Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/9Q9cRSrqO0gGZAuxW3CcT54BmRw.roa
File:                     9Q9cRSrqO0gGZAuxW3CcT54BmRw.roa (raw, json)
Hash identifier:          xBLy6u0/M+XEaIsdpfHtNWSuIplbcblmlQJP4tu98tI=
Subject key identifier:   F5:0F:5C:45:2A:EA:3B:48:06:64:0B:B1:5B:70:9C:4F:9E:01:99:1C
Certificate issuer:       /CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
Certificate serial:       0198640800C55460C6E09E4A19C3CD63557F
Authority key identifier: D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/9Q9cRSrqO0gGZAuxW3CcT54BmRw.roa
Signing time:             Fri 01 Aug 2025 05:08:22 +0000
ROA not before:           Fri 01 Aug 2025 05:08:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7843
IP address blocks:        81.31.128.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:08:00:c5:54:60:c6:e0:9e:4a:19:c3:cd:63:55:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d423a5be5e21ca460732ae48f385a3ea150a2be1
        Validity
            Not Before: Aug  1 05:08:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f50f5c452aea3b4806640bb15b709c4f9e01991c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ec:34:33:f8:e4:05:ea:c4:e4:89:17:5b:d0:
                    50:ab:c1:97:e9:cc:2d:e7:88:85:12:51:24:90:e9:
                    b9:36:e0:32:70:ed:2f:36:47:98:36:2e:8a:66:72:
                    b6:50:ba:fe:78:35:c9:d0:14:58:d1:b9:4f:d0:6c:
                    86:2b:f1:11:d1:26:66:44:72:78:89:fe:23:f4:11:
                    74:bf:c5:0b:f3:27:35:8f:cf:24:17:9e:4c:e3:c7:
                    0e:3b:34:ad:83:60:1f:64:52:73:55:1a:83:77:a7:
                    ce:84:86:f4:d2:c2:e8:80:5d:7e:d7:06:3a:de:60:
                    47:d5:ad:25:96:3a:ac:cf:28:8a:e2:1f:f8:2e:3e:
                    f6:77:49:4c:8d:9c:a4:ac:98:29:86:96:a5:2e:c4:
                    b4:4a:0d:43:69:ed:c7:b9:c2:cb:1c:0b:98:19:b4:
                    8d:d7:1a:34:71:e0:db:12:96:5d:8a:f0:f8:5d:41:
                    16:73:06:05:dc:a4:3a:5c:bd:d9:cd:d9:33:94:49:
                    49:71:bb:f9:09:f0:27:5c:81:b3:a0:f8:85:b9:67:
                    8a:e7:c7:7c:a0:a0:be:23:37:47:89:8b:47:5d:25:
                    1e:dd:b0:2c:93:87:7e:f4:3e:38:01:b1:2f:3c:d3:
                    88:14:43:d7:84:fa:f0:82:21:1f:0c:11:ba:b7:6c:
                    f7:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:0F:5C:45:2A:EA:3B:48:06:64:0B:B1:5B:70:9C:4F:9E:01:99:1C
            X509v3 Authority Key Identifier:
                keyid:D4:23:A5:BE:5E:21:CA:46:07:32:AE:48:F3:85:A3:EA:15:0A:2B:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1COlvl4hykYHMq5I84Wj6hUKK-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/9Q9cRSrqO0gGZAuxW3CcT54BmRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/a3e3bb-fd9f-4042-b2cb-d9476665755a/1/1COlvl4hykYHMq5I84Wj6hUKK-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         98:0e:c1:da:8c:f8:94:53:7d:c0:e2:d8:98:82:87:4a:bc:a4:
         ef:4d:f9:54:66:35:3b:f9:6c:ec:49:c5:d5:44:f8:a4:0c:fe:
         44:23:f5:58:b4:d5:d3:51:80:13:f9:b1:89:1f:4e:6a:23:c8:
         48:71:83:d6:44:e4:9f:93:41:ad:f2:96:55:ca:c3:0c:1a:76:
         f7:ab:f3:fc:15:9f:05:f8:8b:5b:44:f4:ed:b4:20:5d:0d:c6:
         08:71:d9:b2:9c:bf:1f:2f:5d:9d:55:39:0e:fe:4c:e6:f8:82:
         27:88:6b:c3:e3:70:f6:85:38:4b:63:73:dd:4d:a9:bc:6e:2c:
         33:3d:5c:15:71:61:98:97:04:8d:cc:5e:3b:6b:ba:02:15:26:
         0f:3b:c7:96:d4:ca:bf:31:4d:5e:12:2f:48:b2:1b:6f:8e:f7:
         3e:b6:15:06:c5:b0:f2:ac:a0:c3:49:9d:05:68:b2:a1:b5:f9:
         c0:69:8b:94:a7:ef:af:97:1d:a4:6f:da:57:6f:98:94:d5:d1:
         1f:c2:20:3e:80:7f:73:01:ec:7f:1b:24:68:05:49:75:5d:a7:
         fd:a6:c4:17:14:e1:f8:e5:c7:35:6c:df:40:24:f3:6a:5c:38:
         76:53:ae:ba:1a:0a:34:4e:64:35:87:58:3e:c3:5a:93:6d:65:
         42:1b:2b:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhkCADFVGDG4J5KGcPNY1V/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MjNhNWJlNWUyMWNhNDYwNzMyYWU0OGYzODVhM2VhMTUw
YTJiZTEwHhcNMjUwODAxMDUwODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTBmNWM0NTJhZWEzYjQ4MDY2NDBiYjE1YjcwOWM0ZjllMDE5OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ew0M/jkBerE5IkXW9BQq8GX6cwt
54iFElEkkOm5NuAycO0vNkeYNi6KZnK2ULr+eDXJ0BRY0blP0GyGK/ER0SZmRHJ4
if4j9BF0v8UL8yc1j88kF55M48cOOzStg2AfZFJzVRqDd6fOhIb00sLogF1+1wY6
3mBH1a0lljqszyiK4h/4Lj72d0lMjZykrJgphpalLsS0Sg1Dae3HucLLHAuYGbSN
1xo0ceDbEpZdivD4XUEWcwYF3KQ6XL3ZzdkzlElJcbv5CfAnXIGzoPiFuWeK58d8
oKC+IzdHiYtHXSUe3bAsk4d+9D44AbEvPNOIFEPXhPrwgiEfDBG6t2z3awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUPXEUq6jtIBmQLsVtwnE+eAZkcMB8GA1UdIwQY
MBaAFNQjpb5eIcpGBzKuSPOFo+oVCivhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2It
ZDk0NzY2NjU3NTVhLzEvOVE5Y1JTcnFPMGdHWkF1eFczQ2NUNTRCbVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9hM2UzYmItZmQ5Zi00MDQyLWIyY2ItZDk0NzY2NjU3NTVh
LzEvMUNPbHZsNGh5a1lITXE1STg0V2o2aFVLSy1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUR+AMA0G
CSqGSIb3DQEBCwUAA4IBAQCYDsHajPiUU33A4tiYgodKvKTvTflUZjU7+WzsScXV
RPikDP5EI/VYtNXTUYAT+bGJH05qI8hIcYPWROSfk0Gt8pZVysMMGnb3q/P8FZ8F
+ItbRPTttCBdDcYIcdmynL8fL12dVTkO/kzm+IIniGvD43D2hThLY3PdTam8biwz
PVwVcWGYlwSNzF47a7oCFSYPO8eW1Mq/MU1eEi9Ishtvjvc+thUGxbDyrKDDSZ0F
aLKhtfnAaYuUp++vlx2kb9pXb5iU1dEfwiA+gH9zAex/GyRoBUl1Xaf9psQXFOH4
5cc1bN9AJPNqXDh2U666Ggo0TmQ1h1g+w1qTbWVCGyvn
-----END CERTIFICATE-----