Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rz7lvUGG5xd7EeJjLyH_okqNum4.roa
File:                     Rz7lvUGG5xd7EeJjLyH_okqNum4.roa (raw, json)
Hash identifier:          zB+PgK7izkbTwSjXLi+uLT77sZ3ffEJ2z2rnNZzm0p4=
Subject key identifier:   47:3E:E5:BD:41:86:E7:17:7B:11:E2:63:2F:21:FF:A2:4A:8D:BA:6E
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       01995298E44208C106873C8643440E8B5679
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rz7lvUGG5xd7EeJjLyH_okqNum4.roa
Signing time:             Tue 16 Sep 2025 12:56:15 +0000
ROA not before:           Tue 16 Sep 2025 12:56:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53856
IP address blocks:        45.86.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:52:98:e4:42:08:c1:06:87:3c:86:43:44:0e:8b:56:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Sep 16 12:56:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=473ee5bd4186e7177b11e2632f21ffa24a8dba6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a6:6e:2c:15:6c:cf:7c:d3:1e:56:b1:42:44:
                    1d:88:cd:27:e5:c2:cc:63:1b:ef:42:52:02:71:8e:
                    6b:e8:3c:9a:41:0f:91:86:22:54:ec:6c:7c:ca:f7:
                    b8:bb:19:3c:c1:56:e1:d6:1b:c6:e5:a7:da:be:6c:
                    dd:1b:79:00:09:19:d2:b6:b9:95:42:6c:66:3d:6a:
                    42:a1:b4:88:65:ad:7a:ae:c5:52:61:a7:e5:77:3b:
                    a3:80:2c:85:6f:69:57:4f:3d:0b:1d:8b:80:79:e2:
                    20:64:31:d6:15:41:98:13:d1:32:05:6b:4e:4c:1a:
                    2d:bf:b0:59:ca:8b:52:f4:15:eb:49:30:df:27:96:
                    56:ba:13:f3:f0:3a:db:fd:29:3e:69:d2:29:0b:c4:
                    da:9f:7c:f0:55:3e:17:d2:3b:91:66:6f:44:ea:76:
                    a6:60:dd:ea:80:4a:81:8c:e8:82:6f:cd:51:0f:1e:
                    a2:88:17:a3:65:71:58:d3:dc:b2:1a:90:c0:15:b0:
                    64:09:0f:e6:19:e2:dd:2d:30:44:64:f6:d1:0d:79:
                    31:26:a2:39:1b:03:30:29:25:05:5b:7d:2f:07:08:
                    0b:15:84:00:70:79:e7:a8:46:23:e9:bf:0c:21:b6:
                    72:99:6e:9f:99:42:f1:d2:78:70:f1:89:ff:da:b9:
                    7a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:3E:E5:BD:41:86:E7:17:7B:11:E2:63:2F:21:FF:A2:4A:8D:BA:6E
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rz7lvUGG5xd7EeJjLyH_okqNum4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:7d:29:28:c2:9b:43:79:46:db:2a:36:83:e4:e9:19:c2:b7:
         48:bb:f6:88:13:78:5c:bd:89:45:57:e0:b1:a1:40:a6:4b:32:
         d0:ac:f5:cd:26:a2:bd:9b:c7:0e:d5:3b:17:b8:f4:86:40:d7:
         e3:5f:5e:27:af:95:76:f7:e4:c0:ce:91:96:e7:e8:ca:f3:86:
         df:98:16:36:7b:dc:84:80:4b:44:ee:8b:2a:fc:64:c8:96:38:
         e6:98:0d:42:44:d6:5f:76:dd:e7:fb:1b:b7:5d:8b:d6:d1:cd:
         7f:69:4e:a7:f9:7c:dc:7f:b6:ca:a0:cd:4a:9e:c1:27:08:df:
         55:f1:02:6e:cd:99:d4:3a:27:8d:56:56:e9:d6:3b:80:c1:87:
         3a:ef:2b:70:67:58:ba:bc:ef:9b:92:78:23:2d:4d:f6:f5:22:
         90:86:86:0d:23:df:41:73:0c:3f:b5:44:30:7a:9e:3e:90:d4:
         78:5d:57:cd:6c:f6:a3:34:90:7e:14:3f:45:8b:90:56:8d:ff:
         d1:6e:64:97:79:a8:45:e8:92:fd:63:d5:69:e5:6f:ef:90:c6:
         97:99:60:6b:74:06:4d:07:59:62:27:24:97:03:c6:8e:81:d3:
         a8:18:66:62:61:a8:b7:0c:03:23:cf:3b:c2:82:66:c2:7a:a7:
         47:42:00:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlSmORCCMEGhzyGQ0QOi1Z5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwOTE2MTI1NjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzNlZTViZDQxODZlNzE3N2IxMWUyNjMyZjIxZmZhMjRhOGRiYTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaZuLBVsz3zTHlaxQkQdiM0n5cLM
YxvvQlICcY5r6DyaQQ+RhiJU7Gx8yve4uxk8wVbh1hvG5afavmzdG3kACRnStrmV
QmxmPWpCobSIZa16rsVSYafldzujgCyFb2lXTz0LHYuAeeIgZDHWFUGYE9EyBWtO
TBotv7BZyotS9BXrSTDfJ5ZWuhPz8Drb/Sk+adIpC8Tan3zwVT4X0juRZm9E6nam
YN3qgEqBjOiCb81RDx6iiBejZXFY09yyGpDAFbBkCQ/mGeLdLTBEZPbRDXkxJqI5
GwMwKSUFW30vBwgLFYQAcHnnqEYj6b8MIbZymW6fmULx0nhw8Yn/2rl6QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc+5b1BhucXexHiYy8h/6JKjbpuMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUno3bHZVR0c1eGQ3RWVKakx5SF9va3FOdW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVYQMA0G
CSqGSIb3DQEBCwUAA4IBAQAifSkowptDeUbbKjaD5OkZwrdIu/aIE3hcvYlFV+Cx
oUCmSzLQrPXNJqK9m8cO1TsXuPSGQNfjX14nr5V29+TAzpGW5+jK84bfmBY2e9yE
gEtE7osq/GTIljjmmA1CRNZfdt3n+xu3XYvW0c1/aU6n+Xzcf7bKoM1KnsEnCN9V
8QJuzZnUOieNVlbp1juAwYc67ytwZ1i6vO+bkngjLU329SKQhoYNI99Bcww/tUQw
ep4+kNR4XVfNbPajNJB+FD9Fi5BWjf/RbmSXeahF6JL9Y9Vp5W/vkMaXmWBrdAZN
B1liJySXA8aOgdOoGGZiYai3DAMjzzvCgmbCeqdHQgBX
-----END CERTIFICATE-----