Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/2d84iaAy9peqMc8uPtiQJUVpqhA.roa
File:                     2d84iaAy9peqMc8uPtiQJUVpqhA.roa (raw, json)
Hash identifier:          XonhU7MQtuyMxgxQYBP6Y8GxbPwqjebSF5A8W+e+9Dk=
Subject key identifier:   D9:DF:38:89:A0:32:F6:97:AA:31:CF:2E:3E:D8:90:25:45:69:AA:10
Certificate issuer:       /CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
Certificate serial:       01967C67A94F577141058348CCAA65756767
Authority key identifier: 9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/2d84iaAy9peqMc8uPtiQJUVpqhA.roa
Signing time:             Mon 28 Apr 2025 12:38:10 +0000
ROA not before:           Mon 28 Apr 2025 12:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13121
IP address blocks:        213.169.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:67:a9:4f:57:71:41:05:83:48:cc:aa:65:75:67:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
        Validity
            Not Before: Apr 28 12:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9df3889a032f697aa31cf2e3ed890254569aa10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:5c:17:a6:51:09:64:e6:23:b1:bc:aa:79:9b:
                    63:5a:49:9a:2c:9c:c4:09:a2:a3:1b:7a:3f:e5:53:
                    7d:a8:8e:d9:5e:cd:5f:58:5b:2a:6c:79:4d:3b:81:
                    64:69:23:56:44:b3:a0:42:6f:02:10:90:b0:1e:df:
                    fe:54:c3:bf:37:3b:d5:e1:98:21:29:15:44:9d:91:
                    07:7f:a7:b4:a6:ce:18:46:71:5e:63:86:d5:c1:e6:
                    d1:af:11:fa:5d:b7:59:98:af:d9:0e:02:7f:3f:da:
                    de:72:6f:40:8d:7e:92:56:95:f9:6e:3a:8c:c6:7a:
                    f3:5b:83:8a:5c:32:02:e7:15:e1:7f:a1:38:19:b8:
                    6b:a6:b5:e2:f2:97:38:8f:78:be:5b:62:e4:82:44:
                    a9:4c:bb:0a:5e:ab:1b:20:93:23:2c:41:6f:15:c8:
                    4f:9b:76:b4:d6:35:c7:e7:16:75:75:8f:f8:4a:14:
                    00:02:6c:a7:95:74:61:fc:c5:56:d1:0b:3e:c1:68:
                    d3:56:98:27:55:da:8d:e0:59:50:9d:1b:2f:66:d8:
                    b3:b3:fb:80:73:11:7a:ea:a5:27:62:58:2c:bf:1f:
                    c6:2f:9a:86:27:89:53:38:3d:5d:05:b7:45:37:8b:
                    4b:02:4e:b8:22:ba:ff:e3:f6:b8:eb:a5:83:c9:58:
                    4e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DF:38:89:A0:32:F6:97:AA:31:CF:2E:3E:D8:90:25:45:69:AA:10
            X509v3 Authority Key Identifier:
                keyid:9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/2d84iaAy9peqMc8uPtiQJUVpqhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.169.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         db:20:40:5b:84:e4:d0:53:a7:cc:07:37:50:56:5d:03:e2:6b:
         75:46:c6:c7:44:91:17:a9:a8:9e:7d:af:3b:ab:31:4f:a8:79:
         de:a0:b9:e4:b4:bb:ff:16:3d:4e:c0:24:46:ea:c5:0a:78:85:
         99:95:23:49:8f:76:dc:a9:1a:1c:63:f8:91:4e:e2:5b:1c:78:
         d1:fc:56:77:b9:60:79:04:e7:d2:76:e0:65:d0:97:e2:09:9f:
         45:fb:49:e6:e4:d2:ae:ef:6f:4e:28:3a:bf:03:a8:ef:df:40:
         8e:2d:00:b7:28:e0:3f:39:51:e1:e1:83:8b:0e:9c:a9:11:8f:
         1f:83:06:1e:a6:c2:d6:ee:f3:85:d3:31:2a:bc:67:70:a7:ab:
         65:03:18:d8:9c:fc:a7:f7:ce:76:cc:80:19:b7:52:26:1a:af:
         74:22:9a:06:a0:80:f2:4d:35:96:4c:f5:83:1e:fb:d2:40:e5:
         6c:22:e2:f8:07:ec:01:81:bf:bb:fa:90:65:2d:84:9a:62:2b:
         7b:64:d4:ec:99:b8:bc:d5:04:1d:2f:62:15:d0:b6:ed:34:34:
         d1:53:20:af:94:65:d2:f3:db:69:4b:69:50:63:34:24:fa:ae:
         3c:84:2e:d5:f6:08:92:74:d7:1a:53:fc:e8:d0:68:b1:bb:ae:
         92:7c:a3:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8Z6lPV3FBBYNIzKpldWdnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOTg5YjM5OThlMTlmYzAwZjg2NzBjZjZjOWQ3NDAxNzE1
Y2YzNGYwHhcNMjUwNDI4MTIzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWRmMzg4OWEwMzJmNjk3YWEzMWNmMmUzZWQ4OTAyNTQ1NjlhYTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1wXplEJZOYjsbyqeZtjWkmaLJzE
CaKjG3o/5VN9qI7ZXs1fWFsqbHlNO4FkaSNWRLOgQm8CEJCwHt/+VMO/NzvV4Zgh
KRVEnZEHf6e0ps4YRnFeY4bVwebRrxH6XbdZmK/ZDgJ/P9recm9AjX6SVpX5bjqM
xnrzW4OKXDIC5xXhf6E4GbhrprXi8pc4j3i+W2LkgkSpTLsKXqsbIJMjLEFvFchP
m3a01jXH5xZ1dY/4ShQAAmynlXRh/MVW0Qs+wWjTVpgnVdqN4FlQnRsvZtizs/uA
cxF66qUnYlgsvx/GL5qGJ4lTOD1dBbdFN4tLAk64Irr/4/a466WDyVhO+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNnfOImgMvaXqjHPLj7YkCVFaaoQMB8GA1UdIwQY
MBaAFJ2YmzmY4Z/AD4Zwz2yddAFxXPNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2It
YzdjY2Q3OTQzMTA2LzEvMmQ4NGlhQXk5cGVxTWM4dVB0aVFKVVZwcWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2ItYzdjY2Q3OTQzMTA2
LzEvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQF1alAMA0G
CSqGSIb3DQEBCwUAA4IBAQDbIEBbhOTQU6fMBzdQVl0D4mt1RsbHRJEXqaiefa87
qzFPqHneoLnktLv/Fj1OwCRG6sUKeIWZlSNJj3bcqRocY/iRTuJbHHjR/FZ3uWB5
BOfSduBl0JfiCZ9F+0nm5NKu729OKDq/A6jv30COLQC3KOA/OVHh4YOLDpypEY8f
gwYepsLW7vOF0zEqvGdwp6tlAxjYnPyn9852zIAZt1ImGq90IpoGoIDyTTWWTPWD
HvvSQOVsIuL4B+wBgb+7+pBlLYSaYit7ZNTsmbi81QQdL2IV0LbtNDTRUyCvlGXS
89tpS2lQYzQk+q48hC7V9giSdNcaU/zo0Gixu66SfKPp
-----END CERTIFICATE-----