Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/MqcJtj5YrV2deFqbcoVG32bZ2r8.roa
File:                     MqcJtj5YrV2deFqbcoVG32bZ2r8.roa (raw, json)
Hash identifier:          E92Ulmv1M67QKZLv1VXUCMAlXz/Jc5TybOn0dCFrPnk=
Subject key identifier:   32:A7:09:B6:3E:58:AD:5D:9D:78:5A:9B:72:85:46:DF:66:D9:DA:BF
Certificate issuer:       /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial:       0198551EE6359A3B3024DF2B5EA1C382C7D5
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/MqcJtj5YrV2deFqbcoVG32bZ2r8.roa
Signing time:             Tue 29 Jul 2025 07:39:04 +0000
ROA not before:           Tue 29 Jul 2025 07:39:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399073
IP address blocks:        45.11.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 Aug 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:1e:e6:35:9a:3b:30:24:df:2b:5e:a1:c3:82:c7:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
        Validity
            Not Before: Jul 29 07:39:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32a709b63e58ad5d9d785a9b728546df66d9dabf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:45:27:13:e6:e4:af:7d:5d:c3:22:25:c5:71:
                    6b:b7:d6:5d:e0:3d:79:02:40:70:55:bc:5a:78:4b:
                    13:db:06:5e:5e:f1:2b:c8:5e:27:cc:d6:fe:12:a2:
                    07:b5:44:b1:eb:44:2b:9c:12:08:07:6a:e4:1b:b8:
                    3b:9e:43:fa:e4:e3:43:b7:0a:f0:4f:47:c9:52:ea:
                    81:85:3a:b3:ce:d0:c9:d4:06:0e:17:50:3d:df:bf:
                    7c:60:22:47:72:2d:d2:e0:cc:26:6a:38:a4:a0:05:
                    b3:5e:12:6c:c5:98:88:c2:c8:1b:b7:d4:f4:a7:1b:
                    fb:f9:0b:1c:90:d0:18:42:b5:43:02:9f:fd:be:73:
                    7f:95:2c:84:97:5f:19:d1:ed:1b:0f:5a:b1:8d:7f:
                    b3:1d:68:a0:63:95:e6:bf:0d:e2:17:51:33:60:ec:
                    f0:59:3b:30:28:98:9c:76:8f:f8:36:9d:59:ab:26:
                    3d:0f:df:ea:de:c0:ab:8c:3d:aa:42:7e:be:a2:5e:
                    a9:d2:6f:08:02:42:5a:14:b0:15:48:96:f1:ba:77:
                    98:f4:e3:a8:3f:3d:55:e8:63:bd:e9:35:fb:a5:9f:
                    9d:1d:5f:42:6a:02:e4:f4:ec:6b:ec:fc:f3:9c:36:
                    83:96:d6:a2:5c:8b:af:0e:e4:b5:3d:83:85:7b:d7:
                    dc:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:A7:09:B6:3E:58:AD:5D:9D:78:5A:9B:72:85:46:DF:66:D9:DA:BF
            X509v3 Authority Key Identifier:
                keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/MqcJtj5YrV2deFqbcoVG32bZ2r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:be:32:ce:99:82:8c:b1:bd:ff:ce:68:04:21:9b:47:47:8a:
         ad:50:7b:c0:87:e3:cc:41:29:30:5f:16:0b:3f:c9:d1:14:8d:
         15:90:ec:da:90:c6:e0:01:0c:6c:41:9b:37:da:4e:42:54:5b:
         a2:34:bc:83:7c:1d:a5:22:45:07:3d:3e:c3:3b:b1:9a:17:e5:
         3a:10:a8:83:9e:6e:88:17:bd:70:c4:bc:56:1c:c2:f7:74:cb:
         15:8f:5f:3d:4c:2a:ff:e5:32:23:3c:cd:15:18:15:61:ec:af:
         a6:99:70:7c:0f:e2:77:c7:ac:1b:fc:8a:c6:25:2c:00:d5:e0:
         0d:16:84:e0:ae:da:a5:63:0c:ce:d1:ab:b7:d6:50:8e:d4:4c:
         3b:ad:97:8c:32:a5:bc:c3:83:a7:59:39:d6:93:ed:8d:c2:86:
         2d:c4:60:11:52:67:00:2f:6a:f5:15:f5:7e:40:92:e4:4b:5a:
         6c:e0:b0:06:a4:7d:74:9a:15:36:b6:99:b2:f8:6a:c5:d9:9b:
         2f:cb:77:3d:ec:30:6d:a1:71:9f:3e:a4:78:65:c0:98:74:26:
         85:7e:ef:6e:07:d2:29:58:24:79:87:e9:b6:bd:af:b2:a5:c3:
         ab:03:1f:ec:85:8c:e9:7d:7f:2d:03:67:3b:4a:30:c8:30:6d:
         04:b2:50:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhVHuY1mjswJN8rXqHDgsfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjUwNzI5MDczOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmE3MDliNjNlNThhZDVkOWQ3ODVhOWI3Mjg1NDZkZjY2ZDlkYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkUnE+bkr31dwyIlxXFrt9Zd4D15
AkBwVbxaeEsT2wZeXvEryF4nzNb+EqIHtUSx60QrnBIIB2rkG7g7nkP65ONDtwrw
T0fJUuqBhTqzztDJ1AYOF1A93798YCJHci3S4MwmajikoAWzXhJsxZiIwsgbt9T0
pxv7+QsckNAYQrVDAp/9vnN/lSyEl18Z0e0bD1qxjX+zHWigY5Xmvw3iF1EzYOzw
WTswKJicdo/4Np1ZqyY9D9/q3sCrjD2qQn6+ol6p0m8IAkJaFLAVSJbxuneY9OOo
Pz1V6GO96TX7pZ+dHV9CagLk9Oxr7PzznDaDltaiXIuvDuS1PYOFe9fcvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDKnCbY+WK1dnXham3KFRt9m2dq/MB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvTXFjSnRqNVlyVjJkZUZxYmNvVkczMmJaMnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQuvMA0G
CSqGSIb3DQEBCwUAA4IBAQAvvjLOmYKMsb3/zmgEIZtHR4qtUHvAh+PMQSkwXxYL
P8nRFI0VkOzakMbgAQxsQZs32k5CVFuiNLyDfB2lIkUHPT7DO7GaF+U6EKiDnm6I
F71wxLxWHML3dMsVj189TCr/5TIjPM0VGBVh7K+mmXB8D+J3x6wb/IrGJSwA1eAN
FoTgrtqlYwzO0au31lCO1Ew7rZeMMqW8w4OnWTnWk+2NwoYtxGARUmcAL2r1FfV+
QJLkS1ps4LAGpH10mhU2tpmy+GrF2Zsvy3c97DBtoXGfPqR4ZcCYdCaFfu9uB9Ip
WCR5h+m2va+ypcOrAx/shYzpfX8tA2c7SjDIMG0EslD+
-----END CERTIFICATE-----