Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/99e585-a652-44f3-a531-a003bfdf4e45/1/2U9_DlkXgIcp2fqTIjSzc96XjLo.roa
File:                     2U9_DlkXgIcp2fqTIjSzc96XjLo.roa (raw, json)
Hash identifier:          AqnnBs4DF+DHHSE1BOafxKA5wB2i7dk/ZwYwgXHHS/Y=
Subject key identifier:   D9:4F:7F:0E:59:17:80:87:29:D9:FA:93:22:34:B3:73:DE:97:8C:BA
Certificate issuer:       /CN=a90e28f2e509fe37ac5c3401a0a8c11029b621e4
Certificate serial:       019422FB709D19171F5AC8ACE9746E1CA1F9
Authority key identifier: A9:0E:28:F2:E5:09:FE:37:AC:5C:34:01:A0:A8:C1:10:29:B6:21:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qQ4o8uUJ_jesXDQBoKjBECm2IeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/99e585-a652-44f3-a531-a003bfdf4e45/1/2U9_DlkXgIcp2fqTIjSzc96XjLo.roa
Signing time:             Wed 01 Jan 2025 17:48:11 +0000
ROA not before:           Wed 01 Jan 2025 17:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12874
IP address blocks:        45.82.228.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/99e585-a652-44f3-a531-a003bfdf4e45/1/qQ4o8uUJ_jesXDQBoKjBECm2IeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/99e585-a652-44f3-a531-a003bfdf4e45/1/qQ4o8uUJ_jesXDQBoKjBECm2IeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qQ4o8uUJ_jesXDQBoKjBECm2IeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:70:9d:19:17:1f:5a:c8:ac:e9:74:6e:1c:a1:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a90e28f2e509fe37ac5c3401a0a8c11029b621e4
        Validity
            Not Before: Jan  1 17:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d94f7f0e5917808729d9fa932234b373de978cba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:09:92:3e:fd:99:40:b9:75:01:56:76:b0:8e:
                    d0:85:22:46:68:15:c2:31:cd:86:8d:99:5b:15:4e:
                    23:fc:82:3d:d6:78:f5:b2:3a:d9:14:90:df:c1:8d:
                    2b:1b:55:91:81:c2:50:0d:20:10:4e:00:4f:df:9a:
                    45:5d:f2:d5:96:8e:4e:32:2e:a1:b0:d2:db:9f:45:
                    c2:59:b5:82:33:33:55:29:fc:cb:40:1f:85:82:91:
                    6b:8f:f3:50:e3:3e:09:6f:d3:e4:84:10:44:ba:ad:
                    81:52:f2:b6:97:4f:1d:db:8a:62:fb:56:22:83:a8:
                    e5:80:d4:cf:ba:47:92:02:bf:bb:ca:bd:79:5a:72:
                    ab:31:81:69:87:45:dc:eb:67:b4:b0:1d:02:ef:44:
                    da:c7:91:0f:f1:04:b7:f8:ef:6d:99:c5:16:b6:d6:
                    10:cb:54:bc:ab:fa:f9:9f:63:52:35:4d:e5:1c:b2:
                    1a:12:ca:e3:1e:c3:01:31:9a:70:9f:8f:5f:76:52:
                    51:4f:dd:64:6c:12:0d:16:df:66:ba:d4:81:0f:bf:
                    c8:fb:04:74:60:79:af:0b:63:7a:9a:21:15:09:66:
                    3c:da:da:5c:1a:f7:9f:5b:5e:68:4c:b7:de:06:17:
                    48:82:ed:15:6b:c3:95:07:fc:c5:a4:1c:f4:71:d1:
                    9b:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4F:7F:0E:59:17:80:87:29:D9:FA:93:22:34:B3:73:DE:97:8C:BA
            X509v3 Authority Key Identifier:
                keyid:A9:0E:28:F2:E5:09:FE:37:AC:5C:34:01:A0:A8:C1:10:29:B6:21:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qQ4o8uUJ_jesXDQBoKjBECm2IeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/99e585-a652-44f3-a531-a003bfdf4e45/1/2U9_DlkXgIcp2fqTIjSzc96XjLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/99e585-a652-44f3-a531-a003bfdf4e45/1/qQ4o8uUJ_jesXDQBoKjBECm2IeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:97:b4:4e:48:4c:3e:56:a8:12:4b:a8:81:34:78:b7:3d:aa:
         55:78:1e:4b:02:e7:66:f1:45:bd:e4:8e:10:31:c0:56:a8:ab:
         66:c8:80:58:c7:ab:e5:95:a7:a7:71:0b:41:8a:75:2b:1e:d5:
         21:86:a4:a2:7f:8f:06:3a:32:1a:c6:0c:7e:33:5b:c5:e0:39:
         eb:dd:c7:7e:3f:80:b0:80:d3:cc:83:54:d6:df:f8:33:d2:8b:
         8b:4b:0f:79:d7:0d:b6:a0:87:8a:45:bf:d0:dd:b5:83:f2:62:
         0b:be:ef:da:e8:dd:79:da:17:7a:74:e9:46:e5:21:2c:bc:77:
         4d:f9:9d:06:56:ec:fd:92:6a:e9:4c:31:f5:96:8a:7e:61:d7:
         38:75:c6:e2:5e:6c:e9:fa:5a:7f:26:1e:16:01:2a:b5:e7:8b:
         27:6c:f0:3e:b2:77:1c:3d:11:c8:2f:15:53:26:c7:3f:5e:ec:
         32:4a:d2:d7:13:f9:65:04:13:ba:df:a7:f8:37:99:d4:08:99:
         29:05:71:00:73:db:24:e6:87:f2:65:dd:19:d6:37:4d:85:b0:
         5e:af:89:2d:94:e8:ea:d1:91:6a:da:1d:52:89:1c:41:6e:9e:
         47:ac:e9:74:00:73:b3:f2:4f:43:83:d7:c4:11:dc:c5:4f:20:
         f0:2d:26:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+3CdGRcfWsis6XRuHKH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5MGUyOGYyZTUwOWZlMzdhYzVjMzQwMWEwYThjMTEwMjli
NjIxZTQwHhcNMjUwMTAxMTc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTRmN2YwZTU5MTc4MDg3MjlkOWZhOTMyMjM0YjM3M2RlOTc4Y2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwmSPv2ZQLl1AVZ2sI7QhSJGaBXC
Mc2GjZlbFU4j/II91nj1sjrZFJDfwY0rG1WRgcJQDSAQTgBP35pFXfLVlo5OMi6h
sNLbn0XCWbWCMzNVKfzLQB+FgpFrj/NQ4z4Jb9PkhBBEuq2BUvK2l08d24pi+1Yi
g6jlgNTPukeSAr+7yr15WnKrMYFph0Xc62e0sB0C70Tax5EP8QS3+O9tmcUWttYQ
y1S8q/r5n2NSNU3lHLIaEsrjHsMBMZpwn49fdlJRT91kbBINFt9mutSBD7/I+wR0
YHmvC2N6miEVCWY82tpcGvefW15oTLfeBhdIgu0Va8OVB/zFpBz0cdGbAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlPfw5ZF4CHKdn6kyI0s3Pel4y6MB8GA1UdIwQY
MBaAFKkOKPLlCf43rFw0AaCowRAptiHkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVE0bzh1VUpfamVzWERRQm9LakJFQ20ySWVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS85OWU1ODUtYTY1Mi00NGYzLWE1MzEt
YTAwM2JmZGY0ZTQ1LzEvMlU5X0Rsa1hnSWNwMmZxVElqU3pjOTZYakxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS85OWU1ODUtYTY1Mi00NGYzLWE1MzEtYTAwM2JmZGY0ZTQ1
LzEvcVE0bzh1VUpfamVzWERRQm9LakJFQ20ySWVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVLkMA0G
CSqGSIb3DQEBCwUAA4IBAQAPl7ROSEw+VqgSS6iBNHi3PapVeB5LAudm8UW95I4Q
McBWqKtmyIBYx6vllaencQtBinUrHtUhhqSif48GOjIaxgx+M1vF4Dnr3cd+P4Cw
gNPMg1TW3/gz0ouLSw951w22oIeKRb/Q3bWD8mILvu/a6N152hd6dOlG5SEsvHdN
+Z0GVuz9kmrpTDH1lop+Ydc4dcbiXmzp+lp/Jh4WASq154snbPA+snccPRHILxVT
Jsc/XuwyStLXE/llBBO636f4N5nUCJkpBXEAc9sk5ofyZd0Z1jdNhbBer4ktlOjq
0ZFq2h1SiRxBbp5HrOl0AHOz8k9Dg9fEEdzFTyDwLSaq
-----END CERTIFICATE-----