Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/1zKIP7xP-3mviAaLxu-Q9kO8TDw.roa
File:                     1zKIP7xP-3mviAaLxu-Q9kO8TDw.roa (raw, json)
Hash identifier:          i+hbxTxfZVrUKiiV4ml6H+EfTXIaAVLa/rzpycnZQE0=
Subject key identifier:   D7:32:88:3F:BC:4F:FB:79:AF:88:06:8B:C6:EF:90:F6:43:BC:4C:3C
Certificate issuer:       /CN=4ce90379bd8d04374b3adef060d51ae215710935
Certificate serial:       01987A354B05F18E9224714BCDE59F89CDB1
Authority key identifier: 4C:E9:03:79:BD:8D:04:37:4B:3A:DE:F0:60:D5:1A:E2:15:71:09:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/1zKIP7xP-3mviAaLxu-Q9kO8TDw.roa
Signing time:             Tue 05 Aug 2025 12:29:29 +0000
ROA not before:           Tue 05 Aug 2025 12:29:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202870
IP address blocks:        45.137.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7a:35:4b:05:f1:8e:92:24:71:4b:cd:e5:9f:89:cd:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ce90379bd8d04374b3adef060d51ae215710935
        Validity
            Not Before: Aug  5 12:29:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d732883fbc4ffb79af88068bc6ef90f643bc4c3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b2:2c:e6:35:f0:91:00:b3:cc:ff:7d:c6:da:
                    5e:81:64:33:32:48:01:a8:9a:53:1e:20:12:9f:34:
                    0f:52:10:09:60:d7:4a:51:fd:25:57:82:55:2c:e9:
                    e5:c2:e8:42:31:6d:e3:9e:31:e8:c1:96:66:bc:5d:
                    25:0c:37:ce:f5:0b:be:ee:71:71:f7:a3:8c:33:92:
                    2e:ba:ff:2f:f0:a4:16:11:9f:48:c1:b1:cb:f3:e0:
                    ae:f9:75:22:bb:e8:aa:fb:30:6c:42:1c:6b:70:d6:
                    c9:b8:74:cf:86:3f:fe:68:e2:2e:0b:af:0f:6e:e2:
                    a0:c1:50:1e:26:be:72:6a:d1:23:de:34:43:05:71:
                    42:e0:21:80:2e:02:11:b2:0c:82:e0:6b:a7:f9:c2:
                    4d:77:1b:da:41:13:42:74:17:20:d1:c8:fa:fd:b1:
                    3a:b3:b0:73:03:17:9e:63:b2:dd:73:d7:07:52:4a:
                    bb:b7:dd:7e:17:ca:4d:14:9a:f5:a0:07:f1:13:44:
                    3b:c3:b0:ea:9b:a5:56:11:7e:e3:76:4e:ed:90:4d:
                    0d:49:85:76:c6:dd:fb:0d:bb:dc:4a:aa:fc:70:39:
                    b0:86:3f:fc:25:fd:4d:b3:c8:11:f0:56:46:4a:eb:
                    51:98:a1:42:e8:5a:41:23:9e:68:e2:29:a7:a5:d8:
                    fc:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:32:88:3F:BC:4F:FB:79:AF:88:06:8B:C6:EF:90:F6:43:BC:4C:3C
            X509v3 Authority Key Identifier:
                keyid:4C:E9:03:79:BD:8D:04:37:4B:3A:DE:F0:60:D5:1A:E2:15:71:09:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TOkDeb2NBDdLOt7wYNUa4hVxCTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/1zKIP7xP-3mviAaLxu-Q9kO8TDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9bacf8-146c-4b63-9d36-8200b86603b1/1/TOkDeb2NBDdLOt7wYNUa4hVxCTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:99:65:27:a4:b6:7d:77:31:40:eb:65:c3:a6:d9:f3:ef:32:
         20:72:b5:92:7f:16:52:2f:17:af:4d:08:c5:3f:53:c3:b4:32:
         47:22:af:1c:e5:23:bf:a9:4c:94:bf:ce:44:9a:d7:0c:a2:35:
         93:38:17:b2:ff:3e:45:2e:72:59:96:a5:2f:f5:55:d3:9e:74:
         07:7d:c7:af:55:63:33:3f:1f:df:2d:8e:77:34:dd:d0:a9:3e:
         58:2d:9d:aa:72:1c:6f:54:a3:8c:ad:22:ac:fa:bc:2d:0e:3b:
         dc:5a:cd:9a:39:dc:dc:68:53:82:3d:f3:37:20:03:e5:15:13:
         63:ef:9e:0a:a3:0b:a1:f4:73:aa:bc:d1:3d:02:64:e1:89:7d:
         b1:aa:8d:f1:65:e2:3a:3d:50:25:0d:3c:2e:68:55:88:81:a3:
         7c:9d:09:a9:5c:12:87:05:28:19:b6:d8:ae:64:a1:4b:da:dc:
         23:c7:f7:c5:79:5f:ac:d9:e9:09:c4:e3:a5:c6:91:ab:86:38:
         56:8a:bd:06:72:9e:85:70:7b:3f:38:ec:2a:4c:ab:18:6f:d3:
         0a:f8:e4:14:89:f4:6f:62:8c:0f:d5:d9:67:de:70:0d:8a:d3:
         a6:a8:16:d1:dc:5c:ea:c6:87:62:e1:05:34:88:c3:88:f8:ae:
         17:81:a1:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh6NUsF8Y6SJHFLzeWfic2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZTkwMzc5YmQ4ZDA0Mzc0YjNhZGVmMDYwZDUxYWUyMTU3
MTA5MzUwHhcNMjUwODA1MTIyOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzMyODgzZmJjNGZmYjc5YWY4ODA2OGJjNmVmOTBmNjQzYmM0YzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobIs5jXwkQCzzP99xtpegWQzMkgB
qJpTHiASnzQPUhAJYNdKUf0lV4JVLOnlwuhCMW3jnjHowZZmvF0lDDfO9Qu+7nFx
96OMM5Iuuv8v8KQWEZ9IwbHL8+Cu+XUiu+iq+zBsQhxrcNbJuHTPhj/+aOIuC68P
buKgwVAeJr5yatEj3jRDBXFC4CGALgIRsgyC4Gun+cJNdxvaQRNCdBcg0cj6/bE6
s7BzAxeeY7Ldc9cHUkq7t91+F8pNFJr1oAfxE0Q7w7Dqm6VWEX7jdk7tkE0NSYV2
xt37DbvcSqr8cDmwhj/8Jf1Ns8gR8FZGSutRmKFC6FpBI55o4imnpdj84QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcyiD+8T/t5r4gGi8bvkPZDvEw8MB8GA1UdIwQY
MBaAFEzpA3m9jQQ3Szre8GDVGuIVcQk1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVE9rRGViMk5CRGRMT3Q3d1lOVWE0aFZ4Q1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85YmFjZjgtMTQ2Yy00YjYzLTlkMzYt
ODIwMGI4NjYwM2IxLzEvMXpLSVA3eFAtM212aUFhTHh1LVE5a084VER3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85YmFjZjgtMTQ2Yy00YjYzLTlkMzYtODIwMGI4NjYwM2Ix
LzEvVE9rRGViMk5CRGRMT3Q3d1lOVWE0aFZ4Q1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYnqMA0G
CSqGSIb3DQEBCwUAA4IBAQA3mWUnpLZ9dzFA62XDptnz7zIgcrWSfxZSLxevTQjF
P1PDtDJHIq8c5SO/qUyUv85EmtcMojWTOBey/z5FLnJZlqUv9VXTnnQHfcevVWMz
Px/fLY53NN3QqT5YLZ2qchxvVKOMrSKs+rwtDjvcWs2aOdzcaFOCPfM3IAPlFRNj
754Kowuh9HOqvNE9AmThiX2xqo3xZeI6PVAlDTwuaFWIgaN8nQmpXBKHBSgZttiu
ZKFL2twjx/fFeV+s2ekJxOOlxpGrhjhWir0Gcp6FcHs/OOwqTKsYb9MK+OQUifRv
YowP1dln3nANitOmqBbR3Fzqxodi4QU0iMOI+K4XgaGJ
-----END CERTIFICATE-----