Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/XkrAuYt5bWDNalFKdD1fn2vuVPE.roa
File:                     XkrAuYt5bWDNalFKdD1fn2vuVPE.roa (raw, json)
Hash identifier:          k2nDFSwdIaXg9g0PcPlS7HCXiUFGFi0knKbFslTOR8U=
Subject key identifier:   5E:4A:C0:B9:8B:79:6D:60:CD:6A:51:4A:74:3D:5F:9F:6B:EE:54:F1
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0198377584220101E3FB6300438F6303B639
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/XkrAuYt5bWDNalFKdD1fn2vuVPE.roa
Signing time:             Wed 23 Jul 2025 13:25:04 +0000
ROA not before:           Wed 23 Jul 2025 13:25:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        45.154.157.0/24 maxlen: 24
                          188.209.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:37:75:84:22:01:01:e3:fb:63:00:43:8f:63:03:b6:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Jul 23 13:25:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e4ac0b98b796d60cd6a514a743d5f9f6bee54f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:14:43:2e:cf:8a:5a:9a:1e:cb:d1:ae:48:92:
                    1a:92:5f:a8:a9:c5:48:20:c6:a7:22:80:4b:94:61:
                    dc:74:20:90:6e:af:18:f9:60:ac:d2:32:6f:35:d2:
                    7b:05:18:65:bb:ec:59:68:b6:cb:3d:ad:99:36:7a:
                    e1:79:68:0f:6b:77:a9:fc:06:bd:66:15:e2:47:e1:
                    ad:5f:27:59:51:ee:b2:38:2e:e6:e6:63:f1:85:72:
                    86:04:6e:38:2a:b6:13:3c:0b:a0:44:f4:ce:66:62:
                    68:39:e9:93:67:54:36:e5:9c:95:0e:d0:ae:2d:ea:
                    87:81:7a:e4:66:17:a4:89:43:a6:48:c4:81:63:a4:
                    3f:ec:9d:27:00:0a:83:af:6c:d9:23:5d:4c:0b:37:
                    4e:a0:53:6f:25:97:a7:b1:36:e0:e7:40:cf:47:d1:
                    15:94:75:75:2d:17:84:a6:db:ac:c4:cb:a1:39:9f:
                    7c:91:5e:f1:f2:e4:a8:ab:c2:e2:8f:04:3d:88:c7:
                    79:57:b6:c9:fe:f4:49:89:04:1f:c5:ad:b8:d6:39:
                    2e:18:ab:91:e2:68:d7:38:fa:75:82:f4:b0:bf:b7:
                    8b:26:1b:b7:69:f8:df:a2:ff:df:5f:5c:17:b2:22:
                    e1:09:e0:4a:ae:65:4c:15:75:3c:65:00:45:a7:c2:
                    b4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4A:C0:B9:8B:79:6D:60:CD:6A:51:4A:74:3D:5F:9F:6B:EE:54:F1
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/XkrAuYt5bWDNalFKdD1fn2vuVPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.157.0/24
                  188.209.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:44:07:12:bc:18:61:84:ad:68:d0:22:2b:de:fa:e3:a1:71:
         b9:38:f5:aa:aa:d5:5b:8c:12:e1:af:8f:f1:d4:51:a0:a0:4f:
         ce:00:ec:62:d1:b7:e5:65:97:58:be:d1:11:85:02:1b:1f:7d:
         3f:0e:f9:56:d1:39:11:ec:0b:f8:97:bb:bd:28:0c:97:a1:2b:
         0b:6c:6a:a8:39:eb:ba:a6:f3:5c:17:0a:e3:4d:54:c1:0d:dd:
         1c:f0:b8:0c:20:88:8d:fc:de:32:93:86:c3:52:1c:70:f0:b1:
         53:ac:df:5c:c5:37:23:66:f2:7c:d4:f3:f0:d8:20:15:78:d9:
         46:a1:b8:a7:27:61:20:ac:f7:93:de:ac:1b:4f:a3:91:8f:f9:
         cd:87:83:8c:1f:3c:52:18:00:f2:31:7e:66:9d:52:54:26:2f:
         d1:2e:48:cf:e1:64:d4:6b:02:94:e4:57:e1:41:ea:94:72:a9:
         36:41:f7:d3:39:e1:28:60:a8:2a:20:09:9e:ce:e2:93:d6:ef:
         f1:87:5e:ee:41:cd:0a:53:f2:c6:51:c8:70:8a:b1:b7:a1:dc:
         ea:bf:54:62:38:4e:b9:67:29:58:06:9b:14:f1:7d:ed:78:94:
         dc:c5:95:47:22:43:3d:d7:3a:ff:e3:4b:b5:5d:10:73:c8:e0:
         56:35:ff:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZg3dYQiAQHj+2MAQ49jA7Y5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwNzIzMTMyNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRhYzBiOThiNzk2ZDYwY2Q2YTUxNGE3NDNkNWY5ZjZiZWU1NGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBRDLs+KWpoey9GuSJIakl+oqcVI
IManIoBLlGHcdCCQbq8Y+WCs0jJvNdJ7BRhlu+xZaLbLPa2ZNnrheWgPa3ep/Aa9
ZhXiR+GtXydZUe6yOC7m5mPxhXKGBG44KrYTPAugRPTOZmJoOemTZ1Q25ZyVDtCu
LeqHgXrkZhekiUOmSMSBY6Q/7J0nAAqDr2zZI11MCzdOoFNvJZensTbg50DPR9EV
lHV1LReEptusxMuhOZ98kV7x8uSoq8LijwQ9iMd5V7bJ/vRJiQQfxa241jkuGKuR
4mjXOPp1gvSwv7eLJhu3afjfov/fX1wXsiLhCeBKrmVMFXU8ZQBFp8K0kwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF5KwLmLeW1gzWpRSnQ9X59r7lTxMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvWGtyQXVZdDViV0ROYWxGS2REMWZuMnZ1VlBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZqdAwQA
vNGMMA0GCSqGSIb3DQEBCwUAA4IBAQCrRAcSvBhhhK1o0CIr3vrjoXG5OPWqqtVb
jBLhr4/x1FGgoE/OAOxi0bflZZdYvtERhQIbH30/DvlW0TkR7Av4l7u9KAyXoSsL
bGqoOeu6pvNcFwrjTVTBDd0c8LgMIIiN/N4yk4bDUhxw8LFTrN9cxTcjZvJ81PPw
2CAVeNlGobinJ2EgrPeT3qwbT6ORj/nNh4OMHzxSGADyMX5mnVJUJi/RLkjP4WTU
awKU5FfhQeqUcqk2QffTOeEoYKgqIAmezuKT1u/xh17uQc0KU/LGUchwirG3odzq
v1RiOE65ZylYBpsU8X3teJTcxZVHIkM91zr/40u1XRBzyOBWNf8W
-----END CERTIFICATE-----