Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/4cba7a-11d7-4624-851d-a7ca02c88e39/1/KiaDjTYmq6Nuv_HakZGoHxO1dPQ.roa
File:                     KiaDjTYmq6Nuv_HakZGoHxO1dPQ.roa (raw, json)
Hash identifier:          zaJBSu3WJ+4GT8UiOKSzXjTxspUORjdQRRXxILtHbuo=
Subject key identifier:   2A:26:83:8D:36:26:AB:A3:6E:BF:F1:DA:91:91:A8:1F:13:B5:74:F4
Certificate issuer:       /CN=fe0fd4769c82ffb49293041e9549d94bd12c1a17
Certificate serial:       0199F183ED45A577EFBDE4CAD4B2DF85ED99
Authority key identifier: FE:0F:D4:76:9C:82:FF:B4:92:93:04:1E:95:49:D9:4B:D1:2C:1A:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_g_UdpyC_7SSkwQelUnZS9EsGhc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/4cba7a-11d7-4624-851d-a7ca02c88e39/1/KiaDjTYmq6Nuv_HakZGoHxO1dPQ.roa
Signing time:             Fri 17 Oct 2025 09:32:58 +0000
ROA not before:           Fri 17 Oct 2025 09:32:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3164
IP address blocks:        45.143.56.0/24 maxlen: 24
                          45.143.57.0/24 maxlen: 24
                          45.143.58.0/24 maxlen: 24
                          45.143.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/4cba7a-11d7-4624-851d-a7ca02c88e39/1/_g_UdpyC_7SSkwQelUnZS9EsGhc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/4cba7a-11d7-4624-851d-a7ca02c88e39/1/_g_UdpyC_7SSkwQelUnZS9EsGhc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_g_UdpyC_7SSkwQelUnZS9EsGhc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:83:ed:45:a5:77:ef:bd:e4:ca:d4:b2:df:85:ed:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe0fd4769c82ffb49293041e9549d94bd12c1a17
        Validity
            Not Before: Oct 17 09:32:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a26838d3626aba36ebff1da9191a81f13b574f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fc:bf:11:9b:95:0b:13:9b:28:66:b5:60:9f:
                    6b:f9:17:1d:51:3d:3c:76:fd:59:9f:2d:72:99:8b:
                    7e:e1:34:ca:e1:3b:ad:37:ac:2f:f8:fc:fc:54:1f:
                    4e:57:1b:1b:95:bf:ab:da:f5:83:ce:4c:41:f8:cc:
                    e1:3b:67:4f:32:b1:33:a1:2a:f9:7b:e2:ba:cc:ae:
                    ee:ad:c5:0a:07:fc:96:f2:67:e8:41:fc:e1:16:df:
                    9a:ba:d5:3d:fd:e2:00:45:b2:58:3f:05:b5:64:71:
                    03:60:24:76:0e:0a:87:82:b6:e9:3a:a9:d2:5c:2b:
                    99:10:1d:1d:4a:61:9f:80:9e:89:69:fa:8f:61:b6:
                    64:49:10:1e:47:03:67:30:12:13:15:44:59:84:24:
                    72:e2:2f:f7:1e:ac:b8:84:42:4b:d0:bb:6a:bb:54:
                    b9:1c:16:d0:60:69:41:ed:17:02:8e:2c:7c:0f:bf:
                    a6:44:f1:87:69:f5:69:52:d2:04:d2:a7:04:bf:93:
                    eb:0c:9b:6b:1d:68:0b:19:b0:e1:a6:8a:73:72:aa:
                    0f:a3:b5:e3:1a:07:5c:45:8b:50:64:f9:6d:17:d1:
                    83:6f:a1:8f:b1:32:ac:50:45:f2:16:95:24:ae:dc:
                    ba:61:eb:20:98:67:38:80:1d:f0:de:6d:f0:15:2d:
                    aa:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:26:83:8D:36:26:AB:A3:6E:BF:F1:DA:91:91:A8:1F:13:B5:74:F4
            X509v3 Authority Key Identifier:
                keyid:FE:0F:D4:76:9C:82:FF:B4:92:93:04:1E:95:49:D9:4B:D1:2C:1A:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_g_UdpyC_7SSkwQelUnZS9EsGhc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4cba7a-11d7-4624-851d-a7ca02c88e39/1/KiaDjTYmq6Nuv_HakZGoHxO1dPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/4cba7a-11d7-4624-851d-a7ca02c88e39/1/_g_UdpyC_7SSkwQelUnZS9EsGhc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:cf:23:01:a2:de:56:54:07:3a:2a:a8:c0:e1:de:4e:2f:c6:
         61:ad:65:a3:1f:55:39:b0:57:87:f4:ec:1a:b0:2b:ff:a0:48:
         03:60:a1:9b:99:d0:dc:e0:f3:72:e9:ca:33:bb:1f:94:da:0f:
         15:b6:02:8f:58:04:43:ee:60:5c:60:90:ac:5c:34:78:93:48:
         7b:5b:10:2f:67:8c:9b:da:a0:46:27:13:89:9c:c0:e3:89:7d:
         8e:11:c1:55:42:bd:51:c3:76:9f:3d:a2:81:93:6d:27:1e:c0:
         68:96:31:48:57:90:24:16:89:35:79:d9:23:c8:02:82:1f:15:
         35:bd:f6:a3:66:e8:7f:35:1b:d4:6f:4e:8e:ef:cf:01:65:3a:
         1a:b6:05:5d:fa:d3:81:bd:4d:af:88:03:fb:08:20:5f:4d:7d:
         58:de:5c:4e:2d:6f:2a:a8:b6:a9:da:49:96:f8:ef:fd:66:75:
         9e:80:a5:dd:e9:2d:7d:3b:a0:fb:01:b9:00:a7:d9:f7:16:d9:
         a7:54:05:ea:44:ac:12:5d:24:51:ad:ea:8c:4b:27:d3:52:40:
         fe:ee:27:3a:43:49:af:8e:f0:aa:64:cd:b1:b4:c0:ab:0f:e9:
         6b:98:9d:66:71:60:b9:87:44:a3:1f:d8:1e:78:f7:c5:b8:ef:
         84:f0:b1:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnxg+1FpXfvveTK1LLfhe2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMGZkNDc2OWM4MmZmYjQ5MjkzMDQxZTk1NDlkOTRiZDEy
YzFhMTcwHhcNMjUxMDE3MDkzMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTI2ODM4ZDM2MjZhYmEzNmViZmYxZGE5MTkxYTgxZjEzYjU3NGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvy/EZuVCxObKGa1YJ9r+RcdUT08
dv1Zny1ymYt+4TTK4TutN6wv+Pz8VB9OVxsblb+r2vWDzkxB+MzhO2dPMrEzoSr5
e+K6zK7urcUKB/yW8mfoQfzhFt+autU9/eIARbJYPwW1ZHEDYCR2DgqHgrbpOqnS
XCuZEB0dSmGfgJ6JafqPYbZkSRAeRwNnMBITFURZhCRy4i/3Hqy4hEJL0Ltqu1S5
HBbQYGlB7RcCjix8D7+mRPGHafVpUtIE0qcEv5PrDJtrHWgLGbDhpopzcqoPo7Xj
GgdcRYtQZPltF9GDb6GPsTKsUEXyFpUkrty6YesgmGc4gB3w3m3wFS2qxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFComg402Jqujbr/x2pGRqB8TtXT0MB8GA1UdIwQY
MBaAFP4P1Hacgv+0kpMEHpVJ2UvRLBoXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2dfVWRweUNfN1NTa3dRZWxVblpTOUVzR2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC80Y2JhN2EtMTFkNy00NjI0LTg1MWQt
YTdjYTAyYzg4ZTM5LzEvS2lhRGpUWW1xNk51dl9IYWtaR29IeE8xZFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC80Y2JhN2EtMTFkNy00NjI0LTg1MWQtYTdjYTAyYzg4ZTM5
LzEvX2dfVWRweUNfN1NTa3dRZWxVblpTOUVzR2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY84MA0G
CSqGSIb3DQEBCwUAA4IBAQCFzyMBot5WVAc6KqjA4d5OL8ZhrWWjH1U5sFeH9Owa
sCv/oEgDYKGbmdDc4PNy6cozux+U2g8VtgKPWARD7mBcYJCsXDR4k0h7WxAvZ4yb
2qBGJxOJnMDjiX2OEcFVQr1Rw3afPaKBk20nHsBoljFIV5AkFok1edkjyAKCHxU1
vfajZuh/NRvUb06O788BZToatgVd+tOBvU2viAP7CCBfTX1Y3lxOLW8qqLap2kmW
+O/9ZnWegKXd6S19O6D7AbkAp9n3FtmnVAXqRKwSXSRRreqMSyfTUkD+7ic6Q0mv
jvCqZM2xtMCrD+lrmJ1mcWC5h0SjH9geePfFuO+E8LEA
-----END CERTIFICATE-----