Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/r9AECsFfSl2im_ZX-xTBrlxOfD8.roa
File:                     r9AECsFfSl2im_ZX-xTBrlxOfD8.roa (raw, json)
Hash identifier:          ULicRE/3nxP/zcRYRZJBN8ZiMjtTPhQz8NjZ7TncWXU=
Subject key identifier:   AF:D0:04:0A:C1:5F:4A:5D:A2:9B:F6:57:FB:14:C1:AE:5C:4E:7C:3F
Certificate issuer:       /CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
Certificate serial:       0196CA029C09124E51F710787DE0887D8039
Authority key identifier: AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/r9AECsFfSl2im_ZX-xTBrlxOfD8.roa
Signing time:             Tue 13 May 2025 14:18:10 +0000
ROA not before:           Tue 13 May 2025 14:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215837
IP address blocks:        104.167.18.0/24 maxlen: 24
                          2a13:5682:400::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ca:02:9c:09:12:4e:51:f7:10:78:7d:e0:88:7d:80:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
        Validity
            Not Before: May 13 14:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afd0040ac15f4a5da29bf657fb14c1ae5c4e7c3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c2:dd:4b:9c:fb:77:79:e8:98:9c:f1:c7:05:
                    19:bd:c4:62:c7:1b:f2:4b:b9:e5:45:69:3b:a6:b8:
                    79:54:19:e9:9b:37:48:e2:b3:9a:2f:fd:9b:13:55:
                    67:bc:1c:57:55:bb:d4:cc:62:1a:dc:ad:41:4b:e4:
                    30:a2:83:9f:e7:64:3a:13:6b:14:d7:7c:b9:0e:ef:
                    b3:30:12:44:0e:22:b1:56:39:2d:b5:5e:e8:4d:6a:
                    de:0f:95:7a:86:1c:c3:e2:9f:fb:28:d3:63:a9:79:
                    22:a8:bb:06:b1:f0:03:0b:27:b6:07:f4:4c:f4:58:
                    36:db:47:9e:11:85:44:b6:1e:7e:2f:26:ee:1a:1b:
                    a4:f9:83:5f:d9:09:33:d6:ae:c7:24:58:80:38:e3:
                    25:3d:48:e2:17:f2:8e:82:7d:cd:a9:b3:3e:00:de:
                    68:86:91:60:1d:53:e2:ca:12:64:06:83:db:90:75:
                    65:78:b3:d7:dd:b9:27:c5:2d:f2:f3:ee:a5:b4:6d:
                    53:60:7f:6b:0b:de:ad:c1:40:77:34:0f:c9:96:50:
                    fa:8f:24:04:a0:f1:a9:54:fc:0b:5d:4f:e4:60:80:
                    d1:44:a2:24:c3:da:25:82:d4:3a:c1:ab:9f:7b:4f:
                    d8:0a:20:27:5c:f8:82:46:b7:6a:a3:33:ee:e9:96:
                    ce:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:D0:04:0A:C1:5F:4A:5D:A2:9B:F6:57:FB:14:C1:AE:5C:4E:7C:3F
            X509v3 Authority Key Identifier:
                keyid:AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/r9AECsFfSl2im_ZX-xTBrlxOfD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.18.0/24
                IPv6:
                  2a13:5682:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         00:8d:aa:5a:62:8e:5c:f8:4c:83:0f:cf:ca:e1:81:5c:cb:6d:
         65:97:5b:0e:8f:81:7e:28:ef:88:90:74:cb:96:0a:74:66:a7:
         96:36:aa:75:12:c3:ea:8e:04:36:06:a1:26:22:26:66:f1:1d:
         e7:6a:68:1d:86:cb:b7:1e:70:7a:95:5b:0f:7f:87:36:f0:5f:
         2a:95:7f:fc:99:3d:fd:b0:a5:fe:f9:c0:df:7d:31:fd:fa:64:
         af:02:fe:9a:c6:42:67:2f:26:30:52:7f:5b:cc:bf:33:99:4e:
         2d:b0:8b:74:0a:63:7a:0a:0a:dc:33:8b:2a:c2:34:f8:65:3f:
         49:cb:25:22:7a:20:69:4b:a0:e8:81:06:2f:ac:34:1a:f3:53:
         93:38:4e:70:f7:60:64:79:c5:70:12:c7:b6:33:d6:84:87:98:
         d6:92:9f:d1:01:9e:95:4d:2f:e9:7a:04:ed:44:0b:e4:c6:d2:
         20:2f:1b:42:c3:f8:11:c8:f9:f7:28:3f:d4:d2:75:df:1a:db:
         d4:fa:f2:62:5c:71:b8:e4:83:36:db:17:1b:a9:7d:dc:3f:d0:
         8e:9d:7f:c1:7d:c2:35:48:ab:8a:9d:86:c0:a1:9b:45:67:a0:
         7a:9b:58:7c:f0:14:d6:f4:d0:60:37:07:1b:4a:74:5e:88:35:
         b0:49:0a:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZbKApwJEk5R9xB4feCIfYA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZDg3YmJlZjU5NDM1NDZiMmE4M2QzMWVjMmI5OWFkODgz
ZDUxZDcwHhcNMjUwNTEzMTQxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQwMDQwYWMxNWY0YTVkYTI5YmY2NTdmYjE0YzFhZTVjNGU3YzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcLdS5z7d3nomJzxxwUZvcRixxvy
S7nlRWk7prh5VBnpmzdI4rOaL/2bE1VnvBxXVbvUzGIa3K1BS+QwooOf52Q6E2sU
13y5Du+zMBJEDiKxVjkttV7oTWreD5V6hhzD4p/7KNNjqXkiqLsGsfADCye2B/RM
9Fg220eeEYVEth5+LybuGhuk+YNf2Qkz1q7HJFiAOOMlPUjiF/KOgn3NqbM+AN5o
hpFgHVPiyhJkBoPbkHVleLPX3bknxS3y8+6ltG1TYH9rC96twUB3NA/JllD6jyQE
oPGpVPwLXU/kYIDRRKIkw9olgtQ6waufe0/YCiAnXPiCRrdqozPu6ZbO5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK/QBArBX0pdopv2V/sUwa5cTnw/MB8GA1UdIwQY
MBaAFKvYe771lDVGsqg9Mewrma2IPVHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYt
MmY1Yzc0YzY5YWUxLzEvcjlBRUNzRmZTbDJpbV9aWC14VEJybHhPZkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYtMmY1Yzc0YzY5YWUx
LzEvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAaKcSMA8E
AgACMAkDBwQqE1aCBAAwDQYJKoZIhvcNAQELBQADggEBAACNqlpijlz4TIMPz8rh
gVzLbWWXWw6PgX4o74iQdMuWCnRmp5Y2qnUSw+qOBDYGoSYiJmbxHedqaB2Gy7ce
cHqVWw9/hzbwXyqVf/yZPf2wpf75wN99Mf36ZK8C/prGQmcvJjBSf1vMvzOZTi2w
i3QKY3oKCtwziyrCNPhlP0nLJSJ6IGlLoOiBBi+sNBrzU5M4TnD3YGR5xXASx7Yz
1oSHmNaSn9EBnpVNL+l6BO1EC+TG0iAvG0LD+BHI+fcoP9TSdd8a29T68mJccbjk
gzbbFxupfdw/0I6df8F9wjVIq4qdhsChm0VnoHqbWHzwFNb00GA3BxtKdF6INbBJ
Cu8=
-----END CERTIFICATE-----