Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8KTWIpEPTzJ36wbOzkRbRBadk5s.roa
File:                     8KTWIpEPTzJ36wbOzkRbRBadk5s.roa (raw, json)
Hash identifier:          SHOClTFAVG2sG54xFJWPAssR6/cL9p2INmuyVtEZKKA=
Subject key identifier:   F0:A4:D6:22:91:0F:4F:32:77:EB:06:CE:CE:44:5B:44:16:9D:93:9B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198C65A52EBAB9D6FE864F085A6009E39C9
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8KTWIpEPTzJ36wbOzkRbRBadk5s.roa
Signing time:             Wed 20 Aug 2025 07:21:04 +0000
ROA not before:           Wed 20 Aug 2025 07:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34450
IP address blocks:        45.151.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c6:5a:52:eb:ab:9d:6f:e8:64:f0:85:a6:00:9e:39:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 20 07:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0a4d622910f4f3277eb06cece445b44169d939b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d5:51:9b:7b:f5:e9:e5:ba:59:3c:8d:3d:9c:
                    67:3a:df:41:28:7f:f3:b8:54:93:e9:fe:12:5b:3c:
                    03:7c:61:26:34:f4:91:0b:5d:c5:cb:4e:e8:f6:0a:
                    be:82:a2:e9:36:22:ab:ef:32:06:98:7a:1b:44:b8:
                    d7:d7:6c:f0:26:50:a7:0b:4c:6e:44:33:fd:bd:5a:
                    37:8e:47:1c:4d:0f:b6:7c:aa:2c:3b:f8:7d:92:c3:
                    89:96:55:ee:f8:3c:d8:92:bf:d5:09:93:ec:9c:6c:
                    2b:83:01:75:b4:b3:e8:e9:3a:56:41:04:d7:42:a9:
                    c6:63:e2:27:b1:16:d3:d6:9c:f5:5e:42:fd:8a:db:
                    fb:1e:00:c2:74:6f:26:49:39:9a:4f:a9:ee:6d:db:
                    92:84:0c:25:63:61:63:12:52:39:28:a3:8a:92:26:
                    b0:62:a0:e4:c2:d3:3c:13:e5:39:91:31:31:85:ed:
                    ef:d7:b3:c1:c0:a7:dc:19:7f:6e:23:2a:0a:55:7a:
                    3e:db:d3:ad:74:af:30:08:02:7d:fa:bf:98:13:fa:
                    5a:f2:06:a5:d9:cc:0a:5d:55:d6:96:1d:65:e9:d4:
                    b2:32:14:9c:68:85:c3:aa:53:62:db:00:e7:e5:c2:
                    e3:8d:69:bd:52:26:7a:b9:a2:31:cf:2b:9e:b2:84:
                    9e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:A4:D6:22:91:0F:4F:32:77:EB:06:CE:CE:44:5B:44:16:9D:93:9B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8KTWIpEPTzJ36wbOzkRbRBadk5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:6f:4d:fd:33:2c:bf:9a:0c:44:45:89:73:21:d3:29:68:09:
         d8:07:f5:ba:5e:70:11:81:14:ca:32:05:73:9e:77:a8:09:80:
         de:30:de:98:d1:35:f8:83:f6:58:b4:59:1a:3f:4e:e5:bf:2e:
         d2:9e:7b:0a:d8:93:ed:ef:fb:27:5d:5d:25:b2:40:c7:1f:d2:
         9d:9e:8b:5c:e6:46:c5:73:a2:92:b7:7f:8d:9f:95:bf:f7:fa:
         5b:c0:67:93:c7:63:cc:20:0b:29:98:63:ec:29:1a:6e:f9:d3:
         aa:ee:52:24:38:a0:01:0f:ab:0a:0c:dd:47:ec:a1:30:7b:2c:
         e6:79:88:e1:8d:ac:ed:0d:45:6a:72:2c:23:69:77:97:ad:70:
         97:9c:d2:c6:e4:e7:c9:ab:20:19:84:7b:f7:e2:d7:9b:24:b1:
         d9:e5:89:1c:77:e6:51:5e:17:8a:87:ec:b8:bf:01:b4:9d:59:
         7d:8e:e0:d5:96:69:4e:5d:0e:f2:98:26:3a:22:b9:bd:5f:77:
         2d:f7:40:1d:03:2b:81:d4:e5:56:75:90:bb:51:3f:3b:28:d8:
         a4:13:10:d9:b2:51:38:ec:fc:7b:2c:66:42:66:cc:09:82:1c:
         41:d4:0f:78:a4:4f:e0:ba:d4:2e:e3:81:d1:a0:c4:25:3e:6e:
         02:c7:d7:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjGWlLrq51v6GTwhaYAnjnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODIwMDcyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGE0ZDYyMjkxMGY0ZjMyNzdlYjA2Y2VjZTQ0NWI0NDE2OWQ5MzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytVRm3v16eW6WTyNPZxnOt9BKH/z
uFST6f4SWzwDfGEmNPSRC13Fy07o9gq+gqLpNiKr7zIGmHobRLjX12zwJlCnC0xu
RDP9vVo3jkccTQ+2fKosO/h9ksOJllXu+DzYkr/VCZPsnGwrgwF1tLPo6TpWQQTX
QqnGY+InsRbT1pz1XkL9itv7HgDCdG8mSTmaT6nubduShAwlY2FjElI5KKOKkiaw
YqDkwtM8E+U5kTExhe3v17PBwKfcGX9uIyoKVXo+29OtdK8wCAJ9+r+YE/pa8gal
2cwKXVXWlh1l6dSyMhScaIXDqlNi2wDn5cLjjWm9UiZ6uaIxzyuesoSe+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPCk1iKRD08yd+sGzs5EW0QWnZObMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOEtUV0lwRVBUekozNndiT3prUmJSQmFkazVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdnMA0G
CSqGSIb3DQEBCwUAA4IBAQBIb039Myy/mgxERYlzIdMpaAnYB/W6XnARgRTKMgVz
nneoCYDeMN6Y0TX4g/ZYtFkaP07lvy7SnnsK2JPt7/snXV0lskDHH9Kdnotc5kbF
c6KSt3+Nn5W/9/pbwGeTx2PMIAspmGPsKRpu+dOq7lIkOKABD6sKDN1H7KEweyzm
eYjhjaztDUVqciwjaXeXrXCXnNLG5OfJqyAZhHv34tebJLHZ5Ykcd+ZRXheKh+y4
vwG0nVl9juDVlmlOXQ7ymCY6Irm9X3ct90AdAyuB1OVWdZC7UT87KNikExDZslE4
7Px7LGZCZswJghxB1A94pE/gutQu44HRoMQlPm4Cx9dL
-----END CERTIFICATE-----