Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/R8QraD-m7wXpWIuIV3haEHveook.roa
File:                     R8QraD-m7wXpWIuIV3haEHveook.roa (raw, json)
Hash identifier:          zFQ1Z3tf6Jdw4FicGSs9DpORVv0nHjS3PMNcpQi+avg=
Subject key identifier:   47:C4:2B:68:3F:A6:EF:05:E9:58:8B:88:57:78:5A:10:7B:DE:A2:89
Certificate issuer:       /CN=f6090b4db06a4d65935141bac98098127a8b8f5a
Certificate serial:       0198E22E17BDFCB26E5530CE3EE99A9E609C
Authority key identifier: F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/R8QraD-m7wXpWIuIV3haEHveook.roa
Signing time:             Mon 25 Aug 2025 17:02:08 +0000
ROA not before:           Mon 25 Aug 2025 17:02:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207471
IP address blocks:        45.87.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e2:2e:17:bd:fc:b2:6e:55:30:ce:3e:e9:9a:9e:60:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6090b4db06a4d65935141bac98098127a8b8f5a
        Validity
            Not Before: Aug 25 17:02:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47c42b683fa6ef05e9588b8857785a107bdea289
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:43:49:51:0b:14:6b:a7:ce:0b:36:cd:91:00:
                    c9:4e:23:d2:e8:be:e9:fa:da:ba:35:51:dc:dd:c2:
                    e8:a7:00:6e:17:21:5c:58:83:66:3a:1b:9c:c2:a2:
                    39:ff:3a:90:69:3b:ec:08:90:64:92:8d:4b:d4:de:
                    fe:46:bb:85:76:8d:c7:85:fc:74:9b:67:f8:b0:bb:
                    2f:74:ce:8b:9f:2d:4b:66:37:bc:e0:84:cf:0a:27:
                    6b:be:d6:38:2d:f6:6d:c0:c4:8a:a1:4a:d5:4c:e8:
                    4b:77:dc:f0:f9:fa:d9:6d:30:00:a2:e4:b2:27:f9:
                    5d:f0:d8:3e:ed:f5:be:9b:55:f7:61:e8:b0:a3:f5:
                    bc:98:73:ef:f7:e9:ec:d7:e7:1a:6e:41:1d:3d:f9:
                    fc:c4:f9:f0:3d:a7:a0:39:e0:00:74:0f:f6:09:2e:
                    72:2e:36:59:7d:ca:d3:6d:2b:1c:4a:cb:8a:8f:88:
                    dc:3a:f8:51:69:46:66:c3:be:15:c5:9d:7f:64:f5:
                    59:d0:99:57:e4:d4:a8:e3:6e:75:a1:30:55:44:fb:
                    3f:f1:c7:8e:87:ca:c5:1b:c5:4b:a1:8d:12:b7:f5:
                    68:29:f3:2e:61:70:4c:e7:b7:f6:96:05:8a:25:4e:
                    e4:46:ed:f3:29:0a:d2:7e:67:99:2f:fa:8f:b9:c6:
                    95:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C4:2B:68:3F:A6:EF:05:E9:58:8B:88:57:78:5A:10:7B:DE:A2:89
            X509v3 Authority Key Identifier:
                keyid:F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/R8QraD-m7wXpWIuIV3haEHveook.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:f4:2b:51:b0:58:f3:32:b8:be:02:01:cd:c5:af:a1:1e:0d:
         f1:2d:3d:da:42:9c:0d:54:39:4f:8a:0e:cb:9d:10:77:17:20:
         3e:0a:9b:8d:70:6d:1a:e8:2b:c6:f0:f0:98:e5:67:14:69:28:
         af:31:29:4d:d8:e9:15:91:3f:ee:f1:08:0d:15:b3:33:0d:f0:
         a2:1a:3e:d8:39:5b:8d:78:2d:e0:d3:a2:74:f9:9e:21:87:7d:
         da:d1:ae:59:dc:db:dd:2f:bb:a7:9d:ed:26:fe:1d:21:52:c2:
         42:7b:7c:93:12:78:99:96:5f:ef:97:5e:ab:88:54:87:9e:c3:
         fd:cc:df:3b:8e:c0:e7:4b:24:5e:26:cd:bd:21:41:d5:8b:dc:
         96:a2:6b:73:6e:33:f8:31:f7:1d:9a:c0:06:04:bc:94:5d:76:
         77:1f:d2:8e:0b:80:df:f8:60:e3:a1:5c:4e:b9:1d:f5:05:2f:
         e5:2f:87:3d:c4:fe:96:62:30:4b:70:28:ee:cf:47:54:e1:38:
         49:57:db:a6:b5:0e:23:b3:46:ca:76:07:e6:ad:30:09:84:59:
         c7:8a:03:ed:21:d3:1b:70:89:e5:e4:fd:76:7b:d5:bb:7f:41:
         2e:83:fe:9f:d6:fc:77:31:9b:54:39:19:ef:3f:cf:40:90:59:
         99:63:df:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjiLhe9/LJuVTDOPumanmCcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDkwYjRkYjA2YTRkNjU5MzUxNDFiYWM5ODA5ODEyN2E4
YjhmNWEwHhcNMjUwODI1MTcwMjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2M0MmI2ODNmYTZlZjA1ZTk1ODhiODg1Nzc4NWExMDdiZGVhMjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvENJUQsUa6fOCzbNkQDJTiPS6L7p
+tq6NVHc3cLopwBuFyFcWINmOhucwqI5/zqQaTvsCJBkko1L1N7+RruFdo3Hhfx0
m2f4sLsvdM6Lny1LZje84ITPCidrvtY4LfZtwMSKoUrVTOhLd9zw+frZbTAAouSy
J/ld8Ng+7fW+m1X3Yeiwo/W8mHPv9+ns1+cabkEdPfn8xPnwPaegOeAAdA/2CS5y
LjZZfcrTbSscSsuKj4jcOvhRaUZmw74VxZ1/ZPVZ0JlX5NSo4251oTBVRPs/8ceO
h8rFG8VLoY0St/VoKfMuYXBM57f2lgWKJU7kRu3zKQrSfmeZL/qPucaV+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfEK2g/pu8F6ViLiFd4WhB73qKJMB8GA1UdIwQY
MBaAFPYJC02wak1lk1FBusmAmBJ6i49aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAt
NGUxZGMxNTA1MjYwLzEvUjhRcmFELW03d1hwV0l1SVYzaGFFSHZlb29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAtNGUxZGMxNTA1MjYw
LzEvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVffMA0G
CSqGSIb3DQEBCwUAA4IBAQAX9CtRsFjzMri+AgHNxa+hHg3xLT3aQpwNVDlPig7L
nRB3FyA+CpuNcG0a6CvG8PCY5WcUaSivMSlN2OkVkT/u8QgNFbMzDfCiGj7YOVuN
eC3g06J0+Z4hh33a0a5Z3NvdL7unne0m/h0hUsJCe3yTEniZll/vl16riFSHnsP9
zN87jsDnSyReJs29IUHVi9yWomtzbjP4MfcdmsAGBLyUXXZ3H9KOC4Df+GDjoVxO
uR31BS/lL4c9xP6WYjBLcCjuz0dU4ThJV9umtQ4js0bKdgfmrTAJhFnHigPtIdMb
cInl5P12e9W7f0Eug/6f1vx3MZtUORnvP89AkFmZY98s
-----END CERTIFICATE-----