Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/fpOmXuqSYT9hD31LTOuqnwdIlXA.roa
File:                     fpOmXuqSYT9hD31LTOuqnwdIlXA.roa (raw, json)
Hash identifier:          WZfJnOrEyAEFDgpimUyRrFhgjK4pZzoR9cKU8RnqU48=
Subject key identifier:   7E:93:A6:5E:EA:92:61:3F:61:0F:7D:4B:4C:EB:AA:9F:07:48:95:70
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0198F0176F93AB3A56E14F78B7DBDE6CD269
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/fpOmXuqSYT9hD31LTOuqnwdIlXA.roa
Signing time:             Thu 28 Aug 2025 09:52:04 +0000
ROA not before:           Thu 28 Aug 2025 09:52:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215531
IP address blocks:        45.151.3.0/24 maxlen: 24
                          77.83.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:17:6f:93:ab:3a:56:e1:4f:78:b7:db:de:6c:d2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Aug 28 09:52:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e93a65eea92613f610f7d4b4cebaa9f07489570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b9:92:1e:96:d4:3e:07:5a:0e:31:d9:f0:5e:
                    71:10:2d:37:bd:dc:28:63:fd:fb:4e:d4:7f:39:da:
                    cd:ea:b3:f5:d1:77:a3:e0:7f:21:18:1c:84:bc:ed:
                    07:42:3e:02:1a:3d:26:c1:7f:84:65:79:03:61:34:
                    8a:7e:75:19:73:83:dc:cc:ac:18:d8:2c:14:94:d4:
                    1b:66:ec:57:3d:7b:6e:e3:a2:b7:c6:d1:a3:b8:40:
                    48:ef:45:d3:9e:e9:0c:31:dd:bd:e6:ff:7e:1b:d0:
                    44:c1:79:08:80:d2:7e:88:41:25:e2:e1:c6:66:c3:
                    ea:7e:17:0e:10:a0:4e:5d:19:a7:ef:56:62:41:d4:
                    bd:a1:d8:ee:a5:a8:80:4c:87:f9:22:4d:32:14:2f:
                    56:c6:fd:d2:7f:86:87:17:6c:30:f2:aa:e3:24:66:
                    17:e4:58:dc:a6:90:63:f7:15:11:ae:09:a7:52:16:
                    76:61:12:ea:54:85:33:f0:32:7a:60:00:e2:b9:e9:
                    62:57:c5:d4:20:c1:51:8c:cd:2d:6c:29:cf:fa:06:
                    41:c9:fb:10:a2:ae:0d:df:b6:40:00:93:b0:15:77:
                    a5:fc:50:f0:54:54:2e:b4:8c:9e:b4:48:e7:3f:ea:
                    45:d6:1b:14:88:6a:34:1b:ee:a4:e8:89:f2:bf:86:
                    79:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:93:A6:5E:EA:92:61:3F:61:0F:7D:4B:4C:EB:AA:9F:07:48:95:70
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/fpOmXuqSYT9hD31LTOuqnwdIlXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.3.0/24
                  77.83.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:04:d5:92:57:fc:e9:6a:59:4b:ed:36:c2:7a:7b:53:a3:dd:
         f5:27:7a:e1:28:89:c4:6d:1e:e0:11:a2:c8:ff:27:1c:9b:ad:
         02:f3:4d:86:80:4d:85:86:de:be:19:d6:45:f0:3e:06:79:92:
         04:a2:96:87:63:db:6c:8d:4d:f0:0c:be:4c:3f:dd:07:39:d7:
         14:2f:68:7f:43:17:06:a8:67:4b:87:d9:0d:03:3e:b2:39:08:
         ab:9f:55:d8:2b:81:7c:96:1c:27:57:ba:b1:87:e5:5d:25:42:
         37:c8:5f:ee:8b:62:9c:2e:64:fb:3f:30:14:c0:f0:d7:cd:87:
         3d:7b:48:0c:0d:0e:1d:d8:d9:33:3c:89:62:d1:0e:a9:01:04:
         86:a8:e8:da:fd:59:45:f4:1d:1b:18:70:75:0d:0b:71:d6:1f:
         fa:d7:8b:98:11:47:be:4e:54:a3:d3:0f:30:29:30:1c:28:e2:
         41:59:af:be:5c:42:83:c6:84:78:f9:2a:30:5f:a2:bb:93:4d:
         e4:13:46:52:0a:c8:fc:a4:d2:b9:ca:98:21:e3:eb:6a:66:81:
         b1:88:8c:93:75:94:2b:82:08:15:43:71:40:d8:8a:d3:e3:a1:
         db:68:44:dc:41:e9:9b:13:f0:35:22:d0:9b:7c:9c:6c:f8:ca:
         f7:dc:01:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjwF2+TqzpW4U94t9vebNJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwODI4MDk1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTkzYTY1ZWVhOTI2MTNmNjEwZjdkNGI0Y2ViYWE5ZjA3NDg5NTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57mSHpbUPgdaDjHZ8F5xEC03vdwo
Y/37TtR/OdrN6rP10Xej4H8hGByEvO0HQj4CGj0mwX+EZXkDYTSKfnUZc4PczKwY
2CwUlNQbZuxXPXtu46K3xtGjuEBI70XTnukMMd295v9+G9BEwXkIgNJ+iEEl4uHG
ZsPqfhcOEKBOXRmn71ZiQdS9odjupaiATIf5Ik0yFC9Wxv3Sf4aHF2ww8qrjJGYX
5FjcppBj9xURrgmnUhZ2YRLqVIUz8DJ6YADiueliV8XUIMFRjM0tbCnP+gZByfsQ
oq4N37ZAAJOwFXel/FDwVFQutIyetEjnP+pF1hsUiGo0G+6k6Inyv4Z5fQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6Tpl7qkmE/YQ99S0zrqp8HSJVwMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZnBPbVh1cVNZVDloRDMxTFRPdXFud2RJbFhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZcDAwQA
TVMlMA0GCSqGSIb3DQEBCwUAA4IBAQAFBNWSV/zpallL7TbCentTo931J3rhKInE
bR7gEaLI/yccm60C802GgE2Fht6+GdZF8D4GeZIEopaHY9tsjU3wDL5MP90HOdcU
L2h/QxcGqGdLh9kNAz6yOQirn1XYK4F8lhwnV7qxh+VdJUI3yF/ui2KcLmT7PzAU
wPDXzYc9e0gMDQ4d2NkzPIli0Q6pAQSGqOja/VlF9B0bGHB1DQtx1h/614uYEUe+
TlSj0w8wKTAcKOJBWa++XEKDxoR4+SowX6K7k03kE0ZSCsj8pNK5ypgh4+tqZoGx
iIyTdZQrgggVQ3FA2IrT46HbaETcQembE/A1ItCbfJxs+Mr33AHR
-----END CERTIFICATE-----