Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/R4JA4ZrzZRT6P7L7s0XA8tBlvow.roa
File:                     R4JA4ZrzZRT6P7L7s0XA8tBlvow.roa (raw, json)
Hash identifier:          UZWxFLVEGSwKY6r7vPrE+HW6Om5TTOD3+yQvi0X4C9A=
Subject key identifier:   47:82:40:E1:9A:F3:65:14:FA:3F:B2:FB:B3:45:C0:F2:D0:65:BE:8C
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0197CF6AA678ED2BDD9D8BAB328F9CB9BBBF
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/R4JA4ZrzZRT6P7L7s0XA8tBlvow.roa
Signing time:             Thu 03 Jul 2025 08:32:42 +0000
ROA not before:           Thu 03 Jul 2025 08:32:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207633
IP address blocks:        45.136.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cf:6a:a6:78:ed:2b:dd:9d:8b:ab:32:8f:9c:b9:bb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jul  3 08:32:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=478240e19af36514fa3fb2fbb345c0f2d065be8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d9:c3:34:5b:c3:4a:9d:ca:93:ae:e9:36:2a:
                    a7:e8:3f:5c:8f:7e:3e:fa:ea:8c:b6:ca:ef:7d:ad:
                    70:67:fa:37:ef:47:8e:f7:0b:18:01:15:57:70:26:
                    b4:07:e9:b7:4e:0e:1d:1e:aa:b4:3b:03:d9:ee:bf:
                    1e:f8:9e:8a:d1:1d:11:b6:ea:91:3f:49:a0:d1:fc:
                    6d:04:ad:f3:43:13:d0:47:c9:88:95:01:04:1a:a3:
                    77:d9:1b:ec:3e:35:22:ae:60:17:8b:86:19:87:3f:
                    35:c6:ac:6f:13:f5:de:72:4a:1b:a1:df:32:b5:7e:
                    db:fb:41:58:78:ca:75:32:13:ee:b5:9d:b5:f6:3d:
                    3c:60:d9:d5:ff:1f:50:18:43:8e:a1:d4:db:07:a7:
                    84:cc:87:c9:b0:45:7e:27:f8:86:2b:71:2f:eb:7f:
                    8b:75:55:5b:52:50:94:4c:df:05:59:47:8f:bb:c8:
                    34:a1:ad:9f:4e:29:e1:3d:8a:90:20:68:f2:84:4e:
                    18:d7:28:52:64:85:d3:4c:64:2c:10:dc:d7:33:f0:
                    3a:91:ac:5a:3f:a7:05:f7:4d:f8:d9:26:64:47:27:
                    09:d0:e3:0e:ee:ad:fc:da:72:68:13:0c:49:5b:cf:
                    af:f4:a9:4c:62:1d:1f:48:4f:2a:2f:0b:e6:a4:eb:
                    36:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:82:40:E1:9A:F3:65:14:FA:3F:B2:FB:B3:45:C0:F2:D0:65:BE:8C
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/R4JA4ZrzZRT6P7L7s0XA8tBlvow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:13:c3:c4:6b:5e:ff:f4:d3:21:1e:c2:ce:53:2c:17:2a:da:
         b6:0e:2b:ac:a4:a8:47:63:f4:0c:cc:64:83:9e:2b:9c:7d:64:
         f3:e0:37:e2:aa:b8:3a:7b:d6:ad:d5:dc:90:79:2a:be:3d:bf:
         8f:32:08:61:eb:0d:de:33:b0:46:f2:36:c6:79:77:75:73:14:
         0c:c3:4f:97:1a:2b:7d:f9:d3:44:cd:f0:4e:d2:d5:ba:c1:f4:
         c6:39:31:a9:f6:cf:9e:97:80:78:8f:c5:dc:1a:42:22:95:fe:
         d7:55:a8:65:c3:1b:ae:33:d6:3f:11:36:d5:13:a5:d8:46:50:
         ae:da:6f:95:76:18:21:53:94:c8:cb:66:9c:fb:0c:af:ca:54:
         00:c5:75:cf:02:a2:ca:b5:32:00:32:a1:04:2b:36:1c:31:de:
         3a:05:2a:32:e4:df:61:82:03:df:ff:bb:c1:c7:9d:d6:48:06:
         bc:30:1d:13:aa:34:f9:c3:a0:68:ea:5e:90:8a:eb:24:8d:0f:
         c6:fa:ba:81:bf:02:ba:e6:3a:61:bf:3d:17:b6:f5:c6:f0:15:
         79:4f:22:13:8a:17:ba:8e:f4:07:80:b2:1c:36:c5:03:96:1c:
         67:c3:5d:b1:2c:c2:d5:a3:3a:41:af:93:d7:3d:04:2f:65:b5:
         94:df:7a:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfPaqZ47SvdnYurMo+cubu/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwNzAzMDgzMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzgyNDBlMTlhZjM2NTE0ZmEzZmIyZmJiMzQ1YzBmMmQwNjViZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdnDNFvDSp3Kk67pNiqn6D9cj34+
+uqMtsrvfa1wZ/o370eO9wsYARVXcCa0B+m3Tg4dHqq0OwPZ7r8e+J6K0R0RtuqR
P0mg0fxtBK3zQxPQR8mIlQEEGqN32RvsPjUirmAXi4YZhz81xqxvE/Xeckobod8y
tX7b+0FYeMp1MhPutZ219j08YNnV/x9QGEOOodTbB6eEzIfJsEV+J/iGK3Ev63+L
dVVbUlCUTN8FWUePu8g0oa2fTinhPYqQIGjyhE4Y1yhSZIXTTGQsENzXM/A6kaxa
P6cF90342SZkRycJ0OMO7q382nJoEwxJW8+v9KlMYh0fSE8qLwvmpOs2UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEeCQOGa82UU+j+y+7NFwPLQZb6MMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvUjRKQTRacnpaUlQ2UDdMN3MwWEE4dEJsdm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYgHMA0G
CSqGSIb3DQEBCwUAA4IBAQCnE8PEa17/9NMhHsLOUywXKtq2DiuspKhHY/QMzGSD
niucfWTz4Dfiqrg6e9at1dyQeSq+Pb+PMghh6w3eM7BG8jbGeXd1cxQMw0+XGit9
+dNEzfBO0tW6wfTGOTGp9s+el4B4j8XcGkIilf7XVahlwxuuM9Y/ETbVE6XYRlCu
2m+VdhghU5TIy2ac+wyvylQAxXXPAqLKtTIAMqEEKzYcMd46BSoy5N9hggPf/7vB
x53WSAa8MB0TqjT5w6Bo6l6QiuskjQ/G+rqBvwK65jphvz0XtvXG8BV5TyITihe6
jvQHgLIcNsUDlhxnw12xLMLVozpBr5PXPQQvZbWU33pX
-----END CERTIFICATE-----