Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xzdrmD9pCI82yJZFT2xgr4o12LU.roa
File:                     xzdrmD9pCI82yJZFT2xgr4o12LU.roa (raw, json)
Hash identifier:          CebD2P0fuqMFnlk9X2GfnG7HWF2wjomrc1yn0miRdJ4=
Subject key identifier:   C7:37:6B:98:3F:69:08:8F:36:C8:96:45:4F:6C:60:AF:8A:35:D8:B5
Certificate issuer:       /CN=a87090c275c34c05c306f3b36063893a0d72782a
Certificate serial:       0197E1DB207AFC9AC14F54180A1187DD401D
Authority key identifier: A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xzdrmD9pCI82yJZFT2xgr4o12LU.roa
Signing time:             Sun 06 Jul 2025 22:28:43 +0000
ROA not before:           Sun 06 Jul 2025 22:28:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215302
IP address blocks:        45.137.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 21:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e1:db:20:7a:fc:9a:c1:4f:54:18:0a:11:87:dd:40:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a87090c275c34c05c306f3b36063893a0d72782a
        Validity
            Not Before: Jul  6 22:28:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7376b983f69088f36c896454f6c60af8a35d8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:89:1c:5f:94:a0:50:8d:a0:11:7e:34:32:54:
                    c7:f0:c1:a3:36:b8:af:7a:89:b4:66:f2:27:ed:a3:
                    e3:27:96:13:57:5e:77:0d:7b:09:a9:35:07:76:ad:
                    d0:e7:8f:58:d0:b7:43:2c:ea:9f:c7:f6:54:cd:79:
                    19:90:25:3c:cf:a1:e4:5c:f4:03:42:79:f7:80:45:
                    f0:c6:47:c9:2e:e8:5d:09:4f:25:37:1a:2b:6c:32:
                    92:b5:56:0d:84:d8:85:1a:67:ef:23:02:ff:1e:16:
                    5e:f3:11:f5:3c:4f:33:71:4b:e2:79:1f:0b:d0:64:
                    1d:45:87:33:c2:30:c2:51:b3:24:1a:a8:63:f3:94:
                    89:11:2c:8f:7b:5b:5e:d8:96:62:df:62:49:b1:88:
                    9e:e3:cb:64:ef:fd:8b:ff:f8:65:17:f5:a0:06:ed:
                    52:d9:de:95:e9:9e:a2:e3:1f:ba:d5:66:5a:19:33:
                    20:be:0b:26:0c:57:cd:94:ad:66:65:42:33:25:92:
                    2c:56:9f:c6:20:05:bf:1c:07:2c:fd:b6:9e:79:07:
                    56:32:cb:d6:f1:99:d3:66:1b:a2:4d:9e:47:3d:50:
                    3e:6e:77:e2:d7:e0:e3:88:58:1f:58:d9:f8:b0:2c:
                    01:68:13:63:5b:40:7a:b0:ff:42:4c:d8:2b:b2:15:
                    01:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:37:6B:98:3F:69:08:8F:36:C8:96:45:4F:6C:60:AF:8A:35:D8:B5
            X509v3 Authority Key Identifier:
                keyid:A8:70:90:C2:75:C3:4C:05:C3:06:F3:B3:60:63:89:3A:0D:72:78:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qHCQwnXDTAXDBvOzYGOJOg1yeCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/xzdrmD9pCI82yJZFT2xgr4o12LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/7b2129-cc6c-4710-ba41-b57a36f2afcd/1/qHCQwnXDTAXDBvOzYGOJOg1yeCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:dc:2e:71:00:94:1c:ee:c2:c0:f4:c4:34:e0:ed:71:f0:55:
         a6:30:7f:b5:01:52:36:9d:91:e7:1f:3e:69:ef:5c:df:98:f9:
         f9:fa:54:2a:09:d5:f3:6e:98:4d:a5:6f:6f:52:5c:67:54:cc:
         0a:38:d2:fa:d9:73:b5:a6:77:86:e8:67:c0:6f:2d:9d:4e:1e:
         5a:3c:fd:3f:bc:d0:3e:cf:8f:22:aa:e2:39:13:e4:53:3f:36:
         6b:90:d3:41:a3:53:c9:15:6e:ae:36:c9:d1:ce:ad:a4:75:02:
         eb:ea:82:d5:33:f8:10:29:5f:06:06:0d:12:e9:e3:e3:a5:92:
         c0:ab:4c:86:b7:01:dd:fd:06:4e:ad:54:b7:34:f0:38:61:00:
         e8:3e:04:b5:b1:cc:67:3a:5d:d1:0c:f1:1f:03:5e:40:29:18:
         f4:b9:36:4a:d4:f1:11:ba:54:21:83:46:95:86:ab:fe:3f:ac:
         94:36:c0:b0:6e:c7:cd:62:12:d8:7d:8f:7a:ec:46:c5:15:34:
         7f:75:52:31:f7:6f:50:fc:6a:0b:7a:ad:8a:96:67:e6:16:b7:
         35:10:9a:7b:09:b2:6d:af:5f:33:6a:75:2d:15:b4:41:2d:c8:
         9e:02:da:6c:02:bb:94:e2:23:6b:6d:7c:33:ec:ac:65:d3:19:
         5d:40:bb:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfh2yB6/JrBT1QYChGH3UAdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NzA5MGMyNzVjMzRjMDVjMzA2ZjNiMzYwNjM4OTNhMGQ3
Mjc4MmEwHhcNMjUwNzA2MjIyODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM3NmI5ODNmNjkwODhmMzZjODk2NDU0ZjZjNjBhZjhhMzVkOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4kcX5SgUI2gEX40MlTH8MGjNriv
eom0ZvIn7aPjJ5YTV153DXsJqTUHdq3Q549Y0LdDLOqfx/ZUzXkZkCU8z6HkXPQD
Qnn3gEXwxkfJLuhdCU8lNxorbDKStVYNhNiFGmfvIwL/HhZe8xH1PE8zcUvieR8L
0GQdRYczwjDCUbMkGqhj85SJESyPe1te2JZi32JJsYie48tk7/2L//hlF/WgBu1S
2d6V6Z6i4x+61WZaGTMgvgsmDFfNlK1mZUIzJZIsVp/GIAW/HAcs/baeeQdWMsvW
8ZnTZhuiTZ5HPVA+bnfi1+DjiFgfWNn4sCwBaBNjW0B6sP9CTNgrshUBDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMc3a5g/aQiPNsiWRU9sYK+KNdi1MB8GA1UdIwQY
MBaAFKhwkMJ1w0wFwwbzs2BjiToNcngqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEt
YjU3YTM2ZjJhZmNkLzEveHpkcm1EOXBDSTgyeUpaRlQyeGdyNG8xMkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83YjIxMjktY2M2Yy00NzEwLWJhNDEtYjU3YTM2ZjJhZmNk
LzEvcUhDUXduWERUQVhEQnZPellHT0pPZzF5ZUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYlrMA0G
CSqGSIb3DQEBCwUAA4IBAQBu3C5xAJQc7sLA9MQ04O1x8FWmMH+1AVI2nZHnHz5p
71zfmPn5+lQqCdXzbphNpW9vUlxnVMwKONL62XO1pneG6GfAby2dTh5aPP0/vNA+
z48iquI5E+RTPzZrkNNBo1PJFW6uNsnRzq2kdQLr6oLVM/gQKV8GBg0S6ePjpZLA
q0yGtwHd/QZOrVS3NPA4YQDoPgS1scxnOl3RDPEfA15AKRj0uTZK1PERulQhg0aV
hqv+P6yUNsCwbsfNYhLYfY967EbFFTR/dVIx929Q/GoLeq2KlmfmFrc1EJp7CbJt
r18zanUtFbRBLcieAtpsAruU4iNrbXwz7Kxl0xldQLuf
-----END CERTIFICATE-----