Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aC_9xYdzXSgZUng98jtwIWGjBF0.roa
File:                     aC_9xYdzXSgZUng98jtwIWGjBF0.roa (raw, json)
Hash identifier:          jahSr+CpclTbxKEh7Tv4oQAkaQFfXduaZtgSzT1wQCY=
Subject key identifier:   68:2F:FD:C5:87:73:5D:28:19:52:78:3D:F2:3B:70:21:61:A3:04:5D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0199627DB492CBB7FFEB9802B67832DDA0D7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aC_9xYdzXSgZUng98jtwIWGjBF0.roa
Signing time:             Fri 19 Sep 2025 15:00:29 +0000
ROA not before:           Fri 19 Sep 2025 15:00:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41745
IP address blocks:        45.12.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:62:7d:b4:92:cb:b7:ff:eb:98:02:b6:78:32:dd:a0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 19 15:00:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=682ffdc587735d281952783df23b702161a3045d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:3e:19:f8:73:90:d6:9e:f0:f5:0f:d9:1e:4d:
                    c0:4b:d6:a9:63:a3:ba:2a:cb:6b:f6:b7:43:fc:ab:
                    94:6b:09:d4:89:4a:78:b1:ce:f1:e7:7f:b5:fc:8b:
                    00:5b:dc:36:c7:77:74:59:bd:b0:9c:9f:46:8d:81:
                    90:5a:52:43:12:e7:5d:7c:df:f9:b5:5f:39:85:1d:
                    0b:f6:df:29:1f:5e:81:5b:a5:e3:70:2f:8f:4f:bc:
                    fd:9a:6c:0f:67:fc:1f:a9:cc:17:e8:a2:3e:4c:ee:
                    32:57:a7:c0:60:95:ce:8f:82:32:f1:c2:82:32:e6:
                    e6:61:4f:d8:95:6a:40:f5:b4:d7:22:ab:9d:a4:16:
                    45:a5:65:ce:28:01:9f:eb:35:be:fb:58:83:3c:ae:
                    d0:35:46:51:76:ec:52:f6:a6:96:e5:86:a3:4b:8a:
                    e4:51:c1:dd:79:ee:ee:fd:ac:f4:1a:d4:a4:bf:f5:
                    f3:a7:d2:47:fd:09:fd:a1:02:79:f9:53:5a:c0:af:
                    13:17:f3:47:be:2e:ed:f9:83:47:e4:87:d0:80:d7:
                    c2:8e:0a:6c:20:ea:c0:01:27:8d:f0:49:8a:1b:1e:
                    cd:87:ea:e8:c2:9a:4e:a8:6f:3b:4e:41:5c:73:9d:
                    b8:69:16:7b:94:37:c3:11:40:9c:47:b9:00:65:91:
                    9d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:2F:FD:C5:87:73:5D:28:19:52:78:3D:F2:3B:70:21:61:A3:04:5D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aC_9xYdzXSgZUng98jtwIWGjBF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:a9:fb:58:a6:96:7f:09:ea:9a:cf:95:23:f0:9d:20:6e:84:
         ff:87:a6:b4:ab:e3:31:b4:10:85:f5:cb:d5:50:75:2b:6e:97:
         01:b0:44:00:ea:18:04:a9:60:c0:73:ff:31:42:46:93:52:0a:
         e4:f5:32:00:9a:28:6d:04:0a:8f:4f:d9:fe:8d:ad:ec:4f:2c:
         d8:34:a1:c8:fb:82:ca:cd:5e:df:b0:88:dc:a8:1d:ac:0a:70:
         46:38:f6:90:b4:a5:07:81:99:68:71:62:b5:b8:10:16:3d:ef:
         34:69:34:8c:1a:c7:eb:a4:18:39:20:d0:87:24:2c:01:03:74:
         ef:1c:aa:79:58:7e:31:0c:88:65:7b:4b:72:13:35:d2:05:79:
         27:b1:72:d6:ad:08:83:da:48:47:21:b0:dc:fb:1b:80:4e:92:
         94:c9:51:18:25:71:fe:5d:b4:81:be:ee:cd:cd:09:20:b8:0b:
         7e:03:86:7c:7f:d6:17:c6:14:96:35:d1:c5:31:fa:01:0d:55:
         82:18:f1:ce:cc:fb:b3:d1:b9:7b:f6:88:e2:77:9f:da:a4:dd:
         0e:17:72:18:a2:3a:26:c7:f2:f0:6e:d0:79:90:62:b3:28:c7:
         77:14:d6:e2:49:73:74:7b:f4:40:8b:8a:bc:73:43:3c:e3:55:
         13:fb:45:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlifbSSy7f/65gCtngy3aDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTE5MTUwMDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJmZmRjNTg3NzM1ZDI4MTk1Mjc4M2RmMjNiNzAyMTYxYTMwNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT4Z+HOQ1p7w9Q/ZHk3AS9apY6O6
Kstr9rdD/KuUawnUiUp4sc7x53+1/IsAW9w2x3d0Wb2wnJ9GjYGQWlJDEuddfN/5
tV85hR0L9t8pH16BW6XjcC+PT7z9mmwPZ/wfqcwX6KI+TO4yV6fAYJXOj4Iy8cKC
MubmYU/YlWpA9bTXIqudpBZFpWXOKAGf6zW++1iDPK7QNUZRduxS9qaW5YajS4rk
UcHdee7u/az0GtSkv/Xzp9JH/Qn9oQJ5+VNawK8TF/NHvi7t+YNH5IfQgNfCjgps
IOrAASeN8EmKGx7Nh+rowppOqG87TkFcc524aRZ7lDfDEUCcR7kAZZGdQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgv/cWHc10oGVJ4PfI7cCFhowRdMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYUNfOXhZZHpYU2daVW5nOThqdHdJV0dqQkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxGMA0G
CSqGSIb3DQEBCwUAA4IBAQCBqftYppZ/Ceqaz5Uj8J0gboT/h6a0q+MxtBCF9cvV
UHUrbpcBsEQA6hgEqWDAc/8xQkaTUgrk9TIAmihtBAqPT9n+ja3sTyzYNKHI+4LK
zV7fsIjcqB2sCnBGOPaQtKUHgZlocWK1uBAWPe80aTSMGsfrpBg5INCHJCwBA3Tv
HKp5WH4xDIhle0tyEzXSBXknsXLWrQiD2khHIbDc+xuATpKUyVEYJXH+XbSBvu7N
zQkguAt+A4Z8f9YXxhSWNdHFMfoBDVWCGPHOzPuz0bl79ojid5/apN0OF3IYojom
x/LwbtB5kGKzKMd3FNbiSXN0e/RAi4q8c0M841UT+0X4
-----END CERTIFICATE-----