Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/kpRbqywLbCXlLf9a6jeYvj1ihfw.roa
File:                     kpRbqywLbCXlLf9a6jeYvj1ihfw.roa (raw, json)
Hash identifier:          UYsRXGl64fVhUmc0z3F3hqXlTJGUL3dNKJZfDA0ZxIA=
Subject key identifier:   92:94:5B:AB:2C:0B:6C:25:E5:2D:FF:5A:EA:37:98:BE:3D:62:85:FC
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0197E1DA328B6D199FA900D56FD8211E5AE7
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/kpRbqywLbCXlLf9a6jeYvj1ihfw.roa
Signing time:             Sun 06 Jul 2025 22:27:42 +0000
ROA not before:           Sun 06 Jul 2025 22:27:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43077
IP address blocks:        45.142.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e1:da:32:8b:6d:19:9f:a9:00:d5:6f:d8:21:1e:5a:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul  6 22:27:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92945bab2c0b6c25e52dff5aea3798be3d6285fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fe:95:94:cd:c7:2a:c5:7a:95:1d:fd:d3:76:
                    0d:90:6f:f7:a9:b9:55:0d:d3:e5:58:16:d0:f6:92:
                    ee:3b:37:af:2b:0f:48:e2:a6:a1:26:db:fe:4a:e8:
                    ae:f9:b3:fd:44:75:e7:05:cd:cd:56:28:f6:b3:0c:
                    9a:cc:b0:4f:c0:8c:fc:9d:5a:71:49:fd:2f:6d:10:
                    ad:8a:f2:e1:46:ed:5d:af:a9:12:14:92:8f:df:ad:
                    2f:b9:39:f2:ca:c8:72:f1:a8:5a:d8:76:0f:98:86:
                    a9:9c:90:c4:fe:68:c6:22:c5:16:c0:a5:b5:71:61:
                    da:e4:40:76:dc:b6:96:53:2e:db:06:f6:12:fc:be:
                    cb:0a:a0:e0:4c:86:ea:ca:13:d9:f8:8a:d4:d0:99:
                    ea:44:ed:26:4b:1a:40:5b:90:bd:9f:92:8b:5c:30:
                    a3:41:fd:3b:8e:67:19:fd:0f:eb:d1:a4:96:bc:c2:
                    27:ef:77:c5:33:47:35:ba:d4:8a:00:87:b4:b3:5f:
                    93:e8:3a:91:0c:46:05:40:f6:93:e9:15:4e:3e:f8:
                    44:eb:13:28:19:00:7b:63:c7:15:97:8f:bb:ca:9e:
                    4f:b4:01:93:b9:9f:7e:fd:ec:f1:4e:d0:b6:e6:f3:
                    84:1a:49:c9:9e:81:53:b4:65:01:44:8a:11:e8:8b:
                    11:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:94:5B:AB:2C:0B:6C:25:E5:2D:FF:5A:EA:37:98:BE:3D:62:85:FC
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/kpRbqywLbCXlLf9a6jeYvj1ihfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:a6:b5:18:ed:d6:d4:fa:0d:78:32:f6:ec:0b:06:b3:7e:f7:
         2c:80:8e:3c:54:0d:e3:47:41:55:71:3b:0d:e8:a3:2b:3d:27:
         d6:04:9e:97:8e:4b:16:c6:0f:1c:2a:6d:b3:cd:5a:3c:0a:a1:
         7a:83:71:e9:10:67:6a:4e:fd:62:b0:1f:d3:ff:68:c4:d9:5c:
         2c:49:0a:25:a9:31:e4:f9:05:20:c7:72:57:67:d0:ea:0c:19:
         b5:17:67:24:f2:60:bd:d9:fd:35:a8:ac:f4:a0:dd:e2:e1:8d:
         eb:ee:aa:7c:a3:3c:47:2b:84:c0:62:54:bb:71:ef:19:ed:ee:
         34:68:d5:dd:fa:e0:c0:cb:0a:bb:c3:e5:bd:67:32:89:6a:f2:
         0b:c2:1d:f4:0c:55:2b:9c:5e:35:6c:4b:6b:8b:58:89:87:2e:
         8d:6b:29:86:b1:bb:22:3f:ad:ce:51:c8:de:f9:21:3d:48:04:
         ad:a3:9e:f0:ab:e9:12:bb:5c:c8:8b:90:19:40:d6:25:8f:31:
         23:4a:ff:e1:99:61:d1:b7:d8:14:53:9e:41:fc:ff:99:33:35:
         c8:65:1e:33:69:a2:85:f6:73:5d:5b:1a:ce:0b:5e:89:ac:52:
         e6:72:5b:d8:d6:93:ac:25:88:46:39:36:70:7e:d9:12:4c:95:
         27:61:80:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfh2jKLbRmfqQDVb9ghHlrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzA2MjIyNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjk0NWJhYjJjMGI2YzI1ZTUyZGZmNWFlYTM3OThiZTNkNjI4NWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3P6VlM3HKsV6lR3903YNkG/3qblV
DdPlWBbQ9pLuOzevKw9I4qahJtv+Suiu+bP9RHXnBc3NVij2swyazLBPwIz8nVpx
Sf0vbRCtivLhRu1dr6kSFJKP360vuTnyyshy8aha2HYPmIapnJDE/mjGIsUWwKW1
cWHa5EB23LaWUy7bBvYS/L7LCqDgTIbqyhPZ+IrU0JnqRO0mSxpAW5C9n5KLXDCj
Qf07jmcZ/Q/r0aSWvMIn73fFM0c1utSKAIe0s1+T6DqRDEYFQPaT6RVOPvhE6xMo
GQB7Y8cVl4+7yp5PtAGTuZ9+/ezxTtC25vOEGknJnoFTtGUBRIoR6IsRtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKUW6ssC2wl5S3/Wuo3mL49YoX8MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEva3BSYnF5d0xiQ1hsTGY5YTZqZVl2ajFpaGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY55MA0G
CSqGSIb3DQEBCwUAA4IBAQCyprUY7dbU+g14MvbsCwazfvcsgI48VA3jR0FVcTsN
6KMrPSfWBJ6XjksWxg8cKm2zzVo8CqF6g3HpEGdqTv1isB/T/2jE2VwsSQolqTHk
+QUgx3JXZ9DqDBm1F2ck8mC92f01qKz0oN3i4Y3r7qp8ozxHK4TAYlS7ce8Z7e40
aNXd+uDAywq7w+W9ZzKJavILwh30DFUrnF41bEtri1iJhy6NaymGsbsiP63OUcje
+SE9SASto57wq+kSu1zIi5AZQNYljzEjSv/hmWHRt9gUU55B/P+ZMzXIZR4zaaKF
9nNdWxrOC16JrFLmclvY1pOsJYhGOTZwftkSTJUnYYBy
-----END CERTIFICATE-----