Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/zhtRFI1IbB8hGc_SM2h4CISUl7A.roa
File:                     zhtRFI1IbB8hGc_SM2h4CISUl7A.roa (raw, json)
Hash identifier:          bLD1C+K9v2CYIV0aCijm7HOS8Af4YKVs8VztsZsW80w=
Subject key identifier:   CE:1B:51:14:8D:48:6C:1F:21:19:CF:D2:33:68:78:08:84:94:97:B0
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       0199B46103998147DF11EB8A8BB2FEC4E007
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/zhtRFI1IbB8hGc_SM2h4CISUl7A.roa
Signing time:             Sun 05 Oct 2025 12:38:00 +0000
ROA not before:           Sun 05 Oct 2025 12:38:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        45.141.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b4:61:03:99:81:47:df:11:eb:8a:8b:b2:fe:c4:e0:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Oct  5 12:38:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce1b51148d486c1f2119cfd233687808849497b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e2:5a:7a:ec:37:ef:ae:4e:5e:15:ab:a1:0b:
                    17:39:3d:cb:af:ec:a5:64:8a:e2:3c:1c:f9:e3:06:
                    f7:18:54:eb:57:4a:d1:78:3c:2c:01:c0:47:40:95:
                    70:f6:a5:ec:49:8b:9d:c3:0f:c1:7e:28:21:4e:58:
                    e3:a5:94:14:d7:4d:35:de:54:0d:f9:b0:75:a2:47:
                    ed:be:fa:e2:5c:d5:00:7a:35:cc:b8:d7:49:aa:f8:
                    ea:92:29:fa:e4:38:89:c5:70:5e:c1:6c:18:04:61:
                    0d:ed:0b:b3:90:9d:91:5b:a1:4b:23:a0:f2:d8:e9:
                    90:bb:1b:d8:1c:78:8e:1e:ec:9c:c3:99:c9:77:c8:
                    0f:d2:92:f3:f0:7e:fa:5e:7a:31:31:b8:d7:8f:36:
                    e6:7f:75:4e:d0:e3:4c:1c:54:95:17:54:3d:53:48:
                    5d:54:57:21:55:7b:5a:1d:f8:ab:43:c6:77:0c:34:
                    84:83:84:42:48:ef:14:61:04:97:dd:7c:bb:67:80:
                    7c:4d:4b:8b:bb:01:1a:f4:a9:3f:38:78:45:16:5e:
                    d1:3e:12:82:7d:11:c7:db:30:b8:1b:78:94:02:5a:
                    0b:d7:82:4d:28:af:4f:5a:04:cc:39:43:02:5b:aa:
                    55:ef:8c:0c:db:62:a0:e9:75:60:6f:05:e5:c3:a7:
                    b8:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:1B:51:14:8D:48:6C:1F:21:19:CF:D2:33:68:78:08:84:94:97:B0
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/zhtRFI1IbB8hGc_SM2h4CISUl7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:84:38:fe:f7:26:6c:16:e7:03:d2:f0:e0:2a:e5:2c:52:c6:
         4c:fb:bc:09:4c:3b:4f:7c:30:af:e2:f9:19:4f:ae:7b:30:c5:
         df:64:ea:0c:54:60:2d:9c:3b:5b:56:f3:40:49:1b:73:aa:fd:
         ad:eb:d3:3d:6f:1c:03:bc:a5:e5:f8:4a:a7:1b:45:b0:23:de:
         67:69:26:2a:25:81:c3:09:57:04:e2:48:f3:0c:a3:ef:f8:84:
         82:d6:5f:ef:3c:a0:cb:06:37:d5:d6:d4:48:6b:e7:c7:77:45:
         06:e7:b0:59:1e:08:89:ac:8a:a9:c5:4d:b3:dd:5a:8f:c7:30:
         c6:bb:f5:05:24:94:92:81:2f:27:84:91:ff:ec:dd:6b:53:dc:
         b7:5c:76:62:64:05:9e:d6:02:a6:37:6c:b0:9e:69:ac:ad:d2:
         da:6a:d0:c8:fd:38:ff:89:73:4b:f5:b6:71:c0:67:91:90:2f:
         b0:54:04:00:29:9f:49:ec:35:f2:b4:80:d2:ec:dd:e6:48:68:
         53:e4:1e:23:d0:ad:df:b8:0a:c7:38:38:38:b7:b4:e3:42:6d:
         b5:ae:03:b6:86:53:f7:ed:8e:07:dc:ae:52:fb:9c:0b:26:b9:
         83:b4:37:b8:5f:ad:f8:d8:8e:03:8f:64:4a:f8:64:24:0c:8e:
         62:78:d0:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm0YQOZgUffEeuKi7L+xOAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUxMDA1MTIzODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTFiNTExNDhkNDg2YzFmMjExOWNmZDIzMzY4NzgwODg0OTQ5N2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOJaeuw3765OXhWroQsXOT3Lr+yl
ZIriPBz54wb3GFTrV0rReDwsAcBHQJVw9qXsSYudww/BfighTljjpZQU10013lQN
+bB1okftvvriXNUAejXMuNdJqvjqkin65DiJxXBewWwYBGEN7QuzkJ2RW6FLI6Dy
2OmQuxvYHHiOHuycw5nJd8gP0pLz8H76XnoxMbjXjzbmf3VO0ONMHFSVF1Q9U0hd
VFchVXtaHfirQ8Z3DDSEg4RCSO8UYQSX3Xy7Z4B8TUuLuwEa9Kk/OHhFFl7RPhKC
fRHH2zC4G3iUAloL14JNKK9PWgTMOUMCW6pV74wM22Kg6XVgbwXlw6e4NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4bURSNSGwfIRnP0jNoeAiElJewMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvemh0UkZJMUliQjhoR2NfU00yaDRDSVNVbDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY02MA0G
CSqGSIb3DQEBCwUAA4IBAQCRhDj+9yZsFucD0vDgKuUsUsZM+7wJTDtPfDCv4vkZ
T657MMXfZOoMVGAtnDtbVvNASRtzqv2t69M9bxwDvKXl+EqnG0WwI95naSYqJYHD
CVcE4kjzDKPv+ISC1l/vPKDLBjfV1tRIa+fHd0UG57BZHgiJrIqpxU2z3VqPxzDG
u/UFJJSSgS8nhJH/7N1rU9y3XHZiZAWe1gKmN2ywnmmsrdLaatDI/Tj/iXNL9bZx
wGeRkC+wVAQAKZ9J7DXytIDS7N3mSGhT5B4j0K3fuArHODg4t7TjQm21rgO2hlP3
7Y4H3K5S+5wLJrmDtDe4X6342I4Dj2RK+GQkDI5ieNAC
-----END CERTIFICATE-----