Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/19fe3b-0993-4178-8e94-9f67386249c2/1/2VMJ9WQikYFEDlDpOKmAjBWdjSA.roa
File:                     2VMJ9WQikYFEDlDpOKmAjBWdjSA.roa (raw, json)
Hash identifier:          KpcckScBja4+tcIOvGVtG8MssUZtxxse3N+i6aa0OUk=
Subject key identifier:   D9:53:09:F5:64:22:91:81:44:0E:50:E9:38:A9:80:8C:15:9D:8D:20
Certificate issuer:       /CN=8a53b450b7e7dc1a2d53cf69a5eb89a565d3913a
Certificate serial:       019909AB03E4B7DD1EF65B6AC2F5968F8290
Authority key identifier: 8A:53:B4:50:B7:E7:DC:1A:2D:53:CF:69:A5:EB:89:A5:65:D3:91:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ilO0ULfn3BotU89ppeuJpWXTkTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/19fe3b-0993-4178-8e94-9f67386249c2/1/2VMJ9WQikYFEDlDpOKmAjBWdjSA.roa
Signing time:             Tue 02 Sep 2025 09:03:46 +0000
ROA not before:           Tue 02 Sep 2025 09:03:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44090
IP address blocks:        2.57.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/19fe3b-0993-4178-8e94-9f67386249c2/1/ilO0ULfn3BotU89ppeuJpWXTkTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/19fe3b-0993-4178-8e94-9f67386249c2/1/ilO0ULfn3BotU89ppeuJpWXTkTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ilO0ULfn3BotU89ppeuJpWXTkTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:ab:03:e4:b7:dd:1e:f6:5b:6a:c2:f5:96:8f:82:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a53b450b7e7dc1a2d53cf69a5eb89a565d3913a
        Validity
            Not Before: Sep  2 09:03:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d95309f564229181440e50e938a9808c159d8d20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5b:85:78:a9:ba:fd:d5:d4:02:63:74:a4:9e:
                    92:1a:79:ef:cb:20:c2:40:d4:53:58:f2:41:5d:be:
                    82:02:21:9f:1c:67:6b:2f:15:b0:21:c8:08:91:c9:
                    5d:02:83:2a:0f:2b:4b:d4:4a:9c:22:91:fe:91:59:
                    5e:9a:a1:8d:cf:60:a0:0f:fe:17:19:2c:91:e8:54:
                    74:1d:f5:b1:e4:f5:60:9f:49:49:f3:f5:f8:8e:a5:
                    b3:56:08:5b:0e:86:2b:76:bd:13:3b:23:1d:24:a7:
                    a5:ce:70:14:dd:8e:67:52:de:1e:5d:c2:87:94:62:
                    93:03:f9:ad:bd:12:03:ae:95:f2:47:f7:f7:96:8f:
                    a8:c8:27:d9:2d:81:5d:50:0b:70:63:c0:2a:ac:8c:
                    8d:f4:c6:b4:8d:22:3a:cd:bc:94:ad:81:c5:d2:6c:
                    6b:be:16:40:61:53:fb:3b:c8:ad:85:a8:68:59:4f:
                    38:14:6f:bf:5b:5e:0a:b5:0d:7a:f0:93:77:ca:8d:
                    f3:0f:27:70:3b:4e:06:b8:43:6c:25:73:8c:f9:3f:
                    8a:9d:57:1a:c0:bc:4d:90:e7:e3:2d:2e:4d:c4:e1:
                    49:97:14:be:01:86:aa:90:dd:7c:0d:cd:7b:81:57:
                    f1:a3:09:ac:8d:b3:b6:75:6c:20:c4:46:ea:a2:24:
                    1c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:53:09:F5:64:22:91:81:44:0E:50:E9:38:A9:80:8C:15:9D:8D:20
            X509v3 Authority Key Identifier:
                keyid:8A:53:B4:50:B7:E7:DC:1A:2D:53:CF:69:A5:EB:89:A5:65:D3:91:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ilO0ULfn3BotU89ppeuJpWXTkTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/19fe3b-0993-4178-8e94-9f67386249c2/1/2VMJ9WQikYFEDlDpOKmAjBWdjSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/19fe3b-0993-4178-8e94-9f67386249c2/1/ilO0ULfn3BotU89ppeuJpWXTkTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:d9:bc:21:c2:65:4f:50:57:d7:34:a4:59:bd:9c:c4:54:3a:
         22:ad:ab:70:33:b2:5b:20:2f:66:73:c7:3d:e2:4d:65:c3:e8:
         21:5e:6f:96:41:a6:cf:55:18:e4:10:6d:93:21:b3:a3:6f:7c:
         b6:fc:9d:c1:f2:73:0d:03:82:33:09:28:41:e8:94:92:fe:38:
         0c:38:fe:75:87:2c:bf:10:81:d0:90:15:3e:e1:ba:c0:3c:a8:
         96:41:63:bc:d3:18:98:ba:b8:bf:96:1e:05:be:6b:2a:e2:45:
         8f:6b:d0:49:9f:0d:ed:92:1e:01:6a:9c:8b:68:f3:ad:05:74:
         c5:d9:6c:f6:9f:bd:07:39:0f:c5:ca:12:c5:ab:d5:0b:2f:3a:
         a8:f4:81:d8:8b:4e:83:03:fc:19:6e:70:5d:9f:ae:8d:f1:0a:
         01:0a:c7:5b:8c:bc:9e:92:9a:ce:62:bd:7b:ed:cb:d0:69:4c:
         98:38:e1:7d:c8:5a:00:0c:f2:f0:00:7c:d2:1b:a3:16:1b:5a:
         86:a8:ba:db:49:f0:06:62:8a:a3:5d:ed:bf:35:05:d4:0e:f7:
         6d:4a:0e:be:5d:f1:b5:31:c5:23:b2:fe:3b:86:22:2b:21:4f:
         1e:b2:61:02:8e:94:60:36:81:51:a1:f7:1f:81:4b:fe:08:4c:
         ec:84:17:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJqwPkt90e9ltqwvWWj4KQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNTNiNDUwYjdlN2RjMWEyZDUzY2Y2OWE1ZWI4OWE1NjVk
MzkxM2EwHhcNMjUwOTAyMDkwMzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTUzMDlmNTY0MjI5MTgxNDQwZTUwZTkzOGE5ODA4YzE1OWQ4ZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3FuFeKm6/dXUAmN0pJ6SGnnvyyDC
QNRTWPJBXb6CAiGfHGdrLxWwIcgIkcldAoMqDytL1EqcIpH+kVlemqGNz2CgD/4X
GSyR6FR0HfWx5PVgn0lJ8/X4jqWzVghbDoYrdr0TOyMdJKelznAU3Y5nUt4eXcKH
lGKTA/mtvRIDrpXyR/f3lo+oyCfZLYFdUAtwY8AqrIyN9Ma0jSI6zbyUrYHF0mxr
vhZAYVP7O8ithahoWU84FG+/W14KtQ168JN3yo3zDydwO04GuENsJXOM+T+KnVca
wLxNkOfjLS5NxOFJlxS+AYaqkN18Dc17gVfxowmsjbO2dWwgxEbqoiQcEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlTCfVkIpGBRA5Q6TipgIwVnY0gMB8GA1UdIwQY
MBaAFIpTtFC359waLVPPaaXriaVl05E6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWxPMFVMZm4zQm90VTg5cHBldUpwV1hUa1RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8xOWZlM2ItMDk5My00MTc4LThlOTQt
OWY2NzM4NjI0OWMyLzEvMlZNSjlXUWlrWUZFRGxEcE9LbUFqQldkalNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8xOWZlM2ItMDk5My00MTc4LThlOTQtOWY2NzM4NjI0OWMy
LzEvaWxPMFVMZm4zQm90VTg5cHBldUpwV1hUa1RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkDMA0G
CSqGSIb3DQEBCwUAA4IBAQBB2bwhwmVPUFfXNKRZvZzEVDoiratwM7JbIC9mc8c9
4k1lw+ghXm+WQabPVRjkEG2TIbOjb3y2/J3B8nMNA4IzCShB6JSS/jgMOP51hyy/
EIHQkBU+4brAPKiWQWO80xiYuri/lh4Fvmsq4kWPa9BJnw3tkh4BapyLaPOtBXTF
2Wz2n70HOQ/FyhLFq9ULLzqo9IHYi06DA/wZbnBdn66N8QoBCsdbjLyekprOYr17
7cvQaUyYOOF9yFoADPLwAHzSG6MWG1qGqLrbSfAGYoqjXe2/NQXUDvdtSg6+XfG1
McUjsv47hiIrIU8esmECjpRgNoFRofcfgUv+CEzshBeD
-----END CERTIFICATE-----