Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/D0IiHp-JRFUBLBIMco4yz6rCtC8.roa
File:                     D0IiHp-JRFUBLBIMco4yz6rCtC8.roa (raw, json)
Hash identifier:          RH04SIPsMKZVw07b+Tt+/enaXnFcPsETZoWJ4h4XK54=
Subject key identifier:   0F:42:22:1E:9F:89:44:55:01:2C:12:0C:72:8E:32:CF:AA:C2:B4:2F
Certificate issuer:       /CN=47ddbcce2628bf09fae6bf044218c657e8bd3c6e
Certificate serial:       01999EA726F84688BCA130C09E3D6E13663D
Authority key identifier: 47:DD:BC:CE:26:28:BF:09:FA:E6:BF:04:42:18:C6:57:E8:BD:3C:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/D0IiHp-JRFUBLBIMco4yz6rCtC8.roa
Signing time:             Wed 01 Oct 2025 07:22:58 +0000
ROA not before:           Wed 01 Oct 2025 07:22:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45681
IP address blocks:        45.143.0.0/22 maxlen: 24
                          176.118.178.0/24 maxlen: 24
                          2a14:2d40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:a7:26:f8:46:88:bc:a1:30:c0:9e:3d:6e:13:66:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47ddbcce2628bf09fae6bf044218c657e8bd3c6e
        Validity
            Not Before: Oct  1 07:22:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f42221e9f894455012c120c728e32cfaac2b42f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:cb:8a:a0:a5:e9:3e:1c:76:6a:61:10:31:fe:
                    f8:81:d5:a8:90:68:ff:07:b6:33:14:3c:b0:32:12:
                    08:eb:1c:03:a0:0f:1d:2c:09:28:97:28:74:d7:34:
                    72:16:ac:80:55:4f:b3:75:d5:df:45:42:15:b1:51:
                    1c:76:77:e8:5b:8c:a0:b1:a3:13:4b:2b:9d:c5:36:
                    a2:ad:63:c0:b9:ff:9c:13:44:f2:1e:a5:b0:01:36:
                    60:26:b7:99:79:94:a7:b4:99:e1:9c:fb:68:94:20:
                    d5:01:cd:b1:26:84:cf:ec:23:19:f7:55:19:1b:5b:
                    d6:37:98:45:33:f4:00:48:27:5a:61:de:77:16:09:
                    7d:d5:c0:09:96:5c:b3:49:d7:8e:54:30:da:47:f1:
                    e6:da:68:13:4f:17:db:98:d4:79:53:a8:9d:2c:5b:
                    25:1e:14:c4:e9:bb:d6:7c:2c:e7:94:2c:c5:6a:c6:
                    5a:88:25:3e:18:59:b7:f0:1a:0a:1c:e1:4e:aa:6a:
                    bd:5e:df:a5:59:52:8b:04:f0:fa:ca:de:da:9d:67:
                    bc:ae:db:9c:69:4d:30:db:0d:97:6e:a6:81:21:86:
                    1a:8e:bc:38:65:cd:f3:2e:72:8c:5d:72:19:fb:32:
                    68:57:2b:dd:0a:c0:0c:a9:c9:e4:7f:55:c0:a8:5b:
                    a5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:42:22:1E:9F:89:44:55:01:2C:12:0C:72:8E:32:CF:AA:C2:B4:2F
            X509v3 Authority Key Identifier:
                keyid:47:DD:BC:CE:26:28:BF:09:FA:E6:BF:04:42:18:C6:57:E8:BD:3C:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R928ziYovwn65r8EQhjGV-i9PG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/D0IiHp-JRFUBLBIMco4yz6rCtC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/a3b355-9afa-434e-8098-50d709bffeb5/1/R928ziYovwn65r8EQhjGV-i9PG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.0.0/22
                  176.118.178.0/24
                IPv6:
                  2a14:2d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:92:52:ca:9a:37:3d:2a:90:2d:8b:8b:db:71:ce:32:87:cc:
         86:b9:8a:cf:96:ca:2d:b3:c1:36:77:95:60:56:7e:54:05:c3:
         cb:fc:8e:44:59:6d:5b:60:0e:2d:2a:d4:87:1a:13:b8:0b:d8:
         93:72:0d:d9:f6:94:d2:6d:af:ad:fc:c3:93:fd:45:32:a8:56:
         bc:a3:7c:e0:e5:f9:fe:a5:c1:d6:3d:67:a7:89:73:7e:c4:d4:
         e6:59:cc:c6:de:62:df:45:19:cc:db:eb:aa:17:6e:83:68:9c:
         ea:f8:54:7c:b2:3d:93:23:a0:ab:0c:d0:47:e5:fe:06:0b:eb:
         7e:f0:a2:01:e4:8e:a0:ca:e0:be:fd:7c:28:63:9c:df:2c:bf:
         3c:f9:9d:0f:1e:de:1e:ea:7b:3d:c2:47:08:ce:9a:30:18:86:
         dd:98:83:39:05:1a:06:7c:99:5a:6c:9f:5a:d0:97:03:58:a4:
         23:89:ff:66:d4:26:8d:e0:2b:70:12:52:ac:d9:4f:9e:54:7a:
         79:24:c4:4a:48:87:ee:ff:f5:7c:12:85:48:33:81:12:05:21:
         b6:a2:87:9d:19:5e:20:53:42:bc:49:75:fc:70:4c:22:36:d1:
         d8:36:dd:34:01:80:bc:0c:6b:6a:fc:a9:ab:93:fe:7c:2e:2f:
         86:aa:42:f7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZmepyb4Roi8oTDAnj1uE2Y9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZGRiY2NlMjYyOGJmMDlmYWU2YmYwNDQyMThjNjU3ZThi
ZDNjNmUwHhcNMjUxMDAxMDcyMjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjQyMjIxZTlmODk0NDU1MDEyYzEyMGM3MjhlMzJjZmFhYzJiNDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3suKoKXpPhx2amEQMf74gdWokGj/
B7YzFDywMhII6xwDoA8dLAkolyh01zRyFqyAVU+zddXfRUIVsVEcdnfoW4ygsaMT
SyudxTairWPAuf+cE0TyHqWwATZgJreZeZSntJnhnPtolCDVAc2xJoTP7CMZ91UZ
G1vWN5hFM/QASCdaYd53Fgl91cAJllyzSdeOVDDaR/Hm2mgTTxfbmNR5U6idLFsl
HhTE6bvWfCznlCzFasZaiCU+GFm38BoKHOFOqmq9Xt+lWVKLBPD6yt7anWe8rtuc
aU0w2w2XbqaBIYYajrw4Zc3zLnKMXXIZ+zJoVyvdCsAMqcnkf1XAqFulkQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA9CIh6fiURVASwSDHKOMs+qwrQvMB8GA1UdIwQY
MBaAFEfdvM4mKL8J+ua/BEIYxlfovTxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjkyOHppWW92d242NXI4RVFoakdWLWk5UEc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hM2IzNTUtOWFmYS00MzRlLTgwOTgt
NTBkNzA5YmZmZWI1LzEvRDBJaUhwLUpSRlVCTEJJTWNvNHl6NnJDdEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9hM2IzNTUtOWFmYS00MzRlLTgwOTgtNTBkNzA5YmZmZWI1
LzEvUjkyOHppWW92d242NXI4RVFoakdWLWk5UEc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLY8AAwQA
sHayMA0EAgACMAcDBQMqFC1AMA0GCSqGSIb3DQEBCwUAA4IBAQCiklLKmjc9KpAt
i4vbcc4yh8yGuYrPlsots8E2d5VgVn5UBcPL/I5EWW1bYA4tKtSHGhO4C9iTcg3Z
9pTSba+t/MOT/UUyqFa8o3zg5fn+pcHWPWeniXN+xNTmWczG3mLfRRnM2+uqF26D
aJzq+FR8sj2TI6CrDNBH5f4GC+t+8KIB5I6gyuC+/XwoY5zfLL88+Z0PHt4e6ns9
wkcIzpowGIbdmIM5BRoGfJlabJ9a0JcDWKQjif9m1CaN4CtwElKs2U+eVHp5JMRK
SIfu//V8EoVIM4ESBSG2ooedGV4gU0K8SXX8cEwiNtHYNt00AYC8DGtq/Kmrk/58
Li+GqkL3
-----END CERTIFICATE-----