:74:6b:89:7a:57:1d:44:4a:e2:42:b9:b1:b6:86:8a:d3:f4:
         18:28:5d:32:2f:a6:05:9a:c0:f7:4e:5e:a9:78:d6:39:81:25:
         cb:1a:24:dd:54:05:c3:bd:8f:56:0d:7f:c8:5c:ab:4f:72:77:
         43:2a:76:39:98:0d:ee:16:cf:5b:e9:87:c4:7d:26:c0:7c:de:
         44:b9:82:4f:95:92:08:fe:45:1d:bc:e3:e0:a8:ce:94:57:38:
         c0:5b:98:b3:98:89:c9:75:0d:57:08:24:cf:8e:bb:90:a1:b5:
         65:00:ba:50:1d:db:11:f8:8e:ac:9e:ba:19:61:28:63:61:d7:
         93:cb:7e:d2:f7:66:1b:ff:6b:29:72:c9:22:55:60:89:a7:02:
         30:8e:d7:23:b6:b6:e5:bc:fa:f3:e7:ad:1a:dc:fd:66:7e:dc:
         44:f9:9e:a8:04:52:c4:5c:bd:b0:1d:77:59:be:7a:b5:df:fb:
         45:a0:a1:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdUR7/sQq/iKIEoJz6wnf/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNjA5MTA0MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQ1MzAwYTZjNjU4YTk0ZjEzOTU5MDllMmQzZGMzYTQ4NGU2YzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArA+1QoO3jcf8jjYwtwf0Qhqp9x3f
020nwcPDQbjhrGVZdvcQJmPPoZraemGawFKG6j7uTwPoSXj5j7Q3NOAcA/S+/wL1
uXDgvAoMRwwfPbA4+6xoqmvY1NuzcKec/WiU7hO3PmUDOZZ1IushPpGwVYYTXyK5
cyXFdDQj+UwVXlWfv3gip34eKDsFp7RgBDKTp90OBSzOh+x0YOS7vHY7QAtpqoP1
PUv9PhG9gx/QOiuAF8MHNd5U0C5SjO/HTQrLJ1ywqJEkDbS6ZX7Dt/TxEcqqHH0U
+aL4CW2xGyuVk6c6Aa/7Prhqao1DZcfn+Xx/WMWPTBTeHdkATojyEteXPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI/VMApsZYqU8TlZCeLT3DpITmwYMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvajlVd0NteGxpcFR4T1ZrSjR0UGNPa2hPYkJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBTiAAwQC
JSAoMA0GCSqGSIb3DQEBCwUAA4IBAQAvlJCRKytUrRnCJ1AWIbQs5qNEkUJxDmjc
49znAchP5omC0/vXjZ87RSwRHzzoRnSBx1MtI6cAc3yhidqwREEdni95P1LQfuEM
dGuJelcdREriQrmxtoaK0/QYKF0yL6YFmsD3Tl6peNY5gSXLGiTdVAXDvY9WDX/I
XKtPcndDKnY5mA3uFs9b6YfEfSbAfN5EuYJPlZII/kUdvOPgqM6UVzjAW5izmInJ
dQ1XCCTPjruQobVlALpQHdsR+I6snroZYShjYdeTy37S92Yb/2spcskiVWCJpwIw
jtcjtrblvPrz560a3P1mftxE+Z6oBFLEXL2wHXdZvnq13/tFoKH5
-----END CERTIFICATE-----