Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/9rKKbaQzfgzdmUc0RCvAHPOAcsI.roa
File:                     9rKKbaQzfgzdmUc0RCvAHPOAcsI.roa (raw, json)
Hash identifier:          VH5L1nLiuJzOWwVEXdxCxgFwEZ1HPXPm7pBgXu98Q+c=
Subject key identifier:   F6:B2:8A:6D:A4:33:7E:0C:DD:99:47:34:44:2B:C0:1C:F3:80:72:C2
Certificate issuer:       /CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
Certificate serial:       01974FC370964112DB3FBC242C60E9C2B320
Authority key identifier: 00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/9rKKbaQzfgzdmUc0RCvAHPOAcsI.roa
Signing time:             Sun 08 Jun 2025 13:38:17 +0000
ROA not before:           Sun 08 Jun 2025 13:38:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        45.152.20.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4f:c3:70:96:41:12:db:3f:bc:24:2c:60:e9:c2:b3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=003b2c3871069002ad0b2f42b0cbf5e92e3be4b3
        Validity
            Not Before: Jun  8 13:38:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6b28a6da4337e0cdd994734442bc01cf38072c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:98:fd:1d:83:63:41:ab:ff:1c:bb:d0:eb:30:
                    6c:cd:c3:b8:bb:6c:79:4a:b8:7e:97:b2:1f:a5:31:
                    8a:0e:ff:be:e5:7a:27:4f:87:5d:15:15:4e:60:48:
                    5a:04:8b:ec:22:85:15:e5:61:be:71:2e:fc:eb:34:
                    51:60:73:ee:19:d7:88:d7:4a:57:0a:84:2e:44:c0:
                    4e:7a:bf:2f:d0:19:61:ae:ff:46:de:2b:7c:b3:4e:
                    92:dc:20:a9:1f:b0:3e:ac:98:69:39:91:4a:a0:93:
                    9a:47:1a:16:eb:ec:82:39:65:06:3a:5a:13:20:1e:
                    5e:f8:ed:78:70:61:fd:79:8b:1d:5a:97:6f:f3:cd:
                    2f:d9:17:5c:11:db:ed:c2:20:28:21:f8:3f:1f:0b:
                    93:4a:b1:3e:13:2f:68:7b:a4:8f:17:71:bc:c1:38:
                    e1:b9:f1:8b:ce:08:b4:9e:ff:52:5f:85:fb:99:26:
                    60:bd:40:fb:b7:c4:16:e6:65:13:18:5c:e1:f6:95:
                    f2:2b:84:d3:78:86:65:75:36:dd:44:39:bc:14:85:
                    a5:08:49:16:a9:9a:41:76:d0:6b:b1:57:f1:11:e8:
                    1a:a0:06:3a:0a:4d:8c:24:2b:16:1a:35:3e:bc:9c:
                    b3:af:b6:3c:0a:e0:8a:88:ff:18:3c:7e:89:00:0f:
                    2d:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:B2:8A:6D:A4:33:7E:0C:DD:99:47:34:44:2B:C0:1C:F3:80:72:C2
            X509v3 Authority Key Identifier:
                keyid:00:3B:2C:38:71:06:90:02:AD:0B:2F:42:B0:CB:F5:E9:2E:3B:E4:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ADssOHEGkAKtCy9CsMv16S475LM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/9rKKbaQzfgzdmUc0RCvAHPOAcsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d96688-2d98-4634-86db-b35a0a1453fb/1/ADssOHEGkAKtCy9CsMv16S475LM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:e5:23:da:0f:cb:83:75:0b:6f:ad:48:b2:91:c4:f1:a7:e6:
         00:37:39:d0:66:06:e8:d7:04:05:7f:c3:64:95:02:16:be:ee:
         4d:99:3e:c3:a7:a8:79:9b:b7:4a:54:e8:39:51:a7:49:8c:ad:
         50:e8:35:17:40:a2:92:2b:d7:98:d3:1c:a1:da:4b:04:9c:b7:
         c4:50:03:d8:36:44:72:56:23:22:64:84:64:83:cd:f3:c9:dd:
         a5:a4:9b:da:63:7f:d9:20:4c:dc:68:64:b1:64:78:2f:1d:80:
         08:9c:df:4b:a8:77:d7:8b:b5:77:69:bb:16:fe:92:13:ef:36:
         91:b9:19:8a:e1:69:97:b4:e0:99:22:bc:54:05:03:19:8b:b6:
         8e:57:c7:ea:ba:fb:04:16:5d:86:90:bc:f0:0e:1c:75:ba:16:
         4f:7b:1d:0e:3a:29:d0:3c:f0:ec:a4:58:21:f1:93:90:af:b9:
         2b:46:11:8f:df:a3:d5:80:28:0f:58:86:d2:a5:71:e9:25:94:
         a0:b6:2e:3e:47:27:4a:40:f4:24:02:98:d7:02:4c:3d:a0:73:
         d4:ad:b5:15:52:b2:dd:22:f1:cf:df:61:76:b6:c4:84:41:5b:
         5d:b2:47:e8:f7:86:21:86:d8:cc:3f:74:2d:68:f8:ac:c5:2c:
         89:02:19:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdPw3CWQRLbP7wkLGDpwrMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwM2IyYzM4NzEwNjkwMDJhZDBiMmY0MmIwY2JmNWU5MmUz
YmU0YjMwHhcNMjUwNjA4MTMzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmIyOGE2ZGE0MzM3ZTBjZGQ5OTQ3MzQ0NDJiYzAxY2YzODA3MmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpj9HYNjQav/HLvQ6zBszcO4u2x5
Srh+l7IfpTGKDv++5XonT4ddFRVOYEhaBIvsIoUV5WG+cS786zRRYHPuGdeI10pX
CoQuRMBOer8v0Blhrv9G3it8s06S3CCpH7A+rJhpOZFKoJOaRxoW6+yCOWUGOloT
IB5e+O14cGH9eYsdWpdv880v2RdcEdvtwiAoIfg/HwuTSrE+Ey9oe6SPF3G8wTjh
ufGLzgi0nv9SX4X7mSZgvUD7t8QW5mUTGFzh9pXyK4TTeIZldTbdRDm8FIWlCEkW
qZpBdtBrsVfxEegaoAY6Ck2MJCsWGjU+vJyzr7Y8CuCKiP8YPH6JAA8tCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPayim2kM34M3ZlHNEQrwBzzgHLCMB8GA1UdIwQY
MBaAFAA7LDhxBpACrQsvQrDL9ekuO+SzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGIt
YjM1YTBhMTQ1M2ZiLzEvOXJLS2JhUXpmZ3pkbVVjMFJDdkFIUE9BY3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kOTY2ODgtMmQ5OC00NjM0LTg2ZGItYjM1YTBhMTQ1M2Zi
LzEvQURzc09IRUdrQUt0Q3k5Q3NNdjE2UzQ3NUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZgUMA0G
CSqGSIb3DQEBCwUAA4IBAQBC5SPaD8uDdQtvrUiykcTxp+YANznQZgbo1wQFf8Nk
lQIWvu5NmT7Dp6h5m7dKVOg5UadJjK1Q6DUXQKKSK9eY0xyh2ksEnLfEUAPYNkRy
ViMiZIRkg83zyd2lpJvaY3/ZIEzcaGSxZHgvHYAInN9LqHfXi7V3absW/pIT7zaR
uRmK4WmXtOCZIrxUBQMZi7aOV8fquvsEFl2GkLzwDhx1uhZPex0OOinQPPDspFgh
8ZOQr7krRhGP36PVgCgPWIbSpXHpJZSgti4+RydKQPQkApjXAkw9oHPUrbUVUrLd
IvHP32F2tsSEQVtdskfo94YhhtjMP3QtaPisxSyJAhme
-----END CERTIFICATE-----