Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/5P9D1_sOY4955MR12YMuvtk1p2A.roa
File:                     5P9D1_sOY4955MR12YMuvtk1p2A.roa (raw, json)
Hash identifier:          Kh8/PTBPB/+ZM2djl/y51v9q6Hia4qFb/I9mrYzMrjA=
Subject key identifier:   E4:FF:43:D7:FB:0E:63:8F:79:E4:C4:75:D9:83:2E:BE:D9:35:A7:60
Certificate issuer:       /CN=1913cb4856821d14cd2e0b767c2931a22c154e7c
Certificate serial:       019783430812BB9AE0D423EE4ACE685A3A88
Authority key identifier: 19:13:CB:48:56:82:1D:14:CD:2E:0B:76:7C:29:31:A2:2C:15:4E:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GRPLSFaCHRTNLgt2fCkxoiwVTnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/5P9D1_sOY4955MR12YMuvtk1p2A.roa
Signing time:             Wed 18 Jun 2025 13:38:17 +0000
ROA not before:           Wed 18 Jun 2025 13:38:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196655
IP address blocks:        109.68.128.0/21 maxlen: 21
                          178.22.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/GRPLSFaCHRTNLgt2fCkxoiwVTnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/GRPLSFaCHRTNLgt2fCkxoiwVTnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GRPLSFaCHRTNLgt2fCkxoiwVTnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:83:43:08:12:bb:9a:e0:d4:23:ee:4a:ce:68:5a:3a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1913cb4856821d14cd2e0b767c2931a22c154e7c
        Validity
            Not Before: Jun 18 13:38:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4ff43d7fb0e638f79e4c475d9832ebed935a760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:0c:b9:a6:64:6c:e2:70:ec:c7:7d:63:aa:1d:
                    9a:e0:71:e6:93:24:a2:60:37:e8:48:44:d4:8f:d8:
                    b9:14:4b:75:ad:a6:50:6d:79:36:39:77:fc:1b:6d:
                    76:2b:34:4a:40:91:c4:62:29:0e:61:34:90:98:7e:
                    74:f2:68:d3:b6:1f:3d:98:f5:d5:3e:29:74:e1:bb:
                    df:fe:b1:b0:fd:75:7c:bf:15:c0:bc:1f:a2:2c:b5:
                    e6:9b:71:22:b8:7c:8d:e3:67:26:0b:fb:6f:5c:3d:
                    2f:b7:08:43:a4:49:da:0b:ad:bb:37:57:27:cb:f8:
                    10:b6:a0:a2:ac:b9:8d:de:8a:9d:08:a0:5a:b4:86:
                    eb:06:1c:6d:7c:78:f7:eb:ca:92:17:24:95:7d:8b:
                    d3:bf:89:50:33:dd:a2:3c:8b:99:98:9d:62:1b:5b:
                    fd:69:88:f3:1c:52:86:33:43:f6:a0:03:ca:bd:d7:
                    26:ae:6f:f0:e9:42:e1:d0:99:8a:34:67:b2:84:ed:
                    b5:d7:53:3f:dc:c4:62:99:94:ef:ba:d8:da:39:03:
                    9c:b0:cf:82:9e:f5:ca:e2:55:57:3a:71:07:98:89:
                    aa:db:dc:d5:4a:3c:66:f7:9d:fb:d4:3c:f0:6f:40:
                    66:35:bf:39:fd:63:0f:20:a0:23:71:ba:3f:a5:aa:
                    cd:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:FF:43:D7:FB:0E:63:8F:79:E4:C4:75:D9:83:2E:BE:D9:35:A7:60
            X509v3 Authority Key Identifier:
                keyid:19:13:CB:48:56:82:1D:14:CD:2E:0B:76:7C:29:31:A2:2C:15:4E:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GRPLSFaCHRTNLgt2fCkxoiwVTnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/5P9D1_sOY4955MR12YMuvtk1p2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/1977de-1df4-404c-9da9-0779df1dd64d/1/GRPLSFaCHRTNLgt2fCkxoiwVTnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.68.128.0/21
                  178.22.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1c:e7:45:3c:e5:31:9d:45:ea:f0:ab:0f:e4:c6:24:3f:84:3f:
         66:26:de:1e:e9:8a:6b:35:0c:58:0f:9e:bb:07:ba:5e:39:98:
         74:d0:cd:8a:b1:47:5b:f9:70:98:f2:95:9f:d0:db:75:e1:7a:
         08:86:1c:dd:9b:a7:6d:d1:f0:9c:cf:49:77:d3:f9:18:00:08:
         2a:60:59:4b:ee:10:75:b8:60:8d:29:e9:60:cb:0a:2b:c7:24:
         8b:1f:8d:14:13:df:3d:8a:e4:ab:f1:f1:cb:fb:82:00:c7:02:
         1b:07:b4:f4:55:3c:c5:e6:54:5b:a3:77:41:ff:eb:54:0a:0b:
         e8:1c:8c:bc:f7:46:62:84:5c:f5:fe:19:a0:f6:44:13:5f:4d:
         91:9a:17:20:66:ef:a3:99:6f:bb:24:ac:9d:d1:49:a7:13:d8:
         aa:0f:fe:0d:f4:8c:b4:71:ea:37:22:e0:e8:7d:f7:1a:b7:5c:
         c0:f7:fe:90:0b:7a:f7:17:7e:78:d6:2a:82:f2:5a:9c:f6:8f:
         0f:21:b0:15:ea:60:c0:f4:81:90:ca:d3:33:52:ff:94:41:0a:
         70:4b:91:ac:7f:b9:05:bf:43:41:e4:ea:5c:bf:1e:0f:3c:9e:
         90:1b:4b:97:51:8b:29:33:9d:1f:90:e6:52:f3:9a:d3:3c:96:
         1a:dc:f7:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeDQwgSu5rg1CPuSs5oWjqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MTNjYjQ4NTY4MjFkMTRjZDJlMGI3NjdjMjkzMWEyMmMx
NTRlN2MwHhcNMjUwNjE4MTMzODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGZmNDNkN2ZiMGU2MzhmNzllNGM0NzVkOTgzMmViZWQ5MzVhNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAy5pmRs4nDsx31jqh2a4HHmkySi
YDfoSETUj9i5FEt1raZQbXk2OXf8G212KzRKQJHEYikOYTSQmH508mjTth89mPXV
Pil04bvf/rGw/XV8vxXAvB+iLLXmm3EiuHyN42cmC/tvXD0vtwhDpEnaC627N1cn
y/gQtqCirLmN3oqdCKBatIbrBhxtfHj368qSFySVfYvTv4lQM92iPIuZmJ1iG1v9
aYjzHFKGM0P2oAPKvdcmrm/w6ULh0JmKNGeyhO2111M/3MRimZTvutjaOQOcsM+C
nvXK4lVXOnEHmImq29zVSjxm95371Dzwb0BmNb85/WMPIKAjcbo/parN9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOT/Q9f7DmOPeeTEddmDLr7ZNadgMB8GA1UdIwQY
MBaAFBkTy0hWgh0UzS4LdnwpMaIsFU58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1JQTFNGYUNIUlROTGd0MmZDa3hvaXdWVG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS8xOTc3ZGUtMWRmNC00MDRjLTlkYTkt
MDc3OWRmMWRkNjRkLzEvNVA5RDFfc09ZNDk1NU1SMTJZTXV2dGsxcDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS8xOTc3ZGUtMWRmNC00MDRjLTlkYTktMDc3OWRmMWRkNjRk
LzEvR1JQTFNGYUNIUlROTGd0MmZDa3hvaXdWVG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbUSAAwQD
shYQMA0GCSqGSIb3DQEBCwUAA4IBAQAc50U85TGdRerwqw/kxiQ/hD9mJt4e6Ypr
NQxYD567B7peOZh00M2KsUdb+XCY8pWf0Nt14XoIhhzdm6dt0fCcz0l30/kYAAgq
YFlL7hB1uGCNKelgyworxySLH40UE989iuSr8fHL+4IAxwIbB7T0VTzF5lRbo3dB
/+tUCgvoHIy890ZihFz1/hmg9kQTX02RmhcgZu+jmW+7JKyd0UmnE9iqD/4N9Iy0
ceo3IuDoffcat1zA9/6QC3r3F3541iqC8lqc9o8PIbAV6mDA9IGQytMzUv+UQQpw
S5Gsf7kFv0NB5Opcvx4PPJ6QG0uXUYspM50fkOZS85rTPJYa3Pcm
-----END CERTIFICATE-----