Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/xvh9WX4LrZNXDssIdHQ5xuma5CA.roa
File:                     xvh9WX4LrZNXDssIdHQ5xuma5CA.roa (raw, json)
Hash identifier:          7TpGMVMQYfbL6NKKcN/3u9AhymZrM5iKpza5nHx52Qk=
Subject key identifier:   C6:F8:7D:59:7E:0B:AD:93:57:0E:CB:08:74:74:39:C6:E9:9A:E4:20
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0198CC743511AB0FB0B505EA03F1670F5F37
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/xvh9WX4LrZNXDssIdHQ5xuma5CA.roa
Signing time:             Thu 21 Aug 2025 11:47:04 +0000
ROA not before:           Thu 21 Aug 2025 11:47:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215531
IP address blocks:        45.151.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cc:74:35:11:ab:0f:b0:b5:05:ea:03:f1:67:0f:5f:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Aug 21 11:47:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6f87d597e0bad93570ecb08747439c6e99ae420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:26:e2:93:28:24:e6:20:f3:9e:0a:78:05:ca:
                    86:b9:b8:f4:1e:93:86:55:64:e3:0a:e3:a7:81:da:
                    55:b3:4e:cb:73:4c:0e:18:f3:fe:44:b8:55:b6:c0:
                    70:56:c1:12:1d:25:7f:85:cf:d0:dd:3e:37:63:7d:
                    33:b9:f0:29:5e:47:92:80:f6:52:fe:a6:b9:4e:c6:
                    30:33:43:03:d4:02:4d:ec:af:bb:86:8c:95:79:33:
                    52:6d:7d:b3:a1:b8:8b:37:e2:b7:94:a7:11:6b:13:
                    14:b7:ca:8e:48:88:4c:a6:3e:bd:0c:58:61:24:97:
                    4c:3d:50:d2:e8:d8:a0:b6:6b:4d:7e:0f:a7:c0:4d:
                    51:2f:42:b6:5e:39:65:e1:73:23:cf:55:15:a7:9e:
                    bf:c1:21:79:55:45:cc:21:16:bd:74:a7:4a:6f:2d:
                    29:7c:fa:84:de:24:ca:ad:87:07:aa:f0:8d:47:b9:
                    14:a7:1b:60:bc:41:7f:b4:4d:15:97:3d:23:5f:ff:
                    ae:9f:eb:17:77:b5:4a:84:3f:1f:54:34:3d:01:c4:
                    19:05:bf:39:d0:76:e5:7f:0c:b5:79:46:b5:0a:c8:
                    c8:d2:49:27:63:af:e3:fa:38:b6:bb:dd:7e:c9:c3:
                    67:88:53:af:78:e0:99:33:69:51:af:76:b1:a9:17:
                    9c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:F8:7D:59:7E:0B:AD:93:57:0E:CB:08:74:74:39:C6:E9:9A:E4:20
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/xvh9WX4LrZNXDssIdHQ5xuma5CA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:2f:3f:e2:a1:56:b6:be:8a:b4:70:64:48:1a:22:a9:63:1b:
         ab:90:52:b3:5c:d5:90:34:e3:2c:0c:46:76:80:03:db:59:71:
         43:e2:97:7c:4c:19:58:66:d1:9c:a8:36:85:69:29:a0:0b:91:
         4e:58:f6:82:d9:ce:0e:30:58:99:b0:fc:e3:92:25:5a:84:62:
         ef:32:da:b4:a8:47:67:1d:c7:de:ef:21:cc:31:4c:27:d7:2a:
         94:3a:e3:ac:07:c8:af:1a:d2:b7:ee:7e:42:6f:49:4d:55:61:
         43:a2:40:c2:05:89:62:ec:ef:4d:23:dd:fd:8e:e1:ab:d7:58:
         dd:e6:ce:da:72:73:75:5b:ef:7b:dc:67:6e:cd:bc:cc:4d:2f:
         2a:3f:32:09:ea:5a:c0:79:b4:6e:86:eb:af:96:95:d8:97:65:
         59:2b:16:2c:53:d5:16:a8:fc:01:20:c9:18:d3:6b:5e:a1:cb:
         36:81:bf:b4:bd:c7:b2:a2:4a:21:ff:ea:d1:b3:eb:2b:44:ab:
         b2:24:38:37:2d:98:7c:d5:63:4a:7c:84:8e:6d:fa:ac:f1:09:
         97:06:60:4b:85:fc:19:b1:d7:96:45:50:cc:a8:73:b3:46:77:
         62:34:1e:93:7f:5c:bf:ed:55:4e:09:96:a6:fb:b1:bc:5e:8e:
         9a:54:49:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjMdDURqw+wtQXqA/FnD183MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwODIxMTE0NzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmY4N2Q1OTdlMGJhZDkzNTcwZWNiMDg3NDc0MzljNmU5OWFlNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSbikygk5iDzngp4BcqGubj0HpOG
VWTjCuOngdpVs07Lc0wOGPP+RLhVtsBwVsESHSV/hc/Q3T43Y30zufApXkeSgPZS
/qa5TsYwM0MD1AJN7K+7hoyVeTNSbX2zobiLN+K3lKcRaxMUt8qOSIhMpj69DFhh
JJdMPVDS6NigtmtNfg+nwE1RL0K2Xjll4XMjz1UVp56/wSF5VUXMIRa9dKdKby0p
fPqE3iTKrYcHqvCNR7kUpxtgvEF/tE0Vlz0jX/+un+sXd7VKhD8fVDQ9AcQZBb85
0Hblfwy1eUa1CsjI0kknY6/j+ji2u91+ycNniFOveOCZM2lRr3axqRecOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMb4fVl+C62TVw7LCHR0OcbpmuQgMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEveHZoOVdYNExyWk5YRHNzSWRIUTV4dW1hNUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZcDMA0G
CSqGSIb3DQEBCwUAA4IBAQCdLz/ioVa2voq0cGRIGiKpYxurkFKzXNWQNOMsDEZ2
gAPbWXFD4pd8TBlYZtGcqDaFaSmgC5FOWPaC2c4OMFiZsPzjkiVahGLvMtq0qEdn
Hcfe7yHMMUwn1yqUOuOsB8ivGtK37n5Cb0lNVWFDokDCBYli7O9NI939juGr11jd
5s7acnN1W+973GduzbzMTS8qPzIJ6lrAebRuhuuvlpXYl2VZKxYsU9UWqPwBIMkY
02teocs2gb+0vceyokoh/+rRs+srRKuyJDg3LZh81WNKfISObfqs8QmXBmBLhfwZ
sdeWRVDMqHOzRndiNB6Tf1y/7VVOCZam+7G8Xo6aVElX
-----END CERTIFICATE-----