Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BLglxnKOl5YgKda8cyjefBT3j8Q.roa
File:                     BLglxnKOl5YgKda8cyjefBT3j8Q.roa (raw, json)
Hash identifier:          uwh/hqAtBmeijZCFh5wIQUiLBAIvRWKHYe3QwUM19Hs=
Subject key identifier:   04:B8:25:C6:72:8E:97:96:20:29:D6:BC:73:28:DE:7C:14:F7:8F:C4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01977946E4DD1C35D6CB7145F53AD78786AA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BLglxnKOl5YgKda8cyjefBT3j8Q.roa
Signing time:             Mon 16 Jun 2025 15:06:18 +0000
ROA not before:           Mon 16 Jun 2025 15:06:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48795
IP address blocks:        45.12.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 12:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:46:e4:dd:1c:35:d6:cb:71:45:f5:3a:d7:87:86:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 16 15:06:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04b825c6728e97962029d6bc7328de7c14f78fc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:18:42:28:02:db:73:ac:3d:18:d0:c5:89:5e:
                    dd:fd:f2:6d:52:f7:d5:9d:71:67:46:d1:a5:38:43:
                    ea:ea:16:3e:29:69:be:16:82:79:ae:c2:73:be:81:
                    48:6c:c8:69:3c:7f:c9:78:a6:b2:f5:e8:6d:48:07:
                    02:17:b4:91:8a:b2:7b:17:2b:2f:c7:ec:d7:46:ca:
                    49:66:ef:6f:b8:71:1d:7c:24:a8:72:8e:4a:45:5a:
                    26:df:78:35:9e:62:1d:21:5f:33:6f:c8:43:f9:18:
                    ff:95:24:c9:55:6c:10:b3:b7:a6:94:6f:9b:db:40:
                    96:a9:d9:d9:ab:14:7d:a2:e0:d8:a9:69:62:15:b2:
                    91:ac:94:3d:3a:29:93:87:dd:01:ad:d5:cf:70:9a:
                    7d:a1:f4:f5:24:3e:27:75:aa:45:ee:a2:da:07:a1:
                    d4:8b:3d:47:c6:00:9f:4a:08:37:c1:32:97:de:15:
                    e6:48:5f:fd:ee:1d:31:c6:4c:b8:90:07:30:39:93:
                    77:6a:12:6d:57:9f:06:f9:d1:cb:98:5e:63:ec:01:
                    3b:0c:c1:bb:6f:d9:5e:ed:65:93:c3:32:41:c6:26:
                    20:9b:ad:23:22:80:da:74:9d:e7:a9:23:89:a2:be:
                    79:fc:5a:5f:c8:23:a1:1d:15:7c:4b:fc:62:0a:a6:
                    28:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B8:25:C6:72:8E:97:96:20:29:D6:BC:73:28:DE:7C:14:F7:8F:C4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BLglxnKOl5YgKda8cyjefBT3j8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:45:b2:a1:f1:d9:60:72:53:e1:10:7a:f8:bf:50:9f:a6:58:
         2f:0f:39:23:30:d7:29:b6:46:32:f4:d6:3a:72:d7:74:90:f3:
         6a:c2:d9:30:ba:28:95:11:71:15:72:f3:60:de:f5:7c:78:7d:
         bb:bf:c8:e8:3d:89:1b:99:98:7d:25:62:c2:c2:da:bf:b6:09:
         38:74:14:08:3e:69:e0:99:c7:02:35:c1:5a:40:c6:45:24:fc:
         14:76:e6:43:38:2e:e4:b8:f5:7d:d3:7e:63:19:0b:58:70:a2:
         51:5e:6c:13:7c:2c:db:2b:36:ea:84:8c:1c:8d:1a:5e:03:07:
         1c:e6:3f:89:9d:3f:db:b2:37:61:f5:b8:56:e6:3a:65:40:0b:
         45:17:a6:79:d7:58:df:e7:4f:84:1f:42:cf:11:20:c2:dd:b9:
         19:57:1b:01:fd:2c:8c:94:c8:a7:5d:81:31:eb:86:59:b2:fd:
         4a:45:3f:9b:39:53:cb:50:2c:b5:69:d1:f7:78:d2:25:f5:40:
         82:97:ff:05:9c:06:e9:ac:c3:12:6c:04:50:52:d3:b9:be:98:
         3b:0b:08:27:23:65:1d:ce:e4:cd:81:f4:cc:74:87:47:b1:0b:
         8f:8c:a2:c8:c4:dc:bb:29:0c:d8:a4:8b:af:52:09:e5:a4:70:
         ba:95:84:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd5RuTdHDXWy3FF9TrXh4aqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjE2MTUwNjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGI4MjVjNjcyOGU5Nzk2MjAyOWQ2YmM3MzI4ZGU3YzE0Zjc4ZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBhCKALbc6w9GNDFiV7d/fJtUvfV
nXFnRtGlOEPq6hY+KWm+FoJ5rsJzvoFIbMhpPH/JeKay9ehtSAcCF7SRirJ7Fysv
x+zXRspJZu9vuHEdfCSoco5KRVom33g1nmIdIV8zb8hD+Rj/lSTJVWwQs7emlG+b
20CWqdnZqxR9ouDYqWliFbKRrJQ9OimTh90BrdXPcJp9ofT1JD4ndapF7qLaB6HU
iz1HxgCfSgg3wTKX3hXmSF/97h0xxky4kAcwOZN3ahJtV58G+dHLmF5j7AE7DMG7
b9le7WWTwzJBxiYgm60jIoDadJ3nqSOJor55/FpfyCOhHRV8S/xiCqYoHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAS4JcZyjpeWICnWvHMo3nwU94/EMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQkxnbHhuS09sNVlnS2RhOGN5amVmQlQzajhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQxEMA0G
CSqGSIb3DQEBCwUAA4IBAQCIRbKh8dlgclPhEHr4v1CfplgvDzkjMNcptkYy9NY6
ctd0kPNqwtkwuiiVEXEVcvNg3vV8eH27v8joPYkbmZh9JWLCwtq/tgk4dBQIPmng
mccCNcFaQMZFJPwUduZDOC7kuPV9035jGQtYcKJRXmwTfCzbKzbqhIwcjRpeAwcc
5j+JnT/bsjdh9bhW5jplQAtFF6Z511jf50+EH0LPESDC3bkZVxsB/SyMlMinXYEx
64ZZsv1KRT+bOVPLUCy1adH3eNIl9UCCl/8FnAbprMMSbARQUtO5vpg7CwgnI2Ud
zuTNgfTMdIdHsQuPjKLIxNy7KQzYpIuvUgnlpHC6lYRq
-----END CERTIFICATE-----