Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/81pkNOTzNwT3tYccVz9WH_xBvEM.roa
File:                     81pkNOTzNwT3tYccVz9WH_xBvEM.roa (raw, json)
Hash identifier:          i9/4g/HQckvFmPe3z7i7AGU3zvyTDUBKjWj3cd7//r4=
Subject key identifier:   F3:5A:64:34:E4:F3:37:04:F7:B5:87:1C:57:3F:56:1F:FC:41:BC:43
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       0199DD70C115F9C2426D9665F8214B137291
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/81pkNOTzNwT3tYccVz9WH_xBvEM.roa
Signing time:             Mon 13 Oct 2025 11:59:38 +0000
ROA not before:           Mon 13 Oct 2025 11:59:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     18385
IP address blocks:        45.11.79.0/24 maxlen: 24
                          45.85.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:70:c1:15:f9:c2:42:6d:96:65:f8:21:4b:13:72:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Oct 13 11:59:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f35a6434e4f33704f7b5871c573f561ffc41bc43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:99:65:74:a3:14:d3:11:5d:ac:1f:cf:2d:40:
                    10:f5:97:2a:1a:55:6e:a9:aa:c4:bb:fd:d9:c5:ed:
                    0b:39:9d:c2:87:38:73:73:8a:b0:21:c3:9a:0f:7a:
                    b8:56:85:92:5c:af:7a:cd:a5:12:32:c8:ff:df:54:
                    82:45:cb:eb:e8:57:2d:d2:97:63:28:7b:31:33:40:
                    eb:15:02:fd:79:77:a7:1d:df:c4:c9:ca:87:26:ed:
                    a5:ca:f5:45:f1:f8:95:fa:fe:93:87:04:27:a2:a4:
                    e2:3f:54:04:f2:f4:6a:29:0e:49:77:da:86:8f:34:
                    d2:fe:39:cf:a8:f5:4c:aa:f5:6a:42:6e:77:01:1b:
                    7e:e4:fe:dc:40:e0:68:1f:49:21:69:3a:17:47:6b:
                    8f:83:cc:98:12:84:8f:88:dc:6b:47:fb:d2:0d:b2:
                    b3:7e:56:32:09:16:a2:0d:9c:5a:5a:69:ca:8e:7c:
                    83:bb:3c:34:c0:e9:22:6f:61:e5:87:77:3d:ac:4d:
                    24:b2:98:41:dd:67:6a:ec:7e:b5:12:c9:be:85:77:
                    91:4d:ed:d4:f7:db:f6:7c:c9:2e:b8:7f:a0:a3:b6:
                    30:49:90:5b:e8:b0:4d:3a:e9:73:25:74:77:3c:3e:
                    b9:0a:3b:c6:56:41:89:4e:37:09:96:35:9a:8e:d2:
                    99:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:5A:64:34:E4:F3:37:04:F7:B5:87:1C:57:3F:56:1F:FC:41:BC:43
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/81pkNOTzNwT3tYccVz9WH_xBvEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.79.0/24
                  45.85.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:40:8e:0d:bf:6a:f9:d7:70:80:49:65:71:94:6d:ef:b5:cf:
         9d:df:a6:d0:98:b8:a9:49:ad:4f:60:be:5a:be:e8:eb:19:ae:
         21:e4:a7:1a:c4:f3:b5:df:93:a5:f2:52:7f:9e:e2:b5:cf:1d:
         13:02:a3:98:b0:2d:47:c9:69:8a:c9:b8:e4:1d:d7:ba:2e:ee:
         f2:8d:f9:c9:c1:fb:8c:4d:84:3d:75:0c:78:a9:e8:11:0f:1e:
         4e:d5:c4:b5:2b:95:cc:f6:a2:9a:0e:f3:b8:c8:b5:87:a5:94:
         32:64:f8:ca:3c:c4:a9:f8:fd:bf:ad:02:15:d2:0c:67:cf:ff:
         0a:10:b4:23:c0:2a:cf:c3:7f:90:37:36:b1:4a:c6:c4:9c:92:
         7e:d3:75:85:c3:86:b1:dc:46:3c:c8:d9:f6:c9:00:2a:b2:ab:
         7b:c9:74:a8:31:31:ca:eb:84:75:6a:2c:fc:7a:38:6d:25:0c:
         a3:40:a3:4f:b7:12:10:18:a7:e3:91:12:92:8d:d3:c3:54:df:
         a1:ed:f3:6e:c4:d5:d3:44:70:4c:05:f4:69:92:d2:a6:53:c1:
         a0:d9:06:7e:14:d0:58:40:f6:c0:18:a8:83:d5:47:1c:a2:52:
         c2:97:0b:c9:16:d6:c4:59:34:50:60:5b:68:b4:94:58:80:8c:
         d9:5c:8f:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZndcMEV+cJCbZZl+CFLE3KRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjUxMDEzMTE1OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzVhNjQzNGU0ZjMzNzA0ZjdiNTg3MWM1NzNmNTYxZmZjNDFiYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZlldKMU0xFdrB/PLUAQ9ZcqGlVu
qarEu/3Zxe0LOZ3Chzhzc4qwIcOaD3q4VoWSXK96zaUSMsj/31SCRcvr6Fct0pdj
KHsxM0DrFQL9eXenHd/EycqHJu2lyvVF8fiV+v6ThwQnoqTiP1QE8vRqKQ5Jd9qG
jzTS/jnPqPVMqvVqQm53ARt+5P7cQOBoH0khaToXR2uPg8yYEoSPiNxrR/vSDbKz
flYyCRaiDZxaWmnKjnyDuzw0wOkib2Hlh3c9rE0ksphB3Wdq7H61Esm+hXeRTe3U
99v2fMkuuH+go7YwSZBb6LBNOulzJXR3PD65CjvGVkGJTjcJljWajtKZbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPNaZDTk8zcE97WHHFc/Vh/8QbxDMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvODFwa05PVHpOd1QzdFljY1Z6OVdIX3hCdkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQtPAwQA
LVVNMA0GCSqGSIb3DQEBCwUAA4IBAQCGQI4Nv2r513CASWVxlG3vtc+d36bQmLip
Sa1PYL5avujrGa4h5KcaxPO135Ol8lJ/nuK1zx0TAqOYsC1HyWmKybjkHde6Lu7y
jfnJwfuMTYQ9dQx4qegRDx5O1cS1K5XM9qKaDvO4yLWHpZQyZPjKPMSp+P2/rQIV
0gxnz/8KELQjwCrPw3+QNzaxSsbEnJJ+03WFw4ax3EY8yNn2yQAqsqt7yXSoMTHK
64R1aiz8ejhtJQyjQKNPtxIQGKfjkRKSjdPDVN+h7fNuxNXTRHBMBfRpktKmU8Gg
2QZ+FNBYQPbAGKiD1UccolLClwvJFtbEWTRQYFtotJRYgIzZXI9/
-----END CERTIFICATE-----