Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1lTFoj63RaNBPnsylzVDB0FbQcc.roa
File:                     1lTFoj63RaNBPnsylzVDB0FbQcc.roa (raw, json)
Hash identifier:          Wmsf3/BQIBuAue+polYHmV/g9lwEk/F7Z4SpbFZOF0o=
Subject key identifier:   D6:54:C5:A2:3E:B7:45:A3:41:3E:7B:32:97:35:43:07:41:5B:41:C7
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0199C5E5D60B37F042C58101C900C2C9B9BA
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1lTFoj63RaNBPnsylzVDB0FbQcc.roa
Signing time:             Wed 08 Oct 2025 22:16:38 +0000
ROA not before:           Wed 08 Oct 2025 22:16:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215691
IP address blocks:        45.157.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:26:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c5:e5:d6:0b:37:f0:42:c5:81:01:c9:00:c2:c9:b9:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Oct  8 22:16:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d654c5a23eb745a3413e7b3297354307415b41c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e0:84:f9:f4:98:62:b3:41:e2:8d:6d:19:6f:
                    64:6c:9d:05:21:dd:5d:09:f1:43:a1:cd:e2:c4:5b:
                    5f:7a:dd:e0:45:83:34:30:cd:42:74:63:23:9c:9e:
                    9d:ac:ad:ef:87:5f:a6:9e:0c:49:9f:3b:eb:38:67:
                    f7:e1:40:d1:01:2e:88:ee:fd:01:0b:75:0b:04:8b:
                    bf:0d:0f:97:d1:e0:ea:67:51:ca:ea:76:19:8d:8a:
                    41:b0:76:69:6b:b0:ce:f7:65:ec:4e:13:f1:a4:45:
                    85:e5:c5:6c:49:97:cb:e7:af:d7:c4:d2:34:06:ec:
                    b7:a7:9e:99:75:7e:ba:27:c2:29:80:2e:7e:81:2f:
                    c3:86:9c:90:0e:95:12:bd:2f:aa:bc:7f:22:91:1a:
                    f2:63:e6:99:b3:6e:50:6d:74:e4:d6:73:f0:0a:66:
                    ec:9d:23:03:6c:42:12:8b:70:2e:42:72:d2:bf:8c:
                    d5:ae:46:92:c9:f8:04:e5:c3:29:d4:3d:04:75:60:
                    d5:03:9f:de:f5:61:cf:da:22:90:fc:4b:fa:ea:ef:
                    b6:6e:3c:5a:17:bf:97:25:eb:2f:41:92:84:89:c1:
                    bc:cf:dd:e2:de:39:e8:58:7d:6b:67:87:a3:37:bc:
                    8f:bc:52:d5:75:83:55:5a:eb:b2:78:84:1f:cb:48:
                    0c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:54:C5:A2:3E:B7:45:A3:41:3E:7B:32:97:35:43:07:41:5B:41:C7
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1lTFoj63RaNBPnsylzVDB0FbQcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:8e:a2:55:f4:31:2f:c7:27:58:dc:ac:3f:3c:e4:8f:60:f1:
         06:79:38:97:d8:3a:32:11:c0:e4:a8:c8:06:be:fc:71:1a:56:
         19:8b:f1:d7:72:af:80:4f:6c:62:a9:39:b3:02:13:93:1d:90:
         61:11:73:42:8a:b8:17:11:2f:41:26:cd:64:7a:5c:88:95:d1:
         50:0f:f8:9d:d3:7d:d1:ac:55:65:c5:43:35:57:1a:23:08:a3:
         32:22:83:83:e3:0b:ab:c2:b5:11:ce:9c:ca:b5:44:14:67:2e:
         a7:6c:15:6d:94:55:9c:05:09:31:80:b8:98:1d:9f:7e:77:1f:
         75:5c:6c:5f:64:bb:36:4f:01:6b:f1:60:f6:b3:c9:29:f8:1a:
         86:49:ef:b2:e5:ad:20:62:26:53:09:f4:26:d0:c6:ef:56:d9:
         b1:90:64:a9:a9:13:6c:a4:97:55:cf:54:6b:d4:0c:f5:26:be:
         ea:99:29:20:53:f6:33:fe:c6:1b:32:16:51:0e:0d:f0:74:7a:
         d2:61:b2:ea:67:49:27:2b:b4:50:a1:e0:b2:37:5b:98:2f:5e:
         1a:a8:08:74:0d:c0:52:54:75:bb:e6:00:4a:f7:48:e9:ba:1e:
         c3:60:30:e1:42:07:ec:39:f8:a8:b4:7e:08:00:7c:2d:b6:5c:
         2f:1c:06:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnF5dYLN/BCxYEByQDCybm6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUxMDA4MjIxNjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjU0YzVhMjNlYjc0NWEzNDEzZTdiMzI5NzM1NDMwNzQxNWI0MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uCE+fSYYrNB4o1tGW9kbJ0FId1d
CfFDoc3ixFtfet3gRYM0MM1CdGMjnJ6drK3vh1+mngxJnzvrOGf34UDRAS6I7v0B
C3ULBIu/DQ+X0eDqZ1HK6nYZjYpBsHZpa7DO92XsThPxpEWF5cVsSZfL56/XxNI0
Buy3p56ZdX66J8IpgC5+gS/DhpyQDpUSvS+qvH8ikRryY+aZs25QbXTk1nPwCmbs
nSMDbEISi3AuQnLSv4zVrkaSyfgE5cMp1D0EdWDVA5/e9WHP2iKQ/Ev66u+2bjxa
F7+XJesvQZKEicG8z93i3jnoWH1rZ4ejN7yPvFLVdYNVWuuyeIQfy0gMXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZUxaI+t0WjQT57Mpc1QwdBW0HHMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvMWxURm9qNjNSYU5CUG5zeWx6VkRCMEZiUWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ3TMA0G
CSqGSIb3DQEBCwUAA4IBAQBxjqJV9DEvxydY3Kw/POSPYPEGeTiX2DoyEcDkqMgG
vvxxGlYZi/HXcq+AT2xiqTmzAhOTHZBhEXNCirgXES9BJs1kelyIldFQD/id033R
rFVlxUM1VxojCKMyIoOD4wurwrURzpzKtUQUZy6nbBVtlFWcBQkxgLiYHZ9+dx91
XGxfZLs2TwFr8WD2s8kp+BqGSe+y5a0gYiZTCfQm0MbvVtmxkGSpqRNspJdVz1Rr
1Az1Jr7qmSkgU/Yz/sYbMhZRDg3wdHrSYbLqZ0knK7RQoeCyN1uYL14aqAh0DcBS
VHW75gBK90jpuh7DYDDhQgfsOfiotH4IAHwttlwvHAYP
-----END CERTIFICATE-----