Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/u99mkpaaaHsWuG4GnECLFKdUTd8.roa
File:                     u99mkpaaaHsWuG4GnECLFKdUTd8.roa (raw, json)
Hash identifier:          wpeiGc/D3gd8JW7W6Zw/WXRExIe/74QKlESz2JdBq5w=
Subject key identifier:   BB:DF:66:92:96:9A:68:7B:16:B8:6E:06:9C:40:8B:14:A7:54:4D:DF
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0199061DBE4BD0474DF5C303F53DF48D2C5A
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/u99mkpaaaHsWuG4GnECLFKdUTd8.roa
Signing time:             Mon 01 Sep 2025 16:30:36 +0000
ROA not before:           Mon 01 Sep 2025 16:30:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211507
IP address blocks:        45.67.138.0/24 maxlen: 24
                          45.133.73.0/24 maxlen: 24
                          185.132.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:06:1d:be:4b:d0:47:4d:f5:c3:03:f5:3d:f4:8d:2c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Sep  1 16:30:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbdf6692969a687b16b86e069c408b14a7544ddf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:00:cf:ec:4d:84:80:30:25:39:74:b8:6c:06:
                    e1:bd:9a:84:b5:f4:2b:25:c6:05:dc:1e:c0:22:48:
                    b7:1e:95:e1:83:ec:b5:b7:97:91:48:db:a6:4f:e8:
                    d1:6a:91:6a:c0:cb:78:2c:84:8e:ed:bc:73:60:32:
                    55:b1:88:8c:a5:64:81:73:89:3c:e1:56:25:2c:32:
                    14:65:4e:cd:c8:6b:73:06:e3:76:00:8e:c3:fa:4a:
                    58:34:0f:2c:48:11:58:64:83:bd:b1:c7:37:9e:e2:
                    23:d1:f6:3e:48:d7:75:33:85:f8:43:38:67:45:97:
                    cf:f4:47:be:d2:9f:e5:c4:7d:80:08:a5:e5:db:43:
                    4e:8c:dc:6d:2b:e3:ad:e4:02:fe:32:c9:e7:0f:9c:
                    77:62:0d:d6:b2:77:e9:1d:c5:29:ef:02:22:cb:d9:
                    2d:51:e4:8b:ed:a0:35:f3:5f:39:50:af:62:ca:78:
                    14:76:60:dd:68:74:63:0d:db:54:ef:f2:46:98:1f:
                    8b:65:43:69:23:01:05:df:f2:5e:e4:7f:7b:ce:5e:
                    de:5d:67:16:eb:44:2d:6a:65:94:b7:24:d1:c7:36:
                    3b:46:31:47:0e:61:bd:8b:91:5c:5a:5c:c9:77:49:
                    99:4c:54:ce:bb:39:f3:72:89:57:e2:d4:fd:e7:09:
                    ba:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:DF:66:92:96:9A:68:7B:16:B8:6E:06:9C:40:8B:14:A7:54:4D:DF
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/u99mkpaaaHsWuG4GnECLFKdUTd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.138.0/24
                  45.133.73.0/24
                  185.132.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:79:67:d8:27:23:7d:73:2a:1d:80:31:42:36:52:13:89:77:
         e1:a7:6b:c2:a1:f9:86:e0:40:1c:f0:75:ff:7e:7d:83:2a:ae:
         2d:1e:15:a1:6d:a0:af:d7:fe:9a:a8:4d:ef:83:d3:9d:15:c5:
         c2:53:b2:83:3f:cf:28:5e:39:0a:a9:20:60:28:54:30:a3:e1:
         fe:da:6a:45:15:0c:ed:16:78:03:14:5f:c6:fb:2d:8d:f5:8b:
         56:eb:fa:ec:f8:5b:e3:ad:36:0c:ea:28:39:d1:be:6d:d5:75:
         04:02:ab:21:89:43:35:8f:28:61:1e:50:8b:da:cd:d2:0a:36:
         19:63:55:68:3b:6b:88:ab:cb:3e:0b:ac:93:71:1a:0f:9d:0b:
         79:80:cc:06:18:c5:a9:a4:21:6b:95:a4:38:fe:7d:86:9a:7f:
         b8:4c:00:84:57:64:59:c4:84:3f:94:60:6c:10:de:ed:ec:b5:
         bb:ff:ce:7a:5c:dd:b1:cf:fe:db:9b:19:25:f1:e0:09:67:f6:
         4b:13:3e:d0:ba:e6:f3:66:27:3c:9c:d8:33:79:5a:be:4a:a3:
         8a:25:1d:55:0a:c8:47:78:42:23:96:82:ab:b7:76:01:7b:99:
         a8:b7:12:2a:97:7c:3c:65:0c:e6:ca:14:05:1b:86:5c:dd:14:
         38:22:56:09
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkGHb5L0EdN9cMD9T30jSxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwOTAxMTYzMDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmRmNjY5Mjk2OWE2ODdiMTZiODZlMDY5YzQwOGIxNGE3NTQ0ZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkADP7E2EgDAlOXS4bAbhvZqEtfQr
JcYF3B7AIki3HpXhg+y1t5eRSNumT+jRapFqwMt4LISO7bxzYDJVsYiMpWSBc4k8
4VYlLDIUZU7NyGtzBuN2AI7D+kpYNA8sSBFYZIO9scc3nuIj0fY+SNd1M4X4Qzhn
RZfP9Ee+0p/lxH2ACKXl20NOjNxtK+Ot5AL+MsnnD5x3Yg3WsnfpHcUp7wIiy9kt
UeSL7aA18185UK9iyngUdmDdaHRjDdtU7/JGmB+LZUNpIwEF3/Je5H97zl7eXWcW
60QtamWUtyTRxzY7RjFHDmG9i5FcWlzJd0mZTFTOuznzcolX4tT95wm6GwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLvfZpKWmmh7FrhuBpxAixSnVE3fMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvdTk5bWtwYWFhSHNXdUc0R25FQ0xGS2RVVGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUOKAwQA
LYVJAwQAuYQ1MA0GCSqGSIb3DQEBCwUAA4IBAQCfeWfYJyN9cyodgDFCNlITiXfh
p2vCofmG4EAc8HX/fn2DKq4tHhWhbaCv1/6aqE3vg9OdFcXCU7KDP88oXjkKqSBg
KFQwo+H+2mpFFQztFngDFF/G+y2N9YtW6/rs+FvjrTYM6ig50b5t1XUEAqshiUM1
jyhhHlCL2s3SCjYZY1VoO2uIq8s+C6yTcRoPnQt5gMwGGMWppCFrlaQ4/n2Gmn+4
TACEV2RZxIQ/lGBsEN7t7LW7/856XN2xz/7bmxkl8eAJZ/ZLEz7QuubzZic8nNgz
eVq+SqOKJR1VCshHeEIjloKrt3YBe5motxIql3w8ZQzmyhQFG4Zc3RQ4IlYJ
-----END CERTIFICATE-----