Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/_D_RKE9zrsJI9vEdORTMyS_CPEY.roa
File:                     _D_RKE9zrsJI9vEdORTMyS_CPEY.roa (raw, json)
Hash identifier:          sb+pf5zLeTQvFz0cOCuvvmv/BmsQJq+3u4wsDH/y9zM=
Subject key identifier:   FC:3F:D1:28:4F:73:AE:C2:48:F6:F1:1D:39:14:CC:C9:2F:C2:3C:46
Certificate issuer:       /CN=ebf385ced090dbf1d044734e12a270ee6b841c96
Certificate serial:       019A78677719E40772908A5BE34719DE8BB1
Authority key identifier: EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/_D_RKE9zrsJI9vEdORTMyS_CPEY.roa
Signing time:             Wed 12 Nov 2025 14:10:37 +0000
ROA not before:           Wed 12 Nov 2025 14:10:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.141.88.0/23 maxlen: 23
                          45.141.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 23:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:78:67:77:19:e4:07:72:90:8a:5b:e3:47:19:de:8b:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebf385ced090dbf1d044734e12a270ee6b841c96
        Validity
            Not Before: Nov 12 14:10:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc3fd1284f73aec248f6f11d3914ccc92fc23c46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b3:47:5c:01:8b:77:58:9e:52:63:12:0d:22:
                    a5:a0:fc:56:7b:76:2e:89:df:cc:68:6c:9d:03:87:
                    3d:11:3d:23:a6:18:74:69:d1:48:d2:0c:c6:36:cd:
                    c7:82:39:af:41:df:4f:7b:d0:14:d1:2a:e1:4c:26:
                    89:00:25:94:6e:10:0c:58:fd:02:10:4a:b9:fa:ad:
                    0b:b4:46:0b:57:f2:20:63:26:0e:a9:cb:80:2a:8c:
                    09:cc:60:e9:8b:f2:54:56:39:0c:d5:37:ff:b8:69:
                    48:30:45:77:fb:da:f1:1f:84:05:5e:6d:38:ed:30:
                    db:b6:70:5f:2f:ac:73:70:03:ba:06:13:61:a1:1e:
                    2b:07:1d:27:c9:53:d0:b4:a8:b2:58:25:ae:f0:ca:
                    29:28:01:bd:24:00:f8:8c:2f:b3:ae:53:7f:d1:76:
                    93:5a:63:1e:ec:a2:e3:b4:31:e1:1f:b4:84:17:8b:
                    d3:6e:8d:9f:79:a0:e7:75:05:9b:fe:8f:f5:40:2a:
                    e7:95:de:d3:1f:64:ac:e6:ce:5b:8e:49:65:04:2a:
                    b4:7a:01:b9:28:19:e3:df:38:85:20:05:4e:1b:03:
                    55:5b:30:cb:74:ab:de:83:90:98:5f:d4:af:43:50:
                    b0:31:aa:70:2f:2a:6e:ec:26:6e:53:1c:d1:7b:c3:
                    f2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:3F:D1:28:4F:73:AE:C2:48:F6:F1:1D:39:14:CC:C9:2F:C2:3C:46
            X509v3 Authority Key Identifier:
                keyid:EB:F3:85:CE:D0:90:DB:F1:D0:44:73:4E:12:A2:70:EE:6B:84:1C:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_OFztCQ2_HQRHNOEqJw7muEHJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/_D_RKE9zrsJI9vEdORTMyS_CPEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/1a9e14-7fb4-489b-90be-465d223b232e/1/6_OFztCQ2_HQRHNOEqJw7muEHJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.88.0-45.141.90.255

    Signature Algorithm: sha256WithRSAEncryption
         84:5b:43:e5:a5:e5:fd:0f:4b:5b:bf:1b:b6:08:ce:b9:a3:5e:
         87:c6:a6:cf:a6:17:f0:a5:c1:85:40:39:b8:d5:0d:53:23:4b:
         3a:91:5f:8c:b7:62:12:5a:11:21:a8:3a:fd:e4:b4:8f:35:c3:
         f7:55:49:f2:1c:14:42:4e:b8:9d:27:33:a8:a3:b8:26:b1:53:
         7d:5f:9b:2e:3b:3a:bc:57:6d:e8:b1:bf:17:97:30:7f:95:15:
         00:0f:61:d1:6c:74:77:25:89:74:43:26:ba:8c:05:b3:c5:ee:
         3b:e1:b5:24:96:f7:1d:a8:30:f8:29:50:4c:2f:ae:8c:f2:91:
         ce:2d:3f:92:b3:e3:74:ab:37:19:b6:52:9e:eb:3f:a1:1c:10:
         46:89:e5:6e:78:6b:24:0b:ec:5d:e2:4f:c3:88:1f:61:bb:7b:
         0e:61:7d:a0:d3:4d:fa:f5:a0:90:d7:0c:1e:00:3b:53:2b:92:
         86:20:46:57:ca:14:1d:03:b6:6c:a7:85:ad:58:f2:52:48:b6:
         f6:c3:f9:8f:79:67:9c:b3:28:e7:2e:83:0c:cd:12:a3:09:4c:
         9d:10:1a:fd:56:7f:12:9e:45:dc:5b:fd:99:4c:3f:26:91:64:
         0e:87:5c:74:d8:b6:94:aa:0b:2a:44:7b:9b:16:68:a2:7a:31:
         3d:20:55:9d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZp4Z3cZ5AdykIpb40cZ3ouxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjM4NWNlZDA5MGRiZjFkMDQ0NzM0ZTEyYTI3MGVlNmI4
NDFjOTYwHhcNMjUxMTEyMTQxMDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzNmZDEyODRmNzNhZWMyNDhmNmYxMWQzOTE0Y2NjOTJmYzIzYzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLNHXAGLd1ieUmMSDSKloPxWe3Yu
id/MaGydA4c9ET0jphh0adFI0gzGNs3HgjmvQd9Pe9AU0SrhTCaJACWUbhAMWP0C
EEq5+q0LtEYLV/IgYyYOqcuAKowJzGDpi/JUVjkM1Tf/uGlIMEV3+9rxH4QFXm04
7TDbtnBfL6xzcAO6BhNhoR4rBx0nyVPQtKiyWCWu8MopKAG9JAD4jC+zrlN/0XaT
WmMe7KLjtDHhH7SEF4vTbo2feaDndQWb/o/1QCrnld7TH2Ss5s5bjkllBCq0egG5
KBnj3ziFIAVOGwNVWzDLdKveg5CYX9SvQ1CwMapwLypu7CZuUxzRe8Py1QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPw/0ShPc67CSPbxHTkUzMkvwjxGMB8GA1UdIwQY
MBaAFOvzhc7QkNvx0ERzThKicO5rhByWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUt
NDY1ZDIyM2IyMzJlLzEvX0RfUktFOXpyc0pJOXZFZE9SVE15U19DUEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8xYTllMTQtN2ZiNC00ODliLTkwYmUtNDY1ZDIyM2IyMzJl
LzEvNl9PRnp0Q1EyX0hRUkhOT0VxSnc3bXVFSEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAMtjVgD
BAAtjVowDQYJKoZIhvcNAQELBQADggEBAIRbQ+Wl5f0PS1u/G7YIzrmjXofGps+m
F/ClwYVAObjVDVMjSzqRX4y3YhJaESGoOv3ktI81w/dVSfIcFEJOuJ0nM6ijuCax
U31fmy47OrxXbeixvxeXMH+VFQAPYdFsdHcliXRDJrqMBbPF7jvhtSSW9x2oMPgp
UEwvrozykc4tP5Kz43SrNxm2Up7rP6EcEEaJ5W54ayQL7F3iT8OIH2G7ew5hfaDT
Tfr1oJDXDB4AO1MrkoYgRlfKFB0Dtmynha1Y8lJItvbD+Y95Z5yzKOcugwzNEqMJ
TJ0QGv1WfxKeRdxb/ZlMPyaRZA6HXHTYtpSqCypEe5sWaKJ6MT0gVZ0=
-----END CERTIFICATE-----