Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/9ESb3nU5cbHcLFUhNEpqkvmhj_4.roa
File:                     9ESb3nU5cbHcLFUhNEpqkvmhj_4.roa (raw, json)
Hash identifier:          LHv33BgF/+ayoq8UGd9MWgrIjXrwU1xij1zgE5RnA6k=
Subject key identifier:   F4:44:9B:DE:75:39:71:B1:DC:2C:55:21:34:4A:6A:92:F9:A1:8F:FE
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019777E9267903CEBA0D4AE6720569C23DE2
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/9ESb3nU5cbHcLFUhNEpqkvmhj_4.roa
Signing time:             Mon 16 Jun 2025 08:44:17 +0000
ROA not before:           Mon 16 Jun 2025 08:44:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        80.246.225.0/24 maxlen: 24
                          80.246.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:77:e9:26:79:03:ce:ba:0d:4a:e6:72:05:69:c2:3d:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jun 16 08:44:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4449bde753971b1dc2c5521344a6a92f9a18ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8a:cb:2b:6f:6c:46:43:46:ab:8e:06:0c:c2:
                    07:30:e4:ab:9e:33:76:44:a1:02:ef:cd:a7:a0:1f:
                    ba:12:3a:2a:f2:e6:38:82:1a:ce:96:97:d3:a8:c0:
                    07:dd:40:31:45:0a:70:84:9c:ea:dc:aa:ac:f8:f7:
                    68:6e:d5:92:4d:1c:ae:dd:27:06:7c:1f:55:31:ea:
                    42:bb:58:9c:8f:7d:9c:e8:08:7f:e1:1b:26:9b:09:
                    a3:72:32:07:fb:a6:3a:e7:44:4b:15:05:7c:45:d6:
                    90:8e:2d:2f:ab:83:b2:57:c2:98:3e:22:db:7c:33:
                    f4:f2:fa:92:1a:b8:be:49:82:81:e6:65:3e:1b:74:
                    62:99:d9:7b:4f:63:f8:50:58:e7:a3:3e:30:ed:eb:
                    5f:26:0c:44:b9:1b:62:65:a8:57:ba:a9:2e:5b:ac:
                    ab:de:1a:92:21:95:53:ab:a8:75:51:88:73:99:44:
                    43:4c:db:eb:8f:36:7e:1b:c2:2b:4b:58:ac:7d:55:
                    c3:d5:f6:e6:5a:7a:a4:bb:45:95:f7:fd:0b:ab:38:
                    60:8f:ae:53:7a:3b:43:21:eb:07:46:18:d6:89:3c:
                    5d:f5:fb:bb:0a:bc:5d:33:09:56:30:e1:fe:09:fb:
                    1a:15:24:a2:d9:e7:ad:db:de:3a:a5:c2:af:33:fb:
                    2e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:44:9B:DE:75:39:71:B1:DC:2C:55:21:34:4A:6A:92:F9:A1:8F:FE
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/9ESb3nU5cbHcLFUhNEpqkvmhj_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.225.0/24
                  80.246.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:de:60:1a:dd:73:8f:fb:5c:68:cc:65:7c:55:36:58:eb:ef:
         82:7e:44:77:30:f5:9e:66:65:cd:26:70:16:6a:eb:ee:d6:02:
         f8:af:f6:93:ad:9d:8d:cc:7d:54:a5:e0:c2:3f:2d:26:39:00:
         9d:e1:26:3d:ae:b8:86:47:27:da:51:82:41:42:a9:db:a7:2d:
         c3:f2:68:98:2b:3d:b0:7f:66:52:1a:51:b7:4f:fc:7a:e0:19:
         13:da:8a:08:3b:15:b7:ee:e1:df:a0:94:d2:01:87:b3:01:69:
         33:cf:1c:6f:5d:46:f5:1d:51:c1:7c:a5:0e:1b:5b:30:37:da:
         7f:3a:f3:3e:65:c0:c9:6b:1b:b3:56:81:20:8e:f5:f3:31:df:
         71:b7:30:b0:69:a1:f4:fa:54:c8:b2:ce:bf:d9:d4:13:e1:9c:
         c4:9d:9d:7f:53:ea:9c:8d:b6:91:99:83:3d:64:5d:52:c0:56:
         3a:f3:93:be:62:85:03:ac:3e:f8:3d:f5:45:0a:aa:ea:2e:55:
         59:c4:10:eb:ad:6e:ef:29:a6:5f:66:6e:2f:6b:0d:4c:21:57:
         fc:62:d5:c7:24:18:c1:89:e5:be:a7:52:3d:79:a2:69:f8:49:
         fb:dc:92:30:fc:45:ef:ca:58:38:d0:b4:e9:9e:06:80:20:3e:
         70:1a:f9:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZd36SZ5A866DUrmcgVpwj3iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjUwNjE2MDg0NDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDQ0OWJkZTc1Mzk3MWIxZGMyYzU1MjEzNDRhNmE5MmY5YTE4ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIrLK29sRkNGq44GDMIHMOSrnjN2
RKEC782noB+6Ejoq8uY4ghrOlpfTqMAH3UAxRQpwhJzq3Kqs+PdobtWSTRyu3ScG
fB9VMepCu1icj32c6Ah/4RsmmwmjcjIH+6Y650RLFQV8RdaQji0vq4OyV8KYPiLb
fDP08vqSGri+SYKB5mU+G3Rimdl7T2P4UFjnoz4w7etfJgxEuRtiZahXuqkuW6yr
3hqSIZVTq6h1UYhzmURDTNvrjzZ+G8IrS1isfVXD1fbmWnqku0WV9/0Lqzhgj65T
ejtDIesHRhjWiTxd9fu7CrxdMwlWMOH+CfsaFSSi2eet2946pcKvM/sugwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPREm951OXGx3CxVITRKapL5oY/+MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvOUVTYjNuVTVjYkhjTEZVaE5FcHFrdm1oal80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPbhAwQA
UPbkMA0GCSqGSIb3DQEBCwUAA4IBAQCV3mAa3XOP+1xozGV8VTZY6++CfkR3MPWe
ZmXNJnAWauvu1gL4r/aTrZ2NzH1UpeDCPy0mOQCd4SY9rriGRyfaUYJBQqnbpy3D
8miYKz2wf2ZSGlG3T/x64BkT2ooIOxW37uHfoJTSAYezAWkzzxxvXUb1HVHBfKUO
G1swN9p/OvM+ZcDJaxuzVoEgjvXzMd9xtzCwaaH0+lTIss6/2dQT4ZzEnZ1/U+qc
jbaRmYM9ZF1SwFY685O+YoUDrD74PfVFCqrqLlVZxBDrrW7vKaZfZm4vaw1MIVf8
YtXHJBjBieW+p1I9eaJp+En73JIw/EXvylg40LTpngaAID5wGvmr
-----END CERTIFICATE-----