Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7xtOez-T4PE1cE0jgxwJ9HG5t4c.roa
File:                     7xtOez-T4PE1cE0jgxwJ9HG5t4c.roa (raw, json)
Hash identifier:          nVxjvE2a6oRWqWlm2pGZ0ouClObWBQFm5hNNtz0ElwU=
Subject key identifier:   EF:1B:4E:7B:3F:93:E0:F1:35:70:4D:23:83:1C:09:F4:71:B9:B7:87
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0199A9892AD00D88592DB418A05BCA70FB29
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7xtOez-T4PE1cE0jgxwJ9HG5t4c.roa
Signing time:             Fri 03 Oct 2025 10:06:02 +0000
ROA not before:           Fri 03 Oct 2025 10:06:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273285
IP address blocks:        45.142.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a9:89:2a:d0:0d:88:59:2d:b4:18:a0:5b:ca:70:fb:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct  3 10:06:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef1b4e7b3f93e0f135704d23831c09f471b9b787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c4:c9:15:4e:b1:75:c9:73:a3:7a:a7:10:14:
                    17:1b:74:8f:47:7a:5e:59:57:f3:1b:36:62:e8:a3:
                    f9:48:82:fa:66:c0:85:d1:1b:9a:75:6c:93:f7:0c:
                    16:92:a4:ad:50:89:d9:e4:5b:11:cb:89:0f:c4:a0:
                    8a:66:fe:d0:6c:89:12:1f:3c:a2:71:f5:82:24:5d:
                    fb:32:b5:e7:5b:bc:c4:7e:ff:a0:6b:cb:15:16:a3:
                    d9:df:96:31:0f:56:d2:29:0e:4a:2b:70:67:b6:16:
                    27:dc:7c:0b:b0:bf:27:a8:e8:91:19:30:4b:1c:89:
                    93:e9:97:1a:20:3b:f9:d3:31:70:05:6b:8a:56:0f:
                    80:2c:b5:5d:7a:5b:52:54:47:01:eb:36:d0:f7:52:
                    b8:e1:d1:65:90:89:4f:83:6b:30:72:48:16:85:09:
                    bd:76:2e:e4:0e:d8:e6:bc:d0:5f:22:4f:d4:9e:b3:
                    6e:ea:b4:17:46:db:c8:82:3a:ba:2e:e7:1e:ee:be:
                    5d:dd:ef:0b:90:00:7d:f1:8d:72:17:5e:c3:64:0f:
                    4a:b4:bf:62:0f:0c:48:4f:f8:47:05:2e:8f:b7:04:
                    2d:e8:75:cd:7e:5e:18:e7:5c:a3:48:d5:a7:d9:11:
                    de:b4:62:4b:5c:2a:5e:de:a7:35:e3:7b:82:e9:51:
                    0b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:1B:4E:7B:3F:93:E0:F1:35:70:4D:23:83:1C:09:F4:71:B9:B7:87
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/7xtOez-T4PE1cE0jgxwJ9HG5t4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:b6:fb:f7:ce:69:35:7e:06:d0:6f:e6:a8:64:5e:e3:8f:bf:
         d8:0c:6a:40:00:37:79:67:43:f1:d1:d2:16:da:ad:45:58:5b:
         05:ce:6d:c5:ca:d7:97:54:e8:34:25:89:26:c1:3d:54:65:18:
         46:69:59:de:4b:57:68:92:60:9c:78:2b:60:24:3a:72:8c:a8:
         95:fe:bd:b2:30:d1:f5:2f:5c:31:91:e4:d8:86:24:27:6c:91:
         a7:9b:21:1b:fa:c9:9d:90:8e:70:84:f1:9e:53:b7:7f:a3:2b:
         1f:e6:bf:ef:34:7e:16:d6:7f:9a:e4:5d:06:55:fd:6c:5c:81:
         76:e0:8b:e7:17:a0:98:2e:02:0e:3f:9c:3e:70:de:68:aa:87:
         57:82:71:7b:e4:dc:a0:bc:99:a9:7f:e1:39:92:f6:5e:74:fe:
         48:63:10:27:c1:83:0f:a7:51:39:5b:7f:79:71:ac:06:ad:ea:
         5e:23:18:09:94:6d:90:5d:d0:3c:a7:a2:f4:1b:2b:15:ef:fa:
         95:44:83:bb:83:bb:eb:37:3c:ec:cd:87:37:2b:4b:34:60:ec:
         22:cd:fd:18:b6:2d:f6:c2:a7:9a:85:fb:76:f2:6b:7b:09:24:
         a0:b8:b7:38:6a:bd:d5:1a:71:a0:b8:02:53:ff:23:45:e0:a1:
         60:de:cd:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmpiSrQDYhZLbQYoFvKcPspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMDAzMTAwNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjFiNGU3YjNmOTNlMGYxMzU3MDRkMjM4MzFjMDlmNDcxYjliNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcTJFU6xdclzo3qnEBQXG3SPR3pe
WVfzGzZi6KP5SIL6ZsCF0RuadWyT9wwWkqStUInZ5FsRy4kPxKCKZv7QbIkSHzyi
cfWCJF37MrXnW7zEfv+ga8sVFqPZ35YxD1bSKQ5KK3BnthYn3HwLsL8nqOiRGTBL
HImT6ZcaIDv50zFwBWuKVg+ALLVdeltSVEcB6zbQ91K44dFlkIlPg2swckgWhQm9
di7kDtjmvNBfIk/UnrNu6rQXRtvIgjq6Luce7r5d3e8LkAB98Y1yF17DZA9KtL9i
DwxIT/hHBS6PtwQt6HXNfl4Y51yjSNWn2RHetGJLXCpe3qc143uC6VELQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8bTns/k+DxNXBNI4McCfRxubeHMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvN3h0T2V6LVQ0UEUxY0Uwamd4d0o5SEc1dDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4pMA0G
CSqGSIb3DQEBCwUAA4IBAQAOtvv3zmk1fgbQb+aoZF7jj7/YDGpAADd5Z0Px0dIW
2q1FWFsFzm3FyteXVOg0JYkmwT1UZRhGaVneS1dokmCceCtgJDpyjKiV/r2yMNH1
L1wxkeTYhiQnbJGnmyEb+smdkI5whPGeU7d/oysf5r/vNH4W1n+a5F0GVf1sXIF2
4IvnF6CYLgIOP5w+cN5oqodXgnF75NygvJmpf+E5kvZedP5IYxAnwYMPp1E5W395
cawGrepeIxgJlG2QXdA8p6L0GysV7/qVRIO7g7vrNzzszYc3K0s0YOwizf0Yti32
wqeahft28mt7CSSguLc4ar3VGnGguAJT/yNF4KFg3s2X
-----END CERTIFICATE-----