Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/G9V0_3PniurzJh6A1TvaXZTvjjU.roa
File:                     G9V0_3PniurzJh6A1TvaXZTvjjU.roa (raw, json)
Hash identifier:          gKd4jMBi1ZJt+VNYE4nQZFZrfxQcP16toyOjiYpdACQ=
Subject key identifier:   1B:D5:74:FF:73:E7:8A:EA:F3:26:1E:80:D5:3B:DA:5D:94:EF:8E:35
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       0196F29159B19B2626D2C968A96EF49D348B
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/G9V0_3PniurzJh6A1TvaXZTvjjU.roa
Signing time:             Wed 21 May 2025 11:18:53 +0000
ROA not before:           Wed 21 May 2025 11:18:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205111
IP address blocks:        213.161.74.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 01:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f2:91:59:b1:9b:26:26:d2:c9:68:a9:6e:f4:9d:34:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: May 21 11:18:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bd574ff73e78aeaf3261e80d53bda5d94ef8e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d8:20:a9:bd:a0:f8:d9:9c:e3:19:21:76:e3:
                    47:88:d4:cb:26:a8:6b:be:3e:c7:f1:80:5c:d8:9f:
                    58:1e:f7:b3:0e:26:05:44:8c:79:7d:cf:9a:a3:bb:
                    f1:63:52:a7:43:8e:67:94:be:e0:18:ff:c0:25:0d:
                    bf:88:71:65:88:0b:c7:c8:42:04:48:6b:ab:31:5a:
                    e9:17:02:fb:df:67:df:56:66:f4:5f:dc:56:82:72:
                    cb:96:71:ce:53:30:ad:d1:15:60:1e:5b:eb:18:1f:
                    91:82:e1:22:11:5d:6c:a3:41:38:d4:b9:d5:0f:02:
                    8c:ab:b7:0e:4c:01:e1:73:6a:42:88:68:df:e6:dd:
                    2d:3f:54:1d:c4:d3:37:31:35:db:e7:e0:72:59:d9:
                    08:70:ed:1b:c4:40:9a:32:f3:4b:13:81:a7:39:83:
                    ac:ef:97:63:e3:fb:b3:0f:26:17:b8:a4:cb:8e:5d:
                    2c:9a:d3:91:4e:3e:dd:58:6f:01:ba:0b:b6:4d:70:
                    ca:22:11:91:2e:4c:a9:89:41:5a:1f:e4:fc:01:58:
                    10:dd:d0:8b:3f:4b:83:95:1d:3b:1c:78:1c:e0:9c:
                    10:b9:84:bc:65:83:1e:53:3a:ea:ea:61:91:25:1f:
                    e5:90:1d:29:38:63:f4:0d:19:f7:76:bf:d0:47:43:
                    43:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D5:74:FF:73:E7:8A:EA:F3:26:1E:80:D5:3B:DA:5D:94:EF:8E:35
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/G9V0_3PniurzJh6A1TvaXZTvjjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.161.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3c:31:93:33:3f:d3:1c:fa:e2:b3:be:6e:d2:cf:58:2a:9f:10:
         5c:a0:f0:29:41:66:80:a2:a7:77:36:b7:1d:c5:70:1b:0c:03:
         b0:57:54:a6:7c:b4:77:b0:ba:a9:89:77:4f:fa:a7:29:bd:49:
         b0:84:31:e3:bc:07:b1:f2:bd:ed:9d:e2:64:8c:de:d1:a0:c5:
         ad:f1:a0:67:20:24:70:04:0a:20:4e:de:e7:35:85:e7:6e:f3:
         f3:dd:cc:d9:ce:e5:b2:5e:30:67:be:56:d5:93:1b:cf:7b:99:
         82:65:e4:61:47:8b:23:05:6a:0f:29:93:30:65:26:c9:cf:b5:
         6b:85:65:0f:6a:28:ab:a7:c7:c8:5b:6e:f7:f2:67:cd:2e:f0:
         13:28:c5:30:ac:ad:76:df:03:98:c7:f5:fc:b6:89:bf:45:44:
         0c:ee:bd:89:a4:29:9b:d0:17:ac:11:33:7e:dd:c8:1a:3a:1f:
         f6:00:c3:56:47:5a:ba:46:0a:5f:02:f4:99:0a:4e:51:22:89:
         3c:9d:cf:72:2b:53:72:a5:99:d6:b2:db:8a:30:f8:1b:72:93:
         c9:d7:46:0a:f1:3c:2c:c2:41:a2:32:36:03:4a:8a:d5:63:d1:
         f3:5b:5e:ec:38:d5:97:7a:c8:cb:e5:5e:10:93:aa:73:2a:47:
         1f:df:f5:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbykVmxmyYm0sloqW70nTSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjUwNTIxMTExODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQ1NzRmZjczZTc4YWVhZjMyNjFlODBkNTNiZGE1ZDk0ZWY4ZTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstggqb2g+Nmc4xkhduNHiNTLJqhr
vj7H8YBc2J9YHvezDiYFRIx5fc+ao7vxY1KnQ45nlL7gGP/AJQ2/iHFliAvHyEIE
SGurMVrpFwL732ffVmb0X9xWgnLLlnHOUzCt0RVgHlvrGB+RguEiEV1so0E41LnV
DwKMq7cOTAHhc2pCiGjf5t0tP1QdxNM3MTXb5+ByWdkIcO0bxECaMvNLE4GnOYOs
75dj4/uzDyYXuKTLjl0smtORTj7dWG8Bugu2TXDKIhGRLkypiUFaH+T8AVgQ3dCL
P0uDlR07HHgc4JwQuYS8ZYMeUzrq6mGRJR/lkB0pOGP0DRn3dr/QR0ND4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvVdP9z54rq8yYegNU72l2U7441MB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvRzlWMF8zUG5pdXJ6Smg2QTFUdmFYWlR2ampVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1aFKMA0G
CSqGSIb3DQEBCwUAA4IBAQA8MZMzP9Mc+uKzvm7Sz1gqnxBcoPApQWaAoqd3Nrcd
xXAbDAOwV1SmfLR3sLqpiXdP+qcpvUmwhDHjvAex8r3tneJkjN7RoMWt8aBnICRw
BAogTt7nNYXnbvPz3czZzuWyXjBnvlbVkxvPe5mCZeRhR4sjBWoPKZMwZSbJz7Vr
hWUPaiirp8fIW2738mfNLvATKMUwrK123wOYx/X8tom/RUQM7r2JpCmb0BesETN+
3cgaOh/2AMNWR1q6RgpfAvSZCk5RIok8nc9yK1NypZnWstuKMPgbcpPJ10YK8Tws
wkGiMjYDSorVY9HzW17sONWXesjL5V4Qk6pzKkcf3/VZ
-----END CERTIFICATE-----