Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mSgEeLEP8bzBxIaVFjmOrOOxr3I.roa
File:                     mSgEeLEP8bzBxIaVFjmOrOOxr3I.roa (raw, json)
Hash identifier:          4C4OA5nlPAIJXSHbNMvzuOz4sAGJs/4vu1na3qspkA4=
Subject key identifier:   99:28:04:78:B1:0F:F1:BC:C1:C4:86:95:16:39:8E:AC:E3:B1:AF:72
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       0197B6AFC8A6F4074352CF047CF1C6832027
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mSgEeLEP8bzBxIaVFjmOrOOxr3I.roa
Signing time:             Sat 28 Jun 2025 13:17:42 +0000
ROA not before:           Sat 28 Jun 2025 13:17:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212815
IP address blocks:        45.13.119.0/24 maxlen: 24
                          45.154.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b6:af:c8:a6:f4:07:43:52:cf:04:7c:f1:c6:83:20:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun 28 13:17:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99280478b10ff1bcc1c4869516398eace3b1af72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:df:2d:85:5f:00:03:f2:2f:16:f0:41:7b:8c:
                    42:5b:1c:34:48:dd:6d:96:fd:a8:5a:c0:3a:4d:bd:
                    0e:b2:07:4d:63:ad:4f:88:03:74:37:fc:16:0a:22:
                    ff:96:71:f2:35:94:36:22:b2:8a:37:cf:1b:c8:9e:
                    c2:70:4b:62:d0:22:42:3d:42:9e:dd:4c:52:11:5d:
                    d1:28:fb:0c:93:7f:29:34:e0:ea:33:12:1d:78:f3:
                    70:f5:b2:78:38:fb:ca:87:08:1e:1d:db:6f:45:6c:
                    11:fe:2a:d3:dd:df:ee:5a:e2:2f:0e:e7:37:a3:c8:
                    b5:27:90:3b:b2:94:44:e0:29:97:9b:f2:e2:f3:95:
                    53:0b:a1:5d:10:29:3b:a1:88:3f:5c:b3:24:bc:e6:
                    be:cf:0a:50:60:5c:8f:fe:20:68:cb:72:4e:45:96:
                    04:8a:6b:b3:5e:f2:69:94:63:b4:b2:7d:31:87:25:
                    f3:fb:81:da:61:ea:5e:cf:51:d3:37:18:a6:19:8a:
                    69:4d:12:cf:5f:fe:6d:ec:d6:81:6a:59:da:a4:3f:
                    37:fa:b6:64:c3:76:1d:57:b3:78:5e:a4:25:90:27:
                    25:80:f9:23:5c:10:a4:c6:1a:21:65:b0:c1:dd:cf:
                    74:e0:59:20:37:86:de:88:fa:2a:39:1e:af:2d:33:
                    1f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:28:04:78:B1:0F:F1:BC:C1:C4:86:95:16:39:8E:AC:E3:B1:AF:72
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/mSgEeLEP8bzBxIaVFjmOrOOxr3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.119.0/24
                  45.154.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:c6:ec:d6:12:8a:1f:cb:8f:bb:03:04:91:08:d1:90:3c:06:
         4c:c5:6f:c2:c6:aa:19:67:82:03:8e:e0:ad:6d:a2:b5:94:7b:
         df:65:be:5d:e1:48:9b:15:77:14:fa:2c:e1:98:88:06:c4:b8:
         a1:62:52:01:0e:30:b7:a5:c6:8d:09:de:b2:cf:ed:98:64:5d:
         74:41:aa:ca:b7:a6:f5:2f:70:a9:29:67:39:83:35:f2:62:19:
         d6:2e:3f:86:7c:11:c6:8f:6d:ed:8d:73:80:c5:ef:85:07:a6:
         39:33:c2:eb:4f:24:56:66:0b:97:9e:36:39:e0:0e:b0:e2:c0:
         cf:72:72:fa:06:8d:15:3b:8b:1c:e0:92:55:68:eb:99:87:1b:
         42:dd:b9:91:38:59:a2:11:41:6c:ad:cb:7e:95:02:d2:dc:73:
         51:ff:e1:db:fc:b1:b5:72:3f:d8:65:dd:d3:48:25:42:32:e4:
         9a:db:0a:b1:2a:f5:88:53:07:8d:fc:69:90:ac:19:38:b1:e7:
         f6:b0:f1:15:5c:f9:5b:7c:c1:2a:30:7c:40:77:bc:48:d2:7b:
         df:99:78:4c:48:d8:57:d3:23:4b:10:f5:ec:c0:da:e0:5e:97:
         87:f8:56:3c:82:c6:3d:9b:6e:e1:84:d9:e9:75:ca:4f:43:13:
         9c:45:de:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZe2r8im9AdDUs8EfPHGgyAnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwNjI4MTMxNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTI4MDQ3OGIxMGZmMWJjYzFjNDg2OTUxNjM5OGVhY2UzYjFhZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr98thV8AA/IvFvBBe4xCWxw0SN1t
lv2oWsA6Tb0OsgdNY61PiAN0N/wWCiL/lnHyNZQ2IrKKN88byJ7CcEti0CJCPUKe
3UxSEV3RKPsMk38pNODqMxIdePNw9bJ4OPvKhwgeHdtvRWwR/irT3d/uWuIvDuc3
o8i1J5A7spRE4CmXm/Li85VTC6FdECk7oYg/XLMkvOa+zwpQYFyP/iBoy3JORZYE
imuzXvJplGO0sn0xhyXz+4HaYepez1HTNximGYppTRLPX/5t7NaBalnapD83+rZk
w3YdV7N4XqQlkCclgPkjXBCkxhohZbDB3c904FkgN4beiPoqOR6vLTMfNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJkoBHixD/G8wcSGlRY5jqzjsa9yMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbVNnRWVMRVA4YnpCeElhVkZqbU9yT094cjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ13AwQA
LZpgMA0GCSqGSIb3DQEBCwUAA4IBAQBdxuzWEoofy4+7AwSRCNGQPAZMxW/CxqoZ
Z4IDjuCtbaK1lHvfZb5d4UibFXcU+izhmIgGxLihYlIBDjC3pcaNCd6yz+2YZF10
QarKt6b1L3CpKWc5gzXyYhnWLj+GfBHGj23tjXOAxe+FB6Y5M8LrTyRWZguXnjY5
4A6w4sDPcnL6Bo0VO4sc4JJVaOuZhxtC3bmROFmiEUFsrct+lQLS3HNR/+Hb/LG1
cj/YZd3TSCVCMuSa2wqxKvWIUweN/GmQrBk4sef2sPEVXPlbfMEqMHxAd7xI0nvf
mXhMSNhX0yNLEPXswNrgXpeH+FY8gsY9m27hhNnpdcpPQxOcRd5O
-----END CERTIFICATE-----