Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/DRXIRPlz989IQESya6WStEPwwfI.roa
File:                     DRXIRPlz989IQESya6WStEPwwfI.roa (raw, json)
Hash identifier:          vzHP7wdlF/pn8v84Pbfgox37vxRmFYAJNGZAwD+DkvA=
Subject key identifier:   0D:15:C8:44:F9:73:F7:CF:48:40:44:B2:6B:A5:92:B4:43:F0:C1:F2
Certificate issuer:       /CN=3e7156abee6ba238b907315df9c552865adcdae8
Certificate serial:       0197F54D3A6C6F55AE33F361D347EC003FB8
Authority key identifier: 3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/DRXIRPlz989IQESya6WStEPwwfI.roa
Signing time:             Thu 10 Jul 2025 17:06:08 +0000
ROA not before:           Thu 10 Jul 2025 17:06:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59888
IP address blocks:        45.15.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f5:4d:3a:6c:6f:55:ae:33:f3:61:d3:47:ec:00:3f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e7156abee6ba238b907315df9c552865adcdae8
        Validity
            Not Before: Jul 10 17:06:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d15c844f973f7cf484044b26ba592b443f0c1f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d8:97:ae:23:5b:ad:cc:d4:f2:c1:d9:fa:4a:
                    53:72:14:6a:8d:6a:a2:d2:14:56:26:06:8f:e0:27:
                    a1:ef:d7:d7:6c:03:ce:aa:ca:ca:76:40:d1:e8:83:
                    4d:6b:7f:63:37:f5:4b:94:23:ee:b2:d2:01:62:36:
                    87:bf:c0:88:d0:20:dc:2a:35:52:f9:8d:ba:9b:af:
                    59:3d:8f:ff:44:72:0f:24:fb:39:9b:f1:40:11:c8:
                    88:15:e8:de:05:19:70:82:3e:38:a1:66:34:bc:48:
                    c9:b0:3b:ce:44:63:57:0e:93:e8:32:93:f2:dc:19:
                    64:89:82:fa:f7:11:fc:48:1e:0b:22:fe:76:c9:71:
                    ed:76:09:34:aa:d7:d9:3c:29:99:ba:da:5b:15:94:
                    f3:c6:02:5d:c6:88:71:8e:9d:07:31:6b:92:3f:74:
                    2e:02:d2:d6:e5:77:ed:80:f2:76:cd:76:40:5d:80:
                    ac:70:8f:55:28:5a:ff:55:18:ae:76:11:46:ed:46:
                    d7:bd:79:50:02:33:06:28:a8:86:3a:a8:07:35:27:
                    e2:e9:33:00:4d:93:bb:d6:b9:e0:58:83:bb:df:73:
                    48:98:b5:03:e1:74:a0:28:a4:c4:81:72:9f:ae:c1:
                    1f:30:17:54:57:68:b3:9d:21:70:8f:2f:0d:86:97:
                    8e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:15:C8:44:F9:73:F7:CF:48:40:44:B2:6B:A5:92:B4:43:F0:C1:F2
            X509v3 Authority Key Identifier:
                keyid:3E:71:56:AB:EE:6B:A2:38:B9:07:31:5D:F9:C5:52:86:5A:DC:DA:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PnFWq-5roji5BzFd-cVShlrc2ug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/DRXIRPlz989IQESya6WStEPwwfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a4a0f7-7dbd-4b03-b7f9-58f2d44ff281/1/PnFWq-5roji5BzFd-cVShlrc2ug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:c3:96:5d:e0:67:bc:fa:4f:8d:51:8e:40:00:b8:e2:83:4d:
         1d:34:02:50:8a:82:ee:7a:60:03:74:6a:82:7e:d2:d9:2f:46:
         f2:37:fe:6a:b3:41:b0:ff:c9:9f:0d:41:21:cd:f2:b1:44:76:
         9d:fc:bb:0a:d4:08:80:33:91:07:ee:2e:33:d1:7a:68:06:36:
         b3:ba:1f:da:35:a9:14:db:ef:3b:35:3c:85:cb:d5:78:0d:66:
         c4:c4:2a:3e:71:e8:ff:cd:45:76:51:5f:56:22:e0:08:44:e6:
         80:64:3e:7e:b7:fb:10:98:18:e9:ae:36:db:1b:31:40:74:1e:
         fe:d9:e1:20:6b:ff:d4:ca:4f:3d:9a:99:4b:a6:b4:5a:6f:4b:
         91:bc:b9:57:da:ac:c2:4d:a1:b1:a3:d4:8b:24:b0:e6:a9:02:
         06:ba:79:53:f3:b9:dc:f9:fb:2b:4d:cf:b3:46:6c:27:9f:50:
         1b:a8:ce:1c:bc:36:74:43:ed:56:f4:bf:47:71:d2:35:c3:ca:
         b4:8c:65:37:c9:af:32:3a:7c:4e:35:a5:aa:b4:71:18:fd:82:
         73:66:a1:73:1c:10:97:37:e2:a1:b8:30:99:36:28:a2:76:41:
         92:3d:30:a2:f6:50:dc:bc:8c:e5:db:e0:fb:16:2b:c1:30:ef:
         4a:fe:7b:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf1TTpsb1WuM/Nh00fsAD+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNzE1NmFiZWU2YmEyMzhiOTA3MzE1ZGY5YzU1Mjg2NWFk
Y2RhZTgwHhcNMjUwNzEwMTcwNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDE1Yzg0NGY5NzNmN2NmNDg0MDQ0YjI2YmE1OTJiNDQzZjBjMWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdiXriNbrczU8sHZ+kpTchRqjWqi
0hRWJgaP4Ceh79fXbAPOqsrKdkDR6INNa39jN/VLlCPustIBYjaHv8CI0CDcKjVS
+Y26m69ZPY//RHIPJPs5m/FAEciIFejeBRlwgj44oWY0vEjJsDvORGNXDpPoMpPy
3BlkiYL69xH8SB4LIv52yXHtdgk0qtfZPCmZutpbFZTzxgJdxohxjp0HMWuSP3Qu
AtLW5XftgPJ2zXZAXYCscI9VKFr/VRiudhFG7UbXvXlQAjMGKKiGOqgHNSfi6TMA
TZO71rngWIO733NImLUD4XSgKKTEgXKfrsEfMBdUV2iznSFwjy8NhpeO5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0VyET5c/fPSEBEsmulkrRD8MHyMB8GA1UdIwQY
MBaAFD5xVqvua6I4uQcxXfnFUoZa3NroMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3Zjkt
NThmMmQ0NGZmMjgxLzEvRFJYSVJQbHo5ODlJUUVTeWE2V1N0RVB3d2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hNGEwZjctN2RiZC00YjAzLWI3ZjktNThmMmQ0NGZmMjgx
LzEvUG5GV3EtNXJvamk1QnpGZC1jVlNobHJjMnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ8oMA0G
CSqGSIb3DQEBCwUAA4IBAQBFw5Zd4Ge8+k+NUY5AALjig00dNAJQioLuemADdGqC
ftLZL0byN/5qs0Gw/8mfDUEhzfKxRHad/LsK1AiAM5EH7i4z0XpoBjazuh/aNakU
2+87NTyFy9V4DWbExCo+cej/zUV2UV9WIuAIROaAZD5+t/sQmBjprjbbGzFAdB7+
2eEga//Uyk89mplLprRab0uRvLlX2qzCTaGxo9SLJLDmqQIGunlT87nc+fsrTc+z
Rmwnn1AbqM4cvDZ0Q+1W9L9HcdI1w8q0jGU3ya8yOnxONaWqtHEY/YJzZqFzHBCX
N+KhuDCZNiiidkGSPTCi9lDcvIzl2+D7FivBMO9K/nso
-----END CERTIFICATE-----