Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/0MlTaxTSqs7exW9T9UwJnI13N48.roa
File:                     0MlTaxTSqs7exW9T9UwJnI13N48.roa (raw, json)
Hash identifier:          tFPjdFZ8VQwwFGSe9O82bqMhmvn5QbzxecPzG4FY10Y=
Subject key identifier:   D0:C9:53:6B:14:D2:AA:CE:DE:C5:6F:53:F5:4C:09:9C:8D:77:37:8F
Certificate issuer:       /CN=4638bf68b6675e2a5a3a7922f6477d2afb357fac
Certificate serial:       01983B708026F19006BC11A202A8FE2EFD0A
Authority key identifier: 46:38:BF:68:B6:67:5E:2A:5A:3A:79:22:F6:47:7D:2A:FB:35:7F:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/0MlTaxTSqs7exW9T9UwJnI13N48.roa
Signing time:             Thu 24 Jul 2025 07:58:05 +0000
ROA not before:           Thu 24 Jul 2025 07:58:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60633
IP address blocks:        45.157.49.0/24 maxlen: 24
                          45.157.50.0/24 maxlen: 24
                          45.157.51.0/24 maxlen: 24
                          185.156.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:70:80:26:f1:90:06:bc:11:a2:02:a8:fe:2e:fd:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4638bf68b6675e2a5a3a7922f6477d2afb357fac
        Validity
            Not Before: Jul 24 07:58:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0c9536b14d2aacedec56f53f54c099c8d77378f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:30:7a:06:cf:dc:5a:cd:61:f3:9e:55:f2:39:
                    c4:f2:e0:9f:93:bc:37:5d:17:ab:02:94:84:4b:17:
                    d0:34:3e:6a:20:a9:9c:98:5f:5f:7e:66:10:4b:f6:
                    b0:18:a0:84:e9:31:1b:cc:49:35:56:d5:cb:0a:11:
                    5b:0f:f4:61:31:22:78:1d:f3:a4:b4:9f:0f:bc:7f:
                    b6:3a:76:d3:46:d9:02:08:8c:ba:98:9f:6a:01:ab:
                    d8:18:9d:4f:6d:39:b5:de:d0:01:8c:2b:a4:a7:30:
                    e7:18:39:38:22:99:ef:01:78:51:80:d8:ac:0f:78:
                    b8:8b:3e:87:35:64:36:5a:a2:d2:c6:ec:48:ad:70:
                    60:76:32:4f:54:14:b5:32:14:73:13:a9:e4:1a:0b:
                    f6:b2:8e:c0:3e:ab:95:aa:38:37:0f:b3:fc:c2:0d:
                    c0:68:85:49:cf:ad:0b:7a:54:cf:da:fd:d0:71:f2:
                    58:74:10:59:14:7e:62:1d:73:83:e6:34:ef:75:cf:
                    23:ce:68:66:43:f3:4a:1f:97:59:fe:62:69:53:3f:
                    28:84:ac:c6:76:28:31:1e:a1:c8:21:08:ec:28:3d:
                    a9:2c:4c:e7:56:da:9f:da:ea:e1:c4:85:c3:d5:6e:
                    19:18:63:6f:d3:12:9c:41:0d:f8:d6:55:d8:25:23:
                    20:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C9:53:6B:14:D2:AA:CE:DE:C5:6F:53:F5:4C:09:9C:8D:77:37:8F
            X509v3 Authority Key Identifier:
                keyid:46:38:BF:68:B6:67:5E:2A:5A:3A:79:22:F6:47:7D:2A:FB:35:7F:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rji_aLZnXipaOnki9kd9Kvs1f6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/0MlTaxTSqs7exW9T9UwJnI13N48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/e2f615-6ca4-4bf5-9f53-87073f434b03/1/Rji_aLZnXipaOnki9kd9Kvs1f6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.49.0-45.157.51.255
                  185.156.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:57:8c:61:82:78:5c:a1:ee:eb:5c:02:69:a5:22:b5:d0:1f:
         f9:59:8a:ee:b1:65:bd:a5:a0:04:00:3b:c2:3a:cd:ca:63:60:
         76:f8:b9:79:39:a5:82:ed:f1:77:f7:de:ae:e1:54:d6:f0:d3:
         c3:fb:be:12:fa:d3:d0:a8:bf:49:61:a4:59:b1:d3:55:fc:ac:
         0c:4c:b6:df:de:4f:30:2e:a6:0b:9d:71:46:67:6f:49:38:a8:
         e9:5d:c7:7b:d9:07:ec:07:40:f3:08:5c:e2:eb:a6:99:0f:bd:
         58:99:c1:7b:b3:94:15:1b:96:00:8a:f7:f0:cb:be:17:2c:a0:
         1f:7d:14:89:60:7d:a7:2d:ad:50:d2:41:a4:63:3c:d5:ae:31:
         04:22:ce:ed:c6:cd:40:a3:b4:4b:a9:19:1f:aa:30:ce:2e:e6:
         ba:2a:a6:c4:b9:6b:6f:ef:99:b0:99:6f:47:57:b3:65:ef:41:
         0b:f5:20:ca:d9:6d:f0:da:de:57:2d:df:76:52:f8:f9:dc:d8:
         cc:0e:50:b3:4c:b9:7b:46:8a:f7:04:6e:f2:03:ca:aa:9b:23:
         4b:8c:48:a4:e8:f7:4b:f9:76:3d:16:24:47:6c:c3:88:89:82:
         c3:24:e3:a5:55:b3:c8:1d:80:bb:01:05:a9:86:66:b5:aa:3e:
         86:ff:0f:c8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZg7cIAm8ZAGvBGiAqj+Lv0KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MzhiZjY4YjY2NzVlMmE1YTNhNzkyMmY2NDc3ZDJhZmIz
NTdmYWMwHhcNMjUwNzI0MDc1ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGM5NTM2YjE0ZDJhYWNlZGVjNTZmNTNmNTRjMDk5YzhkNzczNzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTB6Bs/cWs1h855V8jnE8uCfk7w3
XRerApSESxfQND5qIKmcmF9ffmYQS/awGKCE6TEbzEk1VtXLChFbD/RhMSJ4HfOk
tJ8PvH+2OnbTRtkCCIy6mJ9qAavYGJ1PbTm13tABjCukpzDnGDk4IpnvAXhRgNis
D3i4iz6HNWQ2WqLSxuxIrXBgdjJPVBS1MhRzE6nkGgv2so7APquVqjg3D7P8wg3A
aIVJz60LelTP2v3QcfJYdBBZFH5iHXOD5jTvdc8jzmhmQ/NKH5dZ/mJpUz8ohKzG
digxHqHIIQjsKD2pLEznVtqf2urhxIXD1W4ZGGNv0xKcQQ341lXYJSMgvQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNDJU2sU0qrO3sVvU/VMCZyNdzePMB8GA1UdIwQY
MBaAFEY4v2i2Z14qWjp5IvZHfSr7NX+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmppX2FMWm5YaXBhT25raTlrZDlLdnMxZjZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9lMmY2MTUtNmNhNC00YmY1LTlmNTMt
ODcwNzNmNDM0YjAzLzEvME1sVGF4VFNxczdleFc5VDlVd0puSTEzTjQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9lMmY2MTUtNmNhNC00YmY1LTlmNTMtODcwNzNmNDM0YjAz
LzEvUmppX2FMWm5YaXBhT25raTlrZDlLdnMxZjZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtnTED
BAItnTADBAK5nAgwDQYJKoZIhvcNAQELBQADggEBAD1XjGGCeFyh7utcAmmlIrXQ
H/lZiu6xZb2loAQAO8I6zcpjYHb4uXk5pYLt8Xf33q7hVNbw08P7vhL609Cov0lh
pFmx01X8rAxMtt/eTzAupgudcUZnb0k4qOldx3vZB+wHQPMIXOLrppkPvViZwXuz
lBUblgCK9/DLvhcsoB99FIlgfactrVDSQaRjPNWuMQQizu3GzUCjtEupGR+qMM4u
5roqpsS5a2/vmbCZb0dXs2XvQQv1IMrZbfDa3lct33ZS+Pnc2MwOULNMuXtGivcE
bvIDyqqbI0uMSKTo90v5dj0WJEdsw4iJgsMk46VVs8gdgLsBBamGZrWqPob/D8g=
-----END CERTIFICATE-----