Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/0aa8_BKnq_2uEeu2lZ7-yjbtvuM.roa
File:                     0aa8_BKnq_2uEeu2lZ7-yjbtvuM.roa (raw, json)
Hash identifier:          Ddp/LlQBMX46rH0IPNaZHNYeFIB8RtssPveBvjz8aL4=
Subject key identifier:   D1:A6:BC:FC:12:A7:AB:FD:AE:11:EB:B6:95:9E:FE:CA:36:ED:BE:E3
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0199150CCCFD1C023B13014C246C0A0C6081
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/0aa8_BKnq_2uEeu2lZ7-yjbtvuM.roa
Signing time:             Thu 04 Sep 2025 14:06:24 +0000
ROA not before:           Thu 04 Sep 2025 14:06:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214208
IP address blocks:        45.9.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 04:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:0c:cc:fd:1c:02:3b:13:01:4c:24:6c:0a:0c:60:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Sep  4 14:06:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1a6bcfc12a7abfdae11ebb6959efeca36edbee3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:53:b4:f9:bd:4d:79:28:b5:4f:18:e5:c5:4d:
                    92:ba:cc:ca:3a:60:26:06:6a:33:3b:9d:13:f0:72:
                    c8:ba:79:62:d4:ab:99:05:de:54:e6:bb:e9:f0:dc:
                    b6:84:77:3c:85:0f:c8:cc:f1:34:8e:d0:d7:0d:08:
                    05:a1:5b:f6:85:8e:bc:36:da:49:f5:7e:f0:43:32:
                    cf:8c:87:88:65:c1:20:fc:87:08:64:42:51:12:5e:
                    62:d9:36:b5:6a:51:9b:1b:4a:0a:62:85:ee:4c:e0:
                    da:2e:40:fe:8a:78:22:2b:60:fe:b0:ae:4b:36:46:
                    4e:1b:f8:2d:99:6c:fd:fd:09:6e:fa:70:20:e3:24:
                    47:5d:32:09:4b:ab:65:ab:0c:29:1b:3d:ad:7b:c2:
                    80:2d:3e:eb:57:bf:d4:dc:02:4a:c4:2e:1e:ec:77:
                    b3:23:77:fd:cb:e7:c4:6e:eb:c8:7a:75:79:21:46:
                    d9:c9:d3:0f:a3:01:36:ad:22:19:af:b7:e1:20:4b:
                    6a:91:e0:db:cd:83:97:0a:7f:cd:a8:36:d6:db:25:
                    f5:b5:f3:60:1f:1a:bf:91:49:d0:92:1f:4d:86:20:
                    73:39:2e:79:e5:38:be:e2:47:3b:13:74:2f:7f:48:
                    4e:58:93:6f:78:e3:c0:f8:d8:3f:17:ad:6c:30:4a:
                    f5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:A6:BC:FC:12:A7:AB:FD:AE:11:EB:B6:95:9E:FE:CA:36:ED:BE:E3
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/0aa8_BKnq_2uEeu2lZ7-yjbtvuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:9b:97:8b:4f:21:83:d8:21:16:95:ab:ac:64:17:ad:12:95:
         ab:3f:59:94:79:e3:91:40:d6:07:4e:36:63:2d:16:21:7b:d9:
         cd:51:82:8d:a8:0c:cf:4f:86:9c:cf:d6:f1:96:ca:3f:da:ca:
         81:5e:86:16:63:db:02:2b:bb:11:83:4c:01:c1:53:df:c9:e5:
         65:39:05:37:6f:8c:5b:f3:7d:33:a7:2b:bf:5c:23:50:57:0b:
         99:db:84:39:43:28:04:7b:36:31:6d:bf:16:43:88:d2:8b:8e:
         36:2f:5e:d0:db:f9:2c:6f:11:2d:cf:5b:41:1d:03:cf:bf:14:
         ea:44:76:31:d1:31:ad:46:e1:00:8b:b4:21:0e:af:0d:ac:80:
         f0:f7:f3:59:05:3c:66:8f:f6:8c:c1:97:3f:b0:94:00:a2:29:
         60:1b:d6:ec:1a:78:86:0f:44:4c:c4:0d:c9:bd:56:79:26:07:
         30:be:69:72:53:cc:b4:00:90:da:b6:10:67:5b:5d:af:9a:96:
         da:88:59:f4:7d:e3:15:86:f8:2e:81:ec:a6:a2:06:b6:eb:52:
         5f:03:c4:f7:d4:2f:01:da:17:cd:32:e9:19:f0:7f:da:63:ae:
         50:b7:bc:be:34:d0:09:ba:29:49:cb:81:0d:45:25:7b:f3:4b:
         5d:20:f7:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVDMz9HAI7EwFMJGwKDGCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwOTA0MTQwNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWE2YmNmYzEyYTdhYmZkYWUxMWViYjY5NTllZmVjYTM2ZWRiZWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVO0+b1NeSi1TxjlxU2SuszKOmAm
BmozO50T8HLIunli1KuZBd5U5rvp8Ny2hHc8hQ/IzPE0jtDXDQgFoVv2hY68NtpJ
9X7wQzLPjIeIZcEg/IcIZEJREl5i2Ta1alGbG0oKYoXuTODaLkD+ingiK2D+sK5L
NkZOG/gtmWz9/Qlu+nAg4yRHXTIJS6tlqwwpGz2te8KALT7rV7/U3AJKxC4e7Hez
I3f9y+fEbuvIenV5IUbZydMPowE2rSIZr7fhIEtqkeDbzYOXCn/NqDbW2yX1tfNg
Hxq/kUnQkh9NhiBzOS555Ti+4kc7E3Qvf0hOWJNveOPA+Ng/F61sMEr14QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNGmvPwSp6v9rhHrtpWe/so27b7jMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvMGFhOF9CS25xXzJ1RWV1MmxaNy15amJ0dnVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQmYMA0G
CSqGSIb3DQEBCwUAA4IBAQAfm5eLTyGD2CEWlausZBetEpWrP1mUeeORQNYHTjZj
LRYhe9nNUYKNqAzPT4acz9bxlso/2sqBXoYWY9sCK7sRg0wBwVPfyeVlOQU3b4xb
830zpyu/XCNQVwuZ24Q5QygEezYxbb8WQ4jSi442L17Q2/ksbxEtz1tBHQPPvxTq
RHYx0TGtRuEAi7QhDq8NrIDw9/NZBTxmj/aMwZc/sJQAoilgG9bsGniGD0RMxA3J
vVZ5JgcwvmlyU8y0AJDathBnW12vmpbaiFn0feMVhvgugeymoga261JfA8T31C8B
2hfNMukZ8H/aY65Qt7y+NNAJuilJy4ENRSV780tdIPfQ
-----END CERTIFICATE-----