Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IoC_y5rKz7BckDmBNZFlOuIXfXQ.roa
File:                     IoC_y5rKz7BckDmBNZFlOuIXfXQ.roa (raw, json)
Hash identifier:          TNpbEcGgqU8yKeA425oSzGoAxEWs4bleKZR202lAuTY=
Subject key identifier:   22:80:BF:CB:9A:CA:CF:B0:5C:90:39:81:35:91:65:3A:E2:17:7D:74
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0198BF3F2A4B1A8AB1C6C029C07D05CD6689
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IoC_y5rKz7BckDmBNZFlOuIXfXQ.roa
Signing time:             Mon 18 Aug 2025 22:14:04 +0000
ROA not before:           Mon 18 Aug 2025 22:14:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203511
IP address blocks:        45.94.171.0/24 maxlen: 24
                          45.151.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:3f:2a:4b:1a:8a:b1:c6:c0:29:c0:7d:05:cd:66:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Aug 18 22:14:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2280bfcb9acacfb05c9039813591653ae2177d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:27:0a:50:47:75:0e:ed:b4:b2:8f:83:da:2a:
                    e1:10:d5:5a:0f:4d:ed:cc:33:b0:4f:74:30:b8:54:
                    e1:53:93:fc:2b:9c:56:3a:9f:8e:13:68:82:7a:b9:
                    53:3d:02:0a:2f:0e:d9:e6:38:1f:04:e8:1a:b3:45:
                    4d:65:e7:2d:62:ab:7d:ba:19:62:bf:d2:04:15:18:
                    6e:53:c5:f8:e9:95:b5:d1:c0:ea:23:a7:c7:4e:f7:
                    24:5e:94:0e:b7:93:a4:26:de:27:1f:99:b7:38:df:
                    b0:92:5d:ef:6d:03:b9:45:91:0d:be:38:2e:3c:be:
                    f6:c2:5c:25:bc:39:50:4c:b3:38:be:01:3a:6f:37:
                    f9:3f:f2:0c:a2:98:19:84:ba:fa:5d:c3:ca:55:ab:
                    a1:b0:08:b3:bb:a9:18:d0:2f:86:67:c0:1d:b9:89:
                    b4:51:59:4d:ec:38:fa:d3:ab:c3:74:b1:4d:a9:14:
                    ef:1f:f5:97:4b:4b:66:d7:e9:7d:a7:4b:f4:50:9d:
                    e9:42:7c:d3:53:58:b7:0d:58:69:c7:c8:ec:8c:e1:
                    2d:74:25:1f:dd:7d:37:6f:33:cf:cc:cc:f0:2b:06:
                    dd:75:1c:0c:94:8a:4b:06:91:e8:22:6c:7b:61:01:
                    f1:8b:d4:2f:27:25:03:1c:1a:bd:f2:e9:87:0d:3e:
                    0a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:80:BF:CB:9A:CA:CF:B0:5C:90:39:81:35:91:65:3A:E2:17:7D:74
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IoC_y5rKz7BckDmBNZFlOuIXfXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.171.0/24
                  45.151.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:2c:16:ab:3f:86:fb:31:cc:f5:c0:31:57:b8:b8:f5:d6:46:
         30:bc:10:f5:93:15:bc:f7:cd:12:94:62:ca:a6:ea:97:7c:f8:
         31:3d:c3:d8:f8:b3:7a:f2:e0:44:5d:59:68:ea:68:1a:89:1c:
         ed:3f:d6:10:f7:d0:de:78:09:f4:61:fb:18:7a:d5:80:d2:8d:
         9e:10:0b:7b:d2:10:0a:fa:34:41:13:d1:22:ff:3b:d6:24:8d:
         24:35:4f:a0:fe:6b:e2:ae:29:a6:9b:ac:f1:6f:47:48:d7:a9:
         27:50:f6:92:0b:e0:53:fd:d2:a9:7e:94:97:d2:68:62:70:03:
         60:78:03:51:d0:fa:94:cc:b2:6d:fe:a9:ce:ca:6a:ad:7f:0c:
         2a:33:4a:94:d3:50:59:3d:02:dd:17:94:bd:be:62:0c:84:ef:
         bd:20:24:81:40:ea:fd:25:4d:79:0f:5b:ad:85:07:6e:1e:61:
         3d:3b:d0:44:6e:0e:c4:8c:bd:4b:46:d1:18:78:0c:e5:1a:4e:
         b6:97:f7:34:74:2a:81:50:23:f2:74:8e:04:ed:04:bf:d9:08:
         c4:79:b9:3d:bb:48:21:92:be:3a:d2:70:2f:76:d2:db:25:ea:
         0b:64:59:31:53:e2:9e:ab:c6:0f:2a:07:84:f5:46:03:42:92:
         d6:93:64:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZi/PypLGoqxxsApwH0FzWaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwODE4MjIxNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjgwYmZjYjlhY2FjZmIwNWM5MDM5ODEzNTkxNjUzYWUyMTc3ZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCcKUEd1Du20so+D2irhENVaD03t
zDOwT3QwuFThU5P8K5xWOp+OE2iCerlTPQIKLw7Z5jgfBOgas0VNZectYqt9uhli
v9IEFRhuU8X46ZW10cDqI6fHTvckXpQOt5OkJt4nH5m3ON+wkl3vbQO5RZENvjgu
PL72wlwlvDlQTLM4vgE6bzf5P/IMopgZhLr6XcPKVauhsAizu6kY0C+GZ8AduYm0
UVlN7Dj606vDdLFNqRTvH/WXS0tm1+l9p0v0UJ3pQnzTU1i3DVhpx8jsjOEtdCUf
3X03bzPPzMzwKwbddRwMlIpLBpHoImx7YQHxi9QvJyUDHBq98umHDT4KjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCKAv8uays+wXJA5gTWRZTriF310MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvSW9DX3k1ckt6N0Jja0RtQk5aRmxPdUlYZlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV6rAwQA
LZcCMA0GCSqGSIb3DQEBCwUAA4IBAQAvLBarP4b7Mcz1wDFXuLj11kYwvBD1kxW8
980SlGLKpuqXfPgxPcPY+LN68uBEXVlo6mgaiRztP9YQ99DeeAn0YfsYetWA0o2e
EAt70hAK+jRBE9Ei/zvWJI0kNU+g/mvirimmm6zxb0dI16knUPaSC+BT/dKpfpSX
0mhicANgeANR0PqUzLJt/qnOymqtfwwqM0qU01BZPQLdF5S9vmIMhO+9ICSBQOr9
JU15D1uthQduHmE9O9BEbg7EjL1LRtEYeAzlGk62l/c0dCqBUCPydI4E7QS/2QjE
ebk9u0ghkr460nAvdtLbJeoLZFkxU+Keq8YPKgeE9UYDQpLWk2S+
-----END CERTIFICATE-----