Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/44QLxIWS-gzFRDGGup_hZ8Ax0dg.roa
File:                     44QLxIWS-gzFRDGGup_hZ8Ax0dg.roa (raw, json)
Hash identifier:          jcwUWk+kHlIb/PUUBQun/7iId3TxXq3/k4Lpn6r7aes=
Subject key identifier:   E3:84:0B:C4:85:92:FA:0C:C5:44:31:86:BA:9F:E1:67:C0:31:D1:D8
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0199EB83AC2ED58ABA638F0076185910706C
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/44QLxIWS-gzFRDGGup_hZ8Ax0dg.roa
Signing time:             Thu 16 Oct 2025 05:34:58 +0000
ROA not before:           Thu 16 Oct 2025 05:34:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     46559
IP address blocks:        212.134.168.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:eb:83:ac:2e:d5:8a:ba:63:8f:00:76:18:59:10:70:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 16 05:34:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3840bc48592fa0cc5443186ba9fe167c031d1d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3d:3e:02:17:bf:ed:3c:fa:5b:c4:af:e2:4a:
                    fb:a9:7d:cc:33:dd:07:23:a5:3b:67:ef:c6:92:e4:
                    e9:67:1c:a5:bd:03:b5:06:5d:3d:7d:2e:37:a0:f1:
                    a6:b0:0d:02:74:a5:12:01:ce:0e:23:b0:b8:1e:f9:
                    cc:95:a8:d4:90:ec:5a:4e:7d:62:4a:54:ca:f8:3b:
                    73:87:b7:2e:fa:3f:fd:77:cd:2a:45:82:12:e3:9f:
                    92:e0:dd:39:b3:8c:38:4a:c0:41:98:f3:97:08:35:
                    37:65:05:f8:41:e2:6c:07:24:50:6a:76:90:64:cb:
                    aa:b4:19:cf:da:75:d1:bb:39:80:74:5c:90:e0:26:
                    ff:15:28:9d:97:83:1d:29:54:c0:16:0b:ff:af:70:
                    53:a9:ac:aa:ad:8e:d0:0a:7b:68:69:d2:f2:80:ae:
                    f2:6c:78:78:f3:07:63:2f:e9:f5:4c:b6:12:08:8c:
                    16:4c:20:5d:3d:1d:6d:c8:38:43:cc:20:6c:1a:06:
                    57:6f:10:9c:6b:f4:54:1b:cf:29:1c:2d:97:77:15:
                    2c:7a:d2:8a:93:a9:81:56:f2:09:17:ce:02:a4:1d:
                    73:39:9e:1b:70:19:6d:a0:4b:4c:c4:11:aa:4f:24:
                    59:51:43:2d:0d:9f:71:a3:aa:c0:eb:6e:d4:95:b7:
                    16:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:84:0B:C4:85:92:FA:0C:C5:44:31:86:BA:9F:E1:67:C0:31:D1:D8
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/44QLxIWS-gzFRDGGup_hZ8Ax0dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.134.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:4d:cb:8f:73:40:78:8d:2a:93:49:38:e7:61:10:0e:17:21:
         b6:29:4c:3f:41:19:ac:92:fb:83:ca:a6:68:a7:2b:af:8f:f5:
         51:41:f8:5e:a8:d5:71:12:7b:44:cd:7f:2d:a5:23:ed:a2:88:
         ee:d7:9c:fe:04:7a:ad:f8:a5:7e:5d:92:49:73:00:5c:06:1b:
         4f:a0:ac:69:e6:d3:ac:b7:b8:9d:58:78:39:ed:ec:44:39:84:
         fb:59:fd:04:25:bd:d8:af:d4:bb:31:83:e6:8c:74:28:a6:cb:
         7e:42:49:98:90:72:0a:bf:4f:37:a9:1f:72:fb:1d:04:e2:0e:
         82:79:00:89:c9:59:a9:be:e5:01:96:47:8b:85:97:d9:98:e8:
         6e:c1:29:e2:a5:e4:39:34:2c:62:9a:27:22:a8:fe:06:32:7c:
         d7:e0:e2:e9:9f:d4:5c:27:1d:af:8c:05:74:03:75:4b:4c:0c:
         65:60:e1:20:09:c9:7f:ab:ba:c4:2f:29:3c:90:d1:36:c2:ab:
         e7:2f:2e:ef:2b:a2:cc:11:fa:08:bc:bf:fd:bb:e8:bb:9b:46:
         4d:6c:fd:7e:1b:5c:ba:30:7f:40:cc:0e:83:4b:e4:4f:8b:6d:
         f1:7c:4c:fd:94:06:e6:42:34:03:6c:a1:7e:f1:28:26:e8:51:
         e6:41:0a:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnrg6wu1Yq6Y48AdhhZEHBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDE2MDUzNDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzg0MGJjNDg1OTJmYTBjYzU0NDMxODZiYTlmZTE2N2MwMzFkMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoD0+Ahe/7Tz6W8Sv4kr7qX3MM90H
I6U7Z+/GkuTpZxylvQO1Bl09fS43oPGmsA0CdKUSAc4OI7C4HvnMlajUkOxaTn1i
SlTK+Dtzh7cu+j/9d80qRYIS45+S4N05s4w4SsBBmPOXCDU3ZQX4QeJsByRQanaQ
ZMuqtBnP2nXRuzmAdFyQ4Cb/FSidl4MdKVTAFgv/r3BTqayqrY7QCntoadLygK7y
bHh48wdjL+n1TLYSCIwWTCBdPR1tyDhDzCBsGgZXbxCca/RUG88pHC2XdxUsetKK
k6mBVvIJF84CpB1zOZ4bcBltoEtMxBGqTyRZUUMtDZ9xo6rA627UlbcWJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOEC8SFkvoMxUQxhrqf4WfAMdHYMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvNDRRTHhJV1MtZ3pGUkRHR3VwX2haOEF4MGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1IaoMA0G
CSqGSIb3DQEBCwUAA4IBAQCQTcuPc0B4jSqTSTjnYRAOFyG2KUw/QRmskvuDyqZo
pyuvj/VRQfheqNVxEntEzX8tpSPtooju15z+BHqt+KV+XZJJcwBcBhtPoKxp5tOs
t7idWHg57exEOYT7Wf0EJb3Yr9S7MYPmjHQopst+QkmYkHIKv083qR9y+x0E4g6C
eQCJyVmpvuUBlkeLhZfZmOhuwSnipeQ5NCximiciqP4GMnzX4OLpn9RcJx2vjAV0
A3VLTAxlYOEgCcl/q7rELyk8kNE2wqvnLy7vK6LMEfoIvL/9u+i7m0ZNbP1+G1y6
MH9AzA6DS+RPi23xfEz9lAbmQjQDbKF+8Sgm6FHmQQr3
-----END CERTIFICATE-----