Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/4PcwBZaSEavr4q7nYUzHdazR3dc.roa
File:                     4PcwBZaSEavr4q7nYUzHdazR3dc.roa (raw, json)
Hash identifier:          k3MqksVJu5YCBeSP7fBQqhMWQJmQ3f0QvgkN1CykB88=
Subject key identifier:   E0:F7:30:05:96:92:11:AB:EB:E2:AE:E7:61:4C:C7:75:AC:D1:DD:D7
Certificate issuer:       /CN=070483d3d62f19c0835746dcb721c8832c3b7926
Certificate serial:       01997B914B90D27C6CE44FE0944643135E9C
Authority key identifier: 07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/4PcwBZaSEavr4q7nYUzHdazR3dc.roa
Signing time:             Wed 24 Sep 2025 11:52:23 +0000
ROA not before:           Wed 24 Sep 2025 11:52:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        45.85.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:91:4b:90:d2:7c:6c:e4:4f:e0:94:46:43:13:5e:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=070483d3d62f19c0835746dcb721c8832c3b7926
        Validity
            Not Before: Sep 24 11:52:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0f73005969211abebe2aee7614cc775acd1ddd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:dc:9b:6f:ef:fb:7c:e7:b7:05:83:ea:cf:20:
                    ee:55:69:85:72:54:be:3b:2f:b2:8d:7a:d2:ce:2c:
                    52:e6:3b:a5:1c:31:40:ed:c8:2a:8c:2f:fd:f7:e3:
                    1c:d3:fd:02:e5:ee:77:ef:ea:73:85:8f:a9:9c:2f:
                    62:10:31:85:e5:8c:e5:a6:7f:7f:69:18:04:5c:95:
                    e2:b6:ac:a9:f2:9c:c0:80:92:51:41:e5:7a:e1:1c:
                    fe:d6:0c:b6:17:83:ff:c4:b2:d9:a2:ed:fd:3e:c9:
                    aa:c9:7a:d7:58:74:a5:b0:41:83:77:d3:77:00:67:
                    d5:a9:09:77:17:ca:2e:3a:c2:bd:ff:22:39:23:5b:
                    2e:25:4e:9c:9b:0a:9f:86:a8:40:95:20:5d:ae:b4:
                    05:5d:ab:94:3e:59:1e:8e:6e:38:4f:83:c3:38:4d:
                    dc:66:f5:c1:2a:c6:93:d6:01:16:9d:c2:ca:c6:01:
                    1c:e0:dc:ef:7b:34:cf:9e:5c:9f:24:6d:e3:e5:dd:
                    ac:1d:af:09:30:3d:3b:49:29:40:28:f8:3d:cd:b7:
                    c1:f9:b9:71:44:51:8e:fb:7a:66:15:91:d4:8e:07:
                    39:1b:01:2f:76:ed:5a:d0:fb:45:a9:d7:b9:e0:2c:
                    df:e1:bd:fb:53:68:2e:48:5a:d0:c3:5a:1a:40:a2:
                    36:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F7:30:05:96:92:11:AB:EB:E2:AE:E7:61:4C:C7:75:AC:D1:DD:D7
            X509v3 Authority Key Identifier:
                keyid:07:04:83:D3:D6:2F:19:C0:83:57:46:DC:B7:21:C8:83:2C:3B:79:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BwSD09YvGcCDV0bctyHIgyw7eSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/4PcwBZaSEavr4q7nYUzHdazR3dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/6451c1-2bcd-4463-a700-d442c4f9e9bd/1/BwSD09YvGcCDV0bctyHIgyw7eSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:fa:b8:d8:b5:69:34:0a:19:48:fa:0e:e9:49:ed:20:d0:8a:
         ce:f5:26:45:db:a2:0b:e1:a7:8b:5a:b9:fc:5a:db:33:fa:34:
         bd:ce:c9:65:13:e3:cb:1f:44:89:3e:de:6f:c6:7f:0b:ee:f9:
         b4:cc:1f:3b:cb:32:85:16:fb:d3:18:91:21:65:7f:1b:c0:02:
         7e:10:e0:09:60:c3:5a:e4:08:10:77:bb:3e:c8:c8:d5:4c:db:
         f7:32:50:fd:88:4a:f5:73:74:68:be:bf:05:b0:93:6c:4f:69:
         76:d5:7e:a2:00:96:02:18:ef:3b:06:9e:36:cf:95:3e:f1:24:
         52:16:ec:b9:f8:f8:17:09:a2:a7:11:d4:bd:0b:7e:09:0c:3b:
         62:2b:37:c4:32:7a:e6:c8:a3:7d:a3:d2:43:c0:cc:f9:f8:d5:
         4d:f4:c3:8e:78:a8:22:34:e0:93:e7:17:5f:92:ac:2e:0d:63:
         f7:13:43:7b:c1:ae:9f:0a:8d:88:c6:b5:e5:97:49:0f:9e:31:
         6d:73:13:1f:5b:f3:5c:40:c7:54:74:72:dd:f0:81:91:02:82:
         93:61:ac:c2:c5:5f:c5:f6:91:6d:56:98:6c:50:9a:b0:97:d2:
         92:0a:84:79:45:e0:27:cf:26:9a:5d:45:ea:11:35:8e:a5:05:
         bd:12:c8:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl7kUuQ0nxs5E/glEZDE16cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MDQ4M2QzZDYyZjE5YzA4MzU3NDZkY2I3MjFjODgzMmMz
Yjc5MjYwHhcNMjUwOTI0MTE1MjIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGY3MzAwNTk2OTIxMWFiZWJlMmFlZTc2MTRjYzc3NWFjZDFkZGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9ybb+/7fOe3BYPqzyDuVWmFclS+
Oy+yjXrSzixS5julHDFA7cgqjC/99+Mc0/0C5e537+pzhY+pnC9iEDGF5Yzlpn9/
aRgEXJXitqyp8pzAgJJRQeV64Rz+1gy2F4P/xLLZou39PsmqyXrXWHSlsEGDd9N3
AGfVqQl3F8ouOsK9/yI5I1suJU6cmwqfhqhAlSBdrrQFXauUPlkejm44T4PDOE3c
ZvXBKsaT1gEWncLKxgEc4NzvezTPnlyfJG3j5d2sHa8JMD07SSlAKPg9zbfB+blx
RFGO+3pmFZHUjgc5GwEvdu1a0PtFqde54Czf4b37U2guSFrQw1oaQKI28QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOD3MAWWkhGr6+Ku52FMx3Ws0d3XMB8GA1UdIwQY
MBaAFAcEg9PWLxnAg1dG3LchyIMsO3kmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAt
ZDQ0MmM0ZjllOWJkLzEvNFBjd0JaYVNFYXZyNHE3bllVekhkYXpSM2RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS82NDUxYzEtMmJjZC00NDYzLWE3MDAtZDQ0MmM0ZjllOWJk
LzEvQndTRDA5WXZHY0NEVjBiY3R5SElneXc3ZVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVXMMA0G
CSqGSIb3DQEBCwUAA4IBAQCL+rjYtWk0ChlI+g7pSe0g0IrO9SZF26IL4aeLWrn8
Wtsz+jS9zsllE+PLH0SJPt5vxn8L7vm0zB87yzKFFvvTGJEhZX8bwAJ+EOAJYMNa
5AgQd7s+yMjVTNv3MlD9iEr1c3Rovr8FsJNsT2l21X6iAJYCGO87Bp42z5U+8SRS
Fuy5+PgXCaKnEdS9C34JDDtiKzfEMnrmyKN9o9JDwMz5+NVN9MOOeKgiNOCT5xdf
kqwuDWP3E0N7wa6fCo2IxrXll0kPnjFtcxMfW/NcQMdUdHLd8IGRAoKTYazCxV/F
9pFtVphsUJqwl9KSCoR5ReAnzyaaXUXqETWOpQW9EshM
-----END CERTIFICATE-----