Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/eo9SLFo6ECy5DSd_dzNUwxtWG90.roa
File:                     eo9SLFo6ECy5DSd_dzNUwxtWG90.roa (raw, json)
Hash identifier:          rwEptqLCRKuvmeB6qGhTimOttQv2kDracTxXGRGGlyc=
Subject key identifier:   7A:8F:52:2C:5A:3A:10:2C:B9:0D:27:7F:77:33:54:C3:1B:56:1B:DD
Certificate issuer:       /CN=aa22bffd2d5a070e2ec8a3fc46e7911af96feaad
Certificate serial:       019420D5A5AD393CAEA028EBA1CB7AEB1095
Authority key identifier: AA:22:BF:FD:2D:5A:07:0E:2E:C8:A3:FC:46:E7:91:1A:F9:6F:EA:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qiK__S1aBw4uyKP8RueRGvlv6q0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/eo9SLFo6ECy5DSd_dzNUwxtWG90.roa
Signing time:             Wed 01 Jan 2025 07:47:39 +0000
ROA not before:           Wed 01 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209198
IP address blocks:        2.57.200.0/22 maxlen: 24
                          2a09:de40::/32 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/qiK__S1aBw4uyKP8RueRGvlv6q0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/qiK__S1aBw4uyKP8RueRGvlv6q0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qiK__S1aBw4uyKP8RueRGvlv6q0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a5:ad:39:3c:ae:a0:28:eb:a1:cb:7a:eb:10:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa22bffd2d5a070e2ec8a3fc46e7911af96feaad
        Validity
            Not Before: Jan  1 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a8f522c5a3a102cb90d277f773354c31b561bdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:83:73:eb:08:76:08:88:f3:ac:4d:20:f1:51:
                    bb:d9:24:f3:e4:ec:dc:51:d2:00:9c:df:b1:56:7c:
                    c5:f4:be:6e:36:00:7a:c8:3a:c1:11:4c:ed:79:ad:
                    65:ab:2f:63:d3:1c:71:0b:eb:4f:e9:ac:0a:8f:22:
                    8b:b7:66:21:e2:7a:93:e0:e7:94:d0:0d:0b:d0:c7:
                    b5:1e:10:54:84:0b:9a:b4:e3:9a:0c:0c:20:ae:f3:
                    35:b4:b7:33:db:7d:0a:4e:b4:21:b7:99:24:2f:6b:
                    09:2c:70:aa:74:c7:d5:b6:80:92:5f:d3:87:63:a6:
                    90:c5:46:f1:5e:5b:0d:58:20:bb:cb:87:19:c0:2f:
                    c0:f9:d8:5e:bb:2b:d0:40:c7:bb:0f:96:61:c2:29:
                    09:91:aa:b0:93:f9:d8:79:f1:56:33:dd:ad:f7:2a:
                    27:7d:07:5b:55:0a:95:72:0e:93:19:47:e2:a2:cd:
                    40:ac:28:09:f6:b1:11:30:44:44:42:79:26:2e:b9:
                    ee:08:84:6e:75:e3:10:cf:55:7e:16:f1:f2:87:ae:
                    a7:ff:07:a1:ab:f0:16:54:d4:b2:42:5c:58:a2:ec:
                    24:25:79:ed:83:1d:90:2b:77:e2:d5:40:8f:25:8c:
                    17:0c:31:11:4d:f7:49:52:4f:22:7f:de:27:78:2f:
                    c8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:8F:52:2C:5A:3A:10:2C:B9:0D:27:7F:77:33:54:C3:1B:56:1B:DD
            X509v3 Authority Key Identifier:
                keyid:AA:22:BF:FD:2D:5A:07:0E:2E:C8:A3:FC:46:E7:91:1A:F9:6F:EA:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qiK__S1aBw4uyKP8RueRGvlv6q0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/eo9SLFo6ECy5DSd_dzNUwxtWG90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/qiK__S1aBw4uyKP8RueRGvlv6q0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.200.0/22
                IPv6:
                  2a09:de40::/32

    Signature Algorithm: sha256WithRSAEncryption
         a5:30:dc:f7:46:a0:87:cf:4a:8c:85:f9:80:14:62:2a:ef:a1:
         66:1d:63:f8:31:c3:18:8b:b5:e5:10:f2:7f:bf:e3:db:e0:82:
         48:3e:02:81:04:c3:91:00:23:40:03:7e:5d:e5:43:fe:64:d4:
         96:4b:66:fe:29:58:81:0c:a1:69:eb:ea:a8:5f:fd:34:26:63:
         85:1c:df:12:3d:24:ff:6f:76:47:f7:c9:7a:36:4e:13:8f:6b:
         1b:f7:29:14:fa:c0:b5:dc:88:43:3d:e6:23:e6:7f:a8:a2:92:
         2e:d0:7e:47:58:91:a9:bc:77:9b:d4:38:15:f3:b2:d4:ce:95:
         b5:69:4f:c0:2a:79:5c:0d:81:8b:8f:68:14:79:3f:e4:32:81:
         b8:b5:77:54:1d:9e:f9:6e:cd:5b:67:45:43:76:b7:45:68:00:
         cc:1b:67:1f:49:3d:db:57:97:df:a4:e7:36:84:22:50:bb:dd:
         4b:d6:03:52:5a:c0:23:90:ed:c0:c8:0d:05:78:1b:b0:d6:4e:
         6b:0e:47:a3:4f:cf:5e:98:ca:32:bb:3a:83:f8:57:b4:24:a0:
         13:90:55:b1:d4:19:c3:5a:29:54:c1:bc:81:86:63:e1:4b:b5:
         19:4c:2c:55:f9:b8:5b:74:06:b3:e5:92:e6:1b:37:ee:ca:57:
         52:6a:3f:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1aWtOTyuoCjroct66xCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMjJiZmZkMmQ1YTA3MGUyZWM4YTNmYzQ2ZTc5MTFhZjk2
ZmVhYWQwHhcNMjUwMTAxMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YThmNTIyYzVhM2ExMDJjYjkwZDI3N2Y3NzMzNTRjMzFiNTYxYmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoNz6wh2CIjzrE0g8VG72STz5Ozc
UdIAnN+xVnzF9L5uNgB6yDrBEUztea1lqy9j0xxxC+tP6awKjyKLt2Yh4nqT4OeU
0A0L0Me1HhBUhAuatOOaDAwgrvM1tLcz230KTrQht5kkL2sJLHCqdMfVtoCSX9OH
Y6aQxUbxXlsNWCC7y4cZwC/A+dheuyvQQMe7D5ZhwikJkaqwk/nYefFWM92t9yon
fQdbVQqVcg6TGUfios1ArCgJ9rERMEREQnkmLrnuCIRudeMQz1V+FvHyh66n/weh
q/AWVNSyQlxYouwkJXntgx2QK3fi1UCPJYwXDDERTfdJUk8if94neC/IMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHqPUixaOhAsuQ0nf3czVMMbVhvdMB8GA1UdIwQY
MBaAFKoiv/0tWgcOLsij/EbnkRr5b+qtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlLX19TMWFCdzR1eUtQOFJ1ZVJHdmx2NnEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84NzhkMGMtMjIwMC00YzI3LTk0YzAt
NWM2ZTE5ZDA3MGU1LzEvZW85U0xGbzZFQ3k1RFNkX2R6TlV3eHRXRzkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84NzhkMGMtMjIwMC00YzI3LTk0YzAtNWM2ZTE5ZDA3MGU1
LzEvcWlLX19TMWFCdzR1eUtQOFJ1ZVJHdmx2NnEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjnIMA0E
AgACMAcDBQAqCd5AMA0GCSqGSIb3DQEBCwUAA4IBAQClMNz3RqCHz0qMhfmAFGIq
76FmHWP4McMYi7XlEPJ/v+Pb4IJIPgKBBMORACNAA35d5UP+ZNSWS2b+KViBDKFp
6+qoX/00JmOFHN8SPST/b3ZH98l6Nk4Tj2sb9ykU+sC13IhDPeYj5n+oopIu0H5H
WJGpvHeb1DgV87LUzpW1aU/AKnlcDYGLj2gUeT/kMoG4tXdUHZ75bs1bZ0VDdrdF
aADMG2cfST3bV5ffpOc2hCJQu91L1gNSWsAjkO3AyA0FeBuw1k5rDkejT89emMoy
uzqD+Fe0JKATkFWx1BnDWilUwbyBhmPhS7UZTCxV+bhbdAaz5ZLmGzfuyldSaj8j
-----END CERTIFICATE-----