Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/idtKhgjOwX3aRejCKWzHif5P9Tw.roa
File:                     idtKhgjOwX3aRejCKWzHif5P9Tw.roa (raw, json)
Hash identifier:          iInPgkQ7LVZPBHp3M3s503/NuS34KMHAl0xiaA96ABg=
Subject key identifier:   89:DB:4A:86:08:CE:C1:7D:DA:45:E8:C2:29:6C:C7:89:FE:4F:F5:3C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01994EC6323ED515712B8ACFE8474794A177
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/idtKhgjOwX3aRejCKWzHif5P9Tw.roa
Signing time:             Mon 15 Sep 2025 19:07:15 +0000
ROA not before:           Mon 15 Sep 2025 19:07:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200636
IP address blocks:        45.155.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 05:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4e:c6:32:3e:d5:15:71:2b:8a:cf:e8:47:47:94:a1:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Sep 15 19:07:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89db4a8608cec17dda45e8c2296cc789fe4ff53c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3d:4b:56:70:42:d0:88:9e:ae:a3:eb:27:20:
                    2d:5f:f0:8b:eb:6c:1a:ed:3c:32:d9:43:5e:eb:9e:
                    e2:7b:79:22:5e:1b:4b:32:46:29:7a:42:1e:69:60:
                    9e:30:4f:25:77:e6:0a:c3:39:6c:51:1e:2c:31:c1:
                    b3:2c:6e:eb:4b:cd:21:52:80:84:9b:7b:28:51:ac:
                    ce:8e:6a:85:e8:7f:21:94:f3:05:b0:77:de:be:46:
                    95:45:18:48:42:c9:81:14:e2:94:dc:73:0e:d3:e5:
                    73:fa:1f:4e:88:67:c6:6f:04:2a:21:a5:3f:32:ad:
                    1b:87:b0:a6:63:41:ec:3f:49:07:d0:d4:35:6c:ec:
                    6e:c9:bb:e7:e8:41:e4:16:fe:f4:65:d5:40:2f:1b:
                    f2:7d:da:5e:fe:42:43:96:cd:8a:b4:03:61:a7:7b:
                    f7:5d:48:b6:10:ed:56:b0:f4:90:1b:81:b1:9d:f0:
                    e4:64:3b:d0:e7:c1:cf:ac:93:4c:4c:dd:18:42:dd:
                    bd:1d:35:87:8d:ce:32:5c:e3:00:8d:94:29:41:f4:
                    76:60:14:b6:79:c4:fa:22:c0:72:fd:4b:60:ea:a7:
                    21:15:a7:a4:e5:53:8a:db:23:bb:d1:46:54:63:50:
                    7b:16:3c:e9:e2:c5:11:87:d2:63:53:9f:66:9c:73:
                    8d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:DB:4A:86:08:CE:C1:7D:DA:45:E8:C2:29:6C:C7:89:FE:4F:F5:3C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/idtKhgjOwX3aRejCKWzHif5P9Tw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:08:61:17:57:17:86:26:76:3d:3e:4d:c7:e2:6c:c3:9a:78:
         14:c6:9d:6c:a5:bb:f6:85:d0:32:13:73:a7:f2:b2:54:eb:96:
         27:ab:72:a0:8b:9a:87:0c:3e:a1:e8:63:65:ac:9a:f1:62:5f:
         0e:d4:18:3d:df:27:b7:0f:a4:c3:e3:79:81:90:77:b0:4a:57:
         55:ee:9c:35:de:0a:ae:a2:6f:77:ea:e2:1e:fd:06:96:f9:62:
         6a:8f:4f:af:aa:eb:3c:c2:96:c9:52:a3:39:3e:37:e0:57:37:
         19:24:eb:09:13:f1:10:cb:5a:2c:52:e5:e1:b4:2a:1a:d8:40:
         33:97:de:57:76:f4:bf:a4:9d:69:5c:34:95:95:4f:d7:97:85:
         74:55:fa:45:ed:03:a3:9a:dc:02:30:79:77:35:37:ca:54:fe:
         17:1c:5a:f6:85:52:66:cd:a3:98:99:2a:d3:2e:16:51:89:42:
         18:8b:37:c8:b2:be:1f:ce:6c:ce:b3:61:8d:46:a2:bf:73:36:
         35:39:74:33:c7:79:40:eb:4c:08:1e:4a:2b:55:7c:78:9b:a8:
         9c:df:95:ed:76:12:d8:ea:25:dd:de:ce:bb:0c:23:cc:b4:60:
         e6:3d:c1:2f:fb:cf:3e:52:e5:17:ed:83:be:c2:04:96:ae:c3:
         69:b0:e1:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlOxjI+1RVxK4rP6EdHlKF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwOTE1MTkwNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWRiNGE4NjA4Y2VjMTdkZGE0NWU4YzIyOTZjYzc4OWZlNGZmNTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5T1LVnBC0IierqPrJyAtX/CL62wa
7Twy2UNe657ie3kiXhtLMkYpekIeaWCeME8ld+YKwzlsUR4sMcGzLG7rS80hUoCE
m3soUazOjmqF6H8hlPMFsHfevkaVRRhIQsmBFOKU3HMO0+Vz+h9OiGfGbwQqIaU/
Mq0bh7CmY0HsP0kH0NQ1bOxuybvn6EHkFv70ZdVALxvyfdpe/kJDls2KtANhp3v3
XUi2EO1WsPSQG4GxnfDkZDvQ58HPrJNMTN0YQt29HTWHjc4yXOMAjZQpQfR2YBS2
ecT6IsBy/Utg6qchFaek5VOK2yO70UZUY1B7Fjzp4sURh9JjU59mnHONXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInbSoYIzsF92kXowilsx4n+T/U8MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvaWR0S2hnak93WDNhUmVqQ0tXekhpZjVQOVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZtAMA0G
CSqGSIb3DQEBCwUAA4IBAQAoCGEXVxeGJnY9Pk3H4mzDmngUxp1spbv2hdAyE3On
8rJU65Ynq3Kgi5qHDD6h6GNlrJrxYl8O1Bg93ye3D6TD43mBkHewSldV7pw13gqu
om936uIe/QaW+WJqj0+vqus8wpbJUqM5PjfgVzcZJOsJE/EQy1osUuXhtCoa2EAz
l95XdvS/pJ1pXDSVlU/Xl4V0VfpF7QOjmtwCMHl3NTfKVP4XHFr2hVJmzaOYmSrT
LhZRiUIYizfIsr4fzmzOs2GNRqK/czY1OXQzx3lA60wIHkorVXx4m6ic35XtdhLY
6iXd3s67DCPMtGDmPcEv+88+UuUX7YO+wgSWrsNpsOGb
-----END CERTIFICATE-----