Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/ujdLXoXrvhVfjksNi3jvUUhxPZQ.roa
File:                     ujdLXoXrvhVfjksNi3jvUUhxPZQ.roa (raw, json)
Hash identifier:          M1NGr3Kp/N5WVzCoJ45GNTOp19udI/hDhcVdgHkpFVQ=
Subject key identifier:   BA:37:4B:5E:85:EB:BE:15:5F:8E:4B:0D:8B:78:EF:51:48:71:3D:94
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0199150DB6A415DA1C7E4A90701CD287F901
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/ujdLXoXrvhVfjksNi3jvUUhxPZQ.roa
Signing time:             Thu 04 Sep 2025 14:07:24 +0000
ROA not before:           Thu 04 Sep 2025 14:07:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209043
IP address blocks:        45.9.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:15:0d:b6:a4:15:da:1c:7e:4a:90:70:1c:d2:87:f9:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Sep  4 14:07:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba374b5e85ebbe155f8e4b0d8b78ef5148713d94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4a:76:74:67:32:6c:b7:63:6c:f5:1e:36:a6:
                    82:0b:15:05:60:86:ce:f6:af:a8:83:3f:5a:3f:45:
                    d2:3a:06:ab:72:b5:89:e8:e2:58:c1:28:eb:d5:27:
                    fd:83:44:21:12:4f:95:44:1c:d9:de:57:61:fe:b6:
                    c8:a7:71:45:86:10:8f:a6:3c:e8:f3:bf:38:97:3e:
                    d3:a8:87:06:76:5c:30:6c:aa:f5:af:ee:38:0a:01:
                    b7:30:a4:d6:b2:54:01:91:f4:af:30:09:0a:7d:09:
                    a1:f1:ea:90:2b:74:60:26:8e:13:08:b3:6e:f5:b3:
                    10:a3:06:61:08:50:65:02:75:66:39:b0:d5:20:5b:
                    37:14:bf:41:97:53:72:35:8f:c4:3c:da:aa:3e:c0:
                    9b:20:8b:b6:5b:33:91:16:88:55:83:3d:d0:c9:56:
                    de:3e:9b:9a:bc:60:fc:df:14:bc:12:70:df:47:ee:
                    47:93:f3:6d:0d:44:60:b7:8e:d7:51:e8:e1:e8:eb:
                    3b:08:ef:ad:b6:20:33:59:ba:a5:1d:e4:9e:d6:a5:
                    ee:86:55:b5:81:2c:14:e7:82:04:d6:31:5c:dd:8f:
                    ef:ec:7e:4d:51:fb:74:69:05:57:99:29:c8:71:25:
                    95:8d:80:6e:6b:10:cb:b9:73:c3:4b:cd:0b:ff:4f:
                    dd:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:37:4B:5E:85:EB:BE:15:5F:8E:4B:0D:8B:78:EF:51:48:71:3D:94
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/ujdLXoXrvhVfjksNi3jvUUhxPZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c0:dd:4a:b9:3f:4e:14:e4:4c:3c:48:87:1b:ff:82:d8:62:
         fa:df:24:78:3f:a5:55:e5:96:f2:b1:91:94:6d:6c:e6:86:19:
         09:8b:8c:bf:ab:6d:15:f0:21:96:1b:29:77:fd:48:a5:bb:7d:
         7c:fe:38:ad:00:a4:27:59:c8:65:1d:ed:fb:d7:f2:18:46:54:
         84:b8:84:3f:c6:44:c0:c3:98:d0:7c:79:c2:96:ed:08:0f:8d:
         45:42:36:4e:9d:77:15:6a:f3:8e:a6:87:5b:a0:14:cd:06:d7:
         86:8c:12:ef:9f:e4:66:8a:6d:3a:50:be:cd:96:58:9a:e9:79:
         38:1b:65:6c:6d:61:27:d1:1c:21:31:26:82:6b:35:4e:d2:9e:
         e6:e1:f9:b8:7d:b5:66:e6:35:18:b9:90:ae:4b:94:28:32:37:
         f7:66:cc:b2:e3:8b:79:62:fc:2c:44:61:a5:15:57:aa:ed:8c:
         49:94:ac:58:f8:65:1a:c3:72:fd:5c:f5:b8:53:7f:d9:73:2b:
         d6:36:c6:a7:50:7b:a2:ad:ef:29:cb:69:59:59:cf:1b:b0:75:
         b8:bf:06:4f:63:5d:37:55:5e:97:92:16:dc:ad:c1:4f:be:3b:
         f1:6e:05:d3:c5:df:0e:5d:95:f0:5e:f8:7f:25:7d:61:37:ee:
         00:de:ca:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkVDbakFdocfkqQcBzSh/kBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwOTA0MTQwNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTM3NGI1ZTg1ZWJiZTE1NWY4ZTRiMGQ4Yjc4ZWY1MTQ4NzEzZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUp2dGcybLdjbPUeNqaCCxUFYIbO
9q+ogz9aP0XSOgarcrWJ6OJYwSjr1Sf9g0QhEk+VRBzZ3ldh/rbIp3FFhhCPpjzo
8784lz7TqIcGdlwwbKr1r+44CgG3MKTWslQBkfSvMAkKfQmh8eqQK3RgJo4TCLNu
9bMQowZhCFBlAnVmObDVIFs3FL9Bl1NyNY/EPNqqPsCbIIu2WzORFohVgz3QyVbe
PpuavGD83xS8EnDfR+5Hk/NtDURgt47XUejh6Os7CO+ttiAzWbqlHeSe1qXuhlW1
gSwU54IE1jFc3Y/v7H5NUft0aQVXmSnIcSWVjYBuaxDLuXPDS80L/0/d2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLo3S16F674VX45LDYt471FIcT2UMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvdWpkTFhvWHJ2aFZmamtzTmkzanZVVWh4UFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQmbMA0G
CSqGSIb3DQEBCwUAA4IBAQBlwN1KuT9OFORMPEiHG/+C2GL63yR4P6VV5ZbysZGU
bWzmhhkJi4y/q20V8CGWGyl3/Uilu318/jitAKQnWchlHe371/IYRlSEuIQ/xkTA
w5jQfHnClu0ID41FQjZOnXcVavOOpodboBTNBteGjBLvn+Rmim06UL7Nllia6Xk4
G2VsbWEn0RwhMSaCazVO0p7m4fm4fbVm5jUYuZCuS5QoMjf3Zsyy44t5YvwsRGGl
FVeq7YxJlKxY+GUaw3L9XPW4U3/ZcyvWNsanUHuire8py2lZWc8bsHW4vwZPY103
VV6XkhbcrcFPvjvxbgXTxd8OXZXwXvh/JX1hN+4A3sog
-----END CERTIFICATE-----
Generated at Sun Oct 19 20:20:37 2025 by rpki-client