Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/86bb04-09df-422a-b5f9-f34b31d3b43c/1/0Ai9U12mBfKyiWOFnwxyJgomY7A.roa
File:                     0Ai9U12mBfKyiWOFnwxyJgomY7A.roa (raw, json)
Hash identifier:          w93SlMAnXeNUWu2aTB2M64qmn0qVbSFDgVMubrcribE=
Subject key identifier:   D0:08:BD:53:5D:A6:05:F2:B2:89:63:85:9F:0C:72:26:0A:26:63:B0
Certificate issuer:       /CN=1c217c8086be29d50f83c8fd8fc917b009de3c81
Certificate serial:       01961428A403D80565B92EEFB6A903C0BAB9
Authority key identifier: 1C:21:7C:80:86:BE:29:D5:0F:83:C8:FD:8F:C9:17:B0:09:DE:3C:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HCF8gIa-KdUPg8j9j8kXsAnePIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/86bb04-09df-422a-b5f9-f34b31d3b43c/1/0Ai9U12mBfKyiWOFnwxyJgomY7A.roa
Signing time:             Tue 08 Apr 2025 06:48:49 +0000
ROA not before:           Tue 08 Apr 2025 06:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15547
IP address blocks:        37.0.32.0/19 maxlen: 19
                          185.42.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/86bb04-09df-422a-b5f9-f34b31d3b43c/1/HCF8gIa-KdUPg8j9j8kXsAnePIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/86bb04-09df-422a-b5f9-f34b31d3b43c/1/HCF8gIa-KdUPg8j9j8kXsAnePIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HCF8gIa-KdUPg8j9j8kXsAnePIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:28:a4:03:d8:05:65:b9:2e:ef:b6:a9:03:c0:ba:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c217c8086be29d50f83c8fd8fc917b009de3c81
        Validity
            Not Before: Apr  8 06:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d008bd535da605f2b28963859f0c72260a2663b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6c:2e:02:66:dd:39:a0:17:8e:36:64:27:90:
                    aa:88:98:bb:9b:c5:87:44:42:93:b7:68:cf:be:d2:
                    b6:5a:ea:1d:0f:65:a0:7a:0d:1c:11:4c:89:7d:83:
                    bc:07:7c:22:e1:e9:ba:68:e9:26:9a:19:11:18:0e:
                    31:db:4c:bd:1f:2d:0d:16:5c:b4:8e:58:c0:c4:c1:
                    10:f9:1d:07:d0:1b:26:c9:ad:cb:16:74:2e:29:b1:
                    09:ec:25:fa:f4:94:33:87:28:11:7b:1a:71:4a:da:
                    64:73:a5:77:80:de:d8:c6:df:26:2c:88:46:f3:f5:
                    8b:d1:bf:1c:57:bb:1f:ee:79:3f:08:f8:b2:84:5a:
                    4c:a9:1a:56:f6:00:66:06:35:c6:c8:36:17:6c:01:
                    7e:a5:bf:27:51:ec:c4:86:f7:87:fd:a0:24:5b:6c:
                    22:68:50:b0:99:66:2a:b3:f8:0c:93:50:9b:fd:96:
                    0d:87:77:be:59:46:07:28:62:25:a9:96:20:4f:c8:
                    74:94:c5:ac:e6:c9:70:8c:d6:8f:ba:b6:fb:03:ef:
                    a3:7d:be:c0:e1:6a:56:03:8b:6e:65:94:98:d2:69:
                    9d:bb:5b:02:00:a9:8d:24:c9:34:e5:37:7d:4d:97:
                    dd:9e:bc:59:77:f3:c1:4f:22:7f:60:44:9b:a8:0e:
                    34:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:08:BD:53:5D:A6:05:F2:B2:89:63:85:9F:0C:72:26:0A:26:63:B0
            X509v3 Authority Key Identifier:
                keyid:1C:21:7C:80:86:BE:29:D5:0F:83:C8:FD:8F:C9:17:B0:09:DE:3C:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HCF8gIa-KdUPg8j9j8kXsAnePIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/86bb04-09df-422a-b5f9-f34b31d3b43c/1/0Ai9U12mBfKyiWOFnwxyJgomY7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/86bb04-09df-422a-b5f9-f34b31d3b43c/1/HCF8gIa-KdUPg8j9j8kXsAnePIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.0.32.0/19
                  185.42.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:44:0c:fe:a2:0c:a7:3c:b3:5b:f5:a3:75:87:cd:69:66:75:
         89:ad:64:ac:68:aa:c5:ce:5a:f0:c7:da:17:01:88:21:d4:c6:
         c6:04:79:79:65:83:fc:dc:05:7d:fc:93:7b:71:c9:51:02:a3:
         23:75:bb:da:af:a1:6e:1e:d1:29:90:00:58:1a:af:36:48:d9:
         9e:90:b5:39:cc:94:7e:a1:b6:62:af:a7:db:37:01:11:62:aa:
         ad:82:32:f1:be:63:2f:83:06:ca:70:59:2c:5c:e7:f7:8e:de:
         d2:b1:4e:09:c5:2a:fa:19:6f:9d:a4:8c:c4:24:db:8f:4f:06:
         de:8c:ac:b9:08:cf:46:b8:12:db:3f:51:0c:ba:df:6d:9a:41:
         14:05:e1:fc:45:c2:34:e4:96:1f:93:5c:a8:5d:03:c8:73:7e:
         36:bb:7e:4f:69:f6:95:8b:f4:ba:c3:ab:4c:f0:fc:1c:bc:89:
         e2:d8:e3:be:d9:5b:4b:61:04:bd:c4:c9:26:cf:53:0c:42:ca:
         db:8b:bb:0d:e3:dd:9f:0b:99:db:e1:6a:9a:ef:0d:f6:37:0f:
         e5:c7:49:b7:9a:0a:89:ab:6f:e4:83:3b:94:8c:98:49:cf:6d:
         92:2b:63:16:d6:46:f6:1b:fc:5e:1a:35:29:16:b8:90:ff:78:
         59:53:f4:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYUKKQD2AVluS7vtqkDwLq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMjE3YzgwODZiZTI5ZDUwZjgzYzhmZDhmYzkxN2IwMDlk
ZTNjODEwHhcNMjUwNDA4MDY0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDA4YmQ1MzVkYTYwNWYyYjI4OTYzODU5ZjBjNzIyNjBhMjY2M2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWwuAmbdOaAXjjZkJ5CqiJi7m8WH
REKTt2jPvtK2WuodD2Wgeg0cEUyJfYO8B3wi4em6aOkmmhkRGA4x20y9Hy0NFly0
jljAxMEQ+R0H0Bsmya3LFnQuKbEJ7CX69JQzhygRexpxStpkc6V3gN7Yxt8mLIhG
8/WL0b8cV7sf7nk/CPiyhFpMqRpW9gBmBjXGyDYXbAF+pb8nUezEhveH/aAkW2wi
aFCwmWYqs/gMk1Cb/ZYNh3e+WUYHKGIlqZYgT8h0lMWs5slwjNaPurb7A++jfb7A
4WpWA4tuZZSY0mmdu1sCAKmNJMk05Td9TZfdnrxZd/PBTyJ/YESbqA40NwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNAIvVNdpgXysoljhZ8MciYKJmOwMB8GA1UdIwQY
MBaAFBwhfICGvinVD4PI/Y/JF7AJ3jyBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSENGOGdJYS1LZFVQZzhqOWo4a1hzQW5lUElFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC84NmJiMDQtMDlkZi00MjJhLWI1Zjkt
ZjM0YjMxZDNiNDNjLzEvMEFpOVUxMm1CZkt5aVdPRm53eHlKZ29tWTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC84NmJiMDQtMDlkZi00MjJhLWI1ZjktZjM0YjMxZDNiNDNj
LzEvSENGOGdJYS1LZFVQZzhqOWo4a1hzQW5lUElFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFJQAgAwQC
uSr4MA0GCSqGSIb3DQEBCwUAA4IBAQBwRAz+ogynPLNb9aN1h81pZnWJrWSsaKrF
zlrwx9oXAYgh1MbGBHl5ZYP83AV9/JN7cclRAqMjdbvar6FuHtEpkABYGq82SNme
kLU5zJR+obZir6fbNwERYqqtgjLxvmMvgwbKcFksXOf3jt7SsU4JxSr6GW+dpIzE
JNuPTwbejKy5CM9GuBLbP1EMut9tmkEUBeH8RcI05JYfk1yoXQPIc342u35PafaV
i/S6w6tM8PwcvIni2OO+2VtLYQS9xMkmz1MMQsrbi7sN492fC5nb4Wqa7w32Nw/l
x0m3mgqJq2/kgzuUjJhJz22SK2MW1kb2G/xeGjUpFriQ/3hZU/Rm
-----END CERTIFICATE-----