Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/IncQidH1EmOM3JDy5YVCBk0c4NE.roa
File:                     IncQidH1EmOM3JDy5YVCBk0c4NE.roa (raw, json)
Hash identifier:          nhq9/WaK4JTE9KAnd8mPqXQNZIF7TP9W57FIRXqjj1I=
Subject key identifier:   22:77:10:89:D1:F5:12:63:8C:DC:90:F2:E5:85:42:06:4D:1C:E0:D1
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       0198AE2A99D8C2781EE0ECDA1ED77CAFF7BA
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/IncQidH1EmOM3JDy5YVCBk0c4NE.roa
Signing time:             Fri 15 Aug 2025 14:38:04 +0000
ROA not before:           Fri 15 Aug 2025 14:38:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        45.134.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 00:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ae:2a:99:d8:c2:78:1e:e0:ec:da:1e:d7:7c:af:f7:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: Aug 15 14:38:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22771089d1f512638cdc90f2e58542064d1ce0d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:96:b1:b7:3d:88:26:17:69:48:28:57:a6:50:
                    20:d5:38:81:93:8d:fd:86:5b:2e:fd:44:1a:ba:77:
                    1c:db:7d:6c:7a:b4:1a:a3:62:54:ce:80:09:04:4b:
                    1f:37:12:e3:0a:66:7b:4d:77:f0:01:92:92:42:c2:
                    85:11:b8:d2:a0:32:cf:23:3d:53:fb:e0:9c:49:6e:
                    a9:c6:cb:c4:52:a7:26:ba:cd:1c:52:99:12:40:3b:
                    0d:9c:c6:23:51:0e:86:4b:ea:fe:9a:b7:5f:1b:3e:
                    c5:d2:15:df:fc:66:fa:1c:97:80:25:27:5d:b1:8e:
                    32:00:07:74:72:a9:f2:2e:d1:41:50:31:1b:e8:55:
                    2a:70:4f:49:a4:42:9e:03:81:67:33:93:43:b4:63:
                    17:af:a3:05:fb:3e:e9:bf:e1:b5:e0:cf:8e:a8:00:
                    81:a2:e4:8d:12:15:54:63:a6:2d:39:65:7d:b4:04:
                    92:41:59:13:69:be:d4:7d:71:ec:23:93:b0:e2:37:
                    a6:f3:9b:5f:bf:21:ed:31:08:a6:83:47:ea:bc:a3:
                    ac:eb:7d:34:3f:34:62:66:e3:2f:f2:0d:1e:61:df:
                    ee:66:6d:48:02:c0:81:89:88:a6:47:91:44:fe:95:
                    56:6f:92:af:2d:2b:e5:0e:a1:1b:da:0c:bd:e3:a1:
                    29:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:77:10:89:D1:F5:12:63:8C:DC:90:F2:E5:85:42:06:4D:1C:E0:D1
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/IncQidH1EmOM3JDy5YVCBk0c4NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:96:8a:d9:8f:f8:d0:4c:be:14:47:17:8e:ba:1b:21:82:7f:
         eb:d6:2a:bc:ac:df:8d:be:03:22:48:3f:92:e4:2c:67:21:52:
         12:e1:60:9b:a2:e4:e7:f3:47:86:ac:8e:60:b7:6e:8f:3e:83:
         41:5e:4b:cf:26:a0:fe:fb:db:3f:ac:0e:f0:8c:48:2a:eb:c5:
         bb:0d:d2:89:ba:14:e9:af:80:59:db:6e:09:53:55:da:10:e0:
         f7:76:c3:78:88:a2:b8:34:24:1e:47:5f:6d:f9:07:f0:55:8e:
         9f:31:56:0d:cf:50:4a:be:6d:e5:6b:39:2f:15:04:59:a0:f6:
         58:f3:62:0c:23:12:47:f3:b3:46:17:3f:3d:71:92:cf:d2:8a:
         82:2b:f2:9a:ef:6a:0b:e2:f0:de:79:db:ab:86:a6:ec:fa:8f:
         0a:e9:e2:a7:c3:58:e0:57:dc:ed:3b:f6:02:24:a3:a8:67:68:
         83:2c:86:fb:84:0f:80:90:bc:2a:a5:28:68:02:89:a3:c4:b1:
         93:6e:9f:aa:2c:b1:86:3d:40:e5:4e:e9:22:25:c8:c1:b2:fe:
         d2:29:b3:c9:aa:3f:c8:d2:5f:96:6c:28:68:18:50:a5:c1:3a:
         40:dc:e5:a0:ac:0d:8c:65:52:20:bf:21:7e:fa:23:d3:fb:e8:
         39:c3:65:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiuKpnYwnge4OzaHtd8r/e6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjUwODE1MTQzODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjc3MTA4OWQxZjUxMjYzOGNkYzkwZjJlNTg1NDIwNjRkMWNlMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZaxtz2IJhdpSChXplAg1TiBk439
hlsu/UQauncc231serQao2JUzoAJBEsfNxLjCmZ7TXfwAZKSQsKFEbjSoDLPIz1T
++CcSW6pxsvEUqcmus0cUpkSQDsNnMYjUQ6GS+r+mrdfGz7F0hXf/Gb6HJeAJSdd
sY4yAAd0cqnyLtFBUDEb6FUqcE9JpEKeA4FnM5NDtGMXr6MF+z7pv+G14M+OqACB
ouSNEhVUY6YtOWV9tASSQVkTab7UfXHsI5Ow4jem85tfvyHtMQimg0fqvKOs6300
PzRiZuMv8g0eYd/uZm1IAsCBiYimR5FE/pVWb5KvLSvlDqEb2gy946EpIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJ3EInR9RJjjNyQ8uWFQgZNHODRMB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvSW5jUWlkSDFFbU9NM0pEeTVZVkNCazBjNE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYYIMA0G
CSqGSIb3DQEBCwUAA4IBAQBzlorZj/jQTL4URxeOuhshgn/r1iq8rN+NvgMiSD+S
5CxnIVIS4WCbouTn80eGrI5gt26PPoNBXkvPJqD++9s/rA7wjEgq68W7DdKJuhTp
r4BZ224JU1XaEOD3dsN4iKK4NCQeR19t+QfwVY6fMVYNz1BKvm3lazkvFQRZoPZY
82IMIxJH87NGFz89cZLP0oqCK/Ka72oL4vDeedurhqbs+o8K6eKnw1jgV9ztO/YC
JKOoZ2iDLIb7hA+AkLwqpShoAomjxLGTbp+qLLGGPUDlTukiJcjBsv7SKbPJqj/I
0l+WbChoGFClwTpA3OWgrA2MZVIgvyF++iPT++g5w2W8
-----END CERTIFICATE-----