Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/kB9cAhV9F3NlODRT7TjrXEPyRnA.roa
File:                     kB9cAhV9F3NlODRT7TjrXEPyRnA.roa (raw, json)
Hash identifier:          F03Hqfl3wd5NxqjFi4e8XEepN0xlDsOdLzMn6Oyc4yM=
Subject key identifier:   90:1F:5C:02:15:7D:17:73:65:38:34:53:ED:38:EB:5C:43:F2:46:70
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       01986551C20E05B55E1921140C2E1248EB7F
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/kB9cAhV9F3NlODRT7TjrXEPyRnA.roa
Signing time:             Fri 01 Aug 2025 11:08:33 +0000
ROA not before:           Fri 01 Aug 2025 11:08:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        45.134.217.0/24 maxlen: 24
                          45.134.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:65:51:c2:0e:05:b5:5e:19:21:14:0c:2e:12:48:eb:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Aug  1 11:08:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=901f5c02157d177365383453ed38eb5c43f24670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:42:4a:e4:68:23:94:b0:97:cc:f0:02:45:a6:
                    0d:5f:57:e1:8e:06:d9:76:3e:13:ca:7b:77:8a:f5:
                    81:85:ad:73:2f:d9:c8:41:04:ef:6a:8c:45:64:5a:
                    cb:a1:2b:8b:28:61:7c:e9:c0:40:87:c0:9b:55:64:
                    6a:24:dd:03:8a:31:7b:92:e1:f6:4f:4f:eb:ba:bc:
                    15:aa:49:54:fd:e8:ad:58:cc:fc:85:0c:87:c9:4b:
                    e6:51:25:fd:e9:f2:67:24:b9:95:81:f3:f8:65:9d:
                    9b:8f:e4:ae:fb:11:99:66:61:59:03:df:27:a5:f5:
                    2b:f5:88:03:bf:3b:05:1f:28:d1:a7:85:cc:3e:6e:
                    3c:8d:d1:20:1d:6c:a0:89:44:5b:2d:2e:fe:9a:6c:
                    57:01:36:a4:5c:e0:a9:c0:ab:bc:3a:2c:03:db:39:
                    7a:57:05:3f:3c:3f:e3:2d:bb:3a:58:18:96:67:9c:
                    54:a8:07:36:f0:1d:81:1c:01:e7:20:a6:11:98:99:
                    ac:d9:06:6c:91:46:89:26:ae:db:0c:97:fd:c1:bb:
                    d5:85:f4:a4:3e:5f:f4:ac:13:57:5c:dd:e8:93:94:
                    85:2a:b5:bc:46:84:ee:b0:36:64:6a:08:c4:f9:69:
                    bd:d0:4c:0c:b1:56:ca:5d:a8:5d:58:73:70:30:59:
                    0a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1F:5C:02:15:7D:17:73:65:38:34:53:ED:38:EB:5C:43:F2:46:70
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/kB9cAhV9F3NlODRT7TjrXEPyRnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.217.0-45.134.218.255

    Signature Algorithm: sha256WithRSAEncryption
         1f:86:29:08:ec:28:ea:bd:8b:81:40:27:35:62:b4:7e:fd:2c:
         60:42:59:83:c5:22:60:17:3b:ca:d4:59:5a:06:85:be:ed:9a:
         3a:df:5c:19:d2:6b:fa:71:75:b5:db:44:e8:19:2f:e1:91:79:
         f3:7b:fd:08:7d:a6:db:3d:e5:3c:ea:80:93:88:ab:ef:1a:d4:
         f3:ec:20:a0:dc:2f:9d:d5:b1:68:ca:3c:5a:ed:19:ef:0f:ea:
         04:77:6e:29:1b:84:05:d2:86:95:fc:57:92:24:8d:30:24:0e:
         64:ce:b2:ff:4d:35:f3:e0:a1:77:45:49:d7:c0:fb:6f:5c:da:
         af:9f:58:21:5e:d1:2c:a8:4a:f4:58:8e:e9:c3:71:14:fe:58:
         e1:a5:12:b3:eb:41:97:5e:17:0b:73:be:2f:95:7e:1b:c9:5f:
         76:30:78:b1:df:3a:8b:08:51:4a:22:67:46:06:f1:c2:3b:4c:
         b1:a9:03:8e:7c:b8:cf:7f:4c:88:16:03:75:71:d7:8c:24:21:
         c7:85:b1:78:c0:5f:d6:23:c8:38:56:64:4b:1c:ea:d4:6d:04:
         d9:d3:98:5f:d4:60:ea:69:59:f6:c8:c3:43:2c:2e:0c:cc:45:
         fb:e3:93:25:a8:21:83:b2:3a:44:95:a3:23:86:ec:7a:2d:db:
         ca:ac:bd:d8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZhlUcIOBbVeGSEUDC4SSOt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjUwODAxMTEwODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFmNWMwMjE1N2QxNzczNjUzODM0NTNlZDM4ZWI1YzQzZjI0NjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEJK5GgjlLCXzPACRaYNX1fhjgbZ
dj4Tynt3ivWBha1zL9nIQQTvaoxFZFrLoSuLKGF86cBAh8CbVWRqJN0DijF7kuH2
T0/rurwVqklU/eitWMz8hQyHyUvmUSX96fJnJLmVgfP4ZZ2bj+Su+xGZZmFZA98n
pfUr9YgDvzsFHyjRp4XMPm48jdEgHWygiURbLS7+mmxXATakXOCpwKu8OiwD2zl6
VwU/PD/jLbs6WBiWZ5xUqAc28B2BHAHnIKYRmJms2QZskUaJJq7bDJf9wbvVhfSk
Pl/0rBNXXN3ok5SFKrW8RoTusDZkagjE+Wm90EwMsVbKXahdWHNwMFkK9QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJAfXAIVfRdzZTg0U+0461xD8kZwMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEva0I5Y0FoVjlGM05sT0RSVDdUanJYRVB5Um5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAthtkD
BAAthtowDQYJKoZIhvcNAQELBQADggEBAB+GKQjsKOq9i4FAJzVitH79LGBCWYPF
ImAXO8rUWVoGhb7tmjrfXBnSa/pxdbXbROgZL+GRefN7/Qh9pts95TzqgJOIq+8a
1PPsIKDcL53VsWjKPFrtGe8P6gR3bikbhAXShpX8V5IkjTAkDmTOsv9NNfPgoXdF
SdfA+29c2q+fWCFe0SyoSvRYjunDcRT+WOGlErPrQZdeFwtzvi+VfhvJX3YweLHf
OosIUUoiZ0YG8cI7TLGpA458uM9/TIgWA3Vx14wkIceFsXjAX9YjyDhWZEsc6tRt
BNnTmF/UYOppWfbIw0MsLgzMRfvjkyWoIYOyOkSVoyOG7Hot28qsvdg=
-----END CERTIFICATE-----