Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/vs1dOMKwDJJ5uaYkiRvlWR6leYM.roa
File:                     vs1dOMKwDJJ5uaYkiRvlWR6leYM.roa (raw, json)
Hash identifier:          Qar6zUY49SmNjrFs4ROqa7Zsokz8zuJ+RB9gpxiLG9I=
Subject key identifier:   BE:CD:5D:38:C2:B0:0C:92:79:B9:A6:24:89:1B:E5:59:1E:A5:79:83
Certificate issuer:       /CN=788185d98444842b697e2bfdee3960a93f27aeed
Certificate serial:       0197C5E92D78BAFF843804FED209BDE277E7
Authority key identifier: 78:81:85:D9:84:44:84:2B:69:7E:2B:FD:EE:39:60:A9:3F:27:AE:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eIGF2YREhCtpfiv97jlgqT8nru0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/vs1dOMKwDJJ5uaYkiRvlWR6leYM.roa
Signing time:             Tue 01 Jul 2025 12:14:42 +0000
ROA not before:           Tue 01 Jul 2025 12:14:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211154
IP address blocks:        45.148.123.0/24 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/eIGF2YREhCtpfiv97jlgqT8nru0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/eIGF2YREhCtpfiv97jlgqT8nru0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eIGF2YREhCtpfiv97jlgqT8nru0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c5:e9:2d:78:ba:ff:84:38:04:fe:d2:09:bd:e2:77:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=788185d98444842b697e2bfdee3960a93f27aeed
        Validity
            Not Before: Jul  1 12:14:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=becd5d38c2b00c9279b9a624891be5591ea57983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a0:e4:44:b1:1f:9a:a0:38:f9:be:e9:02:ed:
                    42:5d:63:0e:7a:56:61:11:8f:c2:01:9c:3f:75:12:
                    73:3e:6a:25:68:1c:dc:35:37:c0:8f:a2:8a:8f:90:
                    17:dd:aa:fd:ad:36:15:17:74:6b:59:49:5f:b0:33:
                    a6:ba:ea:3b:f1:4a:8e:57:4f:32:5a:c8:2e:b8:16:
                    5d:ac:eb:78:04:89:79:40:aa:cc:75:cf:60:aa:49:
                    09:0e:79:b2:9e:cf:26:3a:8f:20:78:f2:95:08:2d:
                    82:a9:29:9d:65:1d:c8:cf:dc:51:5b:50:63:1c:d3:
                    e4:40:be:7c:00:78:6f:07:8a:3d:e6:50:30:5b:59:
                    53:09:e3:79:0c:b4:ae:f4:d9:5d:ef:9b:55:cc:e7:
                    e5:ab:a9:38:d1:71:04:e8:60:41:70:ca:03:12:74:
                    1c:d5:81:58:23:07:23:88:79:a9:98:da:fa:82:64:
                    86:5f:61:af:a4:66:55:93:7a:c8:a1:1d:09:7a:04:
                    cd:52:57:0a:05:79:86:5b:71:1d:34:1d:ac:59:3b:
                    c5:92:72:0c:19:6c:34:e7:27:4f:e6:51:ee:d5:4d:
                    65:c0:5d:9f:33:7d:a2:cb:76:fc:98:1c:de:d5:8c:
                    bb:bb:68:71:8d:72:52:62:a6:bb:a3:5b:63:fa:fb:
                    c6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:CD:5D:38:C2:B0:0C:92:79:B9:A6:24:89:1B:E5:59:1E:A5:79:83
            X509v3 Authority Key Identifier:
                keyid:78:81:85:D9:84:44:84:2B:69:7E:2B:FD:EE:39:60:A9:3F:27:AE:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eIGF2YREhCtpfiv97jlgqT8nru0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/vs1dOMKwDJJ5uaYkiRvlWR6leYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/9b1522-8cb0-4c9e-8be0-1a9b45e14557/1/eIGF2YREhCtpfiv97jlgqT8nru0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:b2:36:29:3c:7b:7d:c1:bc:0c:5a:8f:77:8a:05:07:a3:1e:
         17:41:0a:73:b9:98:1c:7c:36:18:19:bc:44:98:76:13:7f:d1:
         92:3b:62:60:80:ef:e3:e5:21:a1:71:7b:7a:06:e8:2d:72:c3:
         11:c4:c7:74:71:16:b2:61:1f:d0:cd:7a:50:64:03:95:fe:d3:
         12:d6:17:3f:e9:73:06:e4:5b:2f:e8:56:ad:15:d2:0d:00:46:
         a0:c1:ba:bc:06:61:eb:75:02:56:cd:22:a0:2e:89:38:58:c2:
         15:7a:68:93:bd:e6:c6:23:93:70:e2:50:b7:0e:51:6a:e3:7a:
         64:3e:6b:69:1c:b6:41:68:8d:03:f3:44:7c:e2:ef:72:ff:f2:
         87:cb:51:e7:6b:5f:89:ff:f2:66:f5:6e:7e:d4:cc:87:e2:25:
         f6:0c:86:ce:89:97:60:9f:49:ac:d3:e8:75:90:86:98:09:14:
         5f:d8:91:43:b3:78:7a:fc:51:4e:ea:44:51:ad:69:e1:3f:c7:
         3b:f8:72:e7:5a:0f:ff:fb:02:ab:4d:ab:c0:8c:6e:eb:b8:4e:
         15:8c:93:01:6f:ec:2c:a0:44:0b:c5:be:45:9a:f4:ab:02:dd:
         4e:db:5d:b2:d0:53:82:19:01:b8:83:16:31:56:26:df:6c:c2:
         d1:81:df:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfF6S14uv+EOAT+0gm94nfnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ODE4NWQ5ODQ0NDg0MmI2OTdlMmJmZGVlMzk2MGE5M2Yy
N2FlZWQwHhcNMjUwNzAxMTIxNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWNkNWQzOGMyYjAwYzkyNzliOWE2MjQ4OTFiZTU1OTFlYTU3OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6DkRLEfmqA4+b7pAu1CXWMOelZh
EY/CAZw/dRJzPmolaBzcNTfAj6KKj5AX3ar9rTYVF3RrWUlfsDOmuuo78UqOV08y
WsguuBZdrOt4BIl5QKrMdc9gqkkJDnmyns8mOo8gePKVCC2CqSmdZR3Iz9xRW1Bj
HNPkQL58AHhvB4o95lAwW1lTCeN5DLSu9Nld75tVzOflq6k40XEE6GBBcMoDEnQc
1YFYIwcjiHmpmNr6gmSGX2GvpGZVk3rIoR0JegTNUlcKBXmGW3EdNB2sWTvFknIM
GWw05ydP5lHu1U1lwF2fM32iy3b8mBze1Yy7u2hxjXJSYqa7o1tj+vvGPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7NXTjCsAySebmmJIkb5VkepXmDMB8GA1UdIwQY
MBaAFHiBhdmERIQraX4r/e45YKk/J67tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUlHRjJZUkVoQ3RwZml2OTdqbGdxVDhucnUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS85YjE1MjItOGNiMC00YzllLThiZTAt
MWE5YjQ1ZTE0NTU3LzEvdnMxZE9NS3dESko1dWFZa2lSdmxXUjZsZVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS85YjE1MjItOGNiMC00YzllLThiZTAtMWE5YjQ1ZTE0NTU3
LzEvZUlHRjJZUkVoQ3RwZml2OTdqbGdxVDhucnUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZR7MA0G
CSqGSIb3DQEBCwUAA4IBAQBAsjYpPHt9wbwMWo93igUHox4XQQpzuZgcfDYYGbxE
mHYTf9GSO2JggO/j5SGhcXt6BugtcsMRxMd0cRayYR/QzXpQZAOV/tMS1hc/6XMG
5Fsv6FatFdINAEagwbq8BmHrdQJWzSKgLok4WMIVemiTvebGI5Nw4lC3DlFq43pk
PmtpHLZBaI0D80R84u9y//KHy1Hna1+J//Jm9W5+1MyH4iX2DIbOiZdgn0ms0+h1
kIaYCRRf2JFDs3h6/FFO6kRRrWnhP8c7+HLnWg//+wKrTavAjG7ruE4VjJMBb+ws
oEQLxb5FmvSrAt1O212y0FOCGQG4gxYxVibfbMLRgd8Y
-----END CERTIFICATE-----