Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/DyQE1mAMz0-Y555bTSVvXkqEC1U.roa
File:                     DyQE1mAMz0-Y555bTSVvXkqEC1U.roa (raw, json)
Hash identifier:          hwRt5mho9M1lkKLFQYJUnV8/sYmEs4QQ4EstdFb/mZk=
Subject key identifier:   0F:24:04:D6:60:0C:CF:4F:98:E7:9E:5B:4D:25:6F:5E:4A:84:0B:55
Certificate issuer:       /CN=948d45cfe3482b8f61dae000b007a467ecdd4ee6
Certificate serial:       019807E424420E278ADE249C096065D634B6
Authority key identifier: 94:8D:45:CF:E3:48:2B:8F:61:DA:E0:00:B0:07:A4:67:EC:DD:4E:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lI1Fz-NIK49h2uAAsAekZ-zdTuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/DyQE1mAMz0-Y555bTSVvXkqEC1U.roa
Signing time:             Mon 14 Jul 2025 07:44:08 +0000
ROA not before:           Mon 14 Jul 2025 07:44:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23528
IP address blocks:        45.81.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/lI1Fz-NIK49h2uAAsAekZ-zdTuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/lI1Fz-NIK49h2uAAsAekZ-zdTuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lI1Fz-NIK49h2uAAsAekZ-zdTuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:07:e4:24:42:0e:27:8a:de:24:9c:09:60:65:d6:34:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=948d45cfe3482b8f61dae000b007a467ecdd4ee6
        Validity
            Not Before: Jul 14 07:44:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f2404d6600ccf4f98e79e5b4d256f5e4a840b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a0:eb:97:f9:1c:fe:81:ab:ce:75:96:6c:e1:
                    71:da:72:bc:71:75:e4:f1:72:41:51:b9:2f:27:41:
                    6e:27:6d:6b:f9:20:8a:7c:eb:c6:bb:fb:87:41:66:
                    6a:69:6f:c9:e0:f4:ba:99:c2:a7:09:eb:32:35:63:
                    9f:37:6a:bc:df:59:32:b4:8e:8c:16:87:ea:02:f9:
                    06:ad:cd:f0:48:5b:86:95:77:e5:7a:84:d3:83:f4:
                    39:fd:2f:5f:71:94:74:f0:53:c1:73:e6:76:2a:38:
                    5d:df:ce:e6:f2:ca:1e:18:f0:1e:f8:0b:30:e0:97:
                    f0:29:02:24:22:d3:e0:48:8e:31:86:c9:c0:18:63:
                    c2:1e:a8:55:70:3b:df:1a:5f:95:3c:ae:7b:c3:81:
                    0e:50:ad:7e:c2:69:6c:e6:a4:d0:7d:fd:1c:c5:19:
                    c3:8a:62:fb:db:4c:cf:de:ef:b9:15:c2:9f:8c:b4:
                    8c:65:66:7b:26:57:a9:53:f5:98:b2:b7:77:29:ad:
                    de:05:e8:5a:c2:bc:7b:0d:77:05:87:8a:70:3a:f6:
                    89:15:e9:d1:3f:6f:7e:34:5c:29:6c:2e:ad:02:f4:
                    63:86:8a:7c:1a:d6:7c:5d:de:9d:4b:86:43:2c:f3:
                    f4:ab:bb:71:cb:06:e0:2e:1e:64:92:3a:54:7b:3b:
                    75:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:24:04:D6:60:0C:CF:4F:98:E7:9E:5B:4D:25:6F:5E:4A:84:0B:55
            X509v3 Authority Key Identifier:
                keyid:94:8D:45:CF:E3:48:2B:8F:61:DA:E0:00:B0:07:A4:67:EC:DD:4E:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lI1Fz-NIK49h2uAAsAekZ-zdTuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/DyQE1mAMz0-Y555bTSVvXkqEC1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/f89b2e-53a3-4157-a960-42dafb4b51d2/1/lI1Fz-NIK49h2uAAsAekZ-zdTuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:b9:17:ae:a7:20:63:9c:85:b6:0d:38:79:8c:b2:4d:e8:2a:
         cc:9f:f8:5b:4d:16:08:84:3a:3e:78:4c:76:77:62:22:f0:a2:
         a0:5d:ca:2e:d3:bf:be:48:aa:1b:d1:76:e3:86:9e:cb:f3:f7:
         d6:b4:bd:53:95:68:2c:60:d1:29:69:92:8c:8f:fd:6c:87:8a:
         ff:12:3e:4f:82:69:ce:a0:85:d2:b4:22:3e:c1:fa:5f:0f:63:
         09:77:b3:9a:68:ab:e9:03:91:2e:0f:98:31:39:b9:86:59:e6:
         5c:42:8d:bf:32:b4:ca:0d:75:69:00:58:64:0a:a5:0b:85:36:
         84:86:a8:b5:cd:1e:e9:8a:3b:9d:ba:e4:31:51:43:dc:92:0b:
         02:63:9a:f3:72:20:e8:9e:e9:03:99:9d:30:75:b8:8f:16:a6:
         0e:9f:66:c6:95:33:e1:6e:5c:48:98:37:d8:af:12:f7:3e:64:
         2b:30:cb:51:9a:0b:7a:5f:59:3d:1e:01:11:b8:0e:41:ab:7a:
         85:56:13:6b:54:86:a8:1a:6f:66:ac:e2:92:e8:ab:7d:90:b5:
         17:75:c8:32:9b:16:f4:c8:9c:75:97:a3:00:60:b2:ce:63:c8:
         2b:0f:d1:44:6c:d9:f8:dc:8a:50:e9:2b:3e:79:cd:bf:76:7c:
         2d:36:82:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgH5CRCDieK3iScCWBl1jS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OGQ0NWNmZTM0ODJiOGY2MWRhZTAwMGIwMDdhNDY3ZWNk
ZDRlZTYwHhcNMjUwNzE0MDc0NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjI0MDRkNjYwMGNjZjRmOThlNzllNWI0ZDI1NmY1ZTRhODQwYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6Drl/kc/oGrznWWbOFx2nK8cXXk
8XJBUbkvJ0FuJ21r+SCKfOvGu/uHQWZqaW/J4PS6mcKnCesyNWOfN2q831kytI6M
FofqAvkGrc3wSFuGlXfleoTTg/Q5/S9fcZR08FPBc+Z2Kjhd387m8soeGPAe+Asw
4JfwKQIkItPgSI4xhsnAGGPCHqhVcDvfGl+VPK57w4EOUK1+wmls5qTQff0cxRnD
imL720zP3u+5FcKfjLSMZWZ7JlepU/WYsrd3Ka3eBehawrx7DXcFh4pwOvaJFenR
P29+NFwpbC6tAvRjhop8GtZ8Xd6dS4ZDLPP0q7txywbgLh5kkjpUezt1GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8kBNZgDM9PmOeeW00lb15KhAtVMB8GA1UdIwQY
MBaAFJSNRc/jSCuPYdrgALAHpGfs3U7mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEkxRnotTklLNDloMnVBQXNBZWtaLXpkVHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9mODliMmUtNTNhMy00MTU3LWE5NjAt
NDJkYWZiNGI1MWQyLzEvRHlRRTFtQU16MC1ZNTU1YlRTVnZYa3FFQzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9mODliMmUtNTNhMy00MTU3LWE5NjAtNDJkYWZiNGI1MWQy
LzEvbEkxRnotTklLNDloMnVBQXNBZWtaLXpkVHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVHmMA0G
CSqGSIb3DQEBCwUAA4IBAQBouReupyBjnIW2DTh5jLJN6CrMn/hbTRYIhDo+eEx2
d2Ii8KKgXcou07++SKob0Xbjhp7L8/fWtL1TlWgsYNEpaZKMj/1sh4r/Ej5PgmnO
oIXStCI+wfpfD2MJd7OaaKvpA5EuD5gxObmGWeZcQo2/MrTKDXVpAFhkCqULhTaE
hqi1zR7pijuduuQxUUPckgsCY5rzciDonukDmZ0wdbiPFqYOn2bGlTPhblxImDfY
rxL3PmQrMMtRmgt6X1k9HgERuA5Bq3qFVhNrVIaoGm9mrOKS6Kt9kLUXdcgymxb0
yJx1l6MAYLLOY8grD9FEbNn43IpQ6Ss+ec2/dnwtNoKX
-----END CERTIFICATE-----