Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/hfyAz_QYTue5Wbe5vJxSavU_6HY.roa
File:                     hfyAz_QYTue5Wbe5vJxSavU_6HY.roa (raw, json)
Hash identifier:          4N/5nYpUdCpyKpn/U/R7SrWZ90U5qc3XnEimDy5XhF0=
Subject key identifier:   85:FC:80:CF:F4:18:4E:E7:B9:59:B7:B9:BC:9C:52:6A:F5:3F:E8:76
Certificate issuer:       /CN=4413bdf4dc7435faf51ba934d65570f71c21731a
Certificate serial:       01978800CCD99F0E764159D1B603BFD574A0
Authority key identifier: 44:13:BD:F4:DC:74:35:FA:F5:1B:A9:34:D6:55:70:F7:1C:21:73:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/hfyAz_QYTue5Wbe5vJxSavU_6HY.roa
Signing time:             Thu 19 Jun 2025 11:44:03 +0000
ROA not before:           Thu 19 Jun 2025 11:44:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197075
IP address blocks:        45.131.238.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:00:cc:d9:9f:0e:76:41:59:d1:b6:03:bf:d5:74:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4413bdf4dc7435faf51ba934d65570f71c21731a
        Validity
            Not Before: Jun 19 11:44:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85fc80cff4184ee7b959b7b9bc9c526af53fe876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a2:42:5d:cb:15:ef:22:ae:43:c0:b5:db:61:
                    f8:e9:38:9f:a0:f0:cb:45:c9:f1:15:45:37:4d:17:
                    13:8e:6c:fc:29:65:da:a0:94:9c:bd:82:39:9b:f0:
                    a3:3a:d8:47:ad:40:4e:c6:9a:d8:a7:16:94:d4:73:
                    d8:ce:28:40:94:1c:72:93:c3:3c:57:63:6f:d3:a3:
                    96:cc:d8:75:36:73:9c:bf:92:75:67:d1:5a:24:1f:
                    b4:d4:38:b7:74:17:5d:38:3b:9a:7a:aa:a8:07:e1:
                    ed:b6:08:26:ce:27:fc:56:73:47:c6:0b:5f:a9:9d:
                    ab:78:ae:4c:98:7b:98:64:bf:74:1d:01:5f:ad:8d:
                    56:c3:e3:18:74:b2:8f:75:ad:86:e2:33:0d:04:cb:
                    6e:98:ee:69:0b:fe:36:0e:89:5e:09:a3:28:c0:11:
                    cc:10:2f:9b:86:1b:1f:c5:6e:1f:21:49:a9:35:07:
                    bd:96:a4:bd:10:73:07:eb:eb:4d:64:2f:17:eb:71:
                    5c:7e:27:41:90:48:00:8f:fe:72:30:43:5f:b0:df:
                    b5:02:e0:1e:2b:6f:3b:72:7b:90:a3:74:d1:4a:f2:
                    e2:5d:25:a6:ab:a1:61:21:dc:1f:37:14:01:c5:6c:
                    6a:37:da:61:24:56:57:98:37:67:30:bc:33:71:bd:
                    fa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:FC:80:CF:F4:18:4E:E7:B9:59:B7:B9:BC:9C:52:6A:F5:3F:E8:76
            X509v3 Authority Key Identifier:
                keyid:44:13:BD:F4:DC:74:35:FA:F5:1B:A9:34:D6:55:70:F7:1C:21:73:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/hfyAz_QYTue5Wbe5vJxSavU_6HY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:94:48:40:31:93:ae:8c:90:f1:25:9d:da:69:41:0f:4e:6a:
         0e:14:47:c1:0a:04:cd:48:28:f9:36:e7:77:1f:39:5d:85:b7:
         6c:7e:d1:3e:62:24:2c:72:a5:c9:3d:80:8e:6a:6f:8a:99:d7:
         76:12:e8:5f:82:15:79:ae:77:fa:15:46:01:e8:91:5b:32:10:
         43:5c:85:2b:71:fa:fd:90:27:87:ab:9e:ff:40:8d:2a:bb:c2:
         48:e2:21:38:17:89:38:b3:97:87:c9:dd:8c:23:c2:41:5b:45:
         36:cc:f6:df:21:12:65:da:99:ca:a1:f1:e5:c8:02:04:29:fc:
         4e:95:5d:df:b5:42:b9:b1:03:88:0f:45:f5:e5:d1:cf:3f:eb:
         33:08:9d:50:4f:27:c6:f4:b3:69:e6:b6:23:47:97:e3:bc:37:
         6b:2a:43:b2:15:99:fc:a9:ed:a1:0e:5a:6f:d2:97:b3:5c:52:
         f8:c5:f9:3a:f0:0e:08:11:f6:50:80:0f:f7:06:47:44:be:c3:
         17:9a:0f:67:5a:67:d0:54:aa:77:15:0f:5f:f7:cb:ed:71:11:
         43:c9:96:34:43:fa:92:c6:61:70:8f:da:37:6e:96:8f:9b:2f:
         27:8d:77:15:8d:58:5e:4a:28:cf:56:04:36:82:1e:86:a4:a5:
         3a:01:ad:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeIAMzZnw52QVnRtgO/1XSgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MTNiZGY0ZGM3NDM1ZmFmNTFiYTkzNGQ2NTU3MGY3MWMy
MTczMWEwHhcNMjUwNjE5MTE0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWZjODBjZmY0MTg0ZWU3Yjk1OWI3YjliYzljNTI2YWY1M2ZlODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraJCXcsV7yKuQ8C122H46TifoPDL
RcnxFUU3TRcTjmz8KWXaoJScvYI5m/CjOthHrUBOxprYpxaU1HPYzihAlBxyk8M8
V2Nv06OWzNh1NnOcv5J1Z9FaJB+01Di3dBddODuaeqqoB+Httggmzif8VnNHxgtf
qZ2reK5MmHuYZL90HQFfrY1Ww+MYdLKPda2G4jMNBMtumO5pC/42DoleCaMowBHM
EC+bhhsfxW4fIUmpNQe9lqS9EHMH6+tNZC8X63FcfidBkEgAj/5yMENfsN+1AuAe
K287cnuQo3TRSvLiXSWmq6FhIdwfNxQBxWxqN9phJFZXmDdnMLwzcb36HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIX8gM/0GE7nuVm3ubycUmr1P+h2MB8GA1UdIwQY
MBaAFEQTvfTcdDX69RupNNZVcPccIXMaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkJPOTlOeDBOZnIxRzZrMDFsVnc5eHdoY3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80N2FhMmYtNmI2Zi00ZWY1LTliOTkt
YmM5ZWNjMmFkYjQzLzEvaGZ5QXpfUVlUdWU1V2JlNXZKeFNhdlVfNkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80N2FhMmYtNmI2Zi00ZWY1LTliOTktYmM5ZWNjMmFkYjQz
LzEvUkJPOTlOeDBOZnIxRzZrMDFsVnc5eHdoY3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYPuMA0G
CSqGSIb3DQEBCwUAA4IBAQBjlEhAMZOujJDxJZ3aaUEPTmoOFEfBCgTNSCj5Nud3
HzldhbdsftE+YiQscqXJPYCOam+Kmdd2EuhfghV5rnf6FUYB6JFbMhBDXIUrcfr9
kCeHq57/QI0qu8JI4iE4F4k4s5eHyd2MI8JBW0U2zPbfIRJl2pnKofHlyAIEKfxO
lV3ftUK5sQOID0X15dHPP+szCJ1QTyfG9LNp5rYjR5fjvDdrKkOyFZn8qe2hDlpv
0pezXFL4xfk68A4IEfZQgA/3BkdEvsMXmg9nWmfQVKp3FQ9f98vtcRFDyZY0Q/qS
xmFwj9o3bpaPmy8njXcVjVheSijPVgQ2gh6GpKU6Aa2u
-----END CERTIFICATE-----