Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/9i8DjH71Ep8U9n2vVSWdpKwB5UA.roa
File:                     9i8DjH71Ep8U9n2vVSWdpKwB5UA.roa (raw, json)
Hash identifier:          fm2wqDwUiAhqNuk8l7rNQtkTwCk4cyJ8IN2iwk3dti0=
Subject key identifier:   F6:2F:03:8C:7E:F5:12:9F:14:F6:7D:AF:55:25:9D:A4:AC:01:E5:40
Certificate issuer:       /CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
Certificate serial:       01978DEC00DB7C57B8C24393387295B3574F
Authority key identifier: 32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/9i8DjH71Ep8U9n2vVSWdpKwB5UA.roa
Signing time:             Fri 20 Jun 2025 15:19:03 +0000
ROA not before:           Fri 20 Jun 2025 15:19:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204773
IP address blocks:        212.18.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8d:ec:00:db:7c:57:b8:c2:43:93:38:72:95:b3:57:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32c78eeef7acb451fc37575feb9114dfccc1cdfb
        Validity
            Not Before: Jun 20 15:19:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f62f038c7ef5129f14f67daf55259da4ac01e540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:99:b6:43:18:1d:11:a1:9a:f1:b5:a7:a7:64:
                    a0:5c:40:4f:58:96:b4:2b:c2:e8:91:9a:b5:96:7e:
                    17:5e:8b:f2:b9:59:b7:47:1e:d6:d0:e5:2e:44:3b:
                    bb:44:95:50:4a:7a:26:4e:df:4b:7e:38:2d:d2:59:
                    29:e2:71:b9:ee:6b:6f:13:ab:28:f2:16:f5:f3:7c:
                    84:a9:45:a2:31:e3:73:52:bf:c6:4c:1a:43:fd:27:
                    4b:cb:bf:f1:10:84:83:5c:8d:67:92:4b:9e:c9:86:
                    98:ef:c3:58:09:77:08:a1:1f:7d:c4:7d:ae:79:13:
                    ff:52:bf:86:41:1a:06:bb:c4:9a:cd:ab:91:8f:b1:
                    98:b8:0f:aa:e2:23:33:52:2e:03:2a:83:ac:13:d7:
                    32:a0:ac:5e:bc:57:76:6e:88:8b:19:d4:ce:04:77:
                    96:1c:ce:a3:90:db:c5:a3:01:25:c7:ca:26:13:28:
                    6c:54:d3:a9:85:91:ea:59:17:26:65:d5:73:07:23:
                    b2:aa:c3:f1:e4:68:a4:f4:a0:4c:e7:fe:0d:52:c5:
                    cb:b0:63:7d:9d:14:cb:38:21:43:ca:0d:38:0d:d4:
                    0a:1f:70:cf:88:90:05:d9:a1:a6:c4:e5:d9:46:94:
                    88:69:4d:f2:a6:d3:23:df:a8:b4:c6:d9:4c:7d:2b:
                    1b:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:2F:03:8C:7E:F5:12:9F:14:F6:7D:AF:55:25:9D:A4:AC:01:E5:40
            X509v3 Authority Key Identifier:
                keyid:32:C7:8E:EE:F7:AC:B4:51:FC:37:57:5F:EB:91:14:DF:CC:C1:CD:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MseO7vestFH8N1df65EU38zBzfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/9i8DjH71Ep8U9n2vVSWdpKwB5UA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/225bcb-6d3d-4c0e-824f-2f1c8e408b64/1/MseO7vestFH8N1df65EU38zBzfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.18.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:14:58:e2:27:67:42:4f:a0:84:ce:00:66:50:44:59:53:32:
         cb:16:e1:ae:01:a5:e8:26:7d:de:78:df:6b:a0:a3:67:4a:9e:
         04:64:6b:ed:49:50:6b:2d:79:b7:11:a2:de:0c:28:b2:88:3d:
         bf:f6:52:10:68:31:f6:62:48:94:77:2d:55:84:1c:91:d1:04:
         fa:72:11:94:a0:5c:18:e8:7f:61:0e:29:12:8a:e0:ce:b8:b6:
         df:9c:ee:c2:2a:21:37:7b:d3:1c:b5:26:49:4a:db:ff:1a:e6:
         4e:46:23:de:35:dc:4b:bc:51:63:1c:95:ae:f3:11:66:66:ee:
         a1:ba:b6:a0:7e:96:f4:11:af:d4:7d:a7:e3:7d:ef:54:5e:5d:
         8d:10:1a:87:c2:80:25:4f:0d:0e:fe:94:20:f8:4f:d1:99:4a:
         6e:44:e4:70:7c:d1:73:c6:ab:f4:54:ca:b1:da:84:c0:95:ab:
         e3:41:8f:65:8f:fd:0b:b1:94:d9:07:df:3e:11:69:d0:8a:db:
         0c:e3:ea:59:c0:61:86:2e:f3:c4:68:ee:2f:80:1f:76:9e:42:
         72:8e:99:ff:74:6c:8a:43:b8:cf:06:e3:b8:bc:64:6a:d1:9a:
         a7:84:bd:01:2f:91:ac:cc:73:e4:3e:3c:ea:43:e2:fe:55:ea:
         c9:b3:38:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeN7ADbfFe4wkOTOHKVs1dPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzc4ZWVlZjdhY2I0NTFmYzM3NTc1ZmViOTExNGRmY2Nj
MWNkZmIwHhcNMjUwNjIwMTUxOTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjJmMDM4YzdlZjUxMjlmMTRmNjdkYWY1NTI1OWRhNGFjMDFlNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5m2QxgdEaGa8bWnp2SgXEBPWJa0
K8LokZq1ln4XXovyuVm3Rx7W0OUuRDu7RJVQSnomTt9Lfjgt0lkp4nG57mtvE6so
8hb183yEqUWiMeNzUr/GTBpD/SdLy7/xEISDXI1nkkueyYaY78NYCXcIoR99xH2u
eRP/Ur+GQRoGu8SazauRj7GYuA+q4iMzUi4DKoOsE9cyoKxevFd2boiLGdTOBHeW
HM6jkNvFowElx8omEyhsVNOphZHqWRcmZdVzByOyqsPx5Gik9KBM5/4NUsXLsGN9
nRTLOCFDyg04DdQKH3DPiJAF2aGmxOXZRpSIaU3yptMj36i0xtlMfSsb7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYvA4x+9RKfFPZ9r1UlnaSsAeVAMB8GA1UdIwQY
MBaAFDLHju73rLRR/DdXX+uRFN/Mwc37MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYt
MmYxYzhlNDA4YjY0LzEvOWk4RGpINzFFcDhVOW4ydlZTV2RwS3dCNVVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yMjViY2ItNmQzZC00YzBlLTgyNGYtMmYxYzhlNDA4YjY0
LzEvTXNlTzd2ZXN0Rkg4TjFkZjY1RVUzOHpCemZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1BJjMA0G
CSqGSIb3DQEBCwUAA4IBAQBqFFjiJ2dCT6CEzgBmUERZUzLLFuGuAaXoJn3eeN9r
oKNnSp4EZGvtSVBrLXm3EaLeDCiyiD2/9lIQaDH2YkiUdy1VhByR0QT6chGUoFwY
6H9hDikSiuDOuLbfnO7CKiE3e9MctSZJStv/GuZORiPeNdxLvFFjHJWu8xFmZu6h
uragfpb0Ea/Ufafjfe9UXl2NEBqHwoAlTw0O/pQg+E/RmUpuRORwfNFzxqv0VMqx
2oTAlavjQY9lj/0LsZTZB98+EWnQitsM4+pZwGGGLvPEaO4vgB92nkJyjpn/dGyK
Q7jPBuO4vGRq0ZqnhL0BL5GszHPkPjzqQ+L+VerJszjO
-----END CERTIFICATE-----