Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/RArCPfG6cBnbfBAKLbWfL49ZMls.roa
File:                     RArCPfG6cBnbfBAKLbWfL49ZMls.roa (raw, json)
Hash identifier:          uc8AJAayCJr6PnC8hA44mAQSr2RQBPC/srP3fioA29o=
Subject key identifier:   44:0A:C2:3D:F1:BA:70:19:DB:7C:10:0A:2D:B5:9F:2F:8F:59:32:5B
Certificate issuer:       /CN=f3d85c47d0b7d6dc5ddda08572b6454c1059512c
Certificate serial:       019811E97418F595565D04D8F873C4E2A18A
Authority key identifier: F3:D8:5C:47:D0:B7:D6:DC:5D:DD:A0:85:72:B6:45:4C:10:59:51:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/RArCPfG6cBnbfBAKLbWfL49ZMls.roa
Signing time:             Wed 16 Jul 2025 06:26:09 +0000
ROA not before:           Wed 16 Jul 2025 06:26:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206500
IP address blocks:        45.3.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:11:e9:74:18:f5:95:56:5d:04:d8:f8:73:c4:e2:a1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3d85c47d0b7d6dc5ddda08572b6454c1059512c
        Validity
            Not Before: Jul 16 06:26:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=440ac23df1ba7019db7c100a2db59f2f8f59325b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0c:b0:8a:da:c1:35:77:4b:aa:ec:94:8c:80:
                    20:a7:36:30:ac:b9:26:54:ae:0f:9c:0b:23:36:9d:
                    80:d3:cf:09:f7:68:3b:f2:24:04:d5:fb:4c:46:05:
                    13:64:41:83:f1:35:1f:76:89:69:75:39:6b:35:81:
                    8b:7c:0c:36:32:fb:95:6a:65:f7:e5:70:04:be:97:
                    c8:f7:5e:1a:d5:c0:b4:62:8e:ce:b5:e4:6b:08:69:
                    71:1a:fa:e4:dc:2b:04:d7:35:82:5f:c9:51:28:8f:
                    e0:f5:41:76:30:71:78:ca:d5:05:97:21:f6:91:d2:
                    2b:11:ec:74:5d:15:3b:27:2c:25:d5:f3:62:34:d6:
                    54:b5:a6:52:08:5e:5b:b7:4d:c1:ec:d7:fe:c2:31:
                    02:f7:25:4c:32:24:fe:76:5d:99:fb:db:1b:a5:26:
                    65:58:bc:83:48:a2:0f:29:f9:fa:d3:b9:73:1b:58:
                    c7:6f:30:9b:ee:f0:ac:0d:f8:48:77:f9:8a:3f:68:
                    e9:86:92:6d:92:b4:74:c7:21:36:42:3d:5e:e1:d7:
                    a0:f5:4c:e3:b6:27:87:f3:0c:ba:5f:8a:60:d7:75:
                    1b:d0:39:d7:80:15:03:62:13:7d:d5:ef:e5:61:95:
                    6a:5b:24:8e:4f:93:9c:1e:46:c0:98:d6:7d:04:12:
                    79:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:0A:C2:3D:F1:BA:70:19:DB:7C:10:0A:2D:B5:9F:2F:8F:59:32:5B
            X509v3 Authority Key Identifier:
                keyid:F3:D8:5C:47:D0:B7:D6:DC:5D:DD:A0:85:72:B6:45:4C:10:59:51:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/89hcR9C31txd3aCFcrZFTBBZUSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/RArCPfG6cBnbfBAKLbWfL49ZMls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/26fb11-2d00-4e7b-b297-5212db9754f4/1/89hcR9C31txd3aCFcrZFTBBZUSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.3.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:f0:fb:e2:17:3a:2f:57:52:d3:12:27:15:33:bf:27:6d:b7:
         dc:20:ea:25:7a:4f:8b:07:c8:fa:3f:e9:35:e2:29:77:67:d1:
         4f:e0:9c:dc:d0:a0:1d:c9:9a:e8:c8:95:9a:98:c5:43:11:03:
         0c:d5:4a:9f:cf:a0:6b:8d:b5:34:b8:5d:c8:60:44:3f:e2:ea:
         74:1c:57:45:1b:ab:1b:3a:9d:14:55:36:a2:97:28:f6:54:aa:
         ec:61:80:d8:26:f1:57:86:c0:81:ec:11:25:00:62:83:49:60:
         3a:6e:6f:da:f5:f4:de:f7:40:a1:e0:36:0b:1f:10:83:b7:a5:
         5d:f9:29:ae:f3:d2:17:80:a3:fb:9c:e2:7f:30:c5:de:3e:29:
         00:fd:ca:1d:86:b5:9d:a7:71:6f:e0:ae:76:a0:2f:90:eb:2e:
         fb:32:0a:92:d8:20:f0:66:eb:54:f1:8f:2b:16:49:28:25:d4:
         83:82:01:6a:0b:c1:f4:6d:48:ef:17:ae:05:f9:79:84:db:df:
         e1:c4:4c:a3:f8:85:68:fd:7b:fb:20:b5:4b:61:a6:d4:c2:85:
         c1:6c:e5:39:f9:a3:3b:3f:66:16:a0:44:e7:7c:b7:10:a0:1e:
         9f:46:e1:9e:1d:0f:61:e5:26:e4:83:dc:27:93:9d:27:be:9b:
         24:38:74:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgR6XQY9ZVWXQTY+HPE4qGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZDg1YzQ3ZDBiN2Q2ZGM1ZGRkYTA4NTcyYjY0NTRjMTA1
OTUxMmMwHhcNMjUwNzE2MDYyNjA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDBhYzIzZGYxYmE3MDE5ZGI3YzEwMGEyZGI1OWYyZjhmNTkzMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQywitrBNXdLquyUjIAgpzYwrLkm
VK4PnAsjNp2A088J92g78iQE1ftMRgUTZEGD8TUfdolpdTlrNYGLfAw2MvuVamX3
5XAEvpfI914a1cC0Yo7OteRrCGlxGvrk3CsE1zWCX8lRKI/g9UF2MHF4ytUFlyH2
kdIrEex0XRU7Jywl1fNiNNZUtaZSCF5bt03B7Nf+wjEC9yVMMiT+dl2Z+9sbpSZl
WLyDSKIPKfn607lzG1jHbzCb7vCsDfhId/mKP2jphpJtkrR0xyE2Qj1e4deg9Uzj
tieH8wy6X4pg13Ub0DnXgBUDYhN91e/lYZVqWySOT5OcHkbAmNZ9BBJ5GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQKwj3xunAZ23wQCi21ny+PWTJbMB8GA1UdIwQY
MBaAFPPYXEfQt9bcXd2ghXK2RUwQWVEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODloY1I5QzMxdHhkM2FDRmNyWkZUQkJaVVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8yNmZiMTEtMmQwMC00ZTdiLWIyOTct
NTIxMmRiOTc1NGY0LzEvUkFyQ1BmRzZjQm5iZkJBS0xiV2ZMNDlaTWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8yNmZiMTEtMmQwMC00ZTdiLWIyOTctNTIxMmRiOTc1NGY0
LzEvODloY1I5QzMxdHhkM2FDRmNyWkZUQkJaVVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQM8MA0G
CSqGSIb3DQEBCwUAA4IBAQA98PviFzovV1LTEicVM78nbbfcIOolek+LB8j6P+k1
4il3Z9FP4Jzc0KAdyZroyJWamMVDEQMM1Uqfz6BrjbU0uF3IYEQ/4up0HFdFG6sb
Op0UVTailyj2VKrsYYDYJvFXhsCB7BElAGKDSWA6bm/a9fTe90Ch4DYLHxCDt6Vd
+Smu89IXgKP7nOJ/MMXePikA/codhrWdp3Fv4K52oC+Q6y77MgqS2CDwZutU8Y8r
FkkoJdSDggFqC8H0bUjvF64F+XmE29/hxEyj+IVo/Xv7ILVLYabUwoXBbOU5+aM7
P2YWoETnfLcQoB6fRuGeHQ9h5Sbkg9wnk50nvpskOHRQ
-----END CERTIFICATE-----