Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/28ZcXxr21V3g8tkNu2SthAHESpQ.roa
File:                     28ZcXxr21V3g8tkNu2SthAHESpQ.roa (raw, json)
Hash identifier:          h2FWZ11G0T+okbMyTkF9rdPiR2xC/SmDqr6XsOWCmBI=
Subject key identifier:   DB:C6:5C:5F:1A:F6:D5:5D:E0:F2:D9:0D:BB:64:AD:84:01:C4:4A:94
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       019985BF7CD699447EEB304499967D6AB3C3
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/28ZcXxr21V3g8tkNu2SthAHESpQ.roa
Signing time:             Fri 26 Sep 2025 11:19:02 +0000
ROA not before:           Fri 26 Sep 2025 11:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207549
IP address blocks:        45.92.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:02:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:85:bf:7c:d6:99:44:7e:eb:30:44:99:96:7d:6a:b3:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Sep 26 11:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbc65c5f1af6d55de0f2d90dbb64ad8401c44a94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3b:16:3a:5a:cf:cc:0b:25:ea:36:40:b1:2d:
                    34:bc:30:40:4c:93:30:d1:60:96:01:30:a4:ba:de:
                    2e:4e:e9:b9:32:96:4a:3d:39:1d:ae:b5:da:1e:84:
                    c3:8e:ae:c9:12:67:31:6c:8f:5d:71:27:07:d9:62:
                    68:85:33:7d:5a:4e:a8:5b:05:df:d5:65:98:6e:e2:
                    46:f1:c8:e7:50:c4:e3:f4:8b:51:48:68:06:fa:df:
                    e6:01:a4:97:e1:6d:06:ba:65:f5:6d:fd:dc:87:f7:
                    cd:87:5d:08:c5:dc:23:7e:c5:e2:7d:00:a9:65:ff:
                    08:cc:19:ec:cc:e2:d9:1c:7b:4c:6d:3a:3b:74:54:
                    19:60:a1:a9:57:73:c9:8f:12:90:1b:bc:59:9b:61:
                    9a:8f:39:ec:3a:2b:87:75:7a:17:e2:53:d8:6d:a1:
                    9e:88:d2:6e:7b:99:11:50:33:5a:3d:64:2b:db:40:
                    87:df:f9:42:37:5c:ee:b0:41:0f:4f:d1:7c:6c:9e:
                    fd:02:6f:49:96:6a:86:ab:54:df:be:e5:97:1d:70:
                    f1:ac:18:17:5f:45:f2:71:9c:fc:f9:bc:bf:fe:9c:
                    5d:78:ea:f7:89:55:02:2f:97:b9:21:c3:16:37:6f:
                    b7:c5:0d:73:b1:d3:bc:06:83:6e:5f:5e:9c:39:af:
                    35:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C6:5C:5F:1A:F6:D5:5D:E0:F2:D9:0D:BB:64:AD:84:01:C4:4A:94
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/28ZcXxr21V3g8tkNu2SthAHESpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:fc:a0:31:a4:22:2b:3d:f1:ed:d3:e4:51:ce:97:73:59:07:
         46:92:d9:c8:5b:81:90:39:66:93:a3:35:f5:37:d2:0a:e6:8b:
         56:6d:b8:9a:35:ce:3f:72:3d:a5:38:09:af:ec:9b:f4:9d:9d:
         97:7b:f9:6f:de:d6:00:00:67:44:73:e4:8a:36:37:38:3c:1a:
         1c:c5:ec:e2:ab:8a:54:94:7c:34:73:f0:6a:37:69:b1:4a:27:
         7e:fc:0e:bd:c9:36:bf:7a:d9:ce:80:f7:89:b6:74:9e:53:1e:
         f6:59:f3:bb:08:a2:44:e0:67:4a:93:bf:6e:64:a2:1c:08:82:
         c0:e6:66:0f:6b:18:ce:85:8c:d9:fe:51:37:7f:dd:03:34:71:
         91:2e:33:d8:b4:2b:14:d2:a3:35:9e:fa:a4:62:92:ed:ed:95:
         f1:9d:fa:0f:9c:ef:6f:8d:60:6c:63:3e:91:75:ae:d5:be:c5:
         31:a3:27:bc:1f:f8:da:fc:f8:23:56:00:07:0b:c8:69:84:4d:
         48:73:da:6f:d4:73:ab:5d:6f:5d:53:c3:e4:fc:4d:21:83:ff:
         c0:a0:4e:a5:7d:44:60:6d:1f:ef:51:cd:90:85:24:f1:74:7e:
         e4:1c:28:73:61:7a:71:b9:87:94:c4:1b:1f:ab:f5:a0:dd:97:
         cf:32:26:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmFv3zWmUR+6zBEmZZ9arPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjUwOTI2MTExOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmM2NWM1ZjFhZjZkNTVkZTBmMmQ5MGRiYjY0YWQ4NDAxYzQ0YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTsWOlrPzAsl6jZAsS00vDBATJMw
0WCWATCkut4uTum5MpZKPTkdrrXaHoTDjq7JEmcxbI9dcScH2WJohTN9Wk6oWwXf
1WWYbuJG8cjnUMTj9ItRSGgG+t/mAaSX4W0GumX1bf3ch/fNh10IxdwjfsXifQCp
Zf8IzBnszOLZHHtMbTo7dFQZYKGpV3PJjxKQG7xZm2GajznsOiuHdXoX4lPYbaGe
iNJue5kRUDNaPWQr20CH3/lCN1zusEEPT9F8bJ79Am9JlmqGq1TfvuWXHXDxrBgX
X0XycZz8+by//pxdeOr3iVUCL5e5IcMWN2+3xQ1zsdO8BoNuX16cOa81pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNvGXF8a9tVd4PLZDbtkrYQBxEqUMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvMjhaY1h4cjIxVjNnOHRrTnUyU3RoQUhFU3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVwoMA0G
CSqGSIb3DQEBCwUAA4IBAQAW/KAxpCIrPfHt0+RRzpdzWQdGktnIW4GQOWaTozX1
N9IK5otWbbiaNc4/cj2lOAmv7Jv0nZ2Xe/lv3tYAAGdEc+SKNjc4PBocxeziq4pU
lHw0c/BqN2mxSid+/A69yTa/etnOgPeJtnSeUx72WfO7CKJE4GdKk79uZKIcCILA
5mYPaxjOhYzZ/lE3f90DNHGRLjPYtCsU0qM1nvqkYpLt7ZXxnfoPnO9vjWBsYz6R
da7VvsUxoye8H/ja/PgjVgAHC8hphE1Ic9pv1HOrXW9dU8Pk/E0hg//AoE6lfURg
bR/vUc2QhSTxdH7kHChzYXpxuYeUxBsfq/Wg3ZfPMiaK
-----END CERTIFICATE-----