Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/Rd3HOWCgIifcE20uT6ZwMTd010E.roa
File:                     Rd3HOWCgIifcE20uT6ZwMTd010E.roa (raw, json)
Hash identifier:          Iyh7ZN8yRmO6xUm0HuFbl9LY6LaOBla7JBeUoV6oKtU=
Subject key identifier:   45:DD:C7:39:60:A0:22:27:DC:13:6D:2E:4F:A6:70:31:37:74:D7:41
Certificate issuer:       /CN=458834c52abe30427f0a22aa46fd3d0809ed4585
Certificate serial:       019817BD19D3F5381B769C09B663E9C7AB79
Authority key identifier: 45:88:34:C5:2A:BE:30:42:7F:0A:22:AA:46:FD:3D:08:09:ED:45:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RYg0xSq-MEJ_CiKqRv09CAntRYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/Rd3HOWCgIifcE20uT6ZwMTd010E.roa
Signing time:             Thu 17 Jul 2025 09:35:25 +0000
ROA not before:           Thu 17 Jul 2025 09:35:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12340
IP address blocks:        195.137.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/RYg0xSq-MEJ_CiKqRv09CAntRYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/RYg0xSq-MEJ_CiKqRv09CAntRYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RYg0xSq-MEJ_CiKqRv09CAntRYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 00:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:bd:19:d3:f5:38:1b:76:9c:09:b6:63:e9:c7:ab:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458834c52abe30427f0a22aa46fd3d0809ed4585
        Validity
            Not Before: Jul 17 09:35:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45ddc73960a02227dc136d2e4fa670313774d741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ae:ea:8a:22:bf:fe:36:e6:56:20:55:6d:12:
                    bd:d3:02:a0:1f:64:11:88:83:ab:fd:11:36:cd:b1:
                    b2:26:eb:5b:22:35:07:c9:09:b2:6a:c6:1e:52:80:
                    ad:44:cc:9a:05:86:8e:d6:d0:e4:35:ee:c4:61:a7:
                    b0:f9:3a:68:e3:80:f9:ee:b6:ea:c6:36:91:f9:f6:
                    99:41:44:97:1a:55:50:b5:c0:9a:7a:31:58:6d:3a:
                    3f:b9:8f:87:4e:1a:e4:54:13:e1:cf:99:7e:d9:78:
                    8b:fc:d6:1f:3c:a1:09:2a:4d:39:7b:11:3f:08:c0:
                    f6:ec:71:e8:5a:ed:56:29:43:f6:2d:dd:8f:fb:d7:
                    e2:83:c6:87:3f:4d:ff:30:51:fa:9e:41:19:68:8d:
                    d4:36:10:2f:db:be:61:63:eb:f2:e4:2e:76:cf:ef:
                    db:14:e6:0c:54:7d:b7:22:9e:86:c8:b1:cb:5d:39:
                    e8:62:04:b1:4e:0a:18:d2:e3:71:1f:2d:96:46:57:
                    e2:d0:ea:ff:59:39:da:6b:5d:dd:6f:c4:27:33:c0:
                    74:15:29:2d:44:5d:32:1b:56:76:71:8c:23:b1:29:
                    a6:e0:3f:fc:00:82:76:90:48:a9:39:79:5b:24:96:
                    52:90:2b:87:ed:12:89:11:ab:12:ad:fd:34:03:63:
                    4a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:DD:C7:39:60:A0:22:27:DC:13:6D:2E:4F:A6:70:31:37:74:D7:41
            X509v3 Authority Key Identifier:
                keyid:45:88:34:C5:2A:BE:30:42:7F:0A:22:AA:46:FD:3D:08:09:ED:45:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RYg0xSq-MEJ_CiKqRv09CAntRYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/Rd3HOWCgIifcE20uT6ZwMTd010E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/c95a24-226c-476a-addb-a31143463be9/1/RYg0xSq-MEJ_CiKqRv09CAntRYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:ed:55:fb:65:15:3c:b2:46:2c:dd:30:1c:e2:03:45:e4:e1:
         0d:ac:67:9d:e7:13:da:d9:cc:c7:c4:3d:e0:81:40:a3:d5:23:
         c5:d3:4e:d1:b0:b5:d6:21:e9:b4:66:56:a3:ca:b1:2f:76:1d:
         60:bc:3e:dd:b7:4e:a6:31:72:b0:a1:d2:21:8b:2f:ed:22:d0:
         97:cc:7c:5e:38:c8:5a:c3:22:97:74:13:06:93:ab:58:36:61:
         78:75:e3:11:0a:2e:7f:d2:b5:95:77:8a:4f:a6:f3:43:cd:e0:
         63:bc:03:d6:69:b6:34:15:17:ad:b6:63:6d:21:e3:0a:ee:a7:
         df:fb:81:8e:ae:57:4a:29:02:b6:6e:e8:f7:f6:ae:61:ca:79:
         95:a4:c7:46:c9:5d:7e:16:dd:f5:04:6f:c7:1a:e9:74:f9:70:
         ce:b4:f9:e4:60:47:90:11:3a:96:80:fd:e5:85:da:a1:21:85:
         8a:d2:53:2f:44:5a:8d:1d:50:32:bd:de:73:7b:70:6d:44:b0:
         3d:bf:99:66:15:30:83:34:10:e1:63:27:c1:91:29:30:82:c2:
         40:b4:46:d2:3b:75:6b:fa:1d:7a:4c:9e:a1:35:8e:fc:94:9b:
         5e:48:eb:1a:01:01:5f:92:21:6d:53:3f:85:58:ee:cf:07:9e:
         90:02:f1:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgXvRnT9TgbdpwJtmPpx6t5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ODgzNGM1MmFiZTMwNDI3ZjBhMjJhYTQ2ZmQzZDA4MDll
ZDQ1ODUwHhcNMjUwNzE3MDkzNTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWRkYzczOTYwYTAyMjI3ZGMxMzZkMmU0ZmE2NzAzMTM3NzRkNzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K7qiiK//jbmViBVbRK90wKgH2QR
iIOr/RE2zbGyJutbIjUHyQmyasYeUoCtRMyaBYaO1tDkNe7EYaew+Tpo44D57rbq
xjaR+faZQUSXGlVQtcCaejFYbTo/uY+HThrkVBPhz5l+2XiL/NYfPKEJKk05exE/
CMD27HHoWu1WKUP2Ld2P+9fig8aHP03/MFH6nkEZaI3UNhAv275hY+vy5C52z+/b
FOYMVH23Ip6GyLHLXTnoYgSxTgoY0uNxHy2WRlfi0Or/WTnaa13db8QnM8B0FSkt
RF0yG1Z2cYwjsSmm4D/8AIJ2kEipOXlbJJZSkCuH7RKJEasSrf00A2NKvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXdxzlgoCIn3BNtLk+mcDE3dNdBMB8GA1UdIwQY
MBaAFEWINMUqvjBCfwoiqkb9PQgJ7UWFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUllnMHhTcS1NRUpfQ2lLcVJ2MDlDQW50UllVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jOTVhMjQtMjI2Yy00NzZhLWFkZGIt
YTMxMTQzNDYzYmU5LzEvUmQzSE9XQ2dJaWZjRTIwdVQ2WndNVGQwMTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jOTVhMjQtMjI2Yy00NzZhLWFkZGItYTMxMTQzNDYzYmU5
LzEvUllnMHhTcS1NRUpfQ2lLcVJ2MDlDQW50UllVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4mfMA0G
CSqGSIb3DQEBCwUAA4IBAQA57VX7ZRU8skYs3TAc4gNF5OENrGed5xPa2czHxD3g
gUCj1SPF007RsLXWIem0ZlajyrEvdh1gvD7dt06mMXKwodIhiy/tItCXzHxeOMha
wyKXdBMGk6tYNmF4deMRCi5/0rWVd4pPpvNDzeBjvAPWabY0FRettmNtIeMK7qff
+4GOrldKKQK2buj39q5hynmVpMdGyV1+Ft31BG/HGul0+XDOtPnkYEeQETqWgP3l
hdqhIYWK0lMvRFqNHVAyvd5ze3BtRLA9v5lmFTCDNBDhYyfBkSkwgsJAtEbSO3Vr
+h16TJ6hNY78lJteSOsaAQFfkiFtUz+FWO7PB56QAvGe
-----END CERTIFICATE-----