Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/zPr7HrZQ0fX72obaVzae4hA6SNc.roa
File:                     zPr7HrZQ0fX72obaVzae4hA6SNc.roa (raw, json)
Hash identifier:          vjUhNFOtlaK42JGVIDi0wjlCpnam1o78sbpNvjcx8Eg=
Subject key identifier:   CC:FA:FB:1E:B6:50:D1:F5:FB:DA:86:DA:57:36:9E:E2:10:3A:48:D7
Certificate issuer:       /CN=54404da602dab0625be7223d09320b1cd7aafced
Certificate serial:       01992ACADD725C86ABF5BA5B162514BB1616
Authority key identifier: 54:40:4D:A6:02:DA:B0:62:5B:E7:22:3D:09:32:0B:1C:D7:AA:FC:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/zPr7HrZQ0fX72obaVzae4hA6SNc.roa
Signing time:             Mon 08 Sep 2025 19:26:01 +0000
ROA not before:           Mon 08 Sep 2025 19:26:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45040
IP address blocks:        45.152.76.0/24 maxlen: 24
                          45.152.77.0/24 maxlen: 24
                          45.152.78.0/24 maxlen: 24
                          45.152.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2a:ca:dd:72:5c:86:ab:f5:ba:5b:16:25:14:bb:16:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54404da602dab0625be7223d09320b1cd7aafced
        Validity
            Not Before: Sep  8 19:26:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccfafb1eb650d1f5fbda86da57369ee2103a48d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:70:76:81:90:00:eb:9b:5d:2f:3e:dc:5c:56:
                    3c:be:ca:6d:58:d5:88:57:07:ca:9e:b7:7d:b9:7d:
                    d5:d3:ed:bc:13:0c:a5:5b:d4:02:e6:64:82:86:61:
                    dc:58:8d:38:4b:b8:d0:3d:51:56:86:9f:83:8b:41:
                    28:25:de:22:d3:db:76:13:df:b7:05:47:2a:17:e1:
                    53:8a:db:20:ce:a1:8e:93:d1:60:07:61:21:d2:77:
                    10:05:05:6a:20:8a:d4:a9:b1:fe:a1:67:47:e6:64:
                    f7:62:9b:b8:c7:67:0a:4d:a5:33:1a:4f:a3:08:c6:
                    5d:43:e3:63:df:29:57:d1:e0:d6:57:7d:84:50:fb:
                    27:2c:20:c1:6e:7e:c1:68:cd:a2:2b:36:45:e7:26:
                    9f:4b:9c:dd:10:7c:4f:15:40:13:6f:f4:fe:4c:52:
                    7a:1e:37:86:8a:16:c8:73:ae:da:5f:f9:2a:29:99:
                    4c:a1:24:e9:70:8c:f8:ff:ae:65:53:9c:7f:03:7f:
                    b3:eb:06:8f:87:cf:c5:43:8b:d7:bb:71:41:d6:84:
                    c1:ed:e8:e4:6e:52:56:30:7e:89:b7:68:c1:63:f4:
                    4d:c2:0b:81:ee:41:90:32:61:a0:a8:98:55:a8:07:
                    f0:74:14:17:98:9d:6a:43:4b:e4:80:e8:bf:82:ba:
                    88:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:FA:FB:1E:B6:50:D1:F5:FB:DA:86:DA:57:36:9E:E2:10:3A:48:D7
            X509v3 Authority Key Identifier:
                keyid:54:40:4D:A6:02:DA:B0:62:5B:E7:22:3D:09:32:0B:1C:D7:AA:FC:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VEBNpgLasGJb5yI9CTILHNeq_O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/zPr7HrZQ0fX72obaVzae4hA6SNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/7d2cb5-bddf-4201-baf8-1b24484e55ec/1/VEBNpgLasGJb5yI9CTILHNeq_O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:c5:a8:f4:bf:e2:68:dc:dc:c4:a8:8b:f9:0c:22:7a:b1:49:
         2a:fb:56:05:31:17:d0:6d:b0:f3:82:0b:0a:33:b9:7b:5c:c2:
         23:24:cc:e6:1b:2a:8e:f3:3b:83:51:c6:ea:91:f9:5b:86:d4:
         bd:bd:5d:c1:57:e5:99:cc:4c:2b:0c:5a:2c:9b:27:43:06:6a:
         5b:24:f3:07:cb:1f:46:9e:97:be:c3:67:15:93:59:4a:c9:f5:
         43:b2:a1:5d:9a:a4:6b:5b:1f:95:d6:cf:04:90:5e:33:6c:50:
         bb:4b:af:5a:22:d9:c5:09:c7:a9:6c:e7:28:7d:89:36:97:2a:
         25:86:dd:6c:a8:d3:09:3b:7f:61:de:79:43:22:34:7b:cf:e1:
         6c:2e:ce:2d:ed:79:0c:c7:aa:06:f3:78:2d:68:cc:fd:7c:83:
         fb:c3:30:00:16:f4:9e:7c:8d:79:b6:fe:58:58:24:79:a5:8e:
         89:4d:25:e5:72:71:84:c0:4a:50:cf:31:df:25:a7:28:83:40:
         e2:fb:7a:26:e1:a8:02:55:e1:d0:eb:ed:a1:63:e3:ef:93:70:
         ff:dc:60:6c:32:be:6e:4d:ae:e0:fa:d4:25:bb:b7:3b:73:1a:
         bd:f4:a6:fe:5b:4b:7b:64:20:1f:1e:a5:06:16:e1:1d:03:57:
         26:17:06:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkqyt1yXIar9bpbFiUUuxYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0NDA0ZGE2MDJkYWIwNjI1YmU3MjIzZDA5MzIwYjFjZDdh
YWZjZWQwHhcNMjUwOTA4MTkyNjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2ZhZmIxZWI2NTBkMWY1ZmJkYTg2ZGE1NzM2OWVlMjEwM2E0OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHB2gZAA65tdLz7cXFY8vsptWNWI
VwfKnrd9uX3V0+28EwylW9QC5mSChmHcWI04S7jQPVFWhp+Di0EoJd4i09t2E9+3
BUcqF+FTitsgzqGOk9FgB2Eh0ncQBQVqIIrUqbH+oWdH5mT3Ypu4x2cKTaUzGk+j
CMZdQ+Nj3ylX0eDWV32EUPsnLCDBbn7BaM2iKzZF5yafS5zdEHxPFUATb/T+TFJ6
HjeGihbIc67aX/kqKZlMoSTpcIz4/65lU5x/A3+z6waPh8/FQ4vXu3FB1oTB7ejk
blJWMH6Jt2jBY/RNwguB7kGQMmGgqJhVqAfwdBQXmJ1qQ0vkgOi/grqIXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMz6+x62UNH1+9qG2lc2nuIQOkjXMB8GA1UdIwQY
MBaAFFRATaYC2rBiW+ciPQkyCxzXqvztMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkVCTnBnTGFzR0piNXlJOUNUSUxITmVxX08wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny83ZDJjYjUtYmRkZi00MjAxLWJhZjgt
MWIyNDQ4NGU1NWVjLzEvelByN0hyWlEwZlg3Mm9iYVZ6YWU0aEE2U05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny83ZDJjYjUtYmRkZi00MjAxLWJhZjgtMWIyNDQ4NGU1NWVj
LzEvVkVCTnBnTGFzR0piNXlJOUNUSUxITmVxX08wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZhMMA0G
CSqGSIb3DQEBCwUAA4IBAQCUxaj0v+Jo3NzEqIv5DCJ6sUkq+1YFMRfQbbDzggsK
M7l7XMIjJMzmGyqO8zuDUcbqkflbhtS9vV3BV+WZzEwrDFosmydDBmpbJPMHyx9G
npe+w2cVk1lKyfVDsqFdmqRrWx+V1s8EkF4zbFC7S69aItnFCcepbOcofYk2lyol
ht1sqNMJO39h3nlDIjR7z+FsLs4t7XkMx6oG83gtaMz9fIP7wzAAFvSefI15tv5Y
WCR5pY6JTSXlcnGEwEpQzzHfJacog0Di+3om4agCVeHQ6+2hY+Pvk3D/3GBsMr5u
Ta7g+tQlu7c7cxq99Kb+W0t7ZCAfHqUGFuEdA1cmFwaf
-----END CERTIFICATE-----