Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/kVQqA1kzlrD80xwNPEReRSZK8AQ.roa
File:                     kVQqA1kzlrD80xwNPEReRSZK8AQ.roa (raw, json)
Hash identifier:          v08Ady1NycxvU4HcsYkFdVpLDaMY8LHBzEHvgLrf5BI=
Subject key identifier:   91:54:2A:03:59:33:96:B0:FC:D3:1C:0D:3C:44:5E:45:26:4A:F0:04
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0198A2BDCE7BA6EEF6373619AAEF6D05DF04
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/kVQqA1kzlrD80xwNPEReRSZK8AQ.roa
Signing time:             Wed 13 Aug 2025 09:23:24 +0000
ROA not before:           Wed 13 Aug 2025 09:23:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215269
IP address blocks:        45.155.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:bd:ce:7b:a6:ee:f6:37:36:19:aa:ef:6d:05:df:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Aug 13 09:23:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91542a03593396b0fcd31c0d3c445e45264af004
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:8a:3e:6d:f1:81:a2:4b:b5:23:39:0b:54:bc:
                    85:f9:89:16:77:ba:b4:aa:ad:00:21:90:7b:54:42:
                    97:0a:8b:d1:ed:ef:a1:e2:d6:e1:a6:e6:f5:91:58:
                    96:64:19:58:98:be:7b:f0:3e:24:21:c7:ea:19:0f:
                    a7:44:21:aa:83:05:10:2f:5a:67:da:e4:85:39:54:
                    3b:e0:3b:fb:a1:15:25:76:ca:06:c0:3a:46:9e:66:
                    2e:9c:e0:c0:8f:f0:17:b5:d6:59:62:71:1f:87:9c:
                    90:1f:10:b5:78:27:68:49:9c:fe:bb:b8:3d:b3:d7:
                    d4:d8:3c:0d:87:e0:57:0f:2d:e0:58:d7:83:bb:7d:
                    34:27:68:f7:3a:8a:70:06:4c:98:44:e9:ab:a5:ce:
                    dd:1a:2b:f9:a5:be:da:8e:ba:44:bf:94:9e:5b:b8:
                    c3:72:fe:0e:6c:40:46:11:ff:e3:7d:7f:e7:87:a3:
                    23:c3:d7:5a:f8:bd:ee:e5:e7:87:84:e9:2f:2e:5e:
                    17:f1:fe:f3:d7:e3:4d:3a:25:6b:d4:7d:fd:90:74:
                    58:75:f2:64:ba:51:f3:93:72:99:3c:b5:bb:a7:c7:
                    30:0e:70:86:4f:8b:c6:ef:cd:9f:c0:2d:7f:50:7c:
                    78:5f:56:38:07:c6:81:71:2e:60:49:2b:68:f7:49:
                    9c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:54:2A:03:59:33:96:B0:FC:D3:1C:0D:3C:44:5E:45:26:4A:F0:04
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/kVQqA1kzlrD80xwNPEReRSZK8AQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:26:c0:16:ef:ca:8d:33:e5:1e:d0:72:18:f9:39:8b:4c:36:
         b6:0e:ed:14:19:23:cf:ba:83:5a:3a:54:c1:8c:a1:fd:67:02:
         69:70:cc:88:fb:1b:a5:aa:77:f1:c9:f0:bf:8e:03:4f:c7:49:
         f0:d3:04:f2:f7:27:23:1a:4f:c8:41:33:aa:7f:69:ac:86:61:
         43:33:26:e3:13:06:b4:6f:27:e0:a5:42:ac:ae:c3:72:89:db:
         21:0e:78:c6:90:2d:5d:38:78:0f:54:95:66:d9:51:d6:e9:d2:
         9f:82:4c:40:14:a9:38:7f:5c:be:64:22:c0:eb:71:28:20:9d:
         fc:75:5a:73:47:81:5c:32:bb:f9:33:9d:81:07:fb:4e:d4:7b:
         fd:eb:b9:e6:82:46:33:96:db:07:4c:5c:c7:0a:69:d4:3a:25:
         ef:2e:88:f8:1e:c7:6b:d5:9e:3c:76:73:01:d5:8c:d9:c3:77:
         53:59:9b:4d:cf:6c:de:2a:db:1c:d9:a5:b9:af:0f:f9:5f:01:
         e8:cd:61:ca:f3:bf:07:ad:41:12:b8:0c:62:b5:f1:86:2e:ed:
         85:92:ce:eb:b5:76:94:f8:9b:4e:2f:a2:47:ad:b5:58:25:a9:
         f7:fd:a3:08:6f:96:68:cb:38:9e:1d:7c:a7:8f:81:32:8a:46:
         2c:67:08:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiivc57pu72NzYZqu9tBd8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwODEzMDkyMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU0MmEwMzU5MzM5NmIwZmNkMzFjMGQzYzQ0NWU0NTI2NGFmMDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Yo+bfGBoku1IzkLVLyF+YkWd7q0
qq0AIZB7VEKXCovR7e+h4tbhpub1kViWZBlYmL578D4kIcfqGQ+nRCGqgwUQL1pn
2uSFOVQ74Dv7oRUldsoGwDpGnmYunODAj/AXtdZZYnEfh5yQHxC1eCdoSZz+u7g9
s9fU2DwNh+BXDy3gWNeDu300J2j3OopwBkyYROmrpc7dGiv5pb7ajrpEv5SeW7jD
cv4ObEBGEf/jfX/nh6Mjw9da+L3u5eeHhOkvLl4X8f7z1+NNOiVr1H39kHRYdfJk
ulHzk3KZPLW7p8cwDnCGT4vG782fwC1/UHx4X1Y4B8aBcS5gSSto90mcWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFUKgNZM5aw/NMcDTxEXkUmSvAEMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEva1ZRcUExa3psckQ4MHh3TlBFUmVSU1pLOEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvxMA0G
CSqGSIb3DQEBCwUAA4IBAQCUJsAW78qNM+Ue0HIY+TmLTDa2Du0UGSPPuoNaOlTB
jKH9ZwJpcMyI+xulqnfxyfC/jgNPx0nw0wTy9ycjGk/IQTOqf2mshmFDMybjEwa0
byfgpUKsrsNyidshDnjGkC1dOHgPVJVm2VHW6dKfgkxAFKk4f1y+ZCLA63EoIJ38
dVpzR4FcMrv5M52BB/tO1Hv967nmgkYzltsHTFzHCmnUOiXvLoj4Hsdr1Z48dnMB
1YzZw3dTWZtNz2zeKtsc2aW5rw/5XwHozWHK878HrUESuAxitfGGLu2Fks7rtXaU
+JtOL6JHrbVYJan3/aMIb5ZoyzieHXynj4EyikYsZwiM
-----END CERTIFICATE-----