Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/ed501a-6ed7-452d-8c76-6bb4fee85735/1/vxv8ENh4EI_tMsSJTaREb1s4HS4.roa
File:                     vxv8ENh4EI_tMsSJTaREb1s4HS4.roa (raw, json)
Hash identifier:          s6edGTCnGf7BmNVSJxjNDIf8u6heNhTcAFkCRw0VThE=
Subject key identifier:   BF:1B:FC:10:D8:78:10:8F:ED:32:C4:89:4D:A4:44:6F:5B:38:1D:2E
Certificate issuer:       /CN=0b3969cdc0b5ff09d199bca5daddb9aab51040e7
Certificate serial:       0199FDDD3E4E168E60F5155D89C7B4CE30DD
Authority key identifier: 0B:39:69:CD:C0:B5:FF:09:D1:99:BC:A5:DA:DD:B9:AA:B5:10:40:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CzlpzcC1_wnRmbyl2t25qrUQQOc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/ed501a-6ed7-452d-8c76-6bb4fee85735/1/vxv8ENh4EI_tMsSJTaREb1s4HS4.roa
Signing time:             Sun 19 Oct 2025 19:05:59 +0000
ROA not before:           Sun 19 Oct 2025 19:05:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35112
IP address blocks:        45.8.125.0/24 maxlen: 24
                          45.8.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/ed501a-6ed7-452d-8c76-6bb4fee85735/1/CzlpzcC1_wnRmbyl2t25qrUQQOc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/ed501a-6ed7-452d-8c76-6bb4fee85735/1/CzlpzcC1_wnRmbyl2t25qrUQQOc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CzlpzcC1_wnRmbyl2t25qrUQQOc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fd:dd:3e:4e:16:8e:60:f5:15:5d:89:c7:b4:ce:30:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b3969cdc0b5ff09d199bca5daddb9aab51040e7
        Validity
            Not Before: Oct 19 19:05:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf1bfc10d878108fed32c4894da4446f5b381d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:65:9e:c5:1a:16:8c:eb:69:50:bf:39:37:83:
                    9b:7a:c0:f1:a6:01:c0:e1:a1:c8:ca:09:2b:d9:ef:
                    fd:a1:b5:46:56:36:78:d3:42:9c:9f:27:55:c6:04:
                    7c:7f:2e:41:cf:ee:bb:ae:5f:47:dc:77:8a:55:ca:
                    47:95:d4:c4:18:95:a4:e9:7d:2d:1b:d2:9b:43:f7:
                    62:e6:29:89:9a:74:d0:c2:07:c6:ea:32:be:bd:d0:
                    2b:0f:1d:a6:11:87:f8:46:48:7b:1e:0d:50:b9:4b:
                    91:a6:5a:6c:ad:96:09:ab:df:63:92:e3:8a:c6:fa:
                    0a:40:2d:d7:80:e6:62:e7:c4:31:d2:23:8d:c4:c9:
                    3a:24:d6:7c:6f:71:40:8d:d6:00:bb:d1:09:cb:6f:
                    77:a7:0b:e1:14:ab:ff:7d:ec:73:20:a3:5f:03:2d:
                    3b:29:a4:41:74:4f:c1:03:df:ff:ca:01:9b:44:54:
                    1f:38:4d:9c:6c:36:bc:bc:58:e6:7d:0a:59:c0:6c:
                    0a:9f:13:1d:57:2e:10:3e:60:54:5a:e1:fc:a2:20:
                    d0:95:7b:17:f0:5d:c8:b5:8e:ce:ae:b5:c6:da:15:
                    80:ad:0d:5d:27:90:d6:2d:87:d3:54:b8:11:3c:e8:
                    8e:63:03:65:0b:08:cb:2c:b2:2d:3c:1b:73:95:2d:
                    91:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:1B:FC:10:D8:78:10:8F:ED:32:C4:89:4D:A4:44:6F:5B:38:1D:2E
            X509v3 Authority Key Identifier:
                keyid:0B:39:69:CD:C0:B5:FF:09:D1:99:BC:A5:DA:DD:B9:AA:B5:10:40:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CzlpzcC1_wnRmbyl2t25qrUQQOc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/ed501a-6ed7-452d-8c76-6bb4fee85735/1/vxv8ENh4EI_tMsSJTaREb1s4HS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/ed501a-6ed7-452d-8c76-6bb4fee85735/1/CzlpzcC1_wnRmbyl2t25qrUQQOc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.125.0/24
                  45.8.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6e:b3:6f:9d:15:88:fa:e2:00:fd:eb:22:42:6a:c9:4b:9e:
         fc:07:f4:b3:ea:02:ba:90:a7:4e:a6:a1:95:88:39:f7:c9:f4:
         4f:a0:8f:95:0a:c7:4d:c0:57:56:7f:93:4e:2a:c0:19:61:51:
         f3:79:82:d7:36:a7:37:b9:89:36:20:8d:e3:68:5a:77:9d:a1:
         73:7b:c6:32:84:e5:46:3d:6a:03:98:b4:c0:4f:a9:e9:5c:dc:
         8a:3e:d0:dd:1b:73:65:dc:86:d0:1a:94:61:22:85:21:e2:d9:
         b5:65:55:88:9f:ee:9f:1f:2f:07:5b:8b:d8:44:8f:a6:79:83:
         dc:f8:7b:5e:1f:87:85:04:36:58:9c:2b:e5:3e:cf:c5:44:d2:
         04:77:c3:de:be:d3:c0:96:ab:ad:95:80:9e:d5:9d:8d:9a:d5:
         3d:f7:8c:7a:75:69:c3:d2:68:ee:ce:2f:60:04:d0:6e:0e:bf:
         a4:d5:2f:4b:8b:4a:37:95:5f:bd:5d:b5:46:1d:dd:01:78:dd:
         0e:92:ca:4c:e7:49:b1:1e:1b:aa:15:fc:e3:6c:46:e7:9f:dd:
         7c:cc:46:12:0d:cf:bf:91:64:bb:58:0b:b9:3f:4d:71:12:11:
         81:cd:5d:95:db:ef:13:91:79:5a:b0:a2:c5:e9:2a:cd:73:99:
         a4:a7:92:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZn93T5OFo5g9RVdice0zjDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMzk2OWNkYzBiNWZmMDlkMTk5YmNhNWRhZGRiOWFhYjUx
MDQwZTcwHhcNMjUxMDE5MTkwNTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjFiZmMxMGQ4NzgxMDhmZWQzMmM0ODk0ZGE0NDQ2ZjViMzgxZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGWexRoWjOtpUL85N4ObesDxpgHA
4aHIygkr2e/9obVGVjZ400KcnydVxgR8fy5Bz+67rl9H3HeKVcpHldTEGJWk6X0t
G9KbQ/di5imJmnTQwgfG6jK+vdArDx2mEYf4Rkh7Hg1QuUuRplpsrZYJq99jkuOK
xvoKQC3XgOZi58Qx0iONxMk6JNZ8b3FAjdYAu9EJy293pwvhFKv/fexzIKNfAy07
KaRBdE/BA9//ygGbRFQfOE2cbDa8vFjmfQpZwGwKnxMdVy4QPmBUWuH8oiDQlXsX
8F3ItY7OrrXG2hWArQ1dJ5DWLYfTVLgRPOiOYwNlCwjLLLItPBtzlS2RMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL8b/BDYeBCP7TLEiU2kRG9bOB0uMB8GA1UdIwQY
MBaAFAs5ac3Atf8J0Zm8pdrduaq1EEDnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3pscHpjQzFfd25SbWJ5bDJ0MjVxclVRUU9jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9lZDUwMWEtNmVkNy00NTJkLThjNzYt
NmJiNGZlZTg1NzM1LzEvdnh2OEVOaDRFSV90TXNTSlRhUkViMXM0SFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9lZDUwMWEtNmVkNy00NTJkLThjNzYtNmJiNGZlZTg1NzM1
LzEvQ3pscHpjQzFfd25SbWJ5bDJ0MjVxclVRUU9jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQh9AwQA
LQh/MA0GCSqGSIb3DQEBCwUAA4IBAQAFbrNvnRWI+uIA/esiQmrJS578B/Sz6gK6
kKdOpqGViDn3yfRPoI+VCsdNwFdWf5NOKsAZYVHzeYLXNqc3uYk2II3jaFp3naFz
e8YyhOVGPWoDmLTAT6npXNyKPtDdG3Nl3IbQGpRhIoUh4tm1ZVWIn+6fHy8HW4vY
RI+meYPc+HteH4eFBDZYnCvlPs/FRNIEd8PevtPAlqutlYCe1Z2NmtU994x6dWnD
0mjuzi9gBNBuDr+k1S9Li0o3lV+9XbVGHd0BeN0OkspM50mxHhuqFfzjbEbnn918
zEYSDc+/kWS7WAu5P01xEhGBzV2V2+8TkXlasKLF6SrNc5mkp5La
-----END CERTIFICATE-----