Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/3rzAd226LvrMj0Cm0bg7sXb9CMo.roa
File:                     3rzAd226LvrMj0Cm0bg7sXb9CMo.roa (raw, json)
Hash identifier:          n/9KaWla5IkEpIQV9qzq6meBd1c5WCnkPlwm2zCEneA=
Subject key identifier:   DE:BC:C0:77:6D:BA:2E:FA:CC:8F:40:A6:D1:B8:3B:B1:76:FD:08:CA
Certificate issuer:       /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial:       0199FC8DA2676F06EBA314B714F6AB0F8870
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/3rzAd226LvrMj0Cm0bg7sXb9CMo.roa
Signing time:             Sun 19 Oct 2025 12:59:24 +0000
ROA not before:           Sun 19 Oct 2025 12:59:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        45.11.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fc:8d:a2:67:6f:06:eb:a3:14:b7:14:f6:ab:0f:88:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
        Validity
            Not Before: Oct 19 12:59:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=debcc0776dba2efacc8f40a6d1b83bb176fd08ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:67:21:8e:74:9c:8f:2e:80:00:0f:ce:ba:
                    13:3c:17:a9:78:86:dd:3a:e6:48:bc:22:1f:35:7a:
                    71:fb:96:ce:34:8a:51:f5:df:55:70:f6:ea:13:90:
                    41:86:13:26:10:35:fd:3f:4b:1c:6b:cc:9a:dd:31:
                    8e:4f:bc:5e:f3:1b:c3:c1:d9:1d:bb:8f:e7:39:7c:
                    8b:79:d2:c1:cd:8d:4b:74:77:8c:50:97:13:e4:b9:
                    ab:f5:34:c6:25:4e:41:f3:81:33:57:04:64:71:d2:
                    3c:77:66:a4:bb:c8:7a:91:a5:f3:d5:48:63:4b:ef:
                    fa:65:de:27:8b:b1:36:3f:2b:88:b2:2f:2f:86:82:
                    4d:1a:f0:3a:b2:5a:8c:71:72:e3:cf:80:1a:8c:cf:
                    46:52:8b:7b:a4:71:04:86:c1:30:c5:17:cd:57:8e:
                    69:bc:4f:f7:8b:f9:15:d2:81:c8:e8:5e:7b:49:58:
                    0a:13:1d:f5:6a:e7:19:84:c9:cb:08:77:13:ba:b1:
                    4c:33:7a:0d:b0:91:4c:17:27:3a:9a:2c:e9:19:1d:
                    d4:92:dd:13:c7:57:50:5b:07:06:86:10:8c:3a:27:
                    e0:af:ef:b0:c9:0f:da:f8:80:84:da:95:99:54:18:
                    9e:a1:a7:fd:a1:18:6e:90:5e:e3:2b:d9:73:06:f3:
                    d2:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BC:C0:77:6D:BA:2E:FA:CC:8F:40:A6:D1:B8:3B:B1:76:FD:08:CA
            X509v3 Authority Key Identifier:
                keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/3rzAd226LvrMj0Cm0bg7sXb9CMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:11:c5:44:e0:c0:b7:8f:44:87:2b:97:4f:52:e4:ee:e8:80:
         d6:f9:c7:07:26:e5:d2:ac:02:ff:16:fc:62:9b:71:9f:ca:ba:
         ef:77:cb:6c:61:d5:1b:1f:3e:2c:ab:a3:74:25:56:6b:58:f8:
         82:fe:4f:a3:a6:55:6b:3d:31:06:01:68:3e:fc:8a:b6:21:0d:
         48:bd:24:38:1b:7c:ae:b2:cb:49:4b:37:aa:c8:db:73:40:05:
         98:12:2a:0d:79:68:33:ac:c9:f7:b8:11:91:25:ba:bd:8d:aa:
         2b:cb:bc:d0:0b:ac:67:ac:ee:ff:56:b4:b6:a6:d2:f7:ba:f1:
         3c:af:40:ed:3e:ae:5d:83:e0:e7:42:e9:c3:8a:f4:5a:81:85:
         b5:6c:30:19:69:f8:f7:fd:87:71:d1:2c:7b:24:53:88:f6:2f:
         50:52:c2:ae:34:24:9a:93:1f:9d:fd:67:5b:ae:ae:1c:b6:22:
         6c:c3:b3:40:8d:8d:40:5c:e8:5d:0e:42:d7:df:99:b8:d1:0a:
         6b:9d:e6:d4:7b:21:f4:24:9b:8d:3c:e8:91:2e:1b:9c:06:a7:
         7c:c9:3d:6e:d7:78:ba:e7:92:27:73:5d:81:1f:fe:4a:9c:19:
         7c:d8:d3:82:dc:91:6e:13:27:08:05:03:d3:cf:a1:a6:13:ed:
         f9:2e:13:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn8jaJnbwbroxS3FParD4hwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjUxMDE5MTI1OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJjYzA3NzZkYmEyZWZhY2M4ZjQwYTZkMWI4M2JiMTc2ZmQwOGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXRnIY50nI8ugAAPzroTPBepeIbd
OuZIvCIfNXpx+5bONIpR9d9VcPbqE5BBhhMmEDX9P0sca8ya3TGOT7xe8xvDwdkd
u4/nOXyLedLBzY1LdHeMUJcT5Lmr9TTGJU5B84EzVwRkcdI8d2aku8h6kaXz1Uhj
S+/6Zd4ni7E2PyuIsi8vhoJNGvA6slqMcXLjz4AajM9GUot7pHEEhsEwxRfNV45p
vE/3i/kV0oHI6F57SVgKEx31aucZhMnLCHcTurFMM3oNsJFMFyc6mizpGR3Ukt0T
x1dQWwcGhhCMOifgr++wyQ/a+ICE2pWZVBieoaf9oRhukF7jK9lzBvPSPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN68wHdtui76zI9AptG4O7F2/QjKMB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvM3J6QWQyMjZMdnJNajBDbTBiZzdzWGI5Q01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQutMA0G
CSqGSIb3DQEBCwUAA4IBAQAoEcVE4MC3j0SHK5dPUuTu6IDW+ccHJuXSrAL/Fvxi
m3Gfyrrvd8tsYdUbHz4sq6N0JVZrWPiC/k+jplVrPTEGAWg+/Iq2IQ1IvSQ4G3yu
sstJSzeqyNtzQAWYEioNeWgzrMn3uBGRJbq9jaory7zQC6xnrO7/VrS2ptL3uvE8
r0DtPq5dg+DnQunDivRagYW1bDAZafj3/Ydx0Sx7JFOI9i9QUsKuNCSakx+d/Wdb
rq4ctiJsw7NAjY1AXOhdDkLX35m40QprnebUeyH0JJuNPOiRLhucBqd8yT1u13i6
55Inc12BH/5KnBl82NOC3JFuEycIBQPTz6GmE+35LhPu
-----END CERTIFICATE-----