Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/1eI6tHWn5mw1MIq0X_zgTwv9fSE.roa
File:                     1eI6tHWn5mw1MIq0X_zgTwv9fSE.roa (raw, json)
Hash identifier:          8x8VnAk+5H5bkyQWkDL1G8L0LCunPhtZJ6LHbeagyoc=
Subject key identifier:   D5:E2:3A:B4:75:A7:E6:6C:35:30:8A:B4:5F:FC:E0:4F:0B:FD:7D:21
Certificate issuer:       /CN=4413bdf4dc7435faf51ba934d65570f71c21731a
Certificate serial:       0199103D912A80B9568084FCF28B03030675
Authority key identifier: 44:13:BD:F4:DC:74:35:FA:F5:1B:A9:34:D6:55:70:F7:1C:21:73:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/1eI6tHWn5mw1MIq0X_zgTwv9fSE.roa
Signing time:             Wed 03 Sep 2025 15:41:34 +0000
ROA not before:           Wed 03 Sep 2025 15:41:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43648
IP address blocks:        45.131.236.0/23 maxlen: 24
                          185.78.16.0/22 maxlen: 24
                          2a05:6680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 15:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:10:3d:91:2a:80:b9:56:80:84:fc:f2:8b:03:03:06:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4413bdf4dc7435faf51ba934d65570f71c21731a
        Validity
            Not Before: Sep  3 15:41:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5e23ab475a7e66c35308ab45ffce04f0bfd7d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5c:1e:b3:fc:ac:a1:9d:74:84:4c:f3:de:d8:
                    e3:14:de:79:41:e5:68:ce:89:27:4f:b8:85:f1:a0:
                    42:6c:82:49:d7:60:17:8e:b9:0b:1e:71:0f:0f:79:
                    50:8a:2d:96:d6:00:e4:21:e5:74:26:5f:5a:97:9e:
                    d4:c8:72:2b:29:40:7a:e6:8a:32:f0:93:de:d3:ba:
                    fd:4e:fd:45:bb:03:5f:ab:b2:a6:e9:3e:52:d0:86:
                    d0:a3:a7:01:dc:dc:ff:37:61:39:3e:27:f8:7b:7e:
                    c4:33:1d:a4:e5:f4:88:c2:ac:d5:2b:dc:3d:cd:76:
                    15:36:7a:97:de:ed:63:d2:62:58:c7:d7:a5:3e:7e:
                    51:29:dc:47:f5:d8:19:5a:e0:ce:e9:cc:fa:bc:57:
                    77:61:b7:8a:90:35:0f:ba:a2:a7:86:9e:a1:ed:f2:
                    e0:30:09:6e:2b:41:66:d8:4e:3a:84:c3:24:6a:b1:
                    70:b5:17:11:89:ca:3b:a2:de:7d:28:bf:35:39:49:
                    d3:bf:af:6a:ea:ce:3d:17:91:fe:ae:4a:53:6c:cc:
                    00:f5:1a:a6:66:f8:cf:8a:8c:e7:87:21:7f:74:bb:
                    39:48:87:76:d2:96:4d:26:53:a2:20:11:23:d2:56:
                    c4:01:8f:2f:8a:fc:4f:6f:9d:30:55:fa:b3:5b:6a:
                    e4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E2:3A:B4:75:A7:E6:6C:35:30:8A:B4:5F:FC:E0:4F:0B:FD:7D:21
            X509v3 Authority Key Identifier:
                keyid:44:13:BD:F4:DC:74:35:FA:F5:1B:A9:34:D6:55:70:F7:1C:21:73:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RBO99Nx0Nfr1G6k01lVw9xwhcxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/1eI6tHWn5mw1MIq0X_zgTwv9fSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/47aa2f-6b6f-4ef5-9b99-bc9ecc2adb43/1/RBO99Nx0Nfr1G6k01lVw9xwhcxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.236.0/23
                  185.78.16.0/22
                IPv6:
                  2a05:6680::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:15:55:df:8c:25:07:73:7d:04:b5:1f:6b:3c:1d:53:79:d2:
         fa:13:90:85:71:2d:2b:0d:23:8f:39:a8:30:de:46:3b:d5:92:
         11:24:4f:23:9b:40:06:79:f8:3d:92:6e:68:2b:c8:f1:67:e7:
         71:90:4d:92:2c:70:30:bd:c6:d9:25:75:97:7d:08:a5:05:51:
         b0:5f:50:3b:8b:dc:3f:34:ff:e8:73:81:94:a5:57:2b:97:8f:
         b0:fe:0f:28:bd:b4:ad:5e:d4:eb:c8:9c:73:30:a8:42:5f:32:
         ab:80:c6:2d:8e:ae:44:3c:d3:0d:ec:d2:74:12:6b:ce:22:5e:
         c4:76:2e:ce:b7:92:62:49:27:1b:55:75:85:04:04:70:c8:d9:
         2a:bf:be:e9:5d:d0:78:bb:90:58:fc:bf:d6:7c:14:68:b3:4f:
         f4:57:3b:84:48:c0:b2:5d:24:91:00:f2:fd:b1:32:54:0f:d8:
         46:d4:a0:5f:1e:24:8c:9e:05:b6:6f:de:26:1c:07:44:12:66:
         f3:d6:6a:43:d3:04:ca:4f:b7:61:b8:90:8f:c6:87:05:1a:eb:
         b8:70:13:1b:34:52:74:74:8a:37:09:1a:5f:fe:ff:f9:33:6c:
         49:d0:08:d3:63:9f:96:27:dc:ee:7b:66:e0:61:68:3e:b7:9a:
         62:b9:9b:c5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZkQPZEqgLlWgIT88osDAwZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MTNiZGY0ZGM3NDM1ZmFmNTFiYTkzNGQ2NTU3MGY3MWMy
MTczMWEwHhcNMjUwOTAzMTU0MTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWUyM2FiNDc1YTdlNjZjMzUzMDhhYjQ1ZmZjZTA0ZjBiZmQ3ZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVwes/ysoZ10hEzz3tjjFN55QeVo
zoknT7iF8aBCbIJJ12AXjrkLHnEPD3lQii2W1gDkIeV0Jl9al57UyHIrKUB65ooy
8JPe07r9Tv1FuwNfq7Km6T5S0IbQo6cB3Nz/N2E5Pif4e37EMx2k5fSIwqzVK9w9
zXYVNnqX3u1j0mJYx9elPn5RKdxH9dgZWuDO6cz6vFd3YbeKkDUPuqKnhp6h7fLg
MAluK0Fm2E46hMMkarFwtRcRico7ot59KL81OUnTv69q6s49F5H+rkpTbMwA9Rqm
ZvjPioznhyF/dLs5SId20pZNJlOiIBEj0lbEAY8vivxPb50wVfqzW2rkAwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNXiOrR1p+ZsNTCKtF/84E8L/X0hMB8GA1UdIwQY
MBaAFEQTvfTcdDX69RupNNZVcPccIXMaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkJPOTlOeDBOZnIxRzZrMDFsVnc5eHdoY3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80N2FhMmYtNmI2Zi00ZWY1LTliOTkt
YmM5ZWNjMmFkYjQzLzEvMWVJNnRIV241bXcxTUlxMFhfemdUd3Y5ZlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80N2FhMmYtNmI2Zi00ZWY1LTliOTktYmM5ZWNjMmFkYjQz
LzEvUkJPOTlOeDBOZnIxRzZrMDFsVnc5eHdoY3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBLYPsAwQC
uU4QMA0EAgACMAcDBQMqBWaAMA0GCSqGSIb3DQEBCwUAA4IBAQAQFVXfjCUHc30E
tR9rPB1TedL6E5CFcS0rDSOPOagw3kY71ZIRJE8jm0AGefg9km5oK8jxZ+dxkE2S
LHAwvcbZJXWXfQilBVGwX1A7i9w/NP/oc4GUpVcrl4+w/g8ovbStXtTryJxzMKhC
XzKrgMYtjq5EPNMN7NJ0EmvOIl7Edi7Ot5JiSScbVXWFBARwyNkqv77pXdB4u5BY
/L/WfBRos0/0VzuESMCyXSSRAPL9sTJUD9hG1KBfHiSMngW2b94mHAdEEmbz1mpD
0wTKT7dhuJCPxocFGuu4cBMbNFJ0dIo3CRpf/v/5M2xJ0AjTY5+WJ9zue2bgYWg+
t5piuZvF
-----END CERTIFICATE-----