Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/1YrrolsGcw1hvr8JSNGaqnEoeQg.roa
File:                     1YrrolsGcw1hvr8JSNGaqnEoeQg.roa (raw, json)
Hash identifier:          F0De4QGfgUh2EQrXSt/yYE+ZPQ1FYtUABcT5t348mPg=
Subject key identifier:   D5:8A:EB:A2:5B:06:73:0D:61:BE:BF:09:48:D1:9A:AA:71:28:79:08
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       019809B4543C784F50CB34F0C77EDB4608E6
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/1YrrolsGcw1hvr8JSNGaqnEoeQg.roa
Signing time:             Mon 14 Jul 2025 16:11:09 +0000
ROA not before:           Mon 14 Jul 2025 16:11:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201752
IP address blocks:        45.8.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:b4:54:3c:78:4f:50:cb:34:f0:c7:7e:db:46:08:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul 14 16:11:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d58aeba25b06730d61bebf0948d19aaa71287908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a8:a8:98:89:2e:9f:3d:82:01:a5:3c:4d:f7:
                    50:1e:1f:1e:99:26:bf:95:60:bd:b3:35:08:d7:6f:
                    02:8f:5d:e2:76:ae:a6:75:d1:01:86:39:fc:96:8f:
                    5b:c2:48:b0:d8:1b:27:37:c5:68:9a:20:8c:8b:6e:
                    eb:76:80:16:2a:32:04:00:8e:bf:7b:37:42:74:f1:
                    0c:e3:f6:a8:e9:7e:9c:da:47:8a:64:09:3f:7c:f3:
                    75:ae:1a:89:34:58:32:8d:a1:bf:0f:fb:60:80:9e:
                    f5:c4:b6:54:d1:f3:9d:d4:c6:ec:27:2a:8e:25:f6:
                    e3:82:ac:7b:43:68:b4:15:60:02:6e:e7:93:22:c9:
                    17:70:eb:c8:2a:1f:28:a5:10:a3:45:ad:eb:7e:62:
                    4d:fe:e2:30:26:de:3a:9d:60:20:e5:2a:7a:e9:e6:
                    82:97:3b:06:07:6e:07:0c:fd:01:56:c2:b4:4c:a4:
                    34:44:7b:59:58:21:b1:e5:fa:1d:e9:69:07:59:28:
                    7f:1b:0d:3e:ef:1c:63:11:bd:c7:c7:2a:f5:b4:68:
                    80:c6:7f:6b:6c:02:44:d4:82:f8:3c:cd:00:15:83:
                    6e:a4:bb:29:13:3a:52:ca:a8:50:2b:50:b2:f5:c4:
                    be:a5:96:bb:68:b4:43:03:8a:5c:ad:81:72:61:b5:
                    94:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:8A:EB:A2:5B:06:73:0D:61:BE:BF:09:48:D1:9A:AA:71:28:79:08
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/1YrrolsGcw1hvr8JSNGaqnEoeQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ed:61:44:4e:4c:c5:89:d1:8a:97:ba:a2:7f:e3:30:1b:44:
         8f:2d:ab:c6:12:f9:87:8c:0e:39:d6:48:71:a0:90:8f:9d:d7:
         e4:f0:cd:7c:73:52:6d:dd:55:75:c4:ce:61:71:63:aa:80:9d:
         6b:de:c8:45:d2:e9:06:7e:50:2f:ea:9b:61:e2:5c:2a:d5:54:
         c9:a2:68:93:a4:bb:4c:1e:ec:b4:f4:c4:c3:95:65:07:71:ca:
         49:d9:ec:4d:1c:f2:5c:0c:c8:5e:e3:fc:bf:f5:3d:b1:61:93:
         1e:df:68:56:0c:a2:84:5b:8a:12:f3:51:75:74:67:18:06:df:
         b0:bf:97:c2:6c:1b:61:8d:e1:a8:d0:e1:7e:22:9a:b4:cf:97:
         10:94:26:26:7e:a4:0c:18:87:b2:f4:3c:19:d6:e8:5f:0e:92:
         f9:41:c0:ae:37:44:5e:98:42:58:07:45:83:01:53:20:0c:4c:
         b3:2c:61:cd:9b:59:dd:d9:92:e7:7f:19:36:bf:7a:83:8a:3b:
         93:b5:e6:f8:66:ca:38:21:fa:f1:05:48:e7:18:82:d9:b1:33:
         5f:50:86:0e:7e:e8:45:95:7e:1f:9c:bb:76:80:20:d7:61:85:
         bf:28:d2:dc:53:ae:5a:a7:0b:37:11:0b:3f:00:22:09:86:c1:
         44:39:86:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJtFQ8eE9QyzTwx37bRgjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzE0MTYxMTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNThhZWJhMjViMDY3MzBkNjFiZWJmMDk0OGQxOWFhYTcxMjg3OTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06iomIkunz2CAaU8TfdQHh8emSa/
lWC9szUI128Cj13idq6mddEBhjn8lo9bwkiw2BsnN8VomiCMi27rdoAWKjIEAI6/
ezdCdPEM4/ao6X6c2keKZAk/fPN1rhqJNFgyjaG/D/tggJ71xLZU0fOd1MbsJyqO
Jfbjgqx7Q2i0FWACbueTIskXcOvIKh8opRCjRa3rfmJN/uIwJt46nWAg5Sp66eaC
lzsGB24HDP0BVsK0TKQ0RHtZWCGx5fod6WkHWSh/Gw0+7xxjEb3Hxyr1tGiAxn9r
bAJE1IL4PM0AFYNupLspEzpSyqhQK1Cy9cS+pZa7aLRDA4pcrYFyYbWU9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWK66JbBnMNYb6/CUjRmqpxKHkIMB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvMVlycm9sc0djdzFodnI4SlNOR2FxbkVvZVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjSMA0G
CSqGSIb3DQEBCwUAA4IBAQAg7WFETkzFidGKl7qif+MwG0SPLavGEvmHjA451khx
oJCPndfk8M18c1Jt3VV1xM5hcWOqgJ1r3shF0ukGflAv6pth4lwq1VTJomiTpLtM
Huy09MTDlWUHccpJ2exNHPJcDMhe4/y/9T2xYZMe32hWDKKEW4oS81F1dGcYBt+w
v5fCbBthjeGo0OF+Ipq0z5cQlCYmfqQMGIey9DwZ1uhfDpL5QcCuN0RemEJYB0WD
AVMgDEyzLGHNm1nd2ZLnfxk2v3qDijuTteb4Zso4IfrxBUjnGILZsTNfUIYOfuhF
lX4fnLt2gCDXYYW/KNLcU65apws3EQs/ACIJhsFEOYZS
-----END CERTIFICATE-----