Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mDCxfMYl3h4_297boyxTP5_Q3ws.roa
File:                     mDCxfMYl3h4_297boyxTP5_Q3ws.roa (raw, json)
Hash identifier:          hPqHyox/g5MJEMF9tpto8m8cg5sc0XMZqtOHmfpNuFY=
Subject key identifier:   98:30:B1:7C:C6:25:DE:1E:3F:DB:DE:DB:A3:2C:53:3F:9F:D0:DF:0B
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019A53F5B6F338606C0060FBDFC5FC0F5E74
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mDCxfMYl3h4_297boyxTP5_Q3ws.roa
Signing time:             Wed 05 Nov 2025 12:20:03 +0000
ROA not before:           Wed 05 Nov 2025 12:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213799
IP address blocks:        45.88.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:53:f5:b6:f3:38:60:6c:00:60:fb:df:c5:fc:0f:5e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Nov  5 12:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9830b17cc625de1e3fdbdedba32c533f9fd0df0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:4e:85:5a:51:33:29:5a:99:bf:4b:cd:e8:2b:
                    9d:26:ca:b0:03:88:d9:e0:11:4f:0f:4d:18:2b:84:
                    e2:ff:8a:9d:cb:06:02:27:ef:e5:9c:2e:b4:68:bb:
                    8d:7d:aa:f8:ea:4b:f9:28:28:29:a7:39:88:c3:d5:
                    7d:04:b3:fc:c1:de:04:87:63:9c:44:49:b2:3e:e3:
                    d8:14:1b:74:a1:dd:53:b3:5b:af:ba:28:17:49:3c:
                    b7:0d:77:60:1a:c7:56:ea:11:6a:b6:c0:a4:c6:b3:
                    a7:a8:f0:5d:11:97:a0:ac:41:c1:bb:ed:1d:2e:1f:
                    71:bc:51:69:08:77:c2:77:1f:a9:e4:21:72:63:54:
                    99:93:06:0a:5b:34:9c:f2:71:0b:71:43:ab:6a:a4:
                    8c:01:2d:7e:85:b2:c8:80:4d:6d:d7:f6:02:43:97:
                    ff:00:25:04:e6:61:41:31:b0:6a:3b:e9:83:50:79:
                    28:35:28:66:fa:96:99:82:81:e8:bd:c6:47:b1:2f:
                    31:73:ef:ba:4f:ba:f7:fc:38:7a:9c:5b:ab:04:a7:
                    92:0e:5b:7e:dc:c4:e4:a3:a6:17:ca:5a:38:c0:6a:
                    12:83:9a:d2:3a:55:10:53:1b:46:48:4c:42:d5:b8:
                    77:94:52:08:1f:04:78:5b:c4:d1:1b:15:d3:2f:e7:
                    05:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:30:B1:7C:C6:25:DE:1E:3F:DB:DE:DB:A3:2C:53:3F:9F:D0:DF:0B
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mDCxfMYl3h4_297boyxTP5_Q3ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:5b:bf:49:bc:89:dc:e8:41:e7:25:2b:77:70:81:9b:8c:b6:
         f4:ec:74:43:ae:9c:c4:5b:f6:a5:e9:23:f9:2f:98:70:6a:d2:
         58:90:46:fb:8f:22:20:4f:80:10:7d:bd:c9:b2:68:a4:f8:23:
         26:a9:c0:47:1d:cf:85:1f:43:d1:e4:ab:08:43:ee:92:ab:8e:
         47:01:d9:32:c2:9c:40:66:e9:cb:03:24:28:22:0b:6a:8d:30:
         4d:f7:c5:b3:1b:53:d6:d0:81:da:da:a5:84:e1:e3:a6:bb:8b:
         10:a1:59:a9:0e:43:bb:26:63:62:34:79:33:1f:5a:9d:2c:a1:
         47:f9:d9:9e:54:aa:40:e7:8c:7e:cb:00:17:1c:da:c0:87:2f:
         94:ba:a1:9d:b2:ac:28:58:d5:7b:e0:9d:25:31:de:7c:76:d0:
         9c:3e:2f:83:87:b7:b6:da:84:0f:30:d6:21:22:8b:af:26:e0:
         c3:b1:86:02:5e:98:71:d6:2d:61:7e:a9:a8:14:8f:24:8f:1f:
         4d:7b:02:47:9c:76:5e:8c:37:fe:e8:04:de:a8:82:e9:58:47:
         13:90:ce:a3:4d:da:1d:ef:36:4d:47:58:c1:06:71:00:04:1b:
         23:cc:73:66:14:d0:76:9e:36:b8:d6:ee:a6:28:6a:f9:8a:e2:
         ec:3c:5e:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpT9bbzOGBsAGD738X8D150MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMTA1MTIyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODMwYjE3Y2M2MjVkZTFlM2ZkYmRlZGJhMzJjNTMzZjlmZDBkZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn06FWlEzKVqZv0vN6CudJsqwA4jZ
4BFPD00YK4Ti/4qdywYCJ+/lnC60aLuNfar46kv5KCgppzmIw9V9BLP8wd4Eh2Oc
REmyPuPYFBt0od1Ts1uvuigXSTy3DXdgGsdW6hFqtsCkxrOnqPBdEZegrEHBu+0d
Lh9xvFFpCHfCdx+p5CFyY1SZkwYKWzSc8nELcUOraqSMAS1+hbLIgE1t1/YCQ5f/
ACUE5mFBMbBqO+mDUHkoNShm+paZgoHovcZHsS8xc++6T7r3/Dh6nFurBKeSDlt+
3MTko6YXylo4wGoSg5rSOlUQUxtGSExC1bh3lFIIHwR4W8TRGxXTL+cF2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgwsXzGJd4eP9ve26MsUz+f0N8LMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvbURDeGZNWWwzaDRfMjk3Ym95eFRQNV9RM3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALViJMA0G
CSqGSIb3DQEBCwUAA4IBAQARW79JvInc6EHnJSt3cIGbjLb07HRDrpzEW/al6SP5
L5hwatJYkEb7jyIgT4AQfb3Jsmik+CMmqcBHHc+FH0PR5KsIQ+6Sq45HAdkywpxA
ZunLAyQoIgtqjTBN98WzG1PW0IHa2qWE4eOmu4sQoVmpDkO7JmNiNHkzH1qdLKFH
+dmeVKpA54x+ywAXHNrAhy+UuqGdsqwoWNV74J0lMd58dtCcPi+Dh7e22oQPMNYh
IouvJuDDsYYCXphx1i1hfqmoFI8kjx9NewJHnHZejDf+6ATeqILpWEcTkM6jTdod
7zZNR1jBBnEABBsjzHNmFNB2nja41u6mKGr5iuLsPF7N
-----END CERTIFICATE-----