Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/m74VvsI6EdMo76uevvan59QpkqE.roa
File:                     m74VvsI6EdMo76uevvan59QpkqE.roa (raw, json)
Hash identifier:          1fe03vMMsl3oUUL4Se2ddc8JmIOlm8Qdn5iC5j3XfoY=
Subject key identifier:   9B:BE:15:BE:C2:3A:11:D3:28:EF:AB:9E:BE:F6:A7:E7:D4:29:92:A1
Certificate issuer:       /CN=b209308540c4df9b9bb7d6327fa7b5d49008068c
Certificate serial:       0197F01CCC6A05BEB0C880A51958523C8997
Authority key identifier: B2:09:30:85:40:C4:DF:9B:9B:B7:D6:32:7F:A7:B5:D4:90:08:06:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/m74VvsI6EdMo76uevvan59QpkqE.roa
Signing time:             Wed 09 Jul 2025 16:55:08 +0000
ROA not before:           Wed 09 Jul 2025 16:55:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        45.158.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:26:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f0:1c:cc:6a:05:be:b0:c8:80:a5:19:58:52:3c:89:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b209308540c4df9b9bb7d6327fa7b5d49008068c
        Validity
            Not Before: Jul  9 16:55:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bbe15bec23a11d328efab9ebef6a7e7d42992a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f6:2a:19:f0:ed:e1:bd:62:1f:45:aa:b0:6e:
                    19:d7:f5:64:6d:82:ae:f4:42:9f:b5:f3:fe:a3:f4:
                    f2:86:96:1c:cd:63:d0:bd:4a:f1:3c:b5:58:ef:fc:
                    58:40:de:ab:94:aa:76:b4:d0:82:af:2a:ce:a4:b2:
                    31:02:f8:92:d5:9d:3a:43:25:03:48:03:c5:bb:f2:
                    7a:db:31:88:61:4d:b2:70:03:7e:5a:79:be:9c:5c:
                    b7:cf:b5:72:2b:10:c1:c5:fa:bb:66:f6:03:c4:df:
                    29:c9:45:6f:68:2d:98:f0:68:f0:94:fb:1d:a6:f1:
                    a9:87:33:09:0e:71:74:23:c3:dd:e4:50:41:a9:71:
                    77:50:48:03:0a:05:64:e8:d0:6c:fd:3a:66:87:0a:
                    fa:87:73:75:97:45:e9:35:f9:4d:cf:98:6f:70:a0:
                    11:33:32:56:b5:7d:a1:de:2f:25:3c:37:c1:86:2b:
                    68:cc:24:8a:2a:eb:7c:f2:41:16:7b:22:82:ff:60:
                    26:83:eb:30:e3:b2:71:f1:09:2f:a1:24:87:9e:b4:
                    9f:9b:de:80:ce:8a:48:f4:6f:bd:bc:e0:06:39:8d:
                    ce:b0:90:8c:6c:a6:82:cd:27:b1:be:d9:fb:75:a0:
                    19:66:2c:ea:47:25:19:39:17:ea:c0:d8:e3:e2:9d:
                    54:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:BE:15:BE:C2:3A:11:D3:28:EF:AB:9E:BE:F6:A7:E7:D4:29:92:A1
            X509v3 Authority Key Identifier:
                keyid:B2:09:30:85:40:C4:DF:9B:9B:B7:D6:32:7F:A7:B5:D4:90:08:06:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sgkwhUDE35ubt9Yyf6e11JAIBow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/m74VvsI6EdMo76uevvan59QpkqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/880eb2-fa65-47ca-8a00-6480c3d1f4e4/1/sgkwhUDE35ubt9Yyf6e11JAIBow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:a0:69:e0:c1:b3:a4:a0:de:a5:dc:37:b9:a3:d5:2a:f6:fe:
         59:32:a0:df:86:5f:dc:77:f2:f2:0f:7a:7f:e6:fe:c3:ae:0e:
         20:b1:10:a7:65:ec:d0:70:2d:48:99:85:04:7c:62:fc:11:52:
         af:de:1c:f1:26:36:62:d1:f6:cc:28:08:7c:95:a1:64:ad:ef:
         42:8d:7d:56:f8:91:cf:02:2a:ad:93:fb:5d:59:6d:98:e3:c4:
         e0:93:05:2f:79:6f:09:60:81:86:a9:8a:84:48:a1:fa:d4:ad:
         d0:03:f1:ce:4a:56:b8:27:a2:24:26:4c:5a:98:61:a2:b2:b1:
         0d:89:8a:ba:e0:4a:59:29:79:fe:46:65:fa:b0:f7:27:ba:ae:
         89:95:f9:81:d7:01:86:a8:07:82:1a:f5:10:f2:85:60:fd:b6:
         1a:69:84:11:52:24:a1:ad:b6:46:66:7c:1b:d9:1a:4c:33:07:
         40:a1:e6:30:6c:f2:cc:20:e6:27:6a:70:80:3e:86:4e:81:82:
         07:62:58:7f:3e:ba:75:54:40:12:d3:20:b6:49:b0:9c:ec:f6:
         fe:b6:0e:0f:53:4c:06:f4:b5:4e:5c:e6:1b:20:33:f8:97:eb:
         6e:f8:fb:a1:9f:ca:f6:2a:3e:f4:26:6d:7c:31:d1:05:68:ea:
         58:31:e1:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfwHMxqBb6wyIClGVhSPImXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMDkzMDg1NDBjNGRmOWI5YmI3ZDYzMjdmYTdiNWQ0OTAw
ODA2OGMwHhcNMjUwNzA5MTY1NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmJlMTViZWMyM2ExMWQzMjhlZmFiOWViZWY2YTdlN2Q0Mjk5MmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofYqGfDt4b1iH0WqsG4Z1/VkbYKu
9EKftfP+o/TyhpYczWPQvUrxPLVY7/xYQN6rlKp2tNCCryrOpLIxAviS1Z06QyUD
SAPFu/J62zGIYU2ycAN+Wnm+nFy3z7VyKxDBxfq7ZvYDxN8pyUVvaC2Y8GjwlPsd
pvGphzMJDnF0I8Pd5FBBqXF3UEgDCgVk6NBs/Tpmhwr6h3N1l0XpNflNz5hvcKAR
MzJWtX2h3i8lPDfBhitozCSKKut88kEWeyKC/2Amg+sw47Jx8QkvoSSHnrSfm96A
zopI9G+9vOAGOY3OsJCMbKaCzSexvtn7daAZZizqRyUZORfqwNjj4p1UHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJu+Fb7COhHTKO+rnr72p+fUKZKhMB8GA1UdIwQY
MBaAFLIJMIVAxN+bm7fWMn+ntdSQCAaMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2drd2hVREUzNXVidDlZeWY2ZTExSkFJQm93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84ODBlYjItZmE2NS00N2NhLThhMDAt
NjQ4MGMzZDFmNGU0LzEvbTc0VnZzSTZFZE1vNzZ1ZXZ2YW41OVFwa3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84ODBlYjItZmE2NS00N2NhLThhMDAtNjQ4MGMzZDFmNGU0
LzEvc2drd2hVREUzNXVidDlZeWY2ZTExSkFJQm93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ7YMA0G
CSqGSIb3DQEBCwUAA4IBAQB/oGngwbOkoN6l3De5o9Uq9v5ZMqDfhl/cd/LyD3p/
5v7Drg4gsRCnZezQcC1ImYUEfGL8EVKv3hzxJjZi0fbMKAh8laFkre9CjX1W+JHP
Aiqtk/tdWW2Y48TgkwUveW8JYIGGqYqESKH61K3QA/HOSla4J6IkJkxamGGisrEN
iYq64EpZKXn+RmX6sPcnuq6JlfmB1wGGqAeCGvUQ8oVg/bYaaYQRUiShrbZGZnwb
2RpMMwdAoeYwbPLMIOYnanCAPoZOgYIHYlh/Prp1VEAS0yC2SbCc7Pb+tg4PU0wG
9LVOXOYbIDP4l+tu+Puhn8r2Kj70Jm18MdEFaOpYMeHC
-----END CERTIFICATE-----