Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/QfAYzGD_1GwyHB0copGWfxkgHfs.roa
File:                     QfAYzGD_1GwyHB0copGWfxkgHfs.roa (raw, json)
Hash identifier:          cG1fHnG7UX+yYX1P9wPnTe50lfsVKVVOrvuJOZCFFRU=
Subject key identifier:   41:F0:18:CC:60:FF:D4:6C:32:1C:1D:1C:A2:91:96:7F:19:20:1D:FB
Certificate issuer:       /CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
Certificate serial:       01992E1B4E8017855924DB755AAB1E252D8A
Authority key identifier: D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/QfAYzGD_1GwyHB0copGWfxkgHfs.roa
Signing time:             Tue 09 Sep 2025 10:52:45 +0000
ROA not before:           Tue 09 Sep 2025 10:52:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212025
IP address blocks:        45.81.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2e:1b:4e:80:17:85:59:24:db:75:5a:ab:1e:25:2d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5e6733fa239c5fb0c438c82f7c230f55d478cb1
        Validity
            Not Before: Sep  9 10:52:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41f018cc60ffd46c321c1d1ca291967f19201dfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:46:4d:46:79:d4:0d:78:a1:9d:97:88:a1:06:
                    40:f0:78:d6:8d:6a:36:e1:41:ee:86:7e:7a:f8:70:
                    d7:b6:48:6e:d8:7a:27:e3:29:29:33:af:e2:00:db:
                    cf:bf:51:4b:c0:3b:78:75:a1:68:3d:62:70:ef:47:
                    1d:27:15:0f:bd:8b:04:5d:16:5b:7f:d2:2a:35:c0:
                    a6:e1:33:08:f7:42:a3:da:15:fc:b7:5b:27:a8:ad:
                    b9:85:3c:a5:13:bc:4f:de:b5:09:fc:72:24:43:cf:
                    4d:6a:f6:10:33:e2:26:3d:78:4f:16:73:27:99:b2:
                    95:45:f5:e6:7b:3c:02:83:5b:ed:53:6a:7b:a3:eb:
                    c0:80:25:c0:61:a2:ce:63:fd:b6:9b:5a:df:7d:b0:
                    34:03:bc:75:bf:50:ad:bb:e5:a4:44:6b:4b:db:a5:
                    e9:fd:74:52:de:39:22:78:d1:25:b4:fe:4a:27:b7:
                    1c:28:7c:c1:bc:4e:eb:1e:28:e3:c8:6a:ed:50:0d:
                    d2:f4:2b:1a:a5:c0:89:a2:28:61:33:3d:7c:4a:16:
                    5f:2e:42:5a:2a:6a:b2:d7:7e:82:e8:4c:98:a7:02:
                    e5:c6:ec:01:78:d5:e8:13:a2:4d:75:bb:93:df:f4:
                    b3:ee:10:57:c4:c1:19:d2:28:97:e3:e0:c5:4c:e7:
                    41:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F0:18:CC:60:FF:D4:6C:32:1C:1D:1C:A2:91:96:7F:19:20:1D:FB
            X509v3 Authority Key Identifier:
                keyid:D5:E6:73:3F:A2:39:C5:FB:0C:43:8C:82:F7:C2:30:F5:5D:47:8C:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/QfAYzGD_1GwyHB0copGWfxkgHfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/25c95e-7f27-4d69-856d-a38b6795fb24/1/1eZzP6I5xfsMQ4yC98Iw9V1HjLE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:4b:ec:58:6b:1b:30:4d:1f:01:a7:52:a7:d8:b9:37:b4:8c:
         6a:c4:00:23:c5:7d:8e:bf:de:c7:c2:d4:82:93:96:1f:c4:9c:
         f4:47:2b:6d:e4:d9:2b:c4:9a:28:40:ad:67:dc:64:4c:b8:55:
         33:17:57:69:b6:9e:c4:32:86:12:8e:f6:86:be:e9:5f:15:4a:
         5b:c0:49:37:62:d8:9a:c2:22:41:b3:a7:96:81:2f:4b:de:b5:
         64:55:68:c2:db:83:af:70:b9:01:ea:f1:a7:3a:1f:04:23:47:
         79:d8:d2:48:55:2a:a8:b0:9e:e8:4c:c3:f9:49:d9:ee:50:87:
         ce:66:c3:0b:15:0a:fd:54:c8:9f:c4:1b:e1:84:33:f6:d3:dc:
         87:cc:d3:f2:ae:a2:8c:eb:ca:89:76:4d:89:99:1a:d1:ce:50:
         4f:01:c5:ab:4f:ce:74:ee:d0:e3:d2:89:49:06:a3:12:df:0a:
         3e:55:e4:26:31:60:f6:b3:8d:04:91:a4:90:c7:9d:8e:b0:be:
         e3:4e:a8:17:1b:28:c8:45:27:e9:e3:53:da:86:c3:25:61:01:
         e2:63:92:db:de:5f:d1:48:82:32:cd:ef:23:63:65:c9:3b:99:
         f9:5a:5a:8f:d4:50:57:fe:b0:46:70:99:5f:f6:93:2c:30:4a:
         14:05:a3:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkuG06AF4VZJNt1WqseJS2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZTY3MzNmYTIzOWM1ZmIwYzQzOGM4MmY3YzIzMGY1NWQ0
NzhjYjEwHhcNMjUwOTA5MTA1MjQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWYwMThjYzYwZmZkNDZjMzIxYzFkMWNhMjkxOTY3ZjE5MjAxZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokZNRnnUDXihnZeIoQZA8HjWjWo2
4UHuhn56+HDXtkhu2Hon4ykpM6/iANvPv1FLwDt4daFoPWJw70cdJxUPvYsEXRZb
f9IqNcCm4TMI90Kj2hX8t1snqK25hTylE7xP3rUJ/HIkQ89NavYQM+ImPXhPFnMn
mbKVRfXmezwCg1vtU2p7o+vAgCXAYaLOY/22m1rffbA0A7x1v1Ctu+WkRGtL26Xp
/XRS3jkieNEltP5KJ7ccKHzBvE7rHijjyGrtUA3S9CsapcCJoihhMz18ShZfLkJa
Kmqy136C6EyYpwLlxuwBeNXoE6JNdbuT3/Sz7hBXxMEZ0iiX4+DFTOdBFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEHwGMxg/9RsMhwdHKKRln8ZIB37MB8GA1UdIwQY
MBaAFNXmcz+iOcX7DEOMgvfCMPVdR4yxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQt
YTM4YjY3OTVmYjI0LzEvUWZBWXpHRF8xR3d5SEIwY29wR1dmeGtnSGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNWM5NWUtN2YyNy00ZDY5LTg1NmQtYTM4YjY3OTVmYjI0
LzEvMWVaelA2STV4ZnNNUTR5Qzk4SXc5VjFIakxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVH/MA0G
CSqGSIb3DQEBCwUAA4IBAQCQS+xYaxswTR8Bp1Kn2Lk3tIxqxAAjxX2Ov97HwtSC
k5YfxJz0Rytt5NkrxJooQK1n3GRMuFUzF1dptp7EMoYSjvaGvulfFUpbwEk3Ytia
wiJBs6eWgS9L3rVkVWjC24OvcLkB6vGnOh8EI0d52NJIVSqosJ7oTMP5SdnuUIfO
ZsMLFQr9VMifxBvhhDP209yHzNPyrqKM68qJdk2JmRrRzlBPAcWrT8507tDj0olJ
BqMS3wo+VeQmMWD2s40EkaSQx52OsL7jTqgXGyjIRSfp41PahsMlYQHiY5Lb3l/R
SIIyze8jY2XJO5n5WlqP1FBX/rBGcJlf9pMsMEoUBaO3
-----END CERTIFICATE-----