Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/iPxdZuzxvDtlhje1pBxfz_ffoSI.roa
File:                     iPxdZuzxvDtlhje1pBxfz_ffoSI.roa (raw, json)
Hash identifier:          5nZeFKjMPEJbsRI/uBt0UR440fY87EaeHxRz6CkKzyc=
Subject key identifier:   88:FC:5D:66:EC:F1:BC:3B:65:86:37:B5:A4:1C:5F:CF:F7:DF:A1:22
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0197D0CFB479612972BD8DB89A4586B96E77
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/iPxdZuzxvDtlhje1pBxfz_ffoSI.roa
Signing time:             Thu 03 Jul 2025 15:02:42 +0000
ROA not before:           Thu 03 Jul 2025 15:02:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216383
IP address blocks:        45.136.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 08:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d0:cf:b4:79:61:29:72:bd:8d:b8:9a:45:86:b9:6e:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Jul  3 15:02:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88fc5d66ecf1bc3b658637b5a41c5fcff7dfa122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:10:8b:87:69:c4:14:da:b7:a6:68:ee:36:e7:
                    b1:73:28:93:e1:00:92:27:ae:0f:c7:bf:08:30:1d:
                    3e:d3:4a:53:ed:69:0a:29:88:f4:f5:0e:a9:52:b1:
                    c7:a3:bf:fc:3d:eb:a5:b7:81:ee:60:26:0f:0f:51:
                    d6:d1:91:0d:fc:16:7b:96:ed:6f:c4:ca:39:85:48:
                    a2:55:91:11:65:82:b0:87:30:1a:a5:47:04:09:7e:
                    15:58:64:27:86:a4:d9:38:e7:c9:52:33:90:a3:b1:
                    7a:62:f6:f5:90:63:54:33:18:15:0e:33:dc:28:0d:
                    1e:42:10:c9:6e:d7:18:5e:0d:3f:35:2e:64:12:d1:
                    61:bb:f1:60:1d:5f:69:bb:28:8c:5d:db:68:e4:10:
                    c7:56:e6:f4:f0:1f:26:62:f9:a8:44:fd:ea:6e:ab:
                    89:7b:25:9d:85:9d:34:a1:6e:06:00:e5:6a:55:e1:
                    2c:2a:bd:58:72:91:6b:e0:a6:e1:7a:0e:de:d2:60:
                    c4:07:b0:ca:1f:f6:fc:a2:41:e3:00:83:bf:50:8d:
                    d7:dd:b9:4b:d0:74:50:fa:b7:99:58:6f:6b:78:e4:
                    5a:41:dc:68:e5:93:dd:4f:ab:dc:9c:44:80:ca:97:
                    88:d6:17:c9:96:15:70:72:c6:0f:8b:34:00:fd:4a:
                    f1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:FC:5D:66:EC:F1:BC:3B:65:86:37:B5:A4:1C:5F:CF:F7:DF:A1:22
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/iPxdZuzxvDtlhje1pBxfz_ffoSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:0b:0d:be:38:6a:4d:c8:fe:07:87:cb:8f:a3:8f:f5:3d:9a:
         86:60:8e:8a:49:0f:77:e4:17:f8:dc:d8:8d:45:83:eb:db:87:
         aa:af:c1:94:3b:f4:98:1b:1c:01:a2:cc:f3:75:d5:bc:8d:03:
         76:39:20:89:ec:95:79:ec:11:d1:04:a0:4f:67:b4:00:10:79:
         91:98:21:bf:8f:93:84:f2:df:2b:ba:e1:af:5c:58:5f:3e:3e:
         6d:b7:42:f0:1c:e6:ac:ae:d4:f0:6c:40:17:dc:9a:6b:8a:66:
         a3:6f:08:46:da:cb:17:8c:5c:82:c5:c9:34:58:a1:50:fb:73:
         3a:4a:30:08:d5:45:f7:fe:00:b6:b6:ab:88:c7:5c:b0:99:9f:
         b2:d2:13:43:96:5f:63:28:5e:b8:f2:92:dc:16:d4:82:96:d3:
         ca:60:f4:05:8f:89:ac:bf:9c:0c:2e:db:65:40:ee:ec:16:6a:
         a9:06:72:59:1f:2e:8f:b8:92:54:9b:39:ce:c6:ad:53:b5:c0:
         f5:14:f0:08:79:d8:55:db:82:29:f8:45:b8:b5:a5:eb:d1:44:
         57:0a:a2:bb:bb:93:5a:c4:a0:4a:f1:55:6e:54:02:0f:9a:4f:
         f4:72:43:27:99:2c:74:af:52:bb:a8:75:16:a1:88:b3:5c:61:
         87:7d:79:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfQz7R5YSlyvY24mkWGuW53MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwNzAzMTUwMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGZjNWQ2NmVjZjFiYzNiNjU4NjM3YjVhNDFjNWZjZmY3ZGZhMTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBCLh2nEFNq3pmjuNuexcyiT4QCS
J64Px78IMB0+00pT7WkKKYj09Q6pUrHHo7/8Peult4HuYCYPD1HW0ZEN/BZ7lu1v
xMo5hUiiVZERZYKwhzAapUcECX4VWGQnhqTZOOfJUjOQo7F6Yvb1kGNUMxgVDjPc
KA0eQhDJbtcYXg0/NS5kEtFhu/FgHV9puyiMXdto5BDHVub08B8mYvmoRP3qbquJ
eyWdhZ00oW4GAOVqVeEsKr1YcpFr4Kbheg7e0mDEB7DKH/b8okHjAIO/UI3X3blL
0HRQ+reZWG9reORaQdxo5ZPdT6vcnESAypeI1hfJlhVwcsYPizQA/UrxkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIj8XWbs8bw7ZYY3taQcX8/336EiMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvaVB4ZFp1enh2RHRsaGplMXBCeGZ6X2Zmb1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYgFMA0G
CSqGSIb3DQEBCwUAA4IBAQBaCw2+OGpNyP4Hh8uPo4/1PZqGYI6KSQ935Bf43NiN
RYPr24eqr8GUO/SYGxwBoszzddW8jQN2OSCJ7JV57BHRBKBPZ7QAEHmRmCG/j5OE
8t8ruuGvXFhfPj5tt0LwHOasrtTwbEAX3JprimajbwhG2ssXjFyCxck0WKFQ+3M6
SjAI1UX3/gC2tquIx1ywmZ+y0hNDll9jKF648pLcFtSCltPKYPQFj4msv5wMLttl
QO7sFmqpBnJZHy6PuJJUmznOxq1TtcD1FPAIedhV24Ip+EW4taXr0URXCqK7u5Na
xKBK8VVuVAIPmk/0ckMnmSx0r1K7qHUWoYizXGGHfXny
-----END CERTIFICATE-----