Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/RvXB7TupJSt9FEkzNNElWKNqWuk.roa
File:                     RvXB7TupJSt9FEkzNNElWKNqWuk.roa (raw, json)
Hash identifier:          yijhlw1vumObJvF+OXDbjNPPtftfHa2fND852vV46Co=
Subject key identifier:   46:F5:C1:ED:3B:A9:25:2B:7D:14:49:33:34:D1:25:58:A3:6A:5A:E9
Certificate issuer:       /CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
Certificate serial:       0199DD68839E13AB5B6B0B4B8030B2951F43
Authority key identifier: 9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/RvXB7TupJSt9FEkzNNElWKNqWuk.roa
Signing time:             Mon 13 Oct 2025 11:50:38 +0000
ROA not before:           Mon 13 Oct 2025 11:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208526
IP address blocks:        45.131.124.0/24 maxlen: 24
                          45.131.125.0/24 maxlen: 24
                          45.131.126.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:68:83:9e:13:ab:5b:6b:0b:4b:80:30:b2:95:1f:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cf608ffadf600081ee922298e4b2ae96aff48e8
        Validity
            Not Before: Oct 13 11:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46f5c1ed3ba9252b7d14493334d12558a36a5ae9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6d:0d:79:ad:6e:41:50:54:02:5f:7f:fb:a6:
                    46:68:1e:39:00:8f:6c:98:96:df:87:72:f6:4d:23:
                    0b:32:ff:b3:16:bb:ec:72:1f:63:84:8f:71:3b:1a:
                    b1:69:c2:91:80:56:3a:ee:01:b1:c5:d9:79:b8:d3:
                    87:6a:9f:c5:01:d9:2f:fb:c8:1a:70:98:32:55:d9:
                    3a:c2:33:e4:37:0c:15:64:04:53:90:37:4e:44:0c:
                    14:1b:7d:91:4e:99:e7:6d:ac:2d:e0:fd:9b:f7:e9:
                    41:dc:a8:77:48:52:43:47:36:2f:e7:d2:10:43:1c:
                    f2:b8:98:8d:8c:d2:8a:30:fb:2a:b2:07:b0:61:e9:
                    53:c9:dd:42:1e:6c:ac:a3:ec:b6:49:03:14:70:f4:
                    29:d5:2e:6f:f9:72:45:7c:0f:c6:ae:9a:07:dc:b9:
                    33:bb:02:b2:58:92:cf:f5:59:79:6b:61:af:ea:10:
                    2e:a3:0e:fd:89:14:77:50:a4:be:49:17:de:b1:98:
                    5c:72:d4:05:2e:2a:97:7f:ce:fa:96:ad:8d:e6:d9:
                    6d:e0:62:e0:20:cb:8d:64:90:c7:94:a6:fa:58:96:
                    12:24:1b:6e:a6:6a:bc:6f:ac:0a:b8:b2:d0:00:0b:
                    33:dc:12:67:24:c2:f7:b6:0e:51:d2:67:49:0c:c5:
                    92:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F5:C1:ED:3B:A9:25:2B:7D:14:49:33:34:D1:25:58:A3:6A:5A:E9
            X509v3 Authority Key Identifier:
                keyid:9C:F6:08:FF:AD:F6:00:08:1E:E9:22:29:8E:4B:2A:E9:6A:FF:48:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nPYI_632AAge6SIpjksq6Wr_SOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/RvXB7TupJSt9FEkzNNElWKNqWuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/d45f11-67c2-47a5-996c-891eb548b891/1/nPYI_632AAge6SIpjksq6Wr_SOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:65:4f:29:ca:6e:c8:4e:d7:e6:12:93:17:fe:de:9e:56:34:
         8b:38:2b:b0:c6:b2:56:4f:69:f3:8a:09:6d:73:5d:d9:d7:5e:
         cd:fc:b0:b9:ae:cc:d4:46:10:63:9f:cd:e0:10:96:37:a9:87:
         d0:3e:ac:4e:ba:11:fc:ce:94:80:80:68:42:d1:8a:42:ee:1d:
         9c:88:48:3d:aa:7f:cc:91:f3:b6:cc:d2:2e:02:49:b6:8a:39:
         84:5c:e0:7f:ae:9e:62:93:3a:03:3b:6f:b4:90:ae:85:08:18:
         69:b5:f0:8a:86:cb:7c:8a:50:dd:a2:02:57:57:1a:a2:02:79:
         b4:a7:1a:00:65:75:82:af:f1:24:3f:a2:13:8f:7f:53:cf:eb:
         80:f5:f3:76:10:db:47:f3:64:ca:8f:e0:c7:1f:51:1e:c3:11:
         38:a7:f0:c9:d9:a6:dc:66:6b:94:0f:09:43:8e:68:44:85:a5:
         88:62:91:6d:50:c7:ee:cd:79:cf:98:be:cd:4f:83:5e:7b:e2:
         7b:0c:0c:f1:92:8d:60:5a:30:03:c3:15:8e:ef:85:e0:db:03:
         3a:b8:f7:82:e9:83:3e:cc:8f:c3:ed:9b:21:65:60:c0:c8:5d:
         b6:0e:6a:09:26:70:8e:6d:72:04:3f:27:76:19:e0:b9:3c:60:
         e4:96:32:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZndaIOeE6tbawtLgDCylR9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZjYwOGZmYWRmNjAwMDgxZWU5MjIyOThlNGIyYWU5NmFm
ZjQ4ZTgwHhcNMjUxMDEzMTE1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmY1YzFlZDNiYTkyNTJiN2QxNDQ5MzMzNGQxMjU1OGEzNmE1YWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt20Nea1uQVBUAl9/+6ZGaB45AI9s
mJbfh3L2TSMLMv+zFrvsch9jhI9xOxqxacKRgFY67gGxxdl5uNOHap/FAdkv+8ga
cJgyVdk6wjPkNwwVZARTkDdORAwUG32RTpnnbawt4P2b9+lB3Kh3SFJDRzYv59IQ
QxzyuJiNjNKKMPsqsgewYelTyd1CHmyso+y2SQMUcPQp1S5v+XJFfA/GrpoH3Lkz
uwKyWJLP9Vl5a2Gv6hAuow79iRR3UKS+SRfesZhcctQFLiqXf876lq2N5tlt4GLg
IMuNZJDHlKb6WJYSJBtupmq8b6wKuLLQAAsz3BJnJML3tg5R0mdJDMWSBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEb1we07qSUrfRRJMzTRJVijalrpMB8GA1UdIwQY
MBaAFJz2CP+t9gAIHukiKY5LKulq/0joMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMt
ODkxZWI1NDhiODkxLzEvUnZYQjdUdXBKU3Q5RkVrek5ORWxXS05xV3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kNDVmMTEtNjdjMi00N2E1LTk5NmMtODkxZWI1NDhiODkx
LzEvblBZSV82MzJBQWdlNlNJcGprc3E2V3JfU09nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYN8MA0G
CSqGSIb3DQEBCwUAA4IBAQCxZU8pym7ITtfmEpMX/t6eVjSLOCuwxrJWT2nziglt
c13Z117N/LC5rszURhBjn83gEJY3qYfQPqxOuhH8zpSAgGhC0YpC7h2ciEg9qn/M
kfO2zNIuAkm2ijmEXOB/rp5ikzoDO2+0kK6FCBhptfCKhst8ilDdogJXVxqiAnm0
pxoAZXWCr/EkP6ITj39Tz+uA9fN2ENtH82TKj+DHH1EewxE4p/DJ2abcZmuUDwlD
jmhEhaWIYpFtUMfuzXnPmL7NT4Nee+J7DAzxko1gWjADwxWO74Xg2wM6uPeC6YM+
zI/D7ZshZWDAyF22DmoJJnCObXIEPyd2GeC5PGDkljKK
-----END CERTIFICATE-----