Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/307iKAUzLWom9Ha-ofR0ylvczFw.roa
File:                     307iKAUzLWom9Ha-ofR0ylvczFw.roa (raw, json)
Hash identifier:          tNoP4RY6NW/fnNmLHHbOVFp0gAT4ca7e3JnJBbCaYGs=
Subject key identifier:   DF:4E:E2:28:05:33:2D:6A:26:F4:76:BE:A1:F4:74:CA:5B:DC:CC:5C
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       01995C667B8566F12201B72962F65918B865
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/307iKAUzLWom9Ha-ofR0ylvczFw.roa
Signing time:             Thu 18 Sep 2025 10:37:24 +0000
ROA not before:           Thu 18 Sep 2025 10:37:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        45.84.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:66:7b:85:66:f1:22:01:b7:29:62:f6:59:18:b8:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Sep 18 10:37:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df4ee22805332d6a26f476bea1f474ca5bdccc5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a1:1d:99:f6:9a:52:e6:06:47:15:29:27:1e:
                    af:69:65:e4:3b:08:5c:a7:7c:37:56:f5:41:2d:77:
                    c6:57:a3:7c:9a:71:aa:21:91:77:f2:8c:b1:d1:7b:
                    d8:ba:fe:a4:9b:66:03:9c:53:45:f7:99:0b:6e:f1:
                    af:47:b8:7e:7c:1e:da:2b:5d:c4:e3:74:10:54:a3:
                    f0:83:10:f0:d5:dd:eb:21:ef:3f:87:56:5f:fe:ac:
                    20:e5:60:76:03:ce:00:df:75:6b:84:5c:56:c7:43:
                    49:27:97:03:95:3c:8d:9c:74:fb:63:84:c3:a4:9a:
                    b2:d3:da:2c:11:9d:75:50:29:f1:08:7c:3e:b4:50:
                    ba:57:8e:c4:36:60:a9:b1:3c:68:c2:b9:51:2f:4c:
                    91:ca:fe:8c:47:66:30:91:03:a4:95:b5:e1:73:33:
                    f7:19:85:63:67:ba:2c:b9:b4:a0:ec:ca:14:27:af:
                    47:1f:53:20:2c:5c:92:9d:c8:61:c6:99:94:4b:47:
                    d6:c2:33:6d:08:7d:c8:6e:6a:e7:70:f4:88:dc:7b:
                    25:96:74:3c:e7:35:e9:87:fb:93:69:22:cd:82:f5:
                    50:3a:e8:61:9e:c1:5b:dc:d5:a1:5f:5e:b0:e8:cd:
                    c7:99:ef:ad:20:f9:6b:be:c0:dd:dc:7d:64:cd:40:
                    c3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:4E:E2:28:05:33:2D:6A:26:F4:76:BE:A1:F4:74:CA:5B:DC:CC:5C
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/307iKAUzLWom9Ha-ofR0ylvczFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:65:8f:cf:90:6a:26:4b:7c:86:02:91:ef:bb:c7:08:59:0e:
         85:fe:6a:50:2c:12:17:f0:e9:3d:e8:2c:f0:5f:7e:71:4d:23:
         08:41:8c:b8:cf:78:9c:bf:ea:4f:ce:4d:0a:1f:19:83:96:29:
         00:83:67:9d:02:fd:b5:a0:d0:45:e9:c7:16:0c:88:1d:ce:b6:
         d6:2d:3c:d8:eb:e4:be:73:b8:cf:7e:eb:85:cd:bf:2c:25:68:
         f4:bb:55:39:18:7b:82:fb:3c:4d:41:33:af:fd:20:e4:a8:43:
         5f:96:c0:71:9a:3f:65:f7:b8:67:15:bb:56:2d:76:a1:9b:f3:
         af:ee:65:30:6b:0e:5b:9c:84:ee:8a:44:22:f3:b9:ce:5f:cb:
         e6:ab:7a:ea:1f:85:c0:1f:c0:2d:a8:4a:dc:1d:e0:0d:c2:8a:
         44:ca:5d:5c:e3:de:dc:ba:93:41:e3:04:13:1b:0c:82:58:c2:
         f0:fd:2d:8f:ce:e5:d5:c4:6a:2d:81:47:ce:84:c9:d2:80:a3:
         78:e6:fc:cf:5f:bc:88:ec:1a:cb:5a:3f:09:3f:0c:a1:8e:23:
         69:f4:9e:b2:d4:97:07:d8:65:e8:07:65:d2:af:14:55:e9:67:
         6f:a6:6e:83:35:76:30:f9:51:3f:38:70:be:cb:e1:2c:2c:39:
         07:fd:ab:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlcZnuFZvEiAbcpYvZZGLhlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjUwOTE4MTAzNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjRlZTIyODA1MzMyZDZhMjZmNDc2YmVhMWY0NzRjYTViZGNjYzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxaEdmfaaUuYGRxUpJx6vaWXkOwhc
p3w3VvVBLXfGV6N8mnGqIZF38oyx0XvYuv6km2YDnFNF95kLbvGvR7h+fB7aK13E
43QQVKPwgxDw1d3rIe8/h1Zf/qwg5WB2A84A33VrhFxWx0NJJ5cDlTyNnHT7Y4TD
pJqy09osEZ11UCnxCHw+tFC6V47ENmCpsTxowrlRL0yRyv6MR2YwkQOklbXhczP3
GYVjZ7osubSg7MoUJ69HH1MgLFySnchhxpmUS0fWwjNtCH3IbmrncPSI3HsllnQ8
5zXph/uTaSLNgvVQOuhhnsFb3NWhX16w6M3Hme+tIPlrvsDd3H1kzUDDrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9O4igFMy1qJvR2vqH0dMpb3MxcMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvMzA3aUtBVXpMV29tOUhhLW9mUjB5bHZjekZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTwMA0G
CSqGSIb3DQEBCwUAA4IBAQB4ZY/PkGomS3yGApHvu8cIWQ6F/mpQLBIX8Ok96Czw
X35xTSMIQYy4z3icv+pPzk0KHxmDlikAg2edAv21oNBF6ccWDIgdzrbWLTzY6+S+
c7jPfuuFzb8sJWj0u1U5GHuC+zxNQTOv/SDkqENflsBxmj9l97hnFbtWLXahm/Ov
7mUwaw5bnITuikQi87nOX8vmq3rqH4XAH8AtqErcHeANwopEyl1c497cupNB4wQT
GwyCWMLw/S2PzuXVxGotgUfOhMnSgKN45vzPX7yI7BrLWj8JPwyhjiNp9J6y1JcH
2GXoB2XSrxRV6Wdvpm6DNXYw+VE/OHC+y+EsLDkH/asw
-----END CERTIFICATE-----