Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/4fmXOv2Kgd432CXMCpVRy2AJtbo.roa
File:                     4fmXOv2Kgd432CXMCpVRy2AJtbo.roa (raw, json)
Hash identifier:          2TQeLzhsNOH6+/qpKP4Ba4rD86mzULZyqA9NmQY2j5A=
Subject key identifier:   E1:F9:97:3A:FD:8A:81:DE:37:D8:25:CC:0A:95:51:CB:60:09:B5:BA
Certificate issuer:       /CN=16fe0d024cddbaf868229122158971472b24cb4d
Certificate serial:       0198B1BD3682D2C7197103A55B942ACA5BF3
Authority key identifier: 16:FE:0D:02:4C:DD:BA:F8:68:22:91:22:15:89:71:47:2B:24:CB:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fv4NAkzduvhoIpEiFYlxRysky00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/4fmXOv2Kgd432CXMCpVRy2AJtbo.roa
Signing time:             Sat 16 Aug 2025 07:17:04 +0000
ROA not before:           Sat 16 Aug 2025 07:17:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393894
IP address blocks:        45.145.144.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/Fv4NAkzduvhoIpEiFYlxRysky00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/Fv4NAkzduvhoIpEiFYlxRysky00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fv4NAkzduvhoIpEiFYlxRysky00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 10:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b1:bd:36:82:d2:c7:19:71:03:a5:5b:94:2a:ca:5b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16fe0d024cddbaf868229122158971472b24cb4d
        Validity
            Not Before: Aug 16 07:17:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1f9973afd8a81de37d825cc0a9551cb6009b5ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:11:7d:47:79:f4:91:22:6f:a4:19:c0:7f:e4:
                    36:c6:5b:2e:84:c6:f8:ef:e1:9f:74:2a:31:62:0e:
                    2f:70:16:21:21:4e:40:1c:85:fa:a3:3b:18:91:23:
                    d9:2b:51:1e:36:fc:fc:f7:6c:73:59:95:c1:80:a3:
                    31:81:f6:04:67:f7:a1:bf:f3:88:8e:68:3d:da:51:
                    7a:ec:e2:92:dd:50:6d:89:d2:53:f4:ee:6f:ec:18:
                    22:b3:37:dc:37:0c:ad:8b:24:5b:d6:4a:57:61:fa:
                    fe:4f:52:f2:68:1f:8b:02:31:52:2b:a5:70:9e:e3:
                    f8:aa:2f:05:ba:33:51:e2:e2:03:57:8c:82:e7:84:
                    db:8b:cb:04:c8:69:d6:39:69:28:07:04:02:f3:95:
                    ec:5b:88:b6:14:5c:ec:04:e7:80:2b:27:1e:57:5d:
                    12:c6:55:2c:b2:2d:c3:c5:86:10:e6:98:08:e2:7c:
                    3c:2f:1e:f9:a6:14:e4:96:9d:47:7d:dc:1a:22:02:
                    af:cb:76:21:d2:27:40:7a:25:6f:3e:0e:ba:76:97:
                    94:0a:2c:1c:66:46:6e:cf:54:24:f3:fd:3d:58:eb:
                    ce:10:a9:b5:37:ef:41:87:21:8d:c4:c4:20:c6:2f:
                    6f:a2:d3:8e:26:97:5e:9c:be:eb:2a:27:cd:a0:6a:
                    93:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:F9:97:3A:FD:8A:81:DE:37:D8:25:CC:0A:95:51:CB:60:09:B5:BA
            X509v3 Authority Key Identifier:
                keyid:16:FE:0D:02:4C:DD:BA:F8:68:22:91:22:15:89:71:47:2B:24:CB:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fv4NAkzduvhoIpEiFYlxRysky00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/4fmXOv2Kgd432CXMCpVRy2AJtbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/4616d7-e808-4e47-a646-5b2f90df796d/1/Fv4NAkzduvhoIpEiFYlxRysky00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:be:ee:37:1c:d4:9c:d6:98:5a:9a:83:14:18:a5:18:d7:9d:
         c6:5e:b4:da:4f:a3:28:2c:fc:be:0f:ed:58:4c:c4:f6:de:c6:
         ce:41:e3:c3:53:83:71:3c:0f:79:a5:7e:c0:15:79:46:a5:0c:
         2e:0b:c0:b4:36:f6:87:8c:c0:91:08:4b:86:7f:c7:4a:5f:84:
         6b:80:64:91:ef:0d:61:e9:a4:70:cf:92:c4:89:b0:ee:3e:44:
         00:05:94:c4:45:58:ec:c3:0d:72:61:df:86:b0:da:68:c4:e2:
         62:6a:df:bb:c7:a7:d5:5f:ff:36:f2:71:57:62:a5:81:a6:65:
         ad:8b:68:ca:84:64:5e:90:0c:93:3f:8d:ff:b6:70:45:cc:01:
         6a:a1:c0:65:29:b4:3f:49:34:a7:7f:c9:a3:f0:2c:12:43:f3:
         7d:a0:8e:53:3d:f3:3f:ca:ab:c1:ab:08:74:52:e7:4f:dc:91:
         9e:6d:17:81:8b:e6:ee:da:55:8b:11:7a:de:31:0a:23:99:3a:
         b7:21:4b:3b:97:b0:6c:47:4b:3f:a7:4c:1d:65:3f:3f:9c:e3:
         2d:26:ac:16:a1:63:3b:7e:27:fc:8f:e2:29:88:62:73:07:82:
         d5:7e:1a:ff:03:92:10:a7:95:24:84:6d:5b:60:17:43:dc:ea:
         4e:2a:23:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZixvTaC0scZcQOlW5QqylvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZmUwZDAyNGNkZGJhZjg2ODIyOTEyMjE1ODk3MTQ3MmIy
NGNiNGQwHhcNMjUwODE2MDcxNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWY5OTczYWZkOGE4MWRlMzdkODI1Y2MwYTk1NTFjYjYwMDliNWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5BF9R3n0kSJvpBnAf+Q2xlsuhMb4
7+GfdCoxYg4vcBYhIU5AHIX6ozsYkSPZK1EeNvz892xzWZXBgKMxgfYEZ/ehv/OI
jmg92lF67OKS3VBtidJT9O5v7BgiszfcNwytiyRb1kpXYfr+T1LyaB+LAjFSK6Vw
nuP4qi8FujNR4uIDV4yC54Tbi8sEyGnWOWkoBwQC85XsW4i2FFzsBOeAKyceV10S
xlUssi3DxYYQ5pgI4nw8Lx75phTklp1HfdwaIgKvy3Yh0idAeiVvPg66dpeUCiwc
ZkZuz1Qk8/09WOvOEKm1N+9BhyGNxMQgxi9votOOJpdenL7rKifNoGqTswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOH5lzr9ioHeN9glzAqVUctgCbW6MB8GA1UdIwQY
MBaAFBb+DQJM3br4aCKRIhWJcUcrJMtNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnY0TkFremR1dmhvSXBFaUZZbHhSeXNreTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy80NjE2ZDctZTgwOC00ZTQ3LWE2NDYt
NWIyZjkwZGY3OTZkLzEvNGZtWE92MktnZDQzMkNYTUNwVlJ5MkFKdGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy80NjE2ZDctZTgwOC00ZTQ3LWE2NDYtNWIyZjkwZGY3OTZk
LzEvRnY0TkFremR1dmhvSXBFaUZZbHhSeXNreTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZGQMA0G
CSqGSIb3DQEBCwUAA4IBAQCnvu43HNSc1phamoMUGKUY153GXrTaT6MoLPy+D+1Y
TMT23sbOQePDU4NxPA95pX7AFXlGpQwuC8C0NvaHjMCRCEuGf8dKX4RrgGSR7w1h
6aRwz5LEibDuPkQABZTERVjsww1yYd+GsNpoxOJiat+7x6fVX/828nFXYqWBpmWt
i2jKhGRekAyTP43/tnBFzAFqocBlKbQ/STSnf8mj8CwSQ/N9oI5TPfM/yqvBqwh0
UudP3JGebReBi+bu2lWLEXreMQojmTq3IUs7l7BsR0s/p0wdZT8/nOMtJqwWoWM7
fif8j+IpiGJzB4LVfhr/A5IQp5UkhG1bYBdD3OpOKiNZ
-----END CERTIFICATE-----