Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/4decjSm7V12aNuuaOgSqrc8uhn4.roa
File:                     4decjSm7V12aNuuaOgSqrc8uhn4.roa (raw, json)
Hash identifier:          0/IjMpYVZGZEVI1ijQhujVx7Rgim31GeLEc/N/7gSpM=
Subject key identifier:   E1:D7:9C:8D:29:BB:57:5D:9A:36:EB:9A:3A:04:AA:AD:CF:2E:86:7E
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       019943B469482D70F2D15DE9CF4AF77DB9B1
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/4decjSm7V12aNuuaOgSqrc8uhn4.roa
Signing time:             Sat 13 Sep 2025 15:32:00 +0000
ROA not before:           Sat 13 Sep 2025 15:32:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201186
IP address blocks:        45.151.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:43:b4:69:48:2d:70:f2:d1:5d:e9:cf:4a:f7:7d:b9:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Sep 13 15:32:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1d79c8d29bb575d9a36eb9a3a04aaadcf2e867e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1b:e2:e1:35:ee:28:3e:c4:56:bb:68:12:ac:
                    67:b0:60:b0:64:9d:c1:05:34:ad:80:aa:35:1b:e7:
                    fd:f8:7a:e4:a5:7a:41:c5:56:54:a9:ac:2a:e6:da:
                    46:ab:4c:09:7f:13:95:b3:0a:3c:77:a2:b5:bd:ff:
                    3a:ed:15:9b:0b:ca:7c:6c:45:c4:9b:84:33:8a:76:
                    14:b3:f7:b2:2d:b9:25:f2:5e:6c:3d:18:52:da:bd:
                    d6:21:84:29:eb:b4:f2:99:f9:7c:52:55:56:e0:24:
                    51:f4:73:6e:3b:8a:a8:2a:23:5d:fb:d6:03:ae:78:
                    2b:1c:d5:7a:05:9c:bb:7c:5e:44:fd:e2:90:48:63:
                    f5:e2:7b:ff:d1:7a:75:39:9b:43:a8:4c:ed:f6:71:
                    2b:a7:3a:d3:06:53:e1:41:a6:1b:02:b3:96:44:84:
                    1e:4d:b8:a3:57:bc:5d:7b:14:2c:52:be:68:f8:ae:
                    98:87:aa:47:29:de:aa:68:bc:57:b4:35:2a:ab:83:
                    ca:31:12:20:f1:41:39:c0:dd:81:74:69:57:b7:22:
                    72:be:b9:64:c1:7d:60:fa:fc:76:a5:41:25:9a:95:
                    92:40:74:a6:df:c0:37:bb:b4:e8:24:c4:ad:ca:52:
                    fd:ef:c1:c4:2b:c1:aa:31:56:29:76:7e:f8:01:6e:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D7:9C:8D:29:BB:57:5D:9A:36:EB:9A:3A:04:AA:AD:CF:2E:86:7E
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/4decjSm7V12aNuuaOgSqrc8uhn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:4b:b5:46:9c:3f:b3:03:ed:eb:66:e0:fe:f1:4b:21:aa:05:
         d7:9d:14:2a:6f:d4:20:74:49:5f:bc:9a:a9:7b:2e:98:0c:3a:
         6c:28:03:c3:f5:dc:eb:5d:2f:01:65:3d:38:20:b8:61:ef:4f:
         0c:9c:81:01:6b:cb:d0:36:e1:d6:14:d5:a1:2e:b3:c0:55:d1:
         17:16:d0:86:65:63:90:8b:eb:4a:53:ec:da:08:75:d8:c1:2f:
         f6:eb:a0:ce:89:14:f2:2a:2c:63:28:5e:4b:ca:c6:0f:63:3f:
         de:62:3d:09:fb:f3:90:9e:38:98:0f:e9:89:bb:27:9e:ff:02:
         83:3d:64:7e:8a:ed:4e:af:b4:bb:86:20:7c:a0:4a:e6:9a:9d:
         f0:53:9e:2d:07:09:bd:2b:75:ea:7c:1a:7d:5b:dd:4f:d0:9e:
         5d:ca:28:2e:d4:ef:d8:42:ea:46:16:de:a1:78:91:b3:7b:39:
         60:90:9d:57:1c:ab:ee:53:31:86:cd:bb:15:f7:f4:f3:dc:a9:
         3e:d5:d1:40:68:76:a4:c5:14:6e:4b:dd:1b:e8:f0:65:47:e2:
         b0:32:21:b6:8e:d2:1a:8c:e2:ef:3d:19:87:36:6d:04:5c:d5:
         b0:da:df:6b:e6:20:88:a2:1d:9f:68:c2:ae:5b:36:27:b5:d9:
         b7:37:46:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlDtGlILXDy0V3pz0r3fbmxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwOTEzMTUzMjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWQ3OWM4ZDI5YmI1NzVkOWEzNmViOWEzYTA0YWFhZGNmMmU4NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhvi4TXuKD7EVrtoEqxnsGCwZJ3B
BTStgKo1G+f9+HrkpXpBxVZUqawq5tpGq0wJfxOVswo8d6K1vf867RWbC8p8bEXE
m4QzinYUs/eyLbkl8l5sPRhS2r3WIYQp67Tymfl8UlVW4CRR9HNuO4qoKiNd+9YD
rngrHNV6BZy7fF5E/eKQSGP14nv/0Xp1OZtDqEzt9nErpzrTBlPhQaYbArOWRIQe
TbijV7xdexQsUr5o+K6Yh6pHKd6qaLxXtDUqq4PKMRIg8UE5wN2BdGlXtyJyvrlk
wX1g+vx2pUElmpWSQHSm38A3u7ToJMStylL978HEK8GqMVYpdn74AW58/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHXnI0pu1ddmjbrmjoEqq3PLoZ+MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvNGRlY2pTbTdWMTJhTnV1YU9nU3FyYzh1aG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZfpMA0G
CSqGSIb3DQEBCwUAA4IBAQAIS7VGnD+zA+3rZuD+8UshqgXXnRQqb9QgdElfvJqp
ey6YDDpsKAPD9dzrXS8BZT04ILhh708MnIEBa8vQNuHWFNWhLrPAVdEXFtCGZWOQ
i+tKU+zaCHXYwS/266DOiRTyKixjKF5LysYPYz/eYj0J+/OQnjiYD+mJuyee/wKD
PWR+iu1Or7S7hiB8oErmmp3wU54tBwm9K3XqfBp9W91P0J5dyigu1O/YQupGFt6h
eJGzezlgkJ1XHKvuUzGGzbsV9/Tz3Kk+1dFAaHakxRRuS90b6PBlR+KwMiG2jtIa
jOLvPRmHNm0EXNWw2t9r5iCIoh2faMKuWzYntdm3N0a3
-----END CERTIFICATE-----