Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/e3iLfYrOnpqf43oYj9Oceds56Gg.roa
File:                     e3iLfYrOnpqf43oYj9Oceds56Gg.roa (raw, json)
Hash identifier:          /oewYmYkG9w6Ig4VdAMdDmx1Go/wLX679keBtOo5a90=
Subject key identifier:   7B:78:8B:7D:8A:CE:9E:9A:9F:E3:7A:18:8F:D3:9C:79:DB:39:E8:68
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0197C6EA724A1268A6048D67C7FCD1CCFCF3
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/e3iLfYrOnpqf43oYj9Oceds56Gg.roa
Signing time:             Tue 01 Jul 2025 16:55:42 +0000
ROA not before:           Tue 01 Jul 2025 16:55:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48959
IP address blocks:        45.81.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:26:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:ea:72:4a:12:68:a6:04:8d:67:c7:fc:d1:cc:fc:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jul  1 16:55:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b788b7d8ace9e9a9fe37a188fd39c79db39e868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:de:2d:d7:0d:9a:c6:ef:67:f9:00:d7:27:28:
                    c6:7d:6d:cc:12:95:8a:eb:26:fa:3c:f3:4b:3b:43:
                    97:7c:54:ef:dd:46:0e:5d:45:87:ae:02:6b:4e:27:
                    e6:2a:b9:9a:05:72:98:37:66:fc:16:e0:3b:30:ec:
                    76:64:b4:d0:0e:77:b9:56:1c:cb:c5:fe:8e:c9:15:
                    d8:57:34:0c:7b:f3:5d:38:97:cd:ed:e9:7b:b0:8f:
                    c1:ab:b8:fe:2b:c5:9b:94:fb:c1:4d:4d:b9:bb:19:
                    d2:50:ea:94:2b:99:66:2d:e6:6b:77:06:6d:2e:87:
                    3b:60:e3:38:76:74:15:94:5f:72:7e:0b:55:ac:52:
                    fc:1f:b6:66:44:3f:27:bd:85:e6:7b:0b:00:69:70:
                    d0:40:53:e6:09:cd:36:bc:35:c7:32:89:09:b1:2b:
                    18:48:c5:75:64:24:52:98:14:ab:85:00:83:d3:90:
                    80:bd:ba:e4:bc:51:8f:cb:9d:04:0b:35:58:c1:dd:
                    be:91:91:15:b5:06:f1:2b:a8:41:da:a3:d6:04:51:
                    a0:92:bf:38:86:69:05:24:0e:97:de:bc:21:39:09:
                    bc:cd:98:8e:dd:3c:c1:21:87:e5:2e:ce:16:69:ac:
                    18:6b:54:b4:30:b9:cc:3d:f4:51:61:2b:68:63:c1:
                    90:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:78:8B:7D:8A:CE:9E:9A:9F:E3:7A:18:8F:D3:9C:79:DB:39:E8:68
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/e3iLfYrOnpqf43oYj9Oceds56Gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:55:5c:71:27:b8:5e:0d:9e:ea:7a:77:cd:00:86:0b:6f:39:
         2e:2e:a5:d6:9b:e9:72:e4:cd:ba:46:5c:78:26:df:6d:ed:a2:
         75:40:43:97:58:fa:aa:6b:35:43:af:53:e4:05:f3:38:2f:cd:
         32:38:f9:47:67:99:76:c8:8a:8f:05:2c:f4:4b:42:d5:be:7c:
         02:59:96:f5:33:ed:26:75:79:5d:26:98:f7:cc:68:cf:4d:33:
         c6:a3:3d:52:17:0c:cf:be:04:52:9b:18:5b:14:15:b9:cd:df:
         22:48:a9:99:ce:aa:c5:9e:aa:fe:31:b5:3a:b0:b3:da:88:d6:
         1b:98:57:52:d4:b6:a8:af:12:ee:48:4a:c0:b0:03:14:71:39:
         ef:37:ad:bc:1b:ba:3e:d3:c2:fb:d6:c8:e1:c8:ae:f3:09:bc:
         e4:44:de:36:ac:ba:b0:cc:fe:fd:f7:31:bf:0e:4b:b2:d8:fd:
         70:3c:77:6d:00:c7:64:df:36:3b:db:d0:c0:3c:8f:ad:c9:f3:
         ec:31:75:c7:74:b8:b3:5c:49:ad:15:fc:cf:7c:24:8c:33:41:
         16:a5:47:31:cf:34:d3:f7:39:f8:4d:5f:99:e6:54:6c:4b:4b:
         6c:f3:56:19:02:a0:df:f0:1d:95:47:1a:eb:92:17:1a:0d:e8:
         33:cf:50:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfG6nJKEmimBI1nx/zRzPzzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNzAxMTY1NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjc4OGI3ZDhhY2U5ZTlhOWZlMzdhMTg4ZmQzOWM3OWRiMzllODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr94t1w2axu9n+QDXJyjGfW3MEpWK
6yb6PPNLO0OXfFTv3UYOXUWHrgJrTifmKrmaBXKYN2b8FuA7MOx2ZLTQDne5VhzL
xf6OyRXYVzQMe/NdOJfN7el7sI/Bq7j+K8WblPvBTU25uxnSUOqUK5lmLeZrdwZt
Loc7YOM4dnQVlF9yfgtVrFL8H7ZmRD8nvYXmewsAaXDQQFPmCc02vDXHMokJsSsY
SMV1ZCRSmBSrhQCD05CAvbrkvFGPy50ECzVYwd2+kZEVtQbxK6hB2qPWBFGgkr84
hmkFJA6X3rwhOQm8zZiO3TzBIYflLs4WaawYa1S0MLnMPfRRYStoY8GQoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHt4i32Kzp6an+N6GI/TnHnbOehoMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZTNpTGZZck9ucHFmNDNvWWo5T2NlZHM1NkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVGKMA0G
CSqGSIb3DQEBCwUAA4IBAQB4VVxxJ7heDZ7qenfNAIYLbzkuLqXWm+ly5M26Rlx4
Jt9t7aJ1QEOXWPqqazVDr1PkBfM4L80yOPlHZ5l2yIqPBSz0S0LVvnwCWZb1M+0m
dXldJpj3zGjPTTPGoz1SFwzPvgRSmxhbFBW5zd8iSKmZzqrFnqr+MbU6sLPaiNYb
mFdS1LaorxLuSErAsAMUcTnvN628G7o+08L71sjhyK7zCbzkRN42rLqwzP799zG/
Dkuy2P1wPHdtAMdk3zY729DAPI+tyfPsMXXHdLizXEmtFfzPfCSMM0EWpUcxzzTT
9zn4TV+Z5lRsS0ts81YZAqDf8B2VRxrrkhcaDegzz1C5
-----END CERTIFICATE-----