Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/055bbb-a50a-4396-af29-d3d522e57929/1/pVxf2e-xXwl1rZX1zVVA_Ka27c0.roa
File:                     pVxf2e-xXwl1rZX1zVVA_Ka27c0.roa (raw, json)
Hash identifier:          m1jkKDlY5+ECl2f4JHhtoP/Ki/oGbIcrd56LGmNPcjs=
Subject key identifier:   A5:5C:5F:D9:EF:B1:5F:09:75:AD:95:F5:CD:55:40:FC:A6:B6:ED:CD
Certificate issuer:       /CN=2e2fb4446b97f4e0c2a9558dd99daccbf29e3806
Certificate serial:       0197AFED6E6B9F3A6CF0F4E88D0F7A7B26AB
Authority key identifier: 2E:2F:B4:44:6B:97:F4:E0:C2:A9:55:8D:D9:9D:AC:CB:F2:9E:38:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Li-0RGuX9ODCqVWN2Z2sy_KeOAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/055bbb-a50a-4396-af29-d3d522e57929/1/pVxf2e-xXwl1rZX1zVVA_Ka27c0.roa
Signing time:             Fri 27 Jun 2025 05:47:42 +0000
ROA not before:           Fri 27 Jun 2025 05:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63897
IP address blocks:        45.87.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/055bbb-a50a-4396-af29-d3d522e57929/1/Li-0RGuX9ODCqVWN2Z2sy_KeOAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/055bbb-a50a-4396-af29-d3d522e57929/1/Li-0RGuX9ODCqVWN2Z2sy_KeOAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Li-0RGuX9ODCqVWN2Z2sy_KeOAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:af:ed:6e:6b:9f:3a:6c:f0:f4:e8:8d:0f:7a:7b:26:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e2fb4446b97f4e0c2a9558dd99daccbf29e3806
        Validity
            Not Before: Jun 27 05:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a55c5fd9efb15f0975ad95f5cd5540fca6b6edcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:96:16:08:79:7d:0c:9f:19:72:33:03:c9:e8:
                    7b:02:44:fa:c5:54:05:b7:0e:5d:03:75:62:72:3f:
                    9c:8a:a5:b0:8e:b0:b9:ba:87:47:f6:fb:cc:4a:0f:
                    03:5a:c0:78:b1:bb:68:90:09:9a:ce:28:9c:45:94:
                    45:f9:da:27:d8:2d:73:af:e8:12:54:7f:14:40:82:
                    bb:35:36:93:84:e9:39:b1:0b:b1:4b:68:4a:e5:df:
                    eb:75:55:47:a7:6b:c4:82:2e:d0:77:26:4b:8d:29:
                    90:66:d7:87:65:f2:0a:f1:dd:51:95:d3:03:f1:7d:
                    cb:b6:d2:37:ec:38:9c:1d:33:93:6e:b9:8d:3b:23:
                    b9:a3:7f:c0:8e:b5:29:ca:7b:6b:31:bd:ff:c0:43:
                    1e:82:f8:e6:e3:e5:23:f2:ba:ec:0e:f8:ea:54:bb:
                    17:d5:ef:31:f2:bc:1b:bf:8e:91:73:df:4c:85:bd:
                    19:e4:9d:96:d4:19:b9:a4:5b:66:bc:dd:a8:d2:f8:
                    67:8d:a4:9e:b5:5d:3b:8e:5c:88:88:09:41:23:b7:
                    b4:88:9a:05:eb:29:e4:50:fa:24:ff:26:b8:d7:1c:
                    b9:87:ed:c3:40:bf:cc:17:21:68:11:e8:86:8b:b5:
                    af:11:87:6e:1d:91:f5:b4:71:cb:5d:cb:5b:63:34:
                    f6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:5C:5F:D9:EF:B1:5F:09:75:AD:95:F5:CD:55:40:FC:A6:B6:ED:CD
            X509v3 Authority Key Identifier:
                keyid:2E:2F:B4:44:6B:97:F4:E0:C2:A9:55:8D:D9:9D:AC:CB:F2:9E:38:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Li-0RGuX9ODCqVWN2Z2sy_KeOAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/055bbb-a50a-4396-af29-d3d522e57929/1/pVxf2e-xXwl1rZX1zVVA_Ka27c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/055bbb-a50a-4396-af29-d3d522e57929/1/Li-0RGuX9ODCqVWN2Z2sy_KeOAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ae:fc:81:5c:df:c7:b5:bf:f5:2b:2b:6c:08:77:67:7f:8a:
         e1:95:8f:8c:58:4e:57:b4:19:84:65:20:69:fe:06:22:8e:0f:
         b1:da:18:dd:9f:ce:b7:37:b4:58:4a:31:b8:37:7f:eb:65:3e:
         7a:8b:c6:77:44:f5:8a:5f:c6:76:bc:6d:01:19:ba:48:8e:99:
         1b:0a:fb:7e:56:42:5d:00:df:67:c4:08:1f:c1:ca:c7:46:3f:
         b0:c9:54:36:34:3d:03:ba:b9:7e:7e:1d:0b:7c:d7:a3:a4:05:
         d1:06:7d:3c:0f:8c:5b:d4:d2:d9:49:08:c5:b5:fe:46:56:f8:
         7d:26:61:86:4e:32:80:cd:0d:8a:0e:17:64:7f:c7:c1:59:b3:
         e1:50:e7:ee:e4:2e:76:15:29:04:4c:39:70:d1:74:75:6c:a7:
         31:ba:35:4b:fc:06:b4:ea:a9:84:cd:cd:e2:7e:a5:9f:16:18:
         13:99:2c:f8:21:03:0d:eb:a5:22:11:92:af:29:35:9c:5a:ce:
         79:4e:11:7a:e6:20:ca:7f:06:59:7e:f7:71:0c:39:fb:34:1e:
         a1:c2:c8:21:f2:fa:11:18:ae:2c:1c:ee:52:d2:8c:89:c5:d3:
         49:7b:e4:e4:25:e3:c8:b0:14:68:d4:71:7d:0b:14:35:88:d1:
         4b:33:64:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZev7W5rnzps8PTojQ96eyarMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMmZiNDQ0NmI5N2Y0ZTBjMmE5NTU4ZGQ5OWRhY2NiZjI5
ZTM4MDYwHhcNMjUwNjI3MDU0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTVjNWZkOWVmYjE1ZjA5NzVhZDk1ZjVjZDU1NDBmY2E2YjZlZGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZYWCHl9DJ8ZcjMDyeh7AkT6xVQF
tw5dA3Vicj+ciqWwjrC5uodH9vvMSg8DWsB4sbtokAmaziicRZRF+don2C1zr+gS
VH8UQIK7NTaThOk5sQuxS2hK5d/rdVVHp2vEgi7QdyZLjSmQZteHZfIK8d1RldMD
8X3LttI37DicHTOTbrmNOyO5o3/AjrUpyntrMb3/wEMegvjm4+Uj8rrsDvjqVLsX
1e8x8rwbv46Rc99Mhb0Z5J2W1Bm5pFtmvN2o0vhnjaSetV07jlyIiAlBI7e0iJoF
6ynkUPok/ya41xy5h+3DQL/MFyFoEeiGi7WvEYduHZH1tHHLXctbYzT2cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVcX9nvsV8Jda2V9c1VQPymtu3NMB8GA1UdIwQY
MBaAFC4vtERrl/TgwqlVjdmdrMvynjgGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGktMFJHdVg5T0RDcVZXTjJaMnN5X0tlT0FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8wNTViYmItYTUwYS00Mzk2LWFmMjkt
ZDNkNTIyZTU3OTI5LzEvcFZ4ZjJlLXhYd2wxclpYMXpWVkFfS2EyN2MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8wNTViYmItYTUwYS00Mzk2LWFmMjktZDNkNTIyZTU3OTI5
LzEvTGktMFJHdVg5T0RDcVZXTjJaMnN5X0tlT0FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVc3MA0G
CSqGSIb3DQEBCwUAA4IBAQAQrvyBXN/Htb/1KytsCHdnf4rhlY+MWE5XtBmEZSBp
/gYijg+x2hjdn863N7RYSjG4N3/rZT56i8Z3RPWKX8Z2vG0BGbpIjpkbCvt+VkJd
AN9nxAgfwcrHRj+wyVQ2ND0Durl+fh0LfNejpAXRBn08D4xb1NLZSQjFtf5GVvh9
JmGGTjKAzQ2KDhdkf8fBWbPhUOfu5C52FSkETDlw0XR1bKcxujVL/Aa06qmEzc3i
fqWfFhgTmSz4IQMN66UiEZKvKTWcWs55ThF65iDKfwZZfvdxDDn7NB6hwsgh8voR
GK4sHO5S0oyJxdNJe+TkJePIsBRo1HF9CxQ1iNFLM2S2
-----END CERTIFICATE-----