Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/dukXrNFcAur9DNJHTrHF2dvZIns.roa
File:                     dukXrNFcAur9DNJHTrHF2dvZIns.roa (raw, json)
Hash identifier:          +gvckuM3WrJ0ZC8yAiyvfLpgNPBfeWipzFo2tWbrTk8=
Subject key identifier:   76:E9:17:AC:D1:5C:02:EA:FD:0C:D2:47:4E:B1:C5:D9:DB:D9:22:7B
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0199B8F223EDD3AC7EFBAFF3B05878F52A15
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/dukXrNFcAur9DNJHTrHF2dvZIns.roa
Signing time:             Mon 06 Oct 2025 09:55:00 +0000
ROA not before:           Mon 06 Oct 2025 09:55:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212826
IP address blocks:        45.152.11.0/24 maxlen: 24
                          46.161.208.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 23:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b8:f2:23:ed:d3:ac:7e:fb:af:f3:b0:58:78:f5:2a:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Oct  6 09:55:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76e917acd15c02eafd0cd2474eb1c5d9dbd9227b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:fe:cb:44:62:a7:da:e5:66:3a:a7:ac:e6:82:
                    df:c1:bf:00:a0:8f:b0:fb:0a:58:06:e9:d4:97:3b:
                    be:1c:c6:2d:7e:d0:73:12:30:72:c0:2b:8e:0e:10:
                    6d:c3:d4:2f:1c:ff:81:a4:0b:38:94:29:8f:ed:d4:
                    01:eb:ff:be:80:41:81:3b:26:4b:31:a9:29:10:74:
                    ff:5b:45:9c:3e:d1:3f:43:02:94:96:f2:a7:3b:2d:
                    3b:be:06:7e:98:79:d6:8a:fe:7f:c6:84:c3:da:88:
                    32:c5:7c:35:4f:f2:d2:d4:f5:6d:d2:32:0c:ed:a8:
                    27:e3:af:fd:0b:75:d0:29:36:a3:df:72:b1:f4:b6:
                    1d:13:96:59:f7:73:8c:af:8c:0a:68:48:37:d1:b4:
                    53:1a:c0:22:32:7e:e8:1f:fc:a3:8a:e1:ca:c5:e2:
                    09:2a:fe:3f:68:64:b4:ac:4d:c9:4f:5a:49:59:ca:
                    f1:39:30:48:1a:86:ce:0e:c5:66:b3:fa:a4:99:49:
                    32:08:65:9b:26:ce:44:24:b5:9c:27:3e:74:8c:ac:
                    91:90:a8:4b:de:f6:ee:0c:9e:6b:4f:d6:b2:5b:6e:
                    4a:02:3b:ce:7c:9c:0f:64:a8:d7:92:76:00:c8:ce:
                    c9:aa:39:93:35:b2:8a:8f:82:91:c5:79:7a:5e:1f:
                    69:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:E9:17:AC:D1:5C:02:EA:FD:0C:D2:47:4E:B1:C5:D9:DB:D9:22:7B
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/dukXrNFcAur9DNJHTrHF2dvZIns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.11.0/24
                  46.161.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:db:a5:8c:86:90:42:84:4a:3c:af:b4:a5:e5:60:4d:1d:90:
         d9:e1:cc:ba:92:5f:1f:1b:7a:d6:7a:b5:c5:b1:33:03:8f:52:
         b3:e9:e9:52:b2:7f:dc:c0:ae:1d:85:3c:f2:ce:1e:44:56:cf:
         95:35:ba:32:cd:29:e1:78:fc:ca:b0:d7:31:63:ff:4a:5d:21:
         c5:26:99:ff:0b:fb:0d:04:1a:ff:8f:cb:94:4f:89:5c:1d:35:
         0d:36:16:73:13:39:68:b2:dd:19:4b:04:1d:1d:ee:d0:ea:fa:
         4f:93:f0:43:82:64:76:9d:aa:51:f6:4d:e8:c6:d7:f7:0a:ea:
         78:77:03:ba:e4:1f:d6:4d:26:32:32:d0:ef:f6:41:b9:70:8f:
         6b:73:3e:cc:51:e0:2a:af:0e:9b:a1:c4:49:00:63:a8:0f:c8:
         76:1a:ba:78:ec:c6:0f:b0:38:3a:24:73:1c:6d:b1:fa:41:12:
         b1:ea:48:0a:2a:90:52:c3:76:dc:3d:93:12:cc:d8:14:81:a9:
         37:78:c7:27:cf:21:37:69:d9:36:35:ce:c4:9e:35:0a:df:73:
         40:08:01:b1:9d:67:67:63:3c:a3:3b:bf:fe:34:4f:18:93:0b:
         78:26:ed:ff:f0:3a:7a:de:1c:d9:a4:56:5f:3e:bf:a8:cb:44:
         d3:b7:b7:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZm48iPt06x++6/zsFh49SoVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUxMDA2MDk1NTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmU5MTdhY2QxNWMwMmVhZmQwY2QyNDc0ZWIxYzVkOWRiZDkyMjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv7LRGKn2uVmOqes5oLfwb8AoI+w
+wpYBunUlzu+HMYtftBzEjBywCuODhBtw9QvHP+BpAs4lCmP7dQB6/++gEGBOyZL
MakpEHT/W0WcPtE/QwKUlvKnOy07vgZ+mHnWiv5/xoTD2ogyxXw1T/LS1PVt0jIM
7agn46/9C3XQKTaj33Kx9LYdE5ZZ93OMr4wKaEg30bRTGsAiMn7oH/yjiuHKxeIJ
Kv4/aGS0rE3JT1pJWcrxOTBIGobODsVms/qkmUkyCGWbJs5EJLWcJz50jKyRkKhL
3vbuDJ5rT9ayW25KAjvOfJwPZKjXknYAyM7JqjmTNbKKj4KRxXl6Xh9pOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHbpF6zRXALq/QzSR06xxdnb2SJ7MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvZHVrWHJORmNBdXI5RE5KSFRySEYyZHZaSW5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZgLAwQB
LqHQMA0GCSqGSIb3DQEBCwUAA4IBAQCj26WMhpBChEo8r7Sl5WBNHZDZ4cy6kl8f
G3rWerXFsTMDj1Kz6elSsn/cwK4dhTzyzh5EVs+VNboyzSnhePzKsNcxY/9KXSHF
Jpn/C/sNBBr/j8uUT4lcHTUNNhZzEzlost0ZSwQdHe7Q6vpPk/BDgmR2napR9k3o
xtf3Cup4dwO65B/WTSYyMtDv9kG5cI9rcz7MUeAqrw6bocRJAGOoD8h2Grp47MYP
sDg6JHMcbbH6QRKx6kgKKpBSw3bcPZMSzNgUgak3eMcnzyE3adk2Nc7EnjUK33NA
CAGxnWdnYzyjO7/+NE8Ykwt4Ju3/8Dp63hzZpFZfPr+oy0TTt7eG
-----END CERTIFICATE-----