Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b7f5cc-53ab-45a8-aad6-f5116bc11067/1/S8TepbiQXeRCqnwRb_Kf4gbokA4.roa
File:                     S8TepbiQXeRCqnwRb_Kf4gbokA4.roa (raw, json)
Hash identifier:          Z/Vh03WpNWn3U5M6zjyjL69BpjSHNYWSMdO+UDP54Q8=
Subject key identifier:   4B:C4:DE:A5:B8:90:5D:E4:42:AA:7C:11:6F:F2:9F:E2:06:E8:90:0E
Certificate issuer:       /CN=45ccbbeb3b37abca1afaa4e79177667b5cd8e7a6
Certificate serial:       01979D273ACC0B29FFA9AFEC6B1A2A5A6A3C
Authority key identifier: 45:CC:BB:EB:3B:37:AB:CA:1A:FA:A4:E7:91:77:66:7B:5C:D8:E7:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rcy76zs3q8oa-qTnkXdme1zY56Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b7f5cc-53ab-45a8-aad6-f5116bc11067/1/S8TepbiQXeRCqnwRb_Kf4gbokA4.roa
Signing time:             Mon 23 Jun 2025 14:18:03 +0000
ROA not before:           Mon 23 Jun 2025 14:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202507
IP address blocks:        193.47.64.0/24 maxlen: 24
                          193.47.65.0/24 maxlen: 24
                          193.47.66.0/24 maxlen: 24
                          193.47.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b7f5cc-53ab-45a8-aad6-f5116bc11067/1/Rcy76zs3q8oa-qTnkXdme1zY56Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b7f5cc-53ab-45a8-aad6-f5116bc11067/1/Rcy76zs3q8oa-qTnkXdme1zY56Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rcy76zs3q8oa-qTnkXdme1zY56Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:27:3a:cc:0b:29:ff:a9:af:ec:6b:1a:2a:5a:6a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45ccbbeb3b37abca1afaa4e79177667b5cd8e7a6
        Validity
            Not Before: Jun 23 14:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bc4dea5b8905de442aa7c116ff29fe206e8900e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1c:94:b8:6c:e3:82:bb:4a:38:b6:42:10:51:
                    05:cc:c6:d9:d1:fe:78:2b:45:c3:a4:f9:84:f1:72:
                    fa:1c:96:b0:9b:e2:88:fe:cc:62:89:1f:43:77:fb:
                    91:b8:a9:86:fe:5e:b3:66:7e:bd:6f:6f:ae:d0:52:
                    0b:0b:2b:a7:82:e8:cd:60:88:28:1c:14:6c:47:63:
                    55:06:d5:50:3d:a7:43:e4:4a:6e:57:eb:c9:a2:5b:
                    d5:6f:71:e6:48:e4:e3:bd:47:d8:3f:c8:e6:b4:88:
                    a6:d5:28:2e:43:b7:d0:f9:65:66:82:08:20:9e:2d:
                    a9:a8:a6:ec:41:03:31:d1:d3:92:19:31:ff:c5:2d:
                    b2:0f:11:17:9f:7f:43:8b:8e:78:47:d5:07:7a:39:
                    27:5b:68:80:39:23:77:ae:6d:c0:98:15:9d:b0:67:
                    92:2e:82:8c:c1:5b:9f:74:e1:fe:4f:a7:57:36:67:
                    71:1c:6f:6a:57:82:3d:cf:c5:ee:cf:31:f4:78:5b:
                    12:68:39:51:0a:47:4e:6c:1d:d6:2f:b2:c4:a5:41:
                    b5:53:a7:47:e7:75:70:09:75:da:30:9e:f2:26:ff:
                    26:97:67:4f:33:2e:00:d3:d5:f5:34:2e:7b:91:38:
                    f1:fd:32:39:83:d7:5c:40:33:0b:ce:2f:90:3d:a8:
                    19:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C4:DE:A5:B8:90:5D:E4:42:AA:7C:11:6F:F2:9F:E2:06:E8:90:0E
            X509v3 Authority Key Identifier:
                keyid:45:CC:BB:EB:3B:37:AB:CA:1A:FA:A4:E7:91:77:66:7B:5C:D8:E7:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rcy76zs3q8oa-qTnkXdme1zY56Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b7f5cc-53ab-45a8-aad6-f5116bc11067/1/S8TepbiQXeRCqnwRb_Kf4gbokA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b7f5cc-53ab-45a8-aad6-f5116bc11067/1/Rcy76zs3q8oa-qTnkXdme1zY56Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:7e:6e:9d:13:e4:65:3c:8f:5c:66:4e:7f:7b:df:32:9b:a4:
         96:fb:c1:e8:5b:ba:a5:a9:05:4f:24:c3:af:ea:16:63:1c:03:
         c6:05:d7:f6:33:f5:78:ff:b4:19:93:c0:98:83:5b:12:30:cc:
         99:e0:bb:0a:17:2e:74:52:de:1e:45:73:a5:d8:45:e3:9b:c1:
         b6:a3:26:94:ab:3a:eb:1f:9b:0d:7b:c3:90:a1:50:12:a8:97:
         7f:3e:79:0e:8b:0d:a9:ab:9e:3d:11:2c:25:f8:09:9e:74:79:
         e3:9a:1b:10:10:09:22:e7:6c:f1:ff:ab:f8:0c:18:ba:93:d7:
         6c:43:52:70:e7:eb:09:0a:3f:7f:df:1d:86:8a:d6:e5:85:3a:
         46:f4:44:59:17:24:f4:f9:3d:0d:f2:3b:9d:33:49:da:e7:cc:
         da:32:0d:50:92:1e:e6:60:f0:08:47:d0:b5:c9:31:da:d0:68:
         4b:c3:b2:8d:5e:a5:ef:20:f7:63:64:ab:71:3a:5b:34:7a:bf:
         07:f1:1f:69:84:ce:47:56:62:cc:d9:02:e6:73:25:e5:97:c6:
         c0:e1:f9:e4:fc:c2:2a:4e:da:57:6f:43:e8:14:bf:cd:15:56:
         41:26:3c:c3:50:78:a6:5f:b5:0b:b4:49:39:ae:87:d0:d2:13:
         fc:53:87:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZedJzrMCyn/qa/saxoqWmo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1Y2NiYmViM2IzN2FiY2ExYWZhYTRlNzkxNzc2NjdiNWNk
OGU3YTYwHhcNMjUwNjIzMTQxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmM0ZGVhNWI4OTA1ZGU0NDJhYTdjMTE2ZmYyOWZlMjA2ZTg5MDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhyUuGzjgrtKOLZCEFEFzMbZ0f54
K0XDpPmE8XL6HJawm+KI/sxiiR9Dd/uRuKmG/l6zZn69b2+u0FILCyungujNYIgo
HBRsR2NVBtVQPadD5EpuV+vJolvVb3HmSOTjvUfYP8jmtIim1SguQ7fQ+WVmgggg
ni2pqKbsQQMx0dOSGTH/xS2yDxEXn39Di454R9UHejknW2iAOSN3rm3AmBWdsGeS
LoKMwVufdOH+T6dXNmdxHG9qV4I9z8XuzzH0eFsSaDlRCkdObB3WL7LEpUG1U6dH
53VwCXXaMJ7yJv8ml2dPMy4A09X1NC57kTjx/TI5g9dcQDMLzi+QPagZnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvE3qW4kF3kQqp8EW/yn+IG6JAOMB8GA1UdIwQY
MBaAFEXMu+s7N6vKGvqk55F3Zntc2OemMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmN5NzZ6czNxOG9hLXFUbmtYZG1lMXpZNTZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iN2Y1Y2MtNTNhYi00NWE4LWFhZDYt
ZjUxMTZiYzExMDY3LzEvUzhUZXBiaVFYZVJDcW53UmJfS2Y0Z2Jva0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iN2Y1Y2MtNTNhYi00NWE4LWFhZDYtZjUxMTZiYzExMDY3
LzEvUmN5NzZ6czNxOG9hLXFUbmtYZG1lMXpZNTZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwS9AMA0G
CSqGSIb3DQEBCwUAA4IBAQBCfm6dE+RlPI9cZk5/e98ym6SW+8HoW7qlqQVPJMOv
6hZjHAPGBdf2M/V4/7QZk8CYg1sSMMyZ4LsKFy50Ut4eRXOl2EXjm8G2oyaUqzrr
H5sNe8OQoVASqJd/PnkOiw2pq549ESwl+AmedHnjmhsQEAki52zx/6v4DBi6k9ds
Q1Jw5+sJCj9/3x2GitblhTpG9ERZFyT0+T0N8judM0na58zaMg1Qkh7mYPAIR9C1
yTHa0GhLw7KNXqXvIPdjZKtxOls0er8H8R9phM5HVmLM2QLmcyXll8bA4fnk/MIq
TtpXb0PoFL/NFVZBJjzDUHimX7ULtEk5rofQ0hP8U4fI
-----END CERTIFICATE-----