Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/VcWZUDSfSSKFrHgiIqRuCEBIomE.roa
File:                     VcWZUDSfSSKFrHgiIqRuCEBIomE.roa (raw, json)
Hash identifier:          8diyMJmOQ9BNiLPCYYS2Sa8Mn23tj7FWiq6+eMmQjW0=
Subject key identifier:   55:C5:99:50:34:9F:49:22:85:AC:78:22:22:A4:6E:08:40:48:A2:61
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019971BE588E89A404BBDC172A407E0989E1
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/VcWZUDSfSSKFrHgiIqRuCEBIomE.roa
Signing time:             Mon 22 Sep 2025 14:05:23 +0000
ROA not before:           Mon 22 Sep 2025 14:05:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43260
IP address blocks:        45.147.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:71:be:58:8e:89:a4:04:bb:dc:17:2a:40:7e:09:89:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Sep 22 14:05:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55c59950349f492285ac782222a46e084048a261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:11:94:db:6c:3d:f4:1d:64:17:cd:16:5c:c6:
                    00:aa:a9:f0:3b:48:c9:8f:c6:f2:65:fe:49:43:c8:
                    aa:df:71:cd:22:c8:84:5d:e2:c2:0c:c8:4e:1f:12:
                    a8:e0:8b:1b:a0:71:6e:2a:b4:8b:d0:89:d6:16:90:
                    a0:94:ea:92:f1:e0:a9:2d:f6:e3:3e:19:15:5d:cc:
                    76:ec:7b:61:2f:dd:67:6e:3a:a9:15:d4:59:0e:eb:
                    3d:17:f0:54:35:b3:0d:0a:a7:35:ff:d7:b3:a3:61:
                    db:27:93:ab:65:ed:ab:38:ad:6c:ad:47:5c:e1:5d:
                    77:bb:4f:4d:70:ca:46:85:bf:12:93:76:97:f9:63:
                    2d:34:8c:f0:3b:3f:14:0a:30:2d:7d:ec:ec:19:e9:
                    ea:99:b8:4c:c4:c5:ce:9d:23:99:60:b7:04:7e:dc:
                    7f:54:fc:7b:2f:49:4c:f4:24:fc:9c:ee:12:9b:4d:
                    32:f6:61:25:ee:b3:6b:2b:85:c1:3e:f5:a8:c9:1e:
                    4e:5a:18:30:f0:83:34:9f:aa:ba:a1:ac:6a:1f:d9:
                    20:e5:f6:85:0a:65:b5:26:6e:48:22:61:db:35:16:
                    53:50:d2:2b:bf:db:b4:d2:75:2b:63:ae:21:28:6d:
                    65:b4:8a:dd:17:5f:7c:eb:64:7f:bc:31:fa:2b:1b:
                    cb:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:C5:99:50:34:9F:49:22:85:AC:78:22:22:A4:6E:08:40:48:A2:61
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/VcWZUDSfSSKFrHgiIqRuCEBIomE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:49:65:85:1c:b9:bb:e0:3d:7f:7c:6e:4f:3c:59:56:9f:22:
         bc:55:a1:97:90:86:cd:0b:7d:14:27:5d:34:9f:2f:24:3c:42:
         c4:f8:c3:5b:ca:bc:c5:a8:32:1f:25:c7:b4:ca:69:43:0c:56:
         e8:80:fd:81:99:b7:24:14:32:57:dd:f7:32:ca:5d:69:e6:53:
         66:49:c8:26:75:52:06:4f:db:83:3b:f5:67:e8:98:2f:46:5c:
         de:87:f2:44:9f:79:1c:04:97:bd:1f:74:7a:dd:7a:bb:67:13:
         f1:88:f0:bd:f0:c0:22:70:81:6d:e4:e1:1b:77:10:d6:5a:e5:
         98:3f:47:4f:5d:8f:e4:d9:81:29:49:d6:e2:d5:18:59:88:a6:
         6c:27:8c:9b:ce:92:c0:aa:77:e8:bf:40:d5:87:cf:4b:2e:6a:
         eb:7d:fe:57:e2:6e:ce:ce:7e:4c:f5:6d:a1:a9:cc:4a:1b:e3:
         28:4a:4c:5a:e2:2d:0b:10:4e:d0:e4:a3:dc:e1:b0:ff:84:ba:
         b7:53:24:0a:0e:d3:fb:48:50:98:49:b5:b6:03:c3:6d:e9:95:
         ab:d2:38:be:1d:9e:35:47:a1:e2:63:15:7c:ea:ec:45:fa:fd:
         30:f1:18:69:d4:ab:cd:69:5e:33:5e:7f:f1:6a:e2:38:18:5a:
         46:f5:b4:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlxvliOiaQEu9wXKkB+CYnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwOTIyMTQwNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWM1OTk1MDM0OWY0OTIyODVhYzc4MjIyMmE0NmUwODQwNDhhMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hGU22w99B1kF80WXMYAqqnwO0jJ
j8byZf5JQ8iq33HNIsiEXeLCDMhOHxKo4IsboHFuKrSL0InWFpCglOqS8eCpLfbj
PhkVXcx27HthL91nbjqpFdRZDus9F/BUNbMNCqc1/9ezo2HbJ5OrZe2rOK1srUdc
4V13u09NcMpGhb8Sk3aX+WMtNIzwOz8UCjAtfezsGenqmbhMxMXOnSOZYLcEftx/
VPx7L0lM9CT8nO4Sm00y9mEl7rNrK4XBPvWoyR5OWhgw8IM0n6q6oaxqH9kg5faF
CmW1Jm5IImHbNRZTUNIrv9u00nUrY64hKG1ltIrdF19862R/vDH6KxvL4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFXFmVA0n0kihax4IiKkbghASKJhMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvVmNXWlVEU2ZTU0tGckhnaUlxUnVDRUJJb21FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMtMA0G
CSqGSIb3DQEBCwUAA4IBAQBtSWWFHLm74D1/fG5PPFlWnyK8VaGXkIbNC30UJ100
ny8kPELE+MNbyrzFqDIfJce0ymlDDFbogP2BmbckFDJX3fcyyl1p5lNmScgmdVIG
T9uDO/Vn6JgvRlzeh/JEn3kcBJe9H3R63Xq7ZxPxiPC98MAicIFt5OEbdxDWWuWY
P0dPXY/k2YEpSdbi1RhZiKZsJ4ybzpLAqnfov0DVh89LLmrrff5X4m7Ozn5M9W2h
qcxKG+MoSkxa4i0LEE7Q5KPc4bD/hLq3UyQKDtP7SFCYSbW2A8Nt6ZWr0ji+HZ41
R6HiYxV86uxF+v0w8Rhp1KvNaV4zXn/xauI4GFpG9bTp
-----END CERTIFICATE-----