Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/1h6I7yathuhdvJgvI7zWaIqhF1I.roa
File:                     1h6I7yathuhdvJgvI7zWaIqhF1I.roa (raw, json)
Hash identifier:          eS/E0Xfzx+BcTRnP1WHF9rHrs364VBPb5lL4n4E58IM=
Subject key identifier:   D6:1E:88:EF:26:AD:86:E8:5D:BC:98:2F:23:BC:D6:68:8A:A1:17:52
Certificate issuer:       /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial:       0199ED1C504DA3C6D1DF9B7CBF5C6FF58EBA
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/1h6I7yathuhdvJgvI7zWaIqhF1I.roa
Signing time:             Thu 16 Oct 2025 13:01:19 +0000
ROA not before:           Thu 16 Oct 2025 13:01:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35590
IP address blocks:        178.239.37.0/24 maxlen: 24
                          178.239.38.0/24 maxlen: 24
                          2a09:3fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ed:1c:50:4d:a3:c6:d1:df:9b:7c:bf:5c:6f:f5:8e:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
        Validity
            Not Before: Oct 16 13:01:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d61e88ef26ad86e85dbc982f23bcd6688aa11752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:2e:06:41:2c:5e:1d:81:b9:4f:ad:3d:5e:5e:
                    53:6c:e9:74:30:a4:b2:55:3c:e1:95:55:21:f9:0d:
                    7c:93:bb:3f:b2:dc:19:9f:65:ea:b1:14:46:db:97:
                    12:e0:25:40:b5:69:f7:a6:32:80:3f:a2:af:f4:7f:
                    e1:f9:ff:a6:0a:2f:47:ac:e1:a1:c2:5c:53:2d:48:
                    95:78:8e:7f:b6:88:b3:10:08:ea:c8:3c:f0:f2:92:
                    20:a5:9c:e9:f7:1b:8b:40:b3:d2:12:d5:67:32:1a:
                    df:d2:45:a7:de:5b:1d:64:e6:95:c6:8d:1a:14:9c:
                    6e:cc:de:25:cb:51:51:48:ea:26:db:f7:88:77:4a:
                    45:49:c2:30:f7:64:9d:a5:c1:01:3e:34:8f:f8:02:
                    b2:fd:59:e2:02:86:6f:c3:af:5c:fd:81:6f:68:bf:
                    9e:aa:98:e3:e3:2e:d8:53:58:21:90:45:89:81:bb:
                    25:44:ca:61:6b:24:24:b3:9f:43:29:cd:5c:b6:e2:
                    7a:78:9c:b4:69:e1:45:0b:5c:85:0b:b5:f5:75:f3:
                    8f:cb:1a:02:d0:15:ea:f3:df:68:6c:73:f2:a9:1f:
                    3b:4e:98:04:e5:cb:4b:75:0d:43:3c:68:80:2f:c1:
                    a4:57:b1:59:34:43:87:41:a8:65:9b:4b:40:cb:d5:
                    d8:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:1E:88:EF:26:AD:86:E8:5D:BC:98:2F:23:BC:D6:68:8A:A1:17:52
            X509v3 Authority Key Identifier:
                keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/1h6I7yathuhdvJgvI7zWaIqhF1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.37.0-178.239.38.255
                IPv6:
                  2a09:3fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:33:5d:0c:b8:02:4d:cb:a9:5d:d4:50:51:d6:2d:cc:b9:53:
         7e:c8:3c:32:36:a0:5d:55:56:e5:1f:96:dd:3d:11:19:45:91:
         25:d0:8b:e8:e1:31:a1:16:75:8e:45:bd:c0:0e:4c:d3:f7:06:
         43:a9:a6:81:0a:2f:1c:1c:27:1a:c1:f8:f7:37:23:d9:5b:00:
         2e:6e:16:f9:26:3d:17:fa:de:2b:18:18:88:c2:dc:4b:6a:51:
         e3:6e:7e:00:30:d7:ba:0c:f5:2e:81:93:7c:8e:d7:e4:33:3e:
         e3:2f:47:f4:a4:9c:56:5b:50:67:77:7c:d9:99:70:4c:bf:84:
         8a:27:99:2a:cf:0b:28:d1:af:e2:c3:0e:73:4c:90:85:a5:8d:
         9c:21:88:a8:96:58:ca:df:47:ca:7f:d6:38:ae:9e:57:a4:85:
         58:7d:30:0a:3f:33:bd:bf:78:fe:65:27:cd:23:e4:5d:a6:93:
         bb:f2:ba:6c:5a:f6:07:0c:f3:9a:2d:ff:34:1b:5b:0c:3a:e2:
         ab:2a:59:7e:ed:d9:d7:d2:1f:83:de:8d:f8:ec:19:e4:1e:95:
         c7:7a:54:f0:4e:40:a2:a1:97:26:7a:90:c2:01:f8:97:53:9a:
         c1:10:c2:6a:f3:63:d0:74:b8:ba:78:4d:80:8c:d8:6b:42:35:
         36:12:09:f3
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZntHFBNo8bR35t8v1xv9Y66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjUxMDE2MTMwMTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjFlODhlZjI2YWQ4NmU4NWRiYzk4MmYyM2JjZDY2ODhhYTExNzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2C4GQSxeHYG5T609Xl5TbOl0MKSy
VTzhlVUh+Q18k7s/stwZn2XqsRRG25cS4CVAtWn3pjKAP6Kv9H/h+f+mCi9HrOGh
wlxTLUiVeI5/toizEAjqyDzw8pIgpZzp9xuLQLPSEtVnMhrf0kWn3lsdZOaVxo0a
FJxuzN4ly1FRSOom2/eId0pFScIw92SdpcEBPjSP+AKy/VniAoZvw69c/YFvaL+e
qpjj4y7YU1ghkEWJgbslRMphayQks59DKc1ctuJ6eJy0aeFFC1yFC7X1dfOPyxoC
0BXq899obHPyqR87TpgE5ctLdQ1DPGiAL8GkV7FZNEOHQahlm0tAy9XYgwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNYeiO8mrYboXbyYLyO81miKoRdSMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvMWg2STd5YXRodWhkdkpndkk3eldhSXFoRjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBACy7yUD
BACy7yYwDQQCAAIwBwMFAyoJP8AwDQYJKoZIhvcNAQELBQADggEBAEkzXQy4Ak3L
qV3UUFHWLcy5U37IPDI2oF1VVuUflt09ERlFkSXQi+jhMaEWdY5FvcAOTNP3BkOp
poEKLxwcJxrB+Pc3I9lbAC5uFvkmPRf63isYGIjC3EtqUeNufgAw17oM9S6Bk3yO
1+QzPuMvR/SknFZbUGd3fNmZcEy/hIonmSrPCyjRr+LDDnNMkIWljZwhiKiWWMrf
R8p/1jiunlekhVh9MAo/M72/eP5lJ80j5F2mk7vyumxa9gcM85ot/zQbWww64qsq
WX7t2dfSH4PejfjsGeQelcd6VPBOQKKhlyZ6kMIB+JdTmsEQwmrzY9B0uLp4TYCM
2GtCNTYSCfM=
-----END CERTIFICATE-----