Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/2f4605-356a-4af6-b15d-c42f9abf1477/1/9-T9tTEpFFagDxBNkX4Bbf2UnDM.roa
File:                     9-T9tTEpFFagDxBNkX4Bbf2UnDM.roa (raw, json)
Hash identifier:          G5P+io7+nluFSPyZaIxd4Qa6X2iCyWaqgj9ylJYiWn8=
Subject key identifier:   F7:E4:FD:B5:31:29:14:56:A0:0F:10:4D:91:7E:01:6D:FD:94:9C:33
Certificate issuer:       /CN=973bec33ae738c98958819c6c13bb335ee34ab4c
Certificate serial:       01966C9D9BA5CFCCD1A9CB28338D6392E15B
Authority key identifier: 97:3B:EC:33:AE:73:8C:98:95:88:19:C6:C1:3B:B3:35:EE:34:AB:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lzvsM65zjJiViBnGwTuzNe40q0w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/2f4605-356a-4af6-b15d-c42f9abf1477/1/9-T9tTEpFFagDxBNkX4Bbf2UnDM.roa
Signing time:             Fri 25 Apr 2025 11:03:10 +0000
ROA not before:           Fri 25 Apr 2025 11:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        147.78.226.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/2f4605-356a-4af6-b15d-c42f9abf1477/1/lzvsM65zjJiViBnGwTuzNe40q0w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/2f4605-356a-4af6-b15d-c42f9abf1477/1/lzvsM65zjJiViBnGwTuzNe40q0w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lzvsM65zjJiViBnGwTuzNe40q0w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:9d:9b:a5:cf:cc:d1:a9:cb:28:33:8d:63:92:e1:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=973bec33ae738c98958819c6c13bb335ee34ab4c
        Validity
            Not Before: Apr 25 11:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7e4fdb531291456a00f104d917e016dfd949c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:eb:ad:9b:24:e0:8a:90:7b:a5:12:c8:08:e5:
                    30:5f:6e:40:5b:de:87:cf:87:4e:30:d1:91:1f:cf:
                    b9:1b:bd:49:05:a2:db:63:33:62:07:7c:d3:bf:3a:
                    19:f2:6e:69:98:ec:61:64:00:5e:3b:5b:ff:c4:fb:
                    31:3e:f9:11:73:0c:ef:d4:8e:85:34:2d:35:7a:f4:
                    52:b7:90:43:02:c4:88:5e:09:26:8a:e1:d9:8f:70:
                    39:77:41:86:06:00:7d:26:4c:2f:7a:19:04:b7:19:
                    47:6b:f5:16:aa:33:47:44:0d:6c:a2:2d:ca:af:db:
                    50:6b:5d:df:1a:38:cd:4d:c6:7d:6d:a5:cb:e1:2b:
                    14:3c:2c:ef:67:7e:31:49:9d:cf:35:84:8e:77:34:
                    e6:b0:3b:c8:c5:7e:bb:e2:64:ca:dd:1d:05:e3:12:
                    c0:5c:13:12:c6:ad:65:7a:7f:ef:03:99:5a:0a:5e:
                    10:9a:53:13:56:81:8d:64:60:ea:7e:db:79:6e:33:
                    2e:e9:10:63:5b:05:ab:1a:d2:40:a7:87:0b:33:15:
                    48:24:44:bc:f8:2c:40:0c:59:72:28:d5:7f:f9:3d:
                    92:3c:70:4f:aa:9f:ff:22:4a:21:60:28:e1:a2:00:
                    d5:4c:1e:e4:9f:c9:df:a4:4d:ae:09:f8:22:eb:50:
                    ef:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:E4:FD:B5:31:29:14:56:A0:0F:10:4D:91:7E:01:6D:FD:94:9C:33
            X509v3 Authority Key Identifier:
                keyid:97:3B:EC:33:AE:73:8C:98:95:88:19:C6:C1:3B:B3:35:EE:34:AB:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lzvsM65zjJiViBnGwTuzNe40q0w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2f4605-356a-4af6-b15d-c42f9abf1477/1/9-T9tTEpFFagDxBNkX4Bbf2UnDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/2f4605-356a-4af6-b15d-c42f9abf1477/1/lzvsM65zjJiViBnGwTuzNe40q0w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:29:5e:8e:0d:ae:b4:34:aa:c5:03:d3:c5:3b:c5:01:60:6a:
         2b:0f:13:d7:08:4b:d1:0c:29:40:44:63:39:88:72:be:09:49:
         00:f0:86:b7:26:74:a2:dc:81:73:b8:d2:68:62:5c:5a:e6:26:
         fe:ef:13:70:d6:8c:07:f1:00:b6:e7:27:40:9c:8f:bd:a2:7d:
         ac:fd:54:48:e3:63:ce:ef:7e:7d:8a:9e:c5:f7:80:25:86:09:
         99:5d:f7:a6:49:5a:84:5f:c6:32:2d:6d:37:3b:e2:7a:21:e1:
         72:f9:64:28:e1:99:49:de:59:f0:92:fc:26:da:4a:3f:72:84:
         d0:53:83:2c:de:5b:ec:56:ac:0c:71:73:b5:dc:ef:f7:ca:8f:
         07:1e:03:e6:23:e1:82:32:98:c7:67:05:94:08:ac:cd:a2:f4:
         51:25:ec:82:fa:57:6f:c4:0a:c8:71:87:03:74:70:41:ed:42:
         2f:df:d8:4c:80:47:a6:5e:a8:48:0c:98:ab:e2:ae:3a:4c:3f:
         86:60:2b:dd:a8:d9:4e:b4:63:a1:95:06:3e:35:61:34:51:14:
         19:46:37:b4:20:bb:a2:5e:81:bb:72:b7:6e:99:8b:d6:b9:c5:
         a1:da:a5:e0:1b:6d:34:b4:fc:2d:ad:4c:6a:cd:e1:30:a2:0b:
         04:b0:ba:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsnZulz8zRqcsoM41jkuFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3M2JlYzMzYWU3MzhjOTg5NTg4MTljNmMxM2JiMzM1ZWUz
NGFiNGMwHhcNMjUwNDI1MTEwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2U0ZmRiNTMxMjkxNDU2YTAwZjEwNGQ5MTdlMDE2ZGZkOTQ5YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOutmyTgipB7pRLICOUwX25AW96H
z4dOMNGRH8+5G71JBaLbYzNiB3zTvzoZ8m5pmOxhZABeO1v/xPsxPvkRcwzv1I6F
NC01evRSt5BDAsSIXgkmiuHZj3A5d0GGBgB9JkwvehkEtxlHa/UWqjNHRA1soi3K
r9tQa13fGjjNTcZ9baXL4SsUPCzvZ34xSZ3PNYSOdzTmsDvIxX674mTK3R0F4xLA
XBMSxq1len/vA5laCl4QmlMTVoGNZGDqftt5bjMu6RBjWwWrGtJAp4cLMxVIJES8
+CxADFlyKNV/+T2SPHBPqp//IkohYCjhogDVTB7kn8nfpE2uCfgi61DvlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfk/bUxKRRWoA8QTZF+AW39lJwzMB8GA1UdIwQY
MBaAFJc77DOuc4yYlYgZxsE7szXuNKtMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHp2c002NXpqSmlWaUJuR3dUdXpOZTQwcTB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8yZjQ2MDUtMzU2YS00YWY2LWIxNWQt
YzQyZjlhYmYxNDc3LzEvOS1UOXRURXBGRmFnRHhCTmtYNEJiZjJVbkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8yZjQ2MDUtMzU2YS00YWY2LWIxNWQtYzQyZjlhYmYxNDc3
LzEvbHp2c002NXpqSmlWaUJuR3dUdXpOZTQwcTB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk07iMA0G
CSqGSIb3DQEBCwUAA4IBAQBuKV6ODa60NKrFA9PFO8UBYGorDxPXCEvRDClARGM5
iHK+CUkA8Ia3JnSi3IFzuNJoYlxa5ib+7xNw1owH8QC25ydAnI+9on2s/VRI42PO
7359ip7F94AlhgmZXfemSVqEX8YyLW03O+J6IeFy+WQo4ZlJ3lnwkvwm2ko/coTQ
U4Ms3lvsVqwMcXO13O/3yo8HHgPmI+GCMpjHZwWUCKzNovRRJeyC+ldvxArIcYcD
dHBB7UIv39hMgEemXqhIDJir4q46TD+GYCvdqNlOtGOhlQY+NWE0URQZRje0ILui
XoG7crdumYvWucWh2qXgG200tPwtrUxqzeEwogsEsLqM
-----END CERTIFICATE-----