Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/S9G1CRBCgZRF6f7dXHF7caWljFE.roa
File:                     S9G1CRBCgZRF6f7dXHF7caWljFE.roa (raw, json)
Hash identifier:          BkIunbHW1Y012WULiM6Pi+R3aCkYNSJ5Szbt3z8hlRM=
Subject key identifier:   4B:D1:B5:09:10:42:81:94:45:E9:FE:DD:5C:71:7B:71:A5:A5:8C:51
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01999BA639F678448D94F48BD70C4B0DC3C5
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/S9G1CRBCgZRF6f7dXHF7caWljFE.roa
Signing time:             Tue 30 Sep 2025 17:23:06 +0000
ROA not before:           Tue 30 Sep 2025 17:23:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57494
IP address blocks:        45.153.68.0/24 maxlen: 24
                          45.153.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 16:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:a6:39:f6:78:44:8d:94:f4:8b:d7:0c:4b:0d:c3:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Sep 30 17:23:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bd1b5091042819445e9fedd5c717b71a5a58c51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d5:cc:3a:00:2f:e2:98:09:c2:b2:99:35:9a:
                    15:50:be:2f:64:fb:a5:ef:1c:ed:57:5b:65:07:13:
                    2a:a0:2b:b9:aa:4e:a9:81:89:64:de:9f:2b:41:7a:
                    5c:98:87:d5:c6:36:9d:5c:21:4f:7f:b5:07:e7:2c:
                    72:8a:c2:08:ae:97:b6:07:6a:a5:01:22:b6:6b:aa:
                    d7:9b:5d:95:a0:e3:0c:9b:aa:29:67:44:9f:79:7a:
                    e8:3c:2d:a1:bf:e1:1c:1b:9a:f9:88:8b:13:50:c0:
                    7d:e4:c1:52:3e:2d:96:0f:39:ec:8f:cc:c2:9c:01:
                    c1:9f:3f:2f:63:66:ac:06:58:a0:61:39:3b:a0:c7:
                    d7:c5:f9:b7:e4:ac:2c:df:e7:98:9b:99:ef:04:22:
                    ce:85:93:45:ee:9e:52:f2:24:0d:b9:88:87:a4:88:
                    89:e7:c1:f3:a4:c1:37:1a:67:46:22:7e:19:9d:99:
                    9d:1b:44:86:3b:4c:91:d4:05:d3:1a:46:c6:70:f4:
                    30:70:32:3c:a0:d9:c9:30:c2:f2:b0:3d:cf:17:73:
                    c0:c4:1c:2d:0a:6a:89:22:10:a9:d0:de:b4:99:64:
                    62:25:2b:d2:a7:5f:d8:42:13:3b:77:c0:ac:bc:f7:
                    64:f0:02:21:cb:16:10:d3:aa:be:12:37:ad:41:fa:
                    5d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D1:B5:09:10:42:81:94:45:E9:FE:DD:5C:71:7B:71:A5:A5:8C:51
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/S9G1CRBCgZRF6f7dXHF7caWljFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:c0:22:b6:3d:31:5a:d1:39:a1:7d:6a:9f:e0:4c:ce:d0:5d:
         6d:1f:50:e8:c9:cd:d8:02:db:94:5a:52:f8:16:73:db:5a:d6:
         56:72:7b:00:be:57:4b:15:85:21:31:bf:a4:75:5a:3a:99:86:
         c8:df:b7:26:82:b7:be:0d:71:a5:7e:d0:3d:a3:96:13:4c:4e:
         05:15:ca:3d:9a:21:e1:fc:06:78:b8:43:4d:86:84:6d:5e:ce:
         e0:6b:59:50:e3:c7:3f:bf:bb:9e:5a:98:f6:63:5f:77:e9:4a:
         9e:c8:c5:54:e7:9b:cb:77:42:d2:54:29:0e:32:11:ae:74:f9:
         64:e7:55:25:a2:af:2c:35:c0:67:b9:36:f3:58:9c:77:c8:33:
         87:a5:c5:fa:7e:3d:ae:29:11:1a:90:44:29:79:12:df:bd:f7:
         0f:60:6b:ea:dc:be:f7:f7:6c:75:ce:b0:25:db:ce:07:f4:93:
         9d:2d:ba:3e:e4:22:c8:62:a6:7c:3f:a6:92:c3:d2:ee:75:50:
         fc:6f:03:0a:bd:1e:0e:d8:81:4b:79:bb:42:64:9f:84:1c:36:
         a7:ac:bd:9a:88:59:93:84:4f:8e:f2:2e:ca:6c:29:7c:34:42:
         f8:06:b8:13:48:d2:83:42:10:3b:53:cf:2d:24:32:47:bc:6e:
         1e:06:fc:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmbpjn2eESNlPSL1wxLDcPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwOTMwMTcyMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQxYjUwOTEwNDI4MTk0NDVlOWZlZGQ1YzcxN2I3MWE1YTU4YzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtXMOgAv4pgJwrKZNZoVUL4vZPul
7xztV1tlBxMqoCu5qk6pgYlk3p8rQXpcmIfVxjadXCFPf7UH5yxyisIIrpe2B2ql
ASK2a6rXm12VoOMMm6opZ0SfeXroPC2hv+EcG5r5iIsTUMB95MFSPi2WDznsj8zC
nAHBnz8vY2asBligYTk7oMfXxfm35Kws3+eYm5nvBCLOhZNF7p5S8iQNuYiHpIiJ
58HzpME3GmdGIn4ZnZmdG0SGO0yR1AXTGkbGcPQwcDI8oNnJMMLysD3PF3PAxBwt
CmqJIhCp0N60mWRiJSvSp1/YQhM7d8CsvPdk8AIhyxYQ06q+EjetQfpdowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvRtQkQQoGURen+3Vxxe3GlpYxRMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvUzlHMUNSQkNnWlJGNmY3ZFhIRjdjYVdsakZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZlEMA0G
CSqGSIb3DQEBCwUAA4IBAQAKwCK2PTFa0TmhfWqf4EzO0F1tH1Doyc3YAtuUWlL4
FnPbWtZWcnsAvldLFYUhMb+kdVo6mYbI37cmgre+DXGlftA9o5YTTE4FFco9miHh
/AZ4uENNhoRtXs7ga1lQ48c/v7ueWpj2Y1936UqeyMVU55vLd0LSVCkOMhGudPlk
51Uloq8sNcBnuTbzWJx3yDOHpcX6fj2uKREakEQpeRLfvfcPYGvq3L7392x1zrAl
284H9JOdLbo+5CLIYqZ8P6aSw9LudVD8bwMKvR4O2IFLebtCZJ+EHDanrL2aiFmT
hE+O8i7KbCl8NEL4BrgTSNKDQhA7U88tJDJHvG4eBvzE
-----END CERTIFICATE-----