Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/vmyAzNx7YC2gCU3FErnhSsG464E.roa
File:                     vmyAzNx7YC2gCU3FErnhSsG464E.roa (raw, json)
Hash identifier:          b2H/65WWZwau4OQRXdpkdBOUisTMki5wQZ0WO+I8q90=
Subject key identifier:   BE:6C:80:CC:DC:7B:60:2D:A0:09:4D:C5:12:B9:E1:4A:C1:B8:EB:81
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       0199BD8434DD9BB72A40B770F92591D87578
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/vmyAzNx7YC2gCU3FErnhSsG464E.roa
Signing time:             Tue 07 Oct 2025 07:13:01 +0000
ROA not before:           Tue 07 Oct 2025 07:13:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        45.156.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:bd:84:34:dd:9b:b7:2a:40:b7:70:f9:25:91:d8:75:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Oct  7 07:13:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be6c80ccdc7b602da0094dc512b9e14ac1b8eb81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6b:c4:74:03:86:0f:70:dc:13:98:53:c1:0e:
                    30:83:0b:ef:75:d4:d2:b1:8b:23:fd:b2:61:2c:ca:
                    67:21:27:b0:86:f9:d5:7d:ea:25:b7:0e:22:bd:d9:
                    f0:fb:09:ca:c1:d9:36:9c:5c:54:65:26:64:eb:ff:
                    94:84:08:bf:db:d5:6d:89:d3:1c:4b:63:cb:e7:ce:
                    13:15:47:5d:6a:3c:99:d7:2e:ab:11:c5:66:bb:1f:
                    b8:44:1f:b1:3e:e8:e0:6b:3e:1f:9b:82:80:7d:8f:
                    81:85:ad:4e:5f:19:a4:15:f7:eb:18:92:de:0d:d3:
                    f8:85:07:c1:a2:4a:c8:e6:a5:09:57:f3:72:ff:ce:
                    d7:f6:42:76:35:cf:48:d9:c6:9f:eb:34:b7:a8:d0:
                    0f:ac:3a:5a:dc:3f:75:03:be:16:31:ff:02:ba:97:
                    74:5c:d6:ed:0b:dd:09:15:db:e8:87:9d:08:e6:8c:
                    a7:97:e9:81:5a:70:92:b0:7b:b4:3f:8f:01:9d:ed:
                    1e:03:14:df:dc:16:b8:b7:87:95:3e:d2:6d:83:97:
                    1a:de:73:f9:4f:da:58:1a:37:50:ec:96:f2:6c:51:
                    26:08:6b:5f:b9:50:e6:ac:21:2b:34:6f:29:27:c7:
                    20:85:20:ed:3c:5a:55:71:11:67:ff:e0:ed:ed:0f:
                    63:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:6C:80:CC:DC:7B:60:2D:A0:09:4D:C5:12:B9:E1:4A:C1:B8:EB:81
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/vmyAzNx7YC2gCU3FErnhSsG464E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:f4:69:b8:45:74:92:e8:16:dd:a5:55:3c:9c:7b:ed:32:9d:
         e6:6b:e3:72:8c:e4:7f:b0:6c:29:b3:6a:88:94:de:03:22:89:
         16:ec:75:63:a1:98:4b:6c:ef:20:12:77:2d:42:81:b5:c6:61:
         e0:84:12:da:0f:ac:37:d0:09:57:6c:47:9b:b4:70:62:40:50:
         5a:a4:8b:b3:df:a5:95:3c:62:40:da:16:30:f8:3c:bb:b2:9e:
         a3:52:d1:32:28:1c:2a:2f:ab:42:52:be:56:ef:0e:7a:00:25:
         bf:e3:7f:85:d4:d7:bd:6b:26:e7:4f:4d:65:88:75:a1:59:8c:
         60:3b:9e:7d:30:0b:23:4c:4b:ce:58:b3:e0:e2:f9:b5:60:d9:
         50:3f:4e:12:d9:15:07:6d:f1:44:af:92:e5:9c:40:52:b9:bf:
         bd:f0:f5:2a:b8:5c:30:01:ce:17:3c:e7:68:4e:bd:d0:ee:9b:
         8e:15:cd:6c:71:da:58:8f:f7:51:a7:ff:48:c5:f2:9a:09:d7:
         41:0e:d0:a8:27:db:cc:f4:1f:47:c2:44:1b:98:cd:bd:35:6c:
         bc:77:eb:2e:73:09:6d:47:af:9c:17:ab:90:fd:8c:f6:3a:da:
         ce:5e:49:79:79:ff:b5:b6:84:c1:4c:67:fc:9b:21:f4:89:60:
         c7:5f:d5:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm9hDTdm7cqQLdw+SWR2HV4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjUxMDA3MDcxMzAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTZjODBjY2RjN2I2MDJkYTAwOTRkYzUxMmI5ZTE0YWMxYjhlYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2vEdAOGD3DcE5hTwQ4wgwvvddTS
sYsj/bJhLMpnISewhvnVfeoltw4ivdnw+wnKwdk2nFxUZSZk6/+UhAi/29VtidMc
S2PL584TFUddajyZ1y6rEcVmux+4RB+xPujgaz4fm4KAfY+Bha1OXxmkFffrGJLe
DdP4hQfBokrI5qUJV/Ny/87X9kJ2Nc9I2caf6zS3qNAPrDpa3D91A74WMf8Cupd0
XNbtC90JFdvoh50I5oynl+mBWnCSsHu0P48Bne0eAxTf3Ba4t4eVPtJtg5ca3nP5
T9pYGjdQ7JbybFEmCGtfuVDmrCErNG8pJ8cghSDtPFpVcRFn/+Dt7Q9jVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5sgMzce2AtoAlNxRK54UrBuOuBMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvdm15QXpOeDdZQzJnQ1UzRkVybmhTc0c0NjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyQMA0G
CSqGSIb3DQEBCwUAA4IBAQB29Gm4RXSS6BbdpVU8nHvtMp3ma+NyjOR/sGwps2qI
lN4DIokW7HVjoZhLbO8gEnctQoG1xmHghBLaD6w30AlXbEebtHBiQFBapIuz36WV
PGJA2hYw+Dy7sp6jUtEyKBwqL6tCUr5W7w56ACW/43+F1Ne9aybnT01liHWhWYxg
O559MAsjTEvOWLPg4vm1YNlQP04S2RUHbfFEr5LlnEBSub+98PUquFwwAc4XPOdo
Tr3Q7puOFc1scdpYj/dRp/9IxfKaCddBDtCoJ9vM9B9HwkQbmM29NWy8d+sucwlt
R6+cF6uQ/Yz2OtrOXkl5ef+1toTBTGf8myH0iWDHX9Xg
-----END CERTIFICATE-----