Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/h8XUEh40_t-BmsS0mlle3ZjwUGo.roa
File:                     h8XUEh40_t-BmsS0mlle3ZjwUGo.roa (raw, json)
Hash identifier:          9zuHqDKNlKivm0ZisfEfXNby3OtO/KdxuBrdKAA0nuo=
Subject key identifier:   87:C5:D4:12:1E:34:FE:DF:81:9A:C4:B4:9A:59:5E:DD:98:F0:50:6A
Certificate issuer:       /CN=788185d98444842b697e2bfdee3960a93f27aeed
Certificate serial:       0197A20FE6338C0ABD445F8971BC18E2E37D
Authority key identifier: 78:81:85:D9:84:44:84:2B:69:7E:2B:FD:EE:39:60:A9:3F:27:AE:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eIGF2YREhCtpfiv97jlgqT8nru0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/h8XUEh40_t-BmsS0mlle3ZjwUGo.roa
Signing time:             Tue 24 Jun 2025 13:10:40 +0000
ROA not before:           Tue 24 Jun 2025 13:10:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211154
IP address blocks:        45.148.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/eIGF2YREhCtpfiv97jlgqT8nru0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/eIGF2YREhCtpfiv97jlgqT8nru0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eIGF2YREhCtpfiv97jlgqT8nru0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a2:0f:e6:33:8c:0a:bd:44:5f:89:71:bc:18:e2:e3:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=788185d98444842b697e2bfdee3960a93f27aeed
        Validity
            Not Before: Jun 24 13:10:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87c5d4121e34fedf819ac4b49a595edd98f0506a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a1:cf:54:4c:f0:e4:4a:d7:7f:29:20:ff:79:
                    53:92:ed:64:92:c6:0e:9f:ad:91:ce:11:62:f7:88:
                    32:07:d8:60:fc:35:04:62:68:a6:cd:ed:d4:c4:73:
                    39:00:46:6b:25:bc:81:06:14:2b:1a:d4:f1:fb:51:
                    11:34:46:a5:93:3f:4b:c1:94:f5:d2:1d:89:09:c1:
                    1e:85:19:41:4a:cf:e1:d6:40:c4:a5:0a:ac:0e:14:
                    ec:1c:f1:b4:6f:97:8b:11:0f:c4:46:22:58:46:44:
                    e5:a1:db:28:3f:6b:af:c6:48:05:9d:7f:54:70:a2:
                    4b:e8:b1:1f:07:ea:49:51:10:58:26:da:23:c7:11:
                    f1:8c:41:92:e5:1b:8c:f9:6e:3c:97:a0:39:52:c9:
                    b1:13:8e:20:d6:88:fa:07:ad:40:02:89:63:96:02:
                    e0:00:4b:7e:06:16:ea:a0:60:dd:dc:9f:f2:35:c5:
                    1c:15:2e:e7:fe:0c:14:78:90:9f:0a:2a:88:c7:e8:
                    7a:6d:14:95:17:17:29:e1:ee:fc:a6:fd:bf:e0:d4:
                    0d:76:78:24:08:41:3c:bc:20:05:b1:ef:29:85:e3:
                    f7:60:e9:49:17:36:c8:0b:ca:ef:57:9a:b9:b8:39:
                    c2:c5:0d:59:d2:48:ec:7a:18:27:fa:64:fa:6f:d9:
                    77:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C5:D4:12:1E:34:FE:DF:81:9A:C4:B4:9A:59:5E:DD:98:F0:50:6A
            X509v3 Authority Key Identifier:
                keyid:78:81:85:D9:84:44:84:2B:69:7E:2B:FD:EE:39:60:A9:3F:27:AE:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eIGF2YREhCtpfiv97jlgqT8nru0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/h8XUEh40_t-BmsS0mlle3ZjwUGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/eIGF2YREhCtpfiv97jlgqT8nru0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e3:b2:04:8c:39:ea:c8:4e:27:bc:55:98:58:85:c3:cf:77:
         4a:a1:58:52:1a:75:70:d3:5e:9e:30:3e:d9:b6:85:3b:95:9b:
         9b:7d:7b:fb:d0:34:b0:7c:28:40:42:ae:6e:26:73:c6:79:14:
         8f:59:95:32:35:8f:21:77:d8:4c:9d:55:9d:90:df:3a:ba:19:
         55:fe:74:5d:bf:61:79:e4:de:6b:57:31:57:d1:7a:7e:98:21:
         fb:9f:c8:90:87:90:bc:79:0f:04:74:02:f9:33:9d:09:e9:54:
         d1:55:38:fd:c8:12:75:f7:ed:38:3a:ff:d9:3a:ad:e4:aa:61:
         3e:db:92:11:9e:46:a1:e2:93:7f:10:66:63:85:8c:06:d2:d2:
         b0:ea:85:3b:70:c1:fa:f6:45:8c:66:ce:c3:da:aa:6a:9d:c2:
         a1:c0:52:06:cb:80:c2:38:1e:12:b9:f3:12:26:86:e6:76:83:
         27:b5:31:ed:7a:42:65:c6:3e:c8:3a:db:ec:12:77:62:96:36:
         81:b8:a8:5c:c7:d2:a9:6d:72:b5:fd:d7:6b:4a:5b:02:e4:49:
         ff:61:56:97:b2:bb:39:9e:b0:7b:a1:33:54:9e:a7:4b:b2:6c:
         14:57:02:18:46:70:24:5f:ca:e2:4e:6d:f8:e0:c9:f6:e9:37:
         b3:b3:d0:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeiD+YzjAq9RF+JcbwY4uN9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ODE4NWQ5ODQ0NDg0MmI2OTdlMmJmZGVlMzk2MGE5M2Yy
N2FlZWQwHhcNMjUwNjI0MTMxMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2M1ZDQxMjFlMzRmZWRmODE5YWM0YjQ5YTU5NWVkZDk4ZjA1MDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqHPVEzw5ErXfykg/3lTku1kksYO
n62RzhFi94gyB9hg/DUEYmimze3UxHM5AEZrJbyBBhQrGtTx+1ERNEalkz9LwZT1
0h2JCcEehRlBSs/h1kDEpQqsDhTsHPG0b5eLEQ/ERiJYRkTlodsoP2uvxkgFnX9U
cKJL6LEfB+pJURBYJtojxxHxjEGS5RuM+W48l6A5UsmxE44g1oj6B61AAoljlgLg
AEt+BhbqoGDd3J/yNcUcFS7n/gwUeJCfCiqIx+h6bRSVFxcp4e78pv2/4NQNdngk
CEE8vCAFse8pheP3YOlJFzbIC8rvV5q5uDnCxQ1Z0kjsehgn+mT6b9l30QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfF1BIeNP7fgZrEtJpZXt2Y8FBqMB8GA1UdIwQY
MBaAFHiBhdmERIQraX4r/e45YKk/J67tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUlHRjJZUkVoQ3RwZml2OTdqbGdxVDhucnUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS85YjE1MjItOGNiMC00YzllLThiZTAt
MWE5YjQ1ZTE0NTU3LzEvaDhYVUVoNDBfdC1CbXNTMG1sbGUzWmp3VUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS85YjE1MjItOGNiMC00YzllLThiZTAtMWE5YjQ1ZTE0NTU3
LzEvZUlHRjJZUkVoQ3RwZml2OTdqbGdxVDhucnUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZR7MA0G
CSqGSIb3DQEBCwUAA4IBAQBW47IEjDnqyE4nvFWYWIXDz3dKoVhSGnVw016eMD7Z
toU7lZubfXv70DSwfChAQq5uJnPGeRSPWZUyNY8hd9hMnVWdkN86uhlV/nRdv2F5
5N5rVzFX0Xp+mCH7n8iQh5C8eQ8EdAL5M50J6VTRVTj9yBJ19+04Ov/ZOq3kqmE+
25IRnkah4pN/EGZjhYwG0tKw6oU7cMH69kWMZs7D2qpqncKhwFIGy4DCOB4SufMS
JobmdoMntTHtekJlxj7IOtvsEndiljaBuKhcx9KpbXK1/ddrSlsC5En/YVaXsrs5
nrB7oTNUnqdLsmwUVwIYRnAkX8riTm344Mn26Tezs9A3
-----END CERTIFICATE-----