Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/c3dd8e-38fd-4398-bae7-49f4e3edd875/1/RyU-tKT6g5iQNEPXbzsjbHBM1_k.roa
File:                     RyU-tKT6g5iQNEPXbzsjbHBM1_k.roa (raw, json)
Hash identifier:          2sFbg6PGW25XBrpSEBIs6U3UJCsY2lOFHoiV3xMg67c=
Subject key identifier:   47:25:3E:B4:A4:FA:83:98:90:34:43:D7:6F:3B:23:6C:70:4C:D7:F9
Certificate issuer:       /CN=16c6e152ec00d2b0e307d619e77f3c1d1426eef0
Certificate serial:       0197FF981F058FCB46FB4C67EFA3EA0FD91A
Authority key identifier: 16:C6:E1:52:EC:00:D2:B0:E3:07:D6:19:E7:7F:3C:1D:14:26:EE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FsbhUuwA0rDjB9YZ5388HRQm7vA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/c3dd8e-38fd-4398-bae7-49f4e3edd875/1/RyU-tKT6g5iQNEPXbzsjbHBM1_k.roa
Signing time:             Sat 12 Jul 2025 17:04:08 +0000
ROA not before:           Sat 12 Jul 2025 17:04:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140723
IP address blocks:        45.134.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/c3dd8e-38fd-4398-bae7-49f4e3edd875/1/FsbhUuwA0rDjB9YZ5388HRQm7vA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/c3dd8e-38fd-4398-bae7-49f4e3edd875/1/FsbhUuwA0rDjB9YZ5388HRQm7vA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FsbhUuwA0rDjB9YZ5388HRQm7vA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ff:98:1f:05:8f:cb:46:fb:4c:67:ef:a3:ea:0f:d9:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16c6e152ec00d2b0e307d619e77f3c1d1426eef0
        Validity
            Not Before: Jul 12 17:04:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47253eb4a4fa8398903443d76f3b236c704cd7f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a5:6a:29:46:bf:30:e1:7e:21:4d:05:cf:05:
                    87:a0:4f:62:0e:42:d0:7d:cb:1b:4d:9b:01:c1:4e:
                    0f:d1:5c:83:d0:8d:ae:cf:9e:98:cf:c0:5f:cd:e6:
                    38:95:93:56:f8:fd:0c:61:39:f3:0f:12:81:5c:68:
                    75:ad:05:32:c2:13:3a:74:d3:c7:a7:21:06:14:a2:
                    35:12:79:df:60:fa:18:7d:b3:34:4d:e6:9e:84:15:
                    e1:18:46:0e:2b:91:55:01:77:54:6c:ad:e7:ff:37:
                    8b:ca:67:f8:ea:e8:0d:4f:ba:98:40:97:25:5a:f7:
                    78:4e:de:18:13:ed:0e:01:32:c2:5c:d5:d4:ce:f2:
                    ef:9c:99:91:0c:86:52:52:69:02:08:61:1c:f3:96:
                    b7:97:c4:ca:ea:4a:bb:b5:d5:93:bc:0e:8d:d6:2e:
                    e5:14:b7:67:3b:17:35:33:c8:aa:90:de:06:b4:f2:
                    93:dc:20:32:41:cc:0e:a1:b7:6a:2f:a9:36:04:a7:
                    1e:4d:bd:62:af:3c:9b:cc:51:57:7e:ab:7e:4f:f0:
                    1c:23:9a:d6:7a:1e:ab:29:2b:45:83:8c:2b:43:29:
                    99:e2:c5:68:5b:9c:d6:e9:eb:68:7a:e8:53:6a:94:
                    19:b9:0b:db:ab:ca:a6:d9:27:63:10:71:40:d0:89:
                    a0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:25:3E:B4:A4:FA:83:98:90:34:43:D7:6F:3B:23:6C:70:4C:D7:F9
            X509v3 Authority Key Identifier:
                keyid:16:C6:E1:52:EC:00:D2:B0:E3:07:D6:19:E7:7F:3C:1D:14:26:EE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FsbhUuwA0rDjB9YZ5388HRQm7vA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/c3dd8e-38fd-4398-bae7-49f4e3edd875/1/RyU-tKT6g5iQNEPXbzsjbHBM1_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/c3dd8e-38fd-4398-bae7-49f4e3edd875/1/FsbhUuwA0rDjB9YZ5388HRQm7vA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:bc:c6:92:2d:e4:2a:72:0f:0b:65:cd:61:fd:1b:63:92:7c:
         6d:2f:8e:2c:68:27:d9:ff:b5:8a:99:bf:3f:17:c5:e1:17:00:
         2a:e2:74:74:09:c2:13:12:bb:22:43:74:9b:ba:1b:d6:64:d4:
         2b:ec:06:07:e9:ad:6e:ff:fa:a6:c5:25:30:81:ad:2d:f6:e7:
         c5:4f:c9:f0:4b:c4:ce:57:a3:23:97:f6:fe:b0:18:dd:53:27:
         98:f0:b1:82:c7:8c:32:aa:1a:5f:06:50:27:8a:39:25:e2:ac:
         04:88:d0:4a:98:5a:d6:4a:13:e5:e7:48:46:4d:d0:fb:22:b9:
         6f:9c:58:c2:39:1f:8d:b5:9a:99:e5:c1:e4:ae:48:51:d8:76:
         0a:f2:4d:28:49:98:cd:0b:99:f9:ff:50:de:ff:81:e1:91:0a:
         2a:c8:f0:b7:07:6a:8e:40:59:c8:e9:b9:f8:6e:ae:0e:57:f6:
         70:7d:2c:e1:a2:d2:43:06:ab:e2:7d:9b:82:7d:27:d9:6e:b8:
         3c:c7:41:76:a0:bd:62:5b:56:68:9f:ff:94:0b:5a:b6:03:6a:
         85:50:76:b0:4b:21:2d:9c:29:fc:4d:8a:0a:b7:31:c4:de:fd:
         43:43:86:54:01:58:4a:2a:ae:f1:a6:f3:42:b8:f2:35:22:2f:
         c7:43:3e:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf/mB8Fj8tG+0xn76PqD9kaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2YzZlMTUyZWMwMGQyYjBlMzA3ZDYxOWU3N2YzYzFkMTQy
NmVlZjAwHhcNMjUwNzEyMTcwNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzI1M2ViNGE0ZmE4Mzk4OTAzNDQzZDc2ZjNiMjM2YzcwNGNkN2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqVqKUa/MOF+IU0FzwWHoE9iDkLQ
fcsbTZsBwU4P0VyD0I2uz56Yz8BfzeY4lZNW+P0MYTnzDxKBXGh1rQUywhM6dNPH
pyEGFKI1EnnfYPoYfbM0TeaehBXhGEYOK5FVAXdUbK3n/zeLymf46ugNT7qYQJcl
Wvd4Tt4YE+0OATLCXNXUzvLvnJmRDIZSUmkCCGEc85a3l8TK6kq7tdWTvA6N1i7l
FLdnOxc1M8iqkN4GtPKT3CAyQcwOobdqL6k2BKceTb1irzybzFFXfqt+T/AcI5rW
eh6rKStFg4wrQymZ4sVoW5zW6etoeuhTapQZuQvbq8qm2SdjEHFA0ImgQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEclPrSk+oOYkDRD1287I2xwTNf5MB8GA1UdIwQY
MBaAFBbG4VLsANKw4wfWGed/PB0UJu7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnNiaFV1d0EwckRqQjlZWjUzODhIUlFtN3ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9jM2RkOGUtMzhmZC00Mzk4LWJhZTct
NDlmNGUzZWRkODc1LzEvUnlVLXRLVDZnNWlRTkVQWGJ6c2piSEJNMV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9jM2RkOGUtMzhmZC00Mzk4LWJhZTctNDlmNGUzZWRkODc1
LzEvRnNiaFV1d0EwckRqQjlZWjUzODhIUlFtN3ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYZiMA0G
CSqGSIb3DQEBCwUAA4IBAQCFvMaSLeQqcg8LZc1h/RtjknxtL44saCfZ/7WKmb8/
F8XhFwAq4nR0CcITErsiQ3SbuhvWZNQr7AYH6a1u//qmxSUwga0t9ufFT8nwS8TO
V6Mjl/b+sBjdUyeY8LGCx4wyqhpfBlAnijkl4qwEiNBKmFrWShPl50hGTdD7Irlv
nFjCOR+NtZqZ5cHkrkhR2HYK8k0oSZjNC5n5/1De/4HhkQoqyPC3B2qOQFnI6bn4
bq4OV/ZwfSzhotJDBqvifZuCfSfZbrg8x0F2oL1iW1Zon/+UC1q2A2qFUHawSyEt
nCn8TYoKtzHE3v1DQ4ZUAVhKKq7xpvNCuPI1Ii/HQz6o
-----END CERTIFICATE-----