Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/42CjYtEdb560zBE5iE-FjXNgLNg.roa
File:                     42CjYtEdb560zBE5iE-FjXNgLNg.roa (raw, json)
Hash identifier:          Bpc9IqmLfph6gfKdNT8vWp0BbeTAfvy9GDJX8BuZtS4=
Subject key identifier:   E3:60:A3:62:D1:1D:6F:9E:B4:CC:11:39:88:4F:85:8D:73:60:2C:D8
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01987ACC5A39F2EFCF2A7D2A59BA59F4BAA4
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/42CjYtEdb560zBE5iE-FjXNgLNg.roa
Signing time:             Tue 05 Aug 2025 15:14:29 +0000
ROA not before:           Tue 05 Aug 2025 15:14:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273015
IP address blocks:        45.81.105.0/24 maxlen: 24
                          45.81.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:cc:5a:39:f2:ef:cf:2a:7d:2a:59:ba:59:f4:ba:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Aug  5 15:14:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e360a362d11d6f9eb4cc1139884f858d73602cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:29:85:30:ee:31:5d:6e:64:2c:a5:2f:fd:77:
                    37:84:88:5c:01:d4:4e:c0:c9:c1:d5:dc:f8:2d:90:
                    86:9b:9c:68:fb:04:c6:da:57:6f:0d:a3:57:ce:75:
                    4c:d8:12:b0:e3:b4:66:28:26:d1:7c:fe:45:eb:06:
                    75:33:b1:b8:66:49:42:d0:db:bf:0a:d9:46:89:94:
                    d9:39:5a:a3:c5:24:3d:cc:16:35:f9:64:37:90:1c:
                    3e:4d:59:72:36:c3:bd:56:a9:4f:53:65:fe:70:67:
                    a9:16:b7:5c:ec:5b:0f:df:d3:6b:c6:89:44:87:f4:
                    e4:e9:11:f0:01:2e:60:d7:78:1c:2d:59:63:04:02:
                    86:6d:2a:a6:e4:92:ff:87:ac:c0:25:77:69:21:a6:
                    be:39:02:f8:8a:47:86:f0:4c:b3:1d:69:00:cf:af:
                    0f:6e:71:d5:c2:93:92:f8:18:96:45:32:f8:b6:25:
                    1f:0f:c0:9f:8d:22:20:5a:c4:e3:72:37:8c:c0:f7:
                    0e:49:96:bc:05:66:35:2e:f9:cb:cf:77:65:5e:ea:
                    82:13:79:19:da:d8:9c:01:23:6f:23:e5:28:a8:ef:
                    2c:b4:5a:3a:96:1f:00:e0:51:19:c4:b7:bf:97:c0:
                    45:39:0d:1f:8f:9e:49:5a:5d:cb:b0:3b:a1:85:ac:
                    59:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:60:A3:62:D1:1D:6F:9E:B4:CC:11:39:88:4F:85:8D:73:60:2C:D8
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/42CjYtEdb560zBE5iE-FjXNgLNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.105.0-45.81.106.255

    Signature Algorithm: sha256WithRSAEncryption
         c2:fc:eb:27:da:c2:91:c9:b8:f9:e7:a2:1e:c3:2d:dd:6d:64:
         15:d5:a8:e3:1b:23:c2:68:43:72:e8:bf:57:d6:5e:9a:a5:d8:
         5e:56:90:ee:8a:ca:0b:83:8e:1f:27:10:a8:ee:f0:bb:5b:9f:
         1e:67:9f:5b:4f:d3:97:bb:c1:32:c7:be:a8:fa:67:f7:04:1f:
         7a:4b:9f:df:38:4c:9d:f4:03:ac:9c:f7:62:b3:20:c1:00:17:
         d3:a5:55:36:16:96:f5:1c:6a:48:a7:94:43:5a:fe:23:00:68:
         23:41:41:a0:4c:40:08:da:6b:40:89:e0:77:93:d5:27:65:81:
         5c:de:18:57:a9:17:b6:80:df:21:56:1f:ca:c1:94:67:e5:33:
         27:e7:5f:38:02:e4:0b:0f:34:ad:af:21:55:c4:a6:41:31:92:
         e4:52:47:39:60:fe:22:5e:e5:f7:21:ff:99:db:8f:f3:c3:ab:
         43:a5:64:25:69:12:66:72:d9:db:b2:7e:c7:1c:8e:c7:b6:7e:
         22:e9:60:c1:a4:0f:3f:18:54:bc:03:28:02:76:2a:3c:b8:ab:
         bf:19:a4:fe:33:fd:b5:61:56:4a:f3:bb:12:ca:b4:f9:6e:32:
         62:48:50:8a:2b:e7:48:4c:9d:e1:b4:91:6e:b2:c3:a9:90:ef:
         01:21:be:aa
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZh6zFo58u/PKn0qWbpZ9LqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwODA1MTUxNDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYwYTM2MmQxMWQ2ZjllYjRjYzExMzk4ODRmODU4ZDczNjAyY2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSmFMO4xXW5kLKUv/Xc3hIhcAdRO
wMnB1dz4LZCGm5xo+wTG2ldvDaNXznVM2BKw47RmKCbRfP5F6wZ1M7G4ZklC0Nu/
CtlGiZTZOVqjxSQ9zBY1+WQ3kBw+TVlyNsO9VqlPU2X+cGepFrdc7FsP39NrxolE
h/Tk6RHwAS5g13gcLVljBAKGbSqm5JL/h6zAJXdpIaa+OQL4ikeG8EyzHWkAz68P
bnHVwpOS+BiWRTL4tiUfD8CfjSIgWsTjcjeMwPcOSZa8BWY1LvnLz3dlXuqCE3kZ
2ticASNvI+UoqO8stFo6lh8A4FEZxLe/l8BFOQ0fj55JWl3LsDuhhaxZnQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFONgo2LRHW+etMwROYhPhY1zYCzYMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvNDJDall0RWRiNTYwekJFNWlFLUZqWE5nTE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtUWkD
BAAtUWowDQYJKoZIhvcNAQELBQADggEBAML86yfawpHJuPnnoh7DLd1tZBXVqOMb
I8JoQ3Lov1fWXpql2F5WkO6KyguDjh8nEKju8Ltbnx5nn1tP05e7wTLHvqj6Z/cE
H3pLn984TJ30A6yc92KzIMEAF9OlVTYWlvUcakinlENa/iMAaCNBQaBMQAjaa0CJ
4HeT1SdlgVzeGFepF7aA3yFWH8rBlGflMyfnXzgC5AsPNK2vIVXEpkExkuRSRzlg
/iJe5fch/5nbj/PDq0OlZCVpEmZy2duyfsccjse2fiLpYMGkDz8YVLwDKAJ2Kjy4
q78ZpP4z/bVhVkrzuxLKtPluMmJIUIor50hMneG0kW6yw6mQ7wEhvqo=
-----END CERTIFICATE-----