Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/CMJdala6pFhg-m_hIMesxyzbTAk.roa
File:                     CMJdala6pFhg-m_hIMesxyzbTAk.roa (raw, json)
Hash identifier:          dvXeg+DcGeVh1vSS0AnLKUd1rN/dkpdkpg1fDCZ6b5g=
Subject key identifier:   08:C2:5D:6A:56:BA:A4:58:60:FA:6F:E1:20:C7:AC:C7:2C:DB:4C:09
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0198C7AA4FF51ACCA6573EBC0CF022DCAC3D
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/CMJdala6pFhg-m_hIMesxyzbTAk.roa
Signing time:             Wed 20 Aug 2025 13:28:04 +0000
ROA not before:           Wed 20 Aug 2025 13:28:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138160
IP address blocks:        45.141.168.0/23 maxlen: 24
                          148.222.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c7:aa:4f:f5:1a:cc:a6:57:3e:bc:0c:f0:22:dc:ac:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Aug 20 13:28:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08c25d6a56baa45860fa6fe120c7acc72cdb4c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3a:8c:1c:81:65:66:ca:fd:69:a7:b1:44:d9:
                    57:e9:da:65:94:06:a2:66:d3:fc:63:11:64:7c:6b:
                    64:7b:34:af:38:56:ca:93:0c:43:ac:fa:29:d7:78:
                    61:cf:37:f4:2e:24:fb:84:08:c8:71:4f:f8:35:a2:
                    2b:99:0b:d3:53:04:7a:3d:88:42:81:e5:88:69:45:
                    b2:15:74:00:a9:69:6b:53:cd:37:dc:a5:75:0b:09:
                    50:0c:45:e8:d3:a0:0c:82:13:ad:76:2d:ea:c7:e6:
                    7e:74:51:b3:04:1b:90:9b:4f:96:43:ef:f1:f6:c6:
                    36:e3:d6:eb:1d:5e:4c:9a:96:c9:a1:a7:8e:b3:bd:
                    fe:b6:47:6a:39:af:ae:8c:72:4e:0c:c7:98:9e:26:
                    c0:5f:40:4d:0a:6b:6c:b4:06:42:b9:78:cf:a2:f6:
                    2e:84:9a:bb:ed:3f:02:b5:1c:86:ba:a8:bb:ed:29:
                    7c:3a:71:33:87:9a:c9:5a:31:3c:c1:62:2f:01:e0:
                    08:8c:45:26:71:67:f0:81:a3:d5:59:02:27:04:31:
                    5a:d4:09:c0:7e:5f:46:c3:1d:3a:d3:33:d1:9d:c8:
                    07:f2:89:80:77:7c:7b:75:6c:1f:a5:21:7c:76:e8:
                    a4:6e:85:87:84:d8:6a:24:0b:8b:df:36:d7:95:a9:
                    0a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C2:5D:6A:56:BA:A4:58:60:FA:6F:E1:20:C7:AC:C7:2C:DB:4C:09
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/CMJdala6pFhg-m_hIMesxyzbTAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.168.0/23
                  148.222.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:f1:4f:a4:3f:90:86:00:df:9a:97:75:4f:77:27:9d:ce:3b:
         95:1f:5d:42:c0:82:b6:86:00:06:52:26:b7:38:69:59:8f:27:
         71:37:94:11:6d:5b:73:a5:e1:32:7a:0a:68:ca:11:ca:1e:41:
         a7:a1:6a:42:61:cd:74:de:e3:41:89:18:a7:49:b5:90:ec:b5:
         00:48:62:ce:a9:52:d7:04:c5:9a:da:5b:f2:30:a5:4f:ff:d1:
         35:d1:1a:a0:86:10:f8:55:70:2e:db:06:09:3c:88:87:83:82:
         04:b2:0d:66:31:fd:33:b7:b4:37:96:ae:33:2f:e4:03:cb:b0:
         1e:1c:34:51:fc:b3:27:d2:39:b5:02:ba:e7:fe:cf:e9:61:7d:
         2e:64:29:99:77:09:9b:62:63:29:45:6a:02:17:fa:d5:f6:0e:
         6e:f6:2a:d2:49:cd:58:d2:0e:42:1c:53:28:57:a9:eb:8d:40:
         20:ff:fb:eb:89:a6:55:67:28:34:7b:85:f4:e0:5a:84:42:d9:
         13:b7:84:5c:d4:03:5b:8a:8b:2d:d5:ac:27:1d:03:ac:bc:52:
         bb:1f:8b:00:69:de:3b:c5:f4:b8:71:27:21:a6:2d:e7:a9:de:
         1e:6a:84:f3:5d:d0:0e:de:31:49:1f:29:50:d1:f1:73:3d:a0:
         5c:63:60:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjHqk/1GsymVz68DPAi3Kw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwODIwMTMyODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGMyNWQ2YTU2YmFhNDU4NjBmYTZmZTEyMGM3YWNjNzJjZGI0YzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DqMHIFlZsr9aaexRNlX6dpllAai
ZtP8YxFkfGtkezSvOFbKkwxDrPop13hhzzf0LiT7hAjIcU/4NaIrmQvTUwR6PYhC
geWIaUWyFXQAqWlrU8033KV1CwlQDEXo06AMghOtdi3qx+Z+dFGzBBuQm0+WQ+/x
9sY249brHV5MmpbJoaeOs73+tkdqOa+ujHJODMeYnibAX0BNCmtstAZCuXjPovYu
hJq77T8CtRyGuqi77Sl8OnEzh5rJWjE8wWIvAeAIjEUmcWfwgaPVWQInBDFa1AnA
fl9Gwx060zPRncgH8omAd3x7dWwfpSF8duikboWHhNhqJAuL3zbXlakKswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAjCXWpWuqRYYPpv4SDHrMcs20wJMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvQ01KZGFsYTZwRmhnLW1faElNZXN4eXpiVEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY2oAwQC
lN7wMA0GCSqGSIb3DQEBCwUAA4IBAQAi8U+kP5CGAN+al3VPdyedzjuVH11CwIK2
hgAGUia3OGlZjydxN5QRbVtzpeEyegpoyhHKHkGnoWpCYc103uNBiRinSbWQ7LUA
SGLOqVLXBMWa2lvyMKVP/9E10RqghhD4VXAu2wYJPIiHg4IEsg1mMf0zt7Q3lq4z
L+QDy7AeHDRR/LMn0jm1Arrn/s/pYX0uZCmZdwmbYmMpRWoCF/rV9g5u9irSSc1Y
0g5CHFMoV6nrjUAg//vriaZVZyg0e4X04FqEQtkTt4Rc1ANbiost1awnHQOsvFK7
H4sAad47xfS4cSchpi3nqd4eaoTzXdAO3jFJHylQ0fFzPaBcY2Dn
-----END CERTIFICATE-----