Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/EyxiBwGz3fbQOTCgSbyGafbb6MA.roa
File:                     EyxiBwGz3fbQOTCgSbyGafbb6MA.roa (raw, json)
Hash identifier:          n6eIFnxf5exyMxf3AWrNq3KvO/yLJP2B9DLSv4EOIFE=
Subject key identifier:   13:2C:62:07:01:B3:DD:F6:D0:39:30:A0:49:BC:86:69:F6:DB:E8:C0
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01995E2456C3C87A30EBF88AF7CD6BE7E782
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/EyxiBwGz3fbQOTCgSbyGafbb6MA.roa
Signing time:             Thu 18 Sep 2025 18:44:23 +0000
ROA not before:           Thu 18 Sep 2025 18:44:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197450
IP address blocks:        45.138.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5e:24:56:c3:c8:7a:30:eb:f8:8a:f7:cd:6b:e7:e7:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep 18 18:44:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=132c620701b3ddf6d03930a049bc8669f6dbe8c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cd:3a:e6:62:c4:3c:2d:91:27:69:3e:9c:31:
                    ed:b2:3d:c0:c3:00:bf:f3:81:11:1a:83:6a:bc:ff:
                    87:17:7b:ad:66:f6:7d:29:3e:8f:c1:21:91:21:b8:
                    fe:be:03:ad:98:54:43:62:2d:42:1b:15:c6:0e:4e:
                    53:a5:a5:22:c2:06:57:70:26:b4:83:16:58:23:a9:
                    5d:5a:82:a1:b6:2a:24:02:27:c6:49:2c:04:1a:79:
                    47:1e:d4:00:40:ca:84:2a:95:63:d9:2b:2a:1b:e9:
                    61:f6:75:5e:de:dd:20:31:6c:8e:7e:05:7a:ab:37:
                    dc:a4:4c:7a:a8:1e:d9:2f:86:2f:f1:bb:76:8a:f0:
                    bc:36:13:cf:bd:9b:ff:de:fb:be:73:f1:25:eb:2c:
                    6d:4f:30:2f:7b:ac:08:0e:d5:ac:bf:be:e3:71:3e:
                    72:21:56:5a:3f:ac:d2:0d:21:51:46:b1:01:7c:ac:
                    31:eb:74:23:a3:cc:04:9b:40:9a:4a:2c:0e:d4:9b:
                    c5:21:75:b2:25:0d:e7:0f:3f:9c:d3:a3:14:41:02:
                    03:01:81:94:70:d5:b6:e4:8c:22:3e:7d:01:d6:b8:
                    08:a5:25:63:cb:00:1b:d3:6f:e3:17:01:42:b3:cc:
                    eb:59:51:d4:95:fd:48:4a:5b:de:b0:3f:96:dc:06:
                    09:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:2C:62:07:01:B3:DD:F6:D0:39:30:A0:49:BC:86:69:F6:DB:E8:C0
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/EyxiBwGz3fbQOTCgSbyGafbb6MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:90:80:dc:17:b1:26:1a:31:dc:c3:ca:b2:e1:31:8a:67:2a:
         77:98:4e:bb:61:76:e5:be:29:27:35:da:f0:e3:90:dc:c4:c8:
         09:df:b4:2d:73:08:8b:39:f6:79:d8:1e:59:39:b4:cc:dd:6f:
         ec:6e:dc:b1:88:12:d4:25:16:14:65:1a:6f:94:ba:a0:ca:18:
         91:d4:92:b6:44:1e:30:d2:74:a6:b9:0b:18:43:df:1f:cc:db:
         a8:d0:f7:84:48:03:14:c4:91:55:ff:1c:c3:aa:b7:d5:63:67:
         86:29:a1:76:fd:10:7f:a7:cf:2a:e7:52:14:3f:a2:32:45:b2:
         8b:8c:b9:af:ac:e7:c3:58:0b:81:38:b5:0e:5c:01:45:f4:f2:
         67:5d:e1:91:c6:1d:58:1d:bd:b4:27:ac:09:a8:d4:b2:47:bd:
         39:c3:01:31:d1:72:bb:d9:cf:e4:b1:d5:66:1f:c8:65:be:ba:
         af:52:30:eb:df:c1:0b:20:95:b4:c4:87:9d:8b:fc:36:e5:5f:
         19:20:c1:82:4b:41:df:a8:82:4f:6c:57:9c:ed:41:4f:f5:38:
         ab:54:de:b0:11:bf:aa:29:85:1a:c9:9d:4a:4b:e1:d8:b7:71:
         e5:b3:25:0b:3a:92:85:09:f3:64:8f:52:8c:d2:72:49:b3:81:
         a1:b1:05:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZleJFbDyHow6/iK981r5+eCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwOTE4MTg0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzJjNjIwNzAxYjNkZGY2ZDAzOTMwYTA0OWJjODY2OWY2ZGJlOGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApM065mLEPC2RJ2k+nDHtsj3AwwC/
84ERGoNqvP+HF3utZvZ9KT6PwSGRIbj+vgOtmFRDYi1CGxXGDk5TpaUiwgZXcCa0
gxZYI6ldWoKhtiokAifGSSwEGnlHHtQAQMqEKpVj2SsqG+lh9nVe3t0gMWyOfgV6
qzfcpEx6qB7ZL4Yv8bt2ivC8NhPPvZv/3vu+c/El6yxtTzAve6wIDtWsv77jcT5y
IVZaP6zSDSFRRrEBfKwx63Qjo8wEm0CaSiwO1JvFIXWyJQ3nDz+c06MUQQIDAYGU
cNW25IwiPn0B1rgIpSVjywAb02/jFwFCs8zrWVHUlf1ISlvesD+W3AYJTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMsYgcBs9320DkwoEm8hmn22+jAMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRXl4aUJ3R3ozZmJRT1RDZ1NieUdhZmJiNk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYq0MA0G
CSqGSIb3DQEBCwUAA4IBAQASkIDcF7EmGjHcw8qy4TGKZyp3mE67YXblviknNdrw
45DcxMgJ37QtcwiLOfZ52B5ZObTM3W/sbtyxiBLUJRYUZRpvlLqgyhiR1JK2RB4w
0nSmuQsYQ98fzNuo0PeESAMUxJFV/xzDqrfVY2eGKaF2/RB/p88q51IUP6IyRbKL
jLmvrOfDWAuBOLUOXAFF9PJnXeGRxh1YHb20J6wJqNSyR705wwEx0XK72c/ksdVm
H8hlvrqvUjDr38ELIJW0xIedi/w25V8ZIMGCS0HfqIJPbFec7UFP9TirVN6wEb+q
KYUayZ1KS+HYt3HlsyULOpKFCfNkj1KM0nJJs4GhsQXI
-----END CERTIFICATE-----