Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/AWkYgBCiWuJ9gEbWHTG25LYtcPc.roa
File:                     AWkYgBCiWuJ9gEbWHTG25LYtcPc.roa (raw, json)
Hash identifier:          sHMTwzEdOLI7sW40oqs35MaOamvc8/f1NrOQ7mrJeII=
Subject key identifier:   01:69:18:80:10:A2:5A:E2:7D:80:46:D6:1D:31:B6:E4:B6:2D:70:F7
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0197E1DB1F0E4A7528E53C07F46F275DE670
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/AWkYgBCiWuJ9gEbWHTG25LYtcPc.roa
Signing time:             Sun 06 Jul 2025 22:28:43 +0000
ROA not before:           Sun 06 Jul 2025 22:28:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210899
IP address blocks:        45.137.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e1:db:1f:0e:4a:75:28:e5:3c:07:f4:6f:27:5d:e6:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul  6 22:28:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0169188010a25ae27d8046d61d31b6e4b62d70f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5f:7f:c6:a5:2d:87:60:a2:1f:fb:a7:59:b9:
                    ac:02:6e:fc:0a:7c:ca:43:5f:46:85:13:d9:00:4d:
                    45:9d:9d:7f:6c:a6:6f:e7:df:d4:03:e0:92:89:3b:
                    ae:a1:1a:0f:b3:76:4a:a2:4a:1c:89:e0:8b:db:46:
                    fe:cc:44:9b:0a:82:ea:6d:03:f3:fc:25:f0:e7:1f:
                    3e:ca:8b:ca:c7:b3:4d:71:f6:a6:23:09:20:c8:7a:
                    96:02:09:03:82:4d:9c:32:52:b9:73:38:57:96:4a:
                    72:6a:e5:64:83:31:0c:62:e6:2f:17:18:46:a6:8c:
                    c3:48:38:59:58:f0:fc:f6:e8:05:49:bf:93:a1:af:
                    55:0b:b3:e7:3c:31:2e:ce:8d:13:2c:fb:2c:7d:a1:
                    18:48:bc:f2:9e:43:ad:30:91:de:f3:8d:f7:6b:ff:
                    52:85:79:e9:00:a9:b3:04:b4:ee:aa:9f:fe:e0:69:
                    58:92:1c:7a:ef:4e:d3:e9:2a:73:86:37:25:d0:a7:
                    c6:cf:e4:fb:de:66:5a:17:36:8d:4d:b8:70:e5:49:
                    21:f1:f6:89:e5:0c:38:78:2f:6e:e5:54:58:79:d3:
                    6e:ef:84:75:df:eb:48:d6:21:1c:da:61:00:1d:40:
                    c3:bb:64:7b:98:53:cd:90:2e:ab:f1:db:76:a2:ff:
                    91:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:69:18:80:10:A2:5A:E2:7D:80:46:D6:1D:31:B6:E4:B6:2D:70:F7
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/AWkYgBCiWuJ9gEbWHTG25LYtcPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:3f:03:35:35:ad:94:59:f6:34:56:4f:5e:98:4e:24:17:31:
         20:df:de:8e:9d:1a:12:e6:0e:a4:ba:59:00:aa:7a:02:8b:c5:
         e7:7e:a7:56:0f:d9:13:ba:9b:c5:fc:54:7a:27:98:34:20:53:
         89:74:f3:66:da:13:67:40:6b:25:d3:1c:bc:47:1b:cf:12:f3:
         8d:4a:a2:47:92:42:70:f3:58:bc:73:ef:65:85:e0:35:cd:37:
         4e:2e:39:9b:ac:be:eb:0d:3d:2c:05:a1:97:60:9b:11:20:a6:
         e3:38:84:9f:af:18:c5:de:37:67:cc:fc:4f:ec:4f:49:90:90:
         e5:d2:56:03:45:34:fc:44:79:5d:da:93:cb:98:80:2b:c6:94:
         77:84:f1:dd:37:0b:39:cb:23:2b:f5:e8:eb:a2:4c:a6:9d:12:
         01:78:57:e9:18:12:ca:e2:e8:9d:6d:3f:d5:33:b6:e8:4b:3c:
         dc:5e:b4:42:59:6e:53:59:2e:60:89:7b:25:3b:88:61:98:99:
         07:f1:01:b0:04:14:da:18:85:3b:52:99:c5:89:56:90:ae:01:
         62:c7:d1:18:b8:4a:0f:9e:7a:c9:94:c8:98:b9:5e:fd:dd:31:
         33:06:a7:79:92:a6:9f:bd:76:99:5d:0b:6b:20:3d:94:b8:ca:
         e1:72:69:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfh2x8OSnUo5TwH9G8nXeZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzA2MjIyODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTY5MTg4MDEwYTI1YWUyN2Q4MDQ2ZDYxZDMxYjZlNGI2MmQ3MGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0V9/xqUth2CiH/unWbmsAm78CnzK
Q19GhRPZAE1FnZ1/bKZv59/UA+CSiTuuoRoPs3ZKokocieCL20b+zESbCoLqbQPz
/CXw5x8+yovKx7NNcfamIwkgyHqWAgkDgk2cMlK5czhXlkpyauVkgzEMYuYvFxhG
pozDSDhZWPD89ugFSb+Toa9VC7PnPDEuzo0TLPssfaEYSLzynkOtMJHe8433a/9S
hXnpAKmzBLTuqp/+4GlYkhx6707T6Spzhjcl0KfGz+T73mZaFzaNTbhw5Ukh8faJ
5Qw4eC9u5VRYedNu74R13+tI1iEc2mEAHUDDu2R7mFPNkC6r8dt2ov+RBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFpGIAQolrifYBG1h0xtuS2LXD3MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEvQVdrWWdCQ2lXdUo5Z0ViV0hURzI1TFl0Y1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlpMA0G
CSqGSIb3DQEBCwUAA4IBAQCXPwM1Na2UWfY0Vk9emE4kFzEg396OnRoS5g6kulkA
qnoCi8XnfqdWD9kTupvF/FR6J5g0IFOJdPNm2hNnQGsl0xy8RxvPEvONSqJHkkJw
81i8c+9lheA1zTdOLjmbrL7rDT0sBaGXYJsRIKbjOISfrxjF3jdnzPxP7E9JkJDl
0lYDRTT8RHld2pPLmIArxpR3hPHdNws5yyMr9ejrokymnRIBeFfpGBLK4uidbT/V
M7boSzzcXrRCWW5TWS5giXslO4hhmJkH8QGwBBTaGIU7UpnFiVaQrgFix9EYuEoP
nnrJlMiYuV793TEzBqd5kqafvXaZXQtrID2UuMrhcmnV
-----END CERTIFICATE-----