Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/7-RqEu_RBz9mfOLDtCp7Hvp-HNA.roa
File:                     7-RqEu_RBz9mfOLDtCp7Hvp-HNA.roa (raw, json)
Hash identifier:          VgV4hIvu8+OJHYszRf2pjeepXfzTOT8zOwDWfq2EnHU=
Subject key identifier:   EF:E4:6A:12:EF:D1:07:3F:66:7C:E2:C3:B4:2A:7B:1E:FA:7E:1C:D0
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       019934AFB14BDC674999CF182B3AF22D0441
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/7-RqEu_RBz9mfOLDtCp7Hvp-HNA.roa
Signing time:             Wed 10 Sep 2025 17:32:33 +0000
ROA not before:           Wed 10 Sep 2025 17:32:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209043
IP address blocks:        45.143.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:af:b1:4b:dc:67:49:99:cf:18:2b:3a:f2:2d:04:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Sep 10 17:32:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=efe46a12efd1073f667ce2c3b42a7b1efa7e1cd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e6:77:b0:3f:cf:00:72:2b:af:c5:21:41:f3:
                    b6:99:83:e1:d6:f3:09:b6:b8:16:87:56:f9:b8:e7:
                    f8:1d:25:5d:74:b5:52:2b:43:03:1f:47:d9:11:f4:
                    95:aa:e7:b1:74:f2:8c:53:43:84:75:88:ec:1c:83:
                    85:04:3d:cf:2d:5a:ca:bd:4d:22:54:11:ca:8b:8f:
                    a2:22:d2:05:d0:5e:5c:19:c5:c6:33:82:d1:e5:8b:
                    e7:18:60:40:b1:54:f5:68:08:3c:76:79:be:30:78:
                    3a:c9:43:29:aa:16:71:10:22:6f:32:7b:e9:30:c9:
                    d6:f1:aa:e3:56:dc:c9:72:1b:0b:89:d8:db:48:a7:
                    3d:9f:de:f2:2d:79:84:38:1b:a8:33:de:c8:9c:77:
                    2d:88:37:e9:6f:e0:54:e2:12:a2:df:e6:28:35:c6:
                    d2:08:68:ad:41:dd:fc:77:d7:21:5d:c2:df:03:9a:
                    fa:0f:f7:bc:8c:90:9a:ea:b2:c1:45:e7:c7:8c:ed:
                    f6:f2:94:83:72:b3:32:0a:10:21:69:9e:19:65:87:
                    9f:8e:bf:4f:29:95:94:c7:41:94:00:b6:ce:bf:9f:
                    b2:c9:ea:48:2b:cb:00:4d:3a:64:46:69:1d:a7:9d:
                    df:cf:d5:22:ff:4f:53:4f:8a:f9:e3:5b:e9:57:80:
                    70:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E4:6A:12:EF:D1:07:3F:66:7C:E2:C3:B4:2A:7B:1E:FA:7E:1C:D0
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/7-RqEu_RBz9mfOLDtCp7Hvp-HNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:3a:03:45:47:c1:c3:21:0b:78:27:cd:a5:b8:f5:6e:cf:7e:
         0d:0b:4c:7e:e4:4f:ae:23:5b:69:a7:98:ee:17:41:5a:e9:e7:
         55:e1:4c:62:35:6d:9e:96:7b:d4:a0:1c:aa:af:89:26:9e:41:
         79:bf:bb:f8:6a:9e:16:da:37:86:69:83:1d:98:3d:b5:9e:32:
         fb:3d:2e:0a:64:b8:96:a7:26:af:e7:9c:03:4a:fc:76:41:c0:
         01:09:38:9c:d7:75:e2:44:55:de:67:88:28:fe:e8:ab:f2:ea:
         5f:3b:20:81:a3:c9:0c:be:28:3a:03:fe:ec:ff:65:fb:f4:34:
         7c:5c:f8:20:19:31:6f:a1:8a:42:cd:6b:52:58:0e:67:cb:16:
         ce:33:8a:95:af:9f:eb:6c:43:82:f0:a9:3f:58:e7:cf:91:5a:
         78:bd:df:30:91:d4:a9:a6:e5:fb:47:12:7a:6b:b3:3a:d7:57:
         70:52:30:bf:e0:43:99:80:d6:3b:32:ba:e9:66:3b:79:28:7f:
         ca:7b:47:9a:43:2b:ec:6e:18:82:62:9a:7f:7c:92:19:b1:67:
         38:22:c5:de:78:ad:73:a6:90:ca:59:10:c2:c6:dd:36:8d:68:
         59:d1:8e:99:07:2b:7d:a1:ba:63:b5:dc:81:bb:0c:6a:da:c6:
         22:3e:20:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk0r7FL3GdJmc8YKzryLQRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjUwOTEwMTczMjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmU0NmExMmVmZDEwNzNmNjY3Y2UyYzNiNDJhN2IxZWZhN2UxY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eZ3sD/PAHIrr8UhQfO2mYPh1vMJ
trgWh1b5uOf4HSVddLVSK0MDH0fZEfSVquexdPKMU0OEdYjsHIOFBD3PLVrKvU0i
VBHKi4+iItIF0F5cGcXGM4LR5YvnGGBAsVT1aAg8dnm+MHg6yUMpqhZxECJvMnvp
MMnW8arjVtzJchsLidjbSKc9n97yLXmEOBuoM97InHctiDfpb+BU4hKi3+YoNcbS
CGitQd38d9chXcLfA5r6D/e8jJCa6rLBRefHjO328pSDcrMyChAhaZ4ZZYefjr9P
KZWUx0GUALbOv5+yyepIK8sATTpkRmkdp53fz9Ui/09TT4r541vpV4BwrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/kahLv0Qc/Znziw7Qqex76fhzQMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvNy1ScUV1X1JCejltZk9MRHRDcDdIdnAtSE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8KMA0G
CSqGSIb3DQEBCwUAA4IBAQAwOgNFR8HDIQt4J82luPVuz34NC0x+5E+uI1tpp5ju
F0Fa6edV4UxiNW2elnvUoByqr4kmnkF5v7v4ap4W2jeGaYMdmD21njL7PS4KZLiW
pyav55wDSvx2QcABCTic13XiRFXeZ4go/uir8upfOyCBo8kMvig6A/7s/2X79DR8
XPggGTFvoYpCzWtSWA5nyxbOM4qVr5/rbEOC8Kk/WOfPkVp4vd8wkdSppuX7RxJ6
a7M611dwUjC/4EOZgNY7MrrpZjt5KH/Ke0eaQyvsbhiCYpp/fJIZsWc4IsXeeK1z
ppDKWRDCxt02jWhZ0Y6ZByt9obpjtdyBuwxq2sYiPiA8
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:47 2025 by rpki-client