Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/SOWcqaYhZ7YX4OOHhJe96In9itw.roa
File:                     SOWcqaYhZ7YX4OOHhJe96In9itw.roa (raw, json)
Hash identifier:          UaSEArJ4Ty/99oB9k6ZnmXrGKJLGr0L+yE1xo+K6dEg=
Subject key identifier:   48:E5:9C:A9:A6:21:67:B6:17:E0:E3:87:84:97:BD:E8:89:FD:8A:DC
Certificate issuer:       /CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
Certificate serial:       0196356788847330AB765868592E5551A55C
Authority key identifier: D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/SOWcqaYhZ7YX4OOHhJe96In9itw.roa
Signing time:             Mon 14 Apr 2025 17:44:59 +0000
ROA not before:           Mon 14 Apr 2025 17:44:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44901
IP address blocks:        104.160.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:35:67:88:84:73:30:ab:76:58:68:59:2e:55:51:a5:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
        Validity
            Not Before: Apr 14 17:44:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48e59ca9a62167b617e0e3878497bde889fd8adc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:89:d9:e1:79:cb:f5:64:b3:06:74:bf:48:fa:
                    99:cc:cc:13:1c:3b:0e:df:92:fc:1d:c4:52:d1:8c:
                    36:a0:47:9e:04:85:b4:b1:e4:72:f3:56:55:43:8a:
                    87:0c:13:ae:61:a4:19:15:42:f9:8c:9d:ac:f1:4a:
                    6b:4e:f3:0c:54:69:2d:a3:0a:b5:71:a2:38:eb:b0:
                    14:79:42:80:94:96:d7:d4:9f:4c:98:33:d6:50:3b:
                    6e:e1:86:00:fe:87:91:d4:cc:ed:2e:9b:c6:f7:be:
                    06:3e:5c:e9:bd:71:65:90:d1:20:c8:55:9b:14:fc:
                    b7:43:bf:02:7d:66:d8:87:8b:a1:d9:f3:ce:53:a5:
                    cd:d2:ea:41:82:a4:c9:59:31:bf:68:9a:53:60:cb:
                    59:90:07:85:e7:8a:20:37:62:14:19:27:1b:9a:98:
                    5f:18:54:fb:32:b0:11:9a:56:b5:7a:b7:a7:1b:c9:
                    74:6a:54:6b:3d:64:d3:11:e4:b9:b6:e2:4e:65:74:
                    f2:b3:56:73:69:09:eb:85:ad:ef:3e:1e:ae:98:c5:
                    e0:7f:03:56:00:27:f9:08:3f:60:d1:1a:29:f2:fe:
                    5c:d7:3d:58:23:3a:74:33:f9:8c:87:0a:9a:7b:ac:
                    25:7c:dc:2a:8b:02:7c:d5:70:ee:fe:e6:98:c4:bf:
                    64:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:E5:9C:A9:A6:21:67:B6:17:E0:E3:87:84:97:BD:E8:89:FD:8A:DC
            X509v3 Authority Key Identifier:
                keyid:D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/SOWcqaYhZ7YX4OOHhJe96In9itw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.160.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b7:e0:0b:07:ad:e5:1d:20:a2:39:ed:be:8f:72:be:32:d2:
         65:ab:ae:3f:a2:32:65:0d:bc:a6:30:5e:8e:b7:ad:aa:51:43:
         bb:60:9a:86:4f:8e:06:03:cb:07:32:7a:6b:69:c9:ad:62:fc:
         da:f8:9c:f6:b4:5c:5c:45:f0:9a:b2:97:78:e2:85:b3:81:49:
         7a:ff:8f:c1:00:d5:c5:46:3b:30:fe:a8:d5:a8:78:84:1a:48:
         16:b2:7f:45:4f:53:3f:26:d7:a7:0e:1c:7c:da:83:7a:6a:71:
         83:54:d8:b8:f9:05:b7:49:92:77:f6:e8:c6:1f:8e:9b:fe:7f:
         a6:32:a6:b8:f1:aa:32:f4:2f:5a:af:2b:40:51:8d:b2:73:cd:
         6f:da:05:5e:0c:0e:33:b4:c1:81:1c:f9:80:50:83:35:07:15:
         1b:9e:fe:3d:fa:e6:4d:d5:4d:88:3d:11:80:e3:df:0d:d4:d1:
         9f:fc:c6:74:cc:b2:32:22:34:6c:e0:0d:bd:96:95:47:a5:6b:
         08:b8:40:9b:60:d9:e3:63:48:2b:41:7e:77:f1:1d:f9:e6:e0:
         72:12:e8:6d:ec:b0:be:9b:0d:82:ab:d7:c2:d7:0f:47:61:7c:
         0f:88:29:14:ec:05:87:7c:ff:3a:ea:65:01:0a:8d:8f:15:48:
         ef:7a:56:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY1Z4iEczCrdlhoWS5VUaVcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmNiNDNjYTNjMGM1NzgxNmNlZTM2MDQ3OGQwY2Y4ODIy
MDdmZDIwHhcNMjUwNDE0MTc0NDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGU1OWNhOWE2MjE2N2I2MTdlMGUzODc4NDk3YmRlODg5ZmQ4YWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0onZ4XnL9WSzBnS/SPqZzMwTHDsO
35L8HcRS0Yw2oEeeBIW0seRy81ZVQ4qHDBOuYaQZFUL5jJ2s8UprTvMMVGktowq1
caI467AUeUKAlJbX1J9MmDPWUDtu4YYA/oeR1MztLpvG974GPlzpvXFlkNEgyFWb
FPy3Q78CfWbYh4uh2fPOU6XN0upBgqTJWTG/aJpTYMtZkAeF54ogN2IUGScbmphf
GFT7MrARmla1erenG8l0alRrPWTTEeS5tuJOZXTys1ZzaQnrha3vPh6umMXgfwNW
ACf5CD9g0Rop8v5c1z1YIzp0M/mMhwqae6wlfNwqiwJ81XDu/uaYxL9kDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEjlnKmmIWe2F+Djh4SXveiJ/YrcMB8GA1UdIwQY
MBaAFNgstDyjwMV4Fs7jYEeNDPiCIH/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAt
MTVmMTNlM2Y3ZDg1LzEvU09XY3FhWWhaN1lYNE9PSGhKZTk2SW45aXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAtMTVmMTNlM2Y3ZDg1
LzEvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaKAJMA0G
CSqGSIb3DQEBCwUAA4IBAQBzt+ALB63lHSCiOe2+j3K+MtJlq64/ojJlDbymMF6O
t62qUUO7YJqGT44GA8sHMnpracmtYvza+Jz2tFxcRfCaspd44oWzgUl6/4/BANXF
Rjsw/qjVqHiEGkgWsn9FT1M/JtenDhx82oN6anGDVNi4+QW3SZJ39ujGH46b/n+m
Mqa48aoy9C9arytAUY2yc81v2gVeDA4ztMGBHPmAUIM1BxUbnv49+uZN1U2IPRGA
498N1NGf/MZ0zLIyIjRs4A29lpVHpWsIuECbYNnjY0grQX538R355uByEuht7LC+
mw2Cq9fC1w9HYXwPiCkU7AWHfP866mUBCo2PFUjvelaU
-----END CERTIFICATE-----