Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/aTQ9uPvlYXPGnc1NBIxSpUA_uWQ.roa
File:                     aTQ9uPvlYXPGnc1NBIxSpUA_uWQ.roa (raw, json)
Hash identifier:          wcqKHdv1cBQdtNdt0vRlo2xRW2l4SQSz+bX91RIGAkI=
Subject key identifier:   69:34:3D:B8:FB:E5:61:73:C6:9D:CD:4D:04:8C:52:A5:40:3F:B9:64
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019771CD6E63065DEAC2FB065AB35358BB44
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/aTQ9uPvlYXPGnc1NBIxSpUA_uWQ.roa
Signing time:             Sun 15 Jun 2025 04:16:17 +0000
ROA not before:           Sun 15 Jun 2025 04:16:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207350
IP address blocks:        45.159.148.0/24 maxlen: 24
                          195.254.165.0/24 maxlen: 24
                          2a05:9080:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 13:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:71:cd:6e:63:06:5d:ea:c2:fb:06:5a:b3:53:58:bb:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jun 15 04:16:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69343db8fbe56173c69dcd4d048c52a5403fb964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:83:f3:94:d6:41:28:19:79:0b:5b:57:58:cd:
                    36:2c:2f:25:8d:03:3e:36:c0:99:f3:24:08:58:e7:
                    be:33:cb:f6:dd:7c:23:2c:55:19:aa:35:a1:e6:82:
                    e6:36:01:3b:c5:cf:4a:7f:53:ad:09:c8:ef:04:94:
                    ad:f5:ae:e1:d5:5a:53:54:79:2f:ea:bb:c0:01:75:
                    82:42:f8:33:f0:3c:3f:86:8f:66:ca:01:70:06:32:
                    47:9b:13:e0:be:95:f9:58:a1:be:0e:61:82:23:54:
                    32:cd:3e:6e:15:fe:ad:57:29:d3:61:cb:09:3e:c0:
                    13:4a:a1:82:cb:f0:18:07:b2:f3:08:8d:a0:47:aa:
                    8e:be:b1:cb:37:40:4e:f2:1f:d8:af:d5:d2:fc:3a:
                    78:ad:5f:03:62:07:16:ad:bc:37:f2:23:c4:7f:ae:
                    f3:9a:6e:d7:32:bf:4f:95:ea:5f:ee:13:6c:f3:2e:
                    4d:6b:1d:e8:f0:9d:6d:a2:8b:07:57:a7:ae:d5:b7:
                    03:56:9f:30:98:f2:43:aa:33:a0:ba:5e:90:2d:55:
                    9c:fb:6f:bf:84:91:a6:4b:cc:7e:dd:ef:53:df:0e:
                    d5:65:d2:bc:dc:f2:8d:90:3a:6f:dc:e5:a5:4d:8d:
                    ca:d9:21:77:62:c2:69:75:1c:c3:67:c5:de:3d:2a:
                    02:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:34:3D:B8:FB:E5:61:73:C6:9D:CD:4D:04:8C:52:A5:40:3F:B9:64
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/aTQ9uPvlYXPGnc1NBIxSpUA_uWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.148.0/24
                  195.254.165.0/24
                IPv6:
                  2a05:9080:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:61:05:1b:1e:76:d9:24:30:bc:5c:a4:2b:7c:76:fb:1f:8e:
         1e:d7:85:3b:de:f5:56:35:49:06:e7:86:50:cc:33:40:2c:ca:
         9c:b6:1b:ea:a2:ff:41:00:58:7e:f7:b5:ad:eb:5d:c0:8c:64:
         71:32:cf:05:20:36:06:c1:42:a2:01:2b:88:93:d2:14:85:a0:
         53:01:40:e6:32:29:65:3d:ea:6f:ef:be:ac:c8:74:e4:89:60:
         13:6e:fa:ac:fc:9f:96:9c:b5:4a:97:8b:7d:6d:01:39:03:d3:
         22:04:25:3f:84:b6:98:55:3f:cd:f9:5c:d5:46:4e:b7:e7:bd:
         4b:01:08:4f:4f:11:a2:63:cb:28:41:83:1d:ae:56:1a:dc:9c:
         08:23:09:83:2a:a4:bb:0c:38:4b:af:2c:53:68:7f:39:e6:c4:
         0d:41:dd:a4:b6:fb:80:b8:09:ef:3b:6a:06:1d:1f:1d:ee:b6:
         73:d1:dc:41:d5:f5:b2:7d:3f:26:60:71:55:36:b5:b6:49:ac:
         85:41:94:40:bd:24:97:fc:f3:5a:5f:ce:3c:1c:ba:46:f9:dc:
         00:4a:cf:6d:f6:68:b8:59:25:d6:46:6e:00:cd:c9:85:cf:ad:
         79:40:5d:58:96:4f:b2:e4:5e:a0:d2:30:8f:d2:5f:58:af:8b:
         48:d6:e7:d2
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZdxzW5jBl3qwvsGWrNTWLtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwNjE1MDQxNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTM0M2RiOGZiZTU2MTczYzY5ZGNkNGQwNDhjNTJhNTQwM2ZiOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IPzlNZBKBl5C1tXWM02LC8ljQM+
NsCZ8yQIWOe+M8v23XwjLFUZqjWh5oLmNgE7xc9Kf1OtCcjvBJSt9a7h1VpTVHkv
6rvAAXWCQvgz8Dw/ho9mygFwBjJHmxPgvpX5WKG+DmGCI1QyzT5uFf6tVynTYcsJ
PsATSqGCy/AYB7LzCI2gR6qOvrHLN0BO8h/Yr9XS/Dp4rV8DYgcWrbw38iPEf67z
mm7XMr9Plepf7hNs8y5Nax3o8J1toosHV6eu1bcDVp8wmPJDqjOgul6QLVWc+2+/
hJGmS8x+3e9T3w7VZdK83PKNkDpv3OWlTY3K2SF3YsJpdRzDZ8XePSoCpwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGk0Pbj75WFzxp3NTQSMUqVAP7lkMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvYVRROXVQdmxZWFBHbmMxTkJJeFNwVUFfdVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALZ+UAwQA
w/6lMA8EAgACMAkDBwAqBZCAAAEwDQYJKoZIhvcNAQELBQADggEBAFRhBRsedtkk
MLxcpCt8dvsfjh7XhTve9VY1SQbnhlDMM0Asypy2G+qi/0EAWH73ta3rXcCMZHEy
zwUgNgbBQqIBK4iT0hSFoFMBQOYyKWU96m/vvqzIdOSJYBNu+qz8n5actUqXi31t
ATkD0yIEJT+EtphVP835XNVGTrfnvUsBCE9PEaJjyyhBgx2uVhrcnAgjCYMqpLsM
OEuvLFNofznmxA1B3aS2+4C4Ce87agYdHx3utnPR3EHV9bJ9PyZgcVU2tbZJrIVB
lEC9JJf881pfzjwcukb53ABKz232aLhZJdZGbgDNyYXPrXlAXViWT7LkXqDSMI/S
X1ivi0jW59I=
-----END CERTIFICATE-----