Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/eb94ad-7894-4b36-9246-08af74c1a50c/1/cJMqlk4t_npV762YA6G1Urn8YC8.roa
File:                     cJMqlk4t_npV762YA6G1Urn8YC8.roa (raw, json)
Hash identifier:          +q/bgqa1jjCMji99qFxLyo61sIU915VzUhks1PlXN30=
Subject key identifier:   70:93:2A:96:4E:2D:FE:7A:55:EF:AD:98:03:A1:B5:52:B9:FC:60:2F
Certificate issuer:       /CN=12f27a7df2076f8d1dc795277c09a0107d2bdb2a
Certificate serial:       0197D664D8B26839BBDA9B137D5204494C09
Authority key identifier: 12:F2:7A:7D:F2:07:6F:8D:1D:C7:95:27:7C:09:A0:10:7D:2B:DB:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EvJ6ffIHb40dx5UnfAmgEH0r2yo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/eb94ad-7894-4b36-9246-08af74c1a50c/1/cJMqlk4t_npV762YA6G1Urn8YC8.roa
Signing time:             Fri 04 Jul 2025 17:03:42 +0000
ROA not before:           Fri 04 Jul 2025 17:03:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28701
IP address blocks:        45.156.108.0/22 maxlen: 22
                          2a10:4000::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/eb94ad-7894-4b36-9246-08af74c1a50c/1/EvJ6ffIHb40dx5UnfAmgEH0r2yo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/eb94ad-7894-4b36-9246-08af74c1a50c/1/EvJ6ffIHb40dx5UnfAmgEH0r2yo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EvJ6ffIHb40dx5UnfAmgEH0r2yo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:64:d8:b2:68:39:bb:da:9b:13:7d:52:04:49:4c:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12f27a7df2076f8d1dc795277c09a0107d2bdb2a
        Validity
            Not Before: Jul  4 17:03:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70932a964e2dfe7a55efad9803a1b552b9fc602f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e5:7d:b1:62:ea:04:93:02:05:a9:fc:bb:d5:
                    0f:fa:4d:16:c2:2a:d7:5b:f0:94:60:42:f4:a0:00:
                    40:70:5a:8b:05:fe:4d:09:d8:6f:5f:17:70:e9:2e:
                    67:46:db:cf:1a:c9:75:69:9b:fe:c4:f8:3e:50:af:
                    56:e4:f9:29:62:fc:73:04:34:68:01:93:36:de:f5:
                    85:86:29:01:81:7b:ad:67:5e:0d:b7:07:81:01:33:
                    d3:98:13:74:48:76:e9:be:4f:5b:5a:e1:09:4d:82:
                    7f:77:79:42:f1:01:43:cb:c0:88:1f:7c:c0:1a:28:
                    2e:7c:ce:67:3f:6a:85:21:d3:ed:cf:11:ac:e6:41:
                    21:8f:ef:ee:e1:bb:95:03:c1:16:0c:ce:5f:1b:a5:
                    4d:e2:4a:9a:42:67:30:96:35:b8:a0:e1:36:c8:a2:
                    6f:37:9d:64:8b:62:ac:c3:97:8e:85:3f:34:98:39:
                    ab:ca:da:1b:e3:d8:4d:6e:27:7a:73:17:84:6d:93:
                    24:25:09:d5:4b:7a:8e:82:15:36:02:dc:d2:93:0d:
                    d5:1e:03:16:40:35:f0:9b:ca:de:40:dd:6a:47:1c:
                    8a:4e:95:6f:1b:7f:93:ed:78:9a:af:13:5d:44:12:
                    bb:a6:bc:b5:7b:c0:be:e2:f1:7b:2f:53:89:b2:e4:
                    00:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:93:2A:96:4E:2D:FE:7A:55:EF:AD:98:03:A1:B5:52:B9:FC:60:2F
            X509v3 Authority Key Identifier:
                keyid:12:F2:7A:7D:F2:07:6F:8D:1D:C7:95:27:7C:09:A0:10:7D:2B:DB:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EvJ6ffIHb40dx5UnfAmgEH0r2yo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/eb94ad-7894-4b36-9246-08af74c1a50c/1/cJMqlk4t_npV762YA6G1Urn8YC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/eb94ad-7894-4b36-9246-08af74c1a50c/1/EvJ6ffIHb40dx5UnfAmgEH0r2yo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.108.0/22
                IPv6:
                  2a10:4000::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:18:ef:58:71:be:8f:50:58:c5:fd:2a:10:ae:4e:07:d8:79:
         d3:98:58:36:1b:16:c6:ff:76:d5:68:cd:47:43:39:6a:4e:28:
         0a:b8:75:fe:33:b4:6c:a4:83:19:6e:c5:9d:61:f8:36:09:ec:
         80:ec:02:36:57:e6:6a:ab:f6:77:b3:f2:9d:fb:48:7e:71:9e:
         af:4f:ad:4c:4a:ef:be:64:9d:cf:d7:f3:2e:e4:24:5b:a5:fd:
         6f:cc:21:09:56:8c:9b:01:25:49:56:15:0c:4a:cd:36:3f:59:
         79:30:a2:fc:3e:f4:38:70:5e:19:28:6f:7c:ec:7b:53:29:5f:
         0d:02:f2:dd:51:13:e6:7d:ba:6f:df:6d:4b:93:78:51:03:55:
         94:cd:43:86:61:82:7c:d1:f3:9c:4c:dd:ae:c8:6b:71:89:e9:
         dc:d0:00:2e:d1:6d:82:db:b1:ca:7a:e9:7a:29:47:e9:8e:39:
         57:c0:05:33:a0:1b:bf:f1:f8:05:3d:22:72:37:c0:8b:df:f6:
         ad:5b:f6:23:7a:5b:e5:17:db:ed:0b:99:ca:f6:d1:fa:f6:2e:
         69:fa:ab:68:67:b8:f9:e3:8b:17:51:df:79:5e:87:85:6d:10:
         e3:37:28:b8:a5:56:78:52:b3:6d:0e:0c:10:59:94:9a:a1:36:
         d9:e5:03:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfWZNiyaDm72psTfVIESUwJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZjI3YTdkZjIwNzZmOGQxZGM3OTUyNzdjMDlhMDEwN2Qy
YmRiMmEwHhcNMjUwNzA0MTcwMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDkzMmE5NjRlMmRmZTdhNTVlZmFkOTgwM2ExYjU1MmI5ZmM2MDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuV9sWLqBJMCBan8u9UP+k0WwirX
W/CUYEL0oABAcFqLBf5NCdhvXxdw6S5nRtvPGsl1aZv+xPg+UK9W5PkpYvxzBDRo
AZM23vWFhikBgXutZ14NtweBATPTmBN0SHbpvk9bWuEJTYJ/d3lC8QFDy8CIH3zA
GigufM5nP2qFIdPtzxGs5kEhj+/u4buVA8EWDM5fG6VN4kqaQmcwljW4oOE2yKJv
N51ki2Ksw5eOhT80mDmrytob49hNbid6cxeEbZMkJQnVS3qOghU2AtzSkw3VHgMW
QDXwm8reQN1qRxyKTpVvG3+T7XiarxNdRBK7pry1e8C+4vF7L1OJsuQAhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHCTKpZOLf56Ve+tmAOhtVK5/GAvMB8GA1UdIwQY
MBaAFBLyen3yB2+NHceVJ3wJoBB9K9sqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXZKNmZmSUhiNDBkeDVVbmZBbWdFSDByMnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9lYjk0YWQtNzg5NC00YjM2LTkyNDYt
MDhhZjc0YzFhNTBjLzEvY0pNcWxrNHRfbnBWNzYyWUE2RzFVcm44WUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9lYjk0YWQtNzg5NC00YjM2LTkyNDYtMDhhZjc0YzFhNTBj
LzEvRXZKNmZmSUhiNDBkeDVVbmZBbWdFSDByMnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZxsMA0E
AgACMAcDBQMqEEAAMA0GCSqGSIb3DQEBCwUAA4IBAQBEGO9Ycb6PUFjF/SoQrk4H
2HnTmFg2GxbG/3bVaM1HQzlqTigKuHX+M7RspIMZbsWdYfg2CeyA7AI2V+Zqq/Z3
s/Kd+0h+cZ6vT61MSu++ZJ3P1/Mu5CRbpf1vzCEJVoybASVJVhUMSs02P1l5MKL8
PvQ4cF4ZKG987HtTKV8NAvLdURPmfbpv321Lk3hRA1WUzUOGYYJ80fOcTN2uyGtx
ienc0AAu0W2C27HKeul6KUfpjjlXwAUzoBu/8fgFPSJyN8CL3/atW/YjelvlF9vt
C5nK9tH69i5p+qtoZ7j544sXUd95XoeFbRDjNyi4pVZ4UrNtDgwQWZSaoTbZ5QNA
-----END CERTIFICATE-----