Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/9xV6VM7xSpJvhZz3wJWNWBeL10k.roa
File:                     9xV6VM7xSpJvhZz3wJWNWBeL10k.roa (raw, json)
Hash identifier:          6ww/vl8MNj9BtICfJmSYBaO923KLClJNIhoHyGGOV2w=
Subject key identifier:   F7:15:7A:54:CE:F1:4A:92:6F:85:9C:F7:C0:95:8D:58:17:8B:D7:49
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       019892D0400D80480CA2F87C91AADE43B6D4
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/9xV6VM7xSpJvhZz3wJWNWBeL10k.roa
Signing time:             Sun 10 Aug 2025 07:09:37 +0000
ROA not before:           Sun 10 Aug 2025 07:09:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6672
IP address blocks:        37.202.8.0/21 maxlen: 21
                          2a02:9d8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 07:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:92:d0:40:0d:80:48:0c:a2:f8:7c:91:aa:de:43:b6:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Aug 10 07:09:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7157a54cef14a926f859cf7c0958d58178bd749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a6:a8:07:2a:f5:fc:8a:fd:bc:0b:01:6a:bd:
                    a9:0a:4e:3f:65:3e:64:2b:07:18:f8:d5:22:d0:6d:
                    7f:8c:07:14:f2:88:45:e4:a0:90:b7:bf:2e:ff:29:
                    f9:3b:03:38:fb:d5:d9:2e:ef:cf:07:b8:59:58:4e:
                    8a:bf:5a:fb:01:d7:6e:ce:d4:37:cd:04:87:d3:58:
                    fb:22:ed:64:63:ac:55:b6:75:4e:4c:19:33:1c:ca:
                    69:66:27:b4:b1:5c:6b:87:41:ea:f2:c8:af:47:26:
                    25:83:db:fe:1c:f9:48:88:a4:20:00:50:9e:b2:5f:
                    cf:1a:16:cf:29:9d:16:c4:13:5e:b8:ac:14:0f:e8:
                    64:05:11:42:0f:d2:02:2f:bf:ea:af:66:e8:d8:e4:
                    6d:c8:c1:85:4e:19:3f:a1:81:b6:d0:61:2c:56:ca:
                    4c:25:9c:f1:73:40:86:48:a6:b3:c3:c4:8f:a5:63:
                    3f:85:0d:b9:69:37:5f:1a:ce:c7:55:10:d6:a0:91:
                    60:54:1d:21:22:90:3d:2a:ba:c1:b2:28:1a:b2:bb:
                    1d:90:57:e0:1e:25:2a:d1:81:b5:5d:bb:5b:ec:fb:
                    23:f9:0e:cb:9b:d0:3f:50:d9:53:83:05:56:54:5d:
                    97:8d:55:f9:e3:fe:b1:88:f0:f1:4a:61:8e:70:72:
                    80:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:15:7A:54:CE:F1:4A:92:6F:85:9C:F7:C0:95:8D:58:17:8B:D7:49
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/9xV6VM7xSpJvhZz3wJWNWBeL10k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.8.0/21
                IPv6:
                  2a02:9d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:50:39:1e:b8:6d:f5:de:61:37:fe:17:34:05:6f:b0:c1:2c:
         38:77:17:c1:ea:bb:72:1f:37:37:1c:b3:5b:10:4c:ed:0c:24:
         e3:ad:3f:3a:ae:89:c2:51:e2:a2:ff:83:90:7d:a7:1d:94:c8:
         72:fb:41:da:91:bf:2e:f9:e2:27:22:fa:bf:1a:47:f0:e4:93:
         ff:d7:e7:54:27:c0:e7:43:1b:55:72:90:f1:58:3e:e3:a3:31:
         7d:3d:5f:24:0e:65:93:06:44:ea:d3:a7:27:c0:91:eb:7d:23:
         88:89:64:63:50:9c:44:bf:4c:6b:30:f1:eb:6a:f6:1c:b6:ec:
         db:74:8b:b5:b0:2d:8a:d5:b2:17:40:65:7d:89:d4:5d:53:ba:
         25:9b:f0:24:d6:35:09:38:a2:57:48:10:5a:98:d9:86:ec:43:
         c9:69:7b:70:f2:64:2e:92:97:53:bd:63:19:cd:05:68:2b:34:
         34:38:88:a2:59:50:c6:c2:1c:b3:c5:67:2e:ce:d4:76:4a:5e:
         cb:25:1d:09:37:92:42:9e:12:c8:49:54:9b:15:fe:0e:c2:c8:
         4d:75:3f:80:2f:1d:02:d2:58:1c:51:6a:ce:20:09:25:73:99:
         ce:7c:94:b3:07:17:77:5a:7c:88:39:c1:ae:25:e6:6c:65:9f:
         44:57:ec:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZiS0EANgEgMovh8kareQ7bUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUwODEwMDcwOTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzE1N2E1NGNlZjE0YTkyNmY4NTljZjdjMDk1OGQ1ODE3OGJkNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqaoByr1/Ir9vAsBar2pCk4/ZT5k
KwcY+NUi0G1/jAcU8ohF5KCQt78u/yn5OwM4+9XZLu/PB7hZWE6Kv1r7AdduztQ3
zQSH01j7Iu1kY6xVtnVOTBkzHMppZie0sVxrh0Hq8sivRyYlg9v+HPlIiKQgAFCe
sl/PGhbPKZ0WxBNeuKwUD+hkBRFCD9ICL7/qr2bo2ORtyMGFThk/oYG20GEsVspM
JZzxc0CGSKazw8SPpWM/hQ25aTdfGs7HVRDWoJFgVB0hIpA9KrrBsigasrsdkFfg
HiUq0YG1Xbtb7Psj+Q7Lm9A/UNlTgwVWVF2XjVX54/6xiPDxSmGOcHKA6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPcVelTO8UqSb4Wc98CVjVgXi9dJMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvOXhWNlZNN3hTcEp2aFp6M3dKV05XQmVMMTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDJcoIMA0E
AgACMAcDBQAqAgnYMA0GCSqGSIb3DQEBCwUAA4IBAQBRUDkeuG313mE3/hc0BW+w
wSw4dxfB6rtyHzc3HLNbEEztDCTjrT86ronCUeKi/4OQfacdlMhy+0Hakb8u+eIn
Ivq/Gkfw5JP/1+dUJ8DnQxtVcpDxWD7jozF9PV8kDmWTBkTq06cnwJHrfSOIiWRj
UJxEv0xrMPHravYctuzbdIu1sC2K1bIXQGV9idRdU7olm/Ak1jUJOKJXSBBamNmG
7EPJaXtw8mQukpdTvWMZzQVoKzQ0OIiiWVDGwhyzxWcuztR2Sl7LJR0JN5JCnhLI
SVSbFf4OwshNdT+ALx0C0lgcUWrOIAklc5nOfJSzBxd3WnyIOcGuJeZsZZ9EV+y0
-----END CERTIFICATE-----