Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/KBlKTtNnQaHkk-5YbbbibvBRTkE.roa
File:                     KBlKTtNnQaHkk-5YbbbibvBRTkE.roa (raw, json)
Hash identifier:          pSjaqLIK2LwqQhWseUSzS6Sqy0q3c8S6SmBuHYWrOsU=
Subject key identifier:   28:19:4A:4E:D3:67:41:A1:E4:93:EE:58:6D:B6:E2:6E:F0:51:4E:41
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       0199721BB9C478AE57D4B3B20441ADE0E36B
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/KBlKTtNnQaHkk-5YbbbibvBRTkE.roa
Signing time:             Mon 22 Sep 2025 15:47:23 +0000
ROA not before:           Mon 22 Sep 2025 15:47:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212983
IP address blocks:        45.95.188.0/24 maxlen: 24
                          94.131.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:72:1b:b9:c4:78:ae:57:d4:b3:b2:04:41:ad:e0:e3:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Sep 22 15:47:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28194a4ed36741a1e493ee586db6e26ef0514e41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:cd:b6:c4:9d:20:1e:02:23:b9:54:ed:f4:72:
                    3f:98:59:40:d3:22:e9:48:67:59:d0:84:84:76:aa:
                    bc:08:9b:b0:c2:e2:e5:f5:d5:bd:f8:26:f4:47:47:
                    ae:16:73:79:26:be:38:2b:d4:67:24:08:6b:97:81:
                    86:2e:78:3d:b3:d6:1a:ad:94:8e:93:d4:51:7c:5d:
                    88:3f:2b:bf:49:90:ba:8d:ef:f4:99:05:c0:61:4d:
                    4f:44:b1:f5:0d:ad:81:ae:ff:e2:b2:39:0c:2b:ab:
                    fa:9f:08:80:d6:96:6f:21:a2:77:e2:35:4e:f3:c7:
                    cf:88:af:da:43:d5:49:31:0a:e8:d0:b5:38:46:43:
                    d1:83:46:b3:fd:57:e2:27:1c:93:26:27:5e:3e:a0:
                    d7:a1:8d:6e:83:1c:39:c2:24:bf:57:20:a1:3d:37:
                    97:f9:4f:c7:ea:04:5e:85:20:ce:79:85:a6:af:15:
                    fa:4f:90:ac:54:6a:f1:17:32:8c:a6:21:b6:ea:7a:
                    cd:6a:d4:e3:41:d2:65:e6:cd:8d:4a:9a:e1:60:36:
                    34:b0:75:9f:fe:5d:a6:3c:9f:01:4c:0b:26:d7:16:
                    98:b3:1a:80:4d:60:0d:8d:ad:39:9b:7a:ff:b3:f5:
                    7f:19:52:39:36:f9:4f:67:45:ea:13:38:bc:55:85:
                    a5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:19:4A:4E:D3:67:41:A1:E4:93:EE:58:6D:B6:E2:6E:F0:51:4E:41
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/KBlKTtNnQaHkk-5YbbbibvBRTkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.188.0/24
                  94.131.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:8c:9b:c9:a5:9f:37:db:1d:01:c8:ff:17:46:b1:2e:7f:5f:
         15:25:91:72:fa:6a:b1:74:7f:ca:ad:74:f3:bd:10:bf:bd:86:
         9b:8c:8b:a6:07:ca:e7:10:21:a3:83:a4:b4:97:29:7e:88:50:
         59:fb:14:12:0d:0b:a1:17:a7:b4:92:d0:01:36:1a:98:d3:3d:
         b0:9f:91:a7:ec:25:00:2b:ad:c9:ca:d9:d7:76:cc:cd:ca:62:
         8c:1f:4b:b3:33:fe:04:3b:a3:53:eb:0e:45:1c:f5:fa:23:4f:
         29:dd:05:cf:cf:09:a5:00:a8:25:7d:ea:e3:a1:48:4e:ca:ac:
         24:1f:8b:05:93:c8:4e:1c:db:51:5c:40:9e:b7:37:85:f5:4e:
         68:79:75:a1:5c:f3:6c:21:08:14:01:4e:51:ba:43:13:62:ff:
         b3:6e:dd:57:d4:99:36:84:ed:bd:7b:e0:71:39:16:52:ed:82:
         e9:4f:f0:0d:e8:c2:6d:36:f5:31:04:8c:b4:84:cb:e0:35:2a:
         03:32:36:e0:cb:8b:e3:ca:f1:fc:2b:0f:eb:37:94:cd:c7:52:
         80:e6:da:9a:d3:f0:6f:d1:6b:e3:6e:c5:6a:85:68:10:cb:86:
         0e:67:6f:52:f5:d7:b5:b9:db:5d:d3:cc:f3:8e:29:4b:be:f8:
         a2:02:ac:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlyG7nEeK5X1LOyBEGt4ONrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwOTIyMTU0NzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODE5NGE0ZWQzNjc0MWExZTQ5M2VlNTg2ZGI2ZTI2ZWYwNTE0ZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1M22xJ0gHgIjuVTt9HI/mFlA0yLp
SGdZ0ISEdqq8CJuwwuLl9dW9+Cb0R0euFnN5Jr44K9RnJAhrl4GGLng9s9YarZSO
k9RRfF2IPyu/SZC6je/0mQXAYU1PRLH1Da2Brv/isjkMK6v6nwiA1pZvIaJ34jVO
88fPiK/aQ9VJMQro0LU4RkPRg0az/VfiJxyTJidePqDXoY1ugxw5wiS/VyChPTeX
+U/H6gRehSDOeYWmrxX6T5CsVGrxFzKMpiG26nrNatTjQdJl5s2NSprhYDY0sHWf
/l2mPJ8BTAsm1xaYsxqATWANja05m3r/s/V/GVI5NvlPZ0XqEzi8VYWl5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCgZSk7TZ0Gh5JPuWG224m7wUU5BMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvS0JsS1R0Tm5RYUhray01WWJiYmlidkJSVGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALV+8AwQA
XoPCMA0GCSqGSIb3DQEBCwUAA4IBAQANjJvJpZ832x0ByP8XRrEuf18VJZFy+mqx
dH/KrXTzvRC/vYabjIumB8rnECGjg6S0lyl+iFBZ+xQSDQuhF6e0ktABNhqY0z2w
n5Gn7CUAK63JytnXdszNymKMH0uzM/4EO6NT6w5FHPX6I08p3QXPzwmlAKglferj
oUhOyqwkH4sFk8hOHNtRXECetzeF9U5oeXWhXPNsIQgUAU5RukMTYv+zbt1X1Jk2
hO29e+BxORZS7YLpT/AN6MJtNvUxBIy0hMvgNSoDMjbgy4vjyvH8Kw/rN5TNx1KA
5tqa0/Bv0WvjbsVqhWgQy4YOZ29S9de1udtd08zzjilLvviiAqym
-----END CERTIFICATE-----