Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/707b4f-6cd6-488a-8def-3a5c71f86821/1/jPbAHMtRmOOxtXFxyDN1-qXJjZI.roa
File:                     jPbAHMtRmOOxtXFxyDN1-qXJjZI.roa (raw, json)
Hash identifier:          rubF/nUj1Sxv+4U25Wjdi1dZZsv1ydBfmLAqRQsECUM=
Subject key identifier:   8C:F6:C0:1C:CB:51:98:E3:B1:B5:71:71:C8:33:75:FA:A5:C9:8D:92
Certificate issuer:       /CN=f4f67a40cf5e85c2d2b6558b4099af125d1050ee
Certificate serial:       0199F74F14A0E825ADB5BEE1F540EFE5E465
Authority key identifier: F4:F6:7A:40:CF:5E:85:C2:D2:B6:55:8B:40:99:AF:12:5D:10:50:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9PZ6QM9ehcLStlWLQJmvEl0QUO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/707b4f-6cd6-488a-8def-3a5c71f86821/1/jPbAHMtRmOOxtXFxyDN1-qXJjZI.roa
Signing time:             Sat 18 Oct 2025 12:32:59 +0000
ROA not before:           Sat 18 Oct 2025 12:32:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     4455
IP address blocks:        45.9.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/707b4f-6cd6-488a-8def-3a5c71f86821/1/9PZ6QM9ehcLStlWLQJmvEl0QUO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/707b4f-6cd6-488a-8def-3a5c71f86821/1/9PZ6QM9ehcLStlWLQJmvEl0QUO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9PZ6QM9ehcLStlWLQJmvEl0QUO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f7:4f:14:a0:e8:25:ad:b5:be:e1:f5:40:ef:e5:e4:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4f67a40cf5e85c2d2b6558b4099af125d1050ee
        Validity
            Not Before: Oct 18 12:32:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cf6c01ccb5198e3b1b57171c83375faa5c98d92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:29:56:1d:e5:2d:9c:bb:ec:be:75:78:f3:e0:
                    a4:0f:d8:54:3d:00:7d:7f:ea:95:bf:e8:0e:8b:be:
                    0d:04:88:91:6b:60:20:d5:ff:86:33:e9:6c:42:08:
                    d0:32:62:34:60:64:9e:e2:b4:ac:78:a1:ac:ca:87:
                    ee:9d:8f:c3:35:eb:1b:90:e3:56:32:43:94:45:85:
                    0e:bb:9e:66:ef:33:cb:0a:b6:e5:22:7e:e3:dd:93:
                    b7:09:87:ef:13:9b:6a:c6:b3:f6:60:2a:74:5b:27:
                    99:76:7d:8f:70:df:bc:c6:cd:24:4f:75:ed:8a:55:
                    e1:bf:71:4c:55:9b:39:93:49:51:9c:a9:2f:0c:25:
                    75:c4:b3:51:2c:73:1c:b3:d6:64:5c:fe:bf:0e:59:
                    68:f1:80:62:1b:56:6d:f0:0c:a9:7e:63:d2:66:a7:
                    51:ab:4c:b9:35:92:b5:ce:99:ed:e9:4f:41:15:11:
                    84:23:ca:eb:33:02:f0:07:38:2e:03:0f:2c:9b:4b:
                    2c:0b:67:2e:ba:e7:3f:13:05:2b:75:85:fa:b1:c2:
                    49:0e:97:6c:b9:d2:23:71:00:c1:21:14:47:c5:9b:
                    dc:57:d7:4e:c1:41:7d:3e:9a:7b:97:52:35:4d:ec:
                    42:c3:18:d0:3d:d4:fc:89:fb:85:1c:5f:b5:35:d6:
                    c6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:F6:C0:1C:CB:51:98:E3:B1:B5:71:71:C8:33:75:FA:A5:C9:8D:92
            X509v3 Authority Key Identifier:
                keyid:F4:F6:7A:40:CF:5E:85:C2:D2:B6:55:8B:40:99:AF:12:5D:10:50:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9PZ6QM9ehcLStlWLQJmvEl0QUO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/707b4f-6cd6-488a-8def-3a5c71f86821/1/jPbAHMtRmOOxtXFxyDN1-qXJjZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/707b4f-6cd6-488a-8def-3a5c71f86821/1/9PZ6QM9ehcLStlWLQJmvEl0QUO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:06:fd:60:a1:c0:5c:c8:19:c4:59:ad:e3:6f:50:12:97:f2:
         64:a7:f3:5d:01:2e:a1:7d:13:ba:b3:b6:39:b1:d1:4a:78:f5:
         dc:2c:78:a4:79:73:80:7d:fa:30:7c:87:b3:bc:00:95:de:bc:
         8f:c1:d3:9f:1b:1a:ab:e9:d1:d2:ba:20:94:ff:47:21:49:32:
         ad:2f:d0:33:b7:9f:ba:91:7f:1a:4f:8e:f9:3e:cc:77:9f:c2:
         9c:1c:a9:32:f6:d8:3f:9d:4d:b6:85:4a:4e:2f:f9:2e:c9:4e:
         d3:c9:7d:49:b7:8d:f6:80:51:a7:a4:39:7b:64:4a:d2:73:0c:
         f5:2a:f5:70:f3:81:86:10:69:df:97:73:bd:3b:18:e7:71:d5:
         5e:9d:26:c1:e4:b7:e0:92:5f:6f:e4:be:b6:bc:53:30:8f:cb:
         a2:bd:df:d8:cf:c5:50:7b:11:c5:6d:d1:92:d5:0f:64:18:d2:
         1c:d8:3f:20:5e:e9:99:c0:a8:f0:d6:80:e9:84:63:90:ac:e8:
         27:8e:77:7a:77:05:4b:22:7b:48:9b:29:5d:b9:ea:da:df:d6:
         fc:31:a3:c7:62:e8:69:a4:b8:ec:aa:1a:4f:7a:ed:ca:4b:5e:
         c0:9d:09:98:44:f1:25:dc:d6:bd:98:e2:f0:82:f9:1e:86:e1:
         8c:8a:ba:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn3TxSg6CWttb7h9UDv5eRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZjY3YTQwY2Y1ZTg1YzJkMmI2NTU4YjQwOTlhZjEyNWQx
MDUwZWUwHhcNMjUxMDE4MTIzMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Y2YzAxY2NiNTE5OGUzYjFiNTcxNzFjODMzNzVmYWE1Yzk4ZDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhylWHeUtnLvsvnV48+CkD9hUPQB9
f+qVv+gOi74NBIiRa2Ag1f+GM+lsQgjQMmI0YGSe4rSseKGsyofunY/DNesbkONW
MkOURYUOu55m7zPLCrblIn7j3ZO3CYfvE5tqxrP2YCp0WyeZdn2PcN+8xs0kT3Xt
ilXhv3FMVZs5k0lRnKkvDCV1xLNRLHMcs9ZkXP6/Dllo8YBiG1Zt8AypfmPSZqdR
q0y5NZK1zpnt6U9BFRGEI8rrMwLwBzguAw8sm0ssC2cuuuc/EwUrdYX6scJJDpds
udIjcQDBIRRHxZvcV9dOwUF9Ppp7l1I1TexCwxjQPdT8ifuFHF+1NdbGOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIz2wBzLUZjjsbVxccgzdfqlyY2SMB8GA1UdIwQY
MBaAFPT2ekDPXoXC0rZVi0CZrxJdEFDuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVBaNlFNOWVoY0xTdGxXTFFKbXZFbDBRVU80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83MDdiNGYtNmNkNi00ODhhLThkZWYt
M2E1YzcxZjg2ODIxLzEvalBiQUhNdFJtT094dFhGeHlETjEtcVhKalpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83MDdiNGYtNmNkNi00ODhhLThkZWYtM2E1YzcxZjg2ODIx
LzEvOVBaNlFNOWVoY0xTdGxXTFFKbXZFbDBRVU80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQlQMA0G
CSqGSIb3DQEBCwUAA4IBAQBDBv1gocBcyBnEWa3jb1ASl/Jkp/NdAS6hfRO6s7Y5
sdFKePXcLHikeXOAffowfIezvACV3ryPwdOfGxqr6dHSuiCU/0chSTKtL9Azt5+6
kX8aT475Psx3n8KcHKky9tg/nU22hUpOL/kuyU7TyX1Jt432gFGnpDl7ZErScwz1
KvVw84GGEGnfl3O9OxjncdVenSbB5Lfgkl9v5L62vFMwj8uivd/Yz8VQexHFbdGS
1Q9kGNIc2D8gXumZwKjw1oDphGOQrOgnjnd6dwVLIntImylduera39b8MaPHYuhp
pLjsqhpPeu3KS17AnQmYRPEl3Na9mOLwgvkehuGMirpJ
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:32:46 2025 by rpki-client