Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/64AcovQBhaEtt5KkzSGDTWBNY6M.roa
File:                     64AcovQBhaEtt5KkzSGDTWBNY6M.roa (raw, json)
Hash identifier:          zvgdvOo5eLLAm5kw5CQHBXY87LfFoqQWzB5IN3bgaik=
Subject key identifier:   EB:80:1C:A2:F4:01:85:A1:2D:B7:92:A4:CD:21:83:4D:60:4D:63:A3
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       019956CE771DCE72A203AD396AB3A8C1CD95
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/64AcovQBhaEtt5KkzSGDTWBNY6M.roa
Signing time:             Wed 17 Sep 2025 08:33:15 +0000
ROA not before:           Wed 17 Sep 2025 08:33:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.84.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:56:ce:77:1d:ce:72:a2:03:ad:39:6a:b3:a8:c1:cd:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Sep 17 08:33:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb801ca2f40185a12db792a4cd21834d604d63a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:08:59:70:62:d8:f0:66:9e:66:00:89:50:53:
                    8d:62:b1:cd:ee:e3:87:46:cf:49:6a:ee:ac:91:fe:
                    d5:b9:4f:f7:74:dc:c3:96:c6:4c:2b:6d:4e:63:fd:
                    36:ec:db:b9:80:b0:5d:af:1c:0f:7b:b1:91:23:52:
                    c3:45:23:ac:0a:21:41:57:da:ef:70:e4:f7:78:aa:
                    93:89:3e:24:92:73:0a:18:a8:77:c5:43:ce:5f:8e:
                    b0:02:9b:dc:96:ee:fb:3c:3b:54:34:72:7c:d1:6a:
                    c4:e3:6c:f7:05:62:c4:f5:a9:eb:66:71:87:09:c1:
                    d6:80:90:12:66:36:5f:01:22:e8:ee:77:ad:97:6a:
                    94:50:28:47:6f:0e:d4:54:f8:ba:26:d3:5d:f8:23:
                    3a:06:3a:ee:e7:14:01:36:f6:3a:72:3e:57:16:a7:
                    7b:c9:67:00:df:85:82:4a:44:e9:27:59:d5:77:d3:
                    45:b3:6b:ba:f6:a2:6c:cc:39:32:5d:4f:3f:fa:00:
                    35:04:9e:f0:65:de:dd:58:62:95:b1:4b:5c:47:13:
                    ad:e2:22:45:f5:db:72:f4:fb:01:2c:fc:3d:f4:92:
                    f6:9e:cb:27:4e:b7:bc:f2:47:ec:a2:c9:24:32:36:
                    48:c0:73:f2:33:80:dc:5e:9a:06:9e:4e:6b:df:cd:
                    ae:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:80:1C:A2:F4:01:85:A1:2D:B7:92:A4:CD:21:83:4D:60:4D:63:A3
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/64AcovQBhaEtt5KkzSGDTWBNY6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:81:8d:0e:63:69:a0:3c:e7:df:fe:64:8a:73:f2:5c:80:0b:
         8d:e0:75:a0:58:e7:01:ba:f3:0d:f9:0f:66:97:3e:c3:33:0f:
         10:e4:89:4b:85:15:5f:5f:c6:4d:80:cb:ee:c9:6e:e9:41:fc:
         81:b5:33:d6:1e:8b:0e:35:db:ec:c8:cc:a1:7c:4c:3a:7d:79:
         05:e1:22:a2:ca:fa:be:7b:42:b3:87:53:c3:67:66:f6:03:8f:
         d2:15:6f:b1:d5:99:45:db:d9:33:b7:26:de:a1:73:02:4c:a0:
         85:25:89:de:ec:d0:7a:45:c2:5c:fa:56:20:c1:a6:f1:b9:45:
         d6:d5:08:84:31:a0:86:8c:a4:94:5f:f1:19:78:4c:39:a8:12:
         22:bf:42:18:6b:a9:76:cd:c5:9c:ec:82:4c:9e:95:40:05:fe:
         ea:cd:66:a0:b0:62:f5:0e:70:cf:bc:a4:86:14:3e:71:e5:f6:
         2f:e1:63:1c:b2:b7:ff:c8:a2:3b:12:ca:f6:c7:62:6b:ae:98:
         65:ef:2a:52:11:45:c5:e5:29:2b:4d:46:38:2f:67:3a:0e:82:
         ad:d9:82:e1:72:02:8f:bf:a0:b2:c5:fa:bf:fa:4f:d3:40:08:
         a8:27:41:dd:a0:27:0b:be:9c:80:e4:a5:83:d5:60:b3:9c:63:
         2a:e2:91:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlWzncdznKiA605arOowc2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjUwOTE3MDgzMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjgwMWNhMmY0MDE4NWExMmRiNzkyYTRjZDIxODM0ZDYwNGQ2M2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwhZcGLY8GaeZgCJUFONYrHN7uOH
Rs9Jau6skf7VuU/3dNzDlsZMK21OY/027Nu5gLBdrxwPe7GRI1LDRSOsCiFBV9rv
cOT3eKqTiT4kknMKGKh3xUPOX46wApvclu77PDtUNHJ80WrE42z3BWLE9anrZnGH
CcHWgJASZjZfASLo7netl2qUUChHbw7UVPi6JtNd+CM6Bjru5xQBNvY6cj5XFqd7
yWcA34WCSkTpJ1nVd9NFs2u69qJszDkyXU8/+gA1BJ7wZd7dWGKVsUtcRxOt4iJF
9dty9PsBLPw99JL2nssnTre88kfsoskkMjZIwHPyM4DcXpoGnk5r382ugwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuAHKL0AYWhLbeSpM0hg01gTWOjMB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvNjRBY292UUJoYUV0dDVLa3pTR0RUV0JOWTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTwMA0G
CSqGSIb3DQEBCwUAA4IBAQB+gY0OY2mgPOff/mSKc/JcgAuN4HWgWOcBuvMN+Q9m
lz7DMw8Q5IlLhRVfX8ZNgMvuyW7pQfyBtTPWHosONdvsyMyhfEw6fXkF4SKiyvq+
e0Kzh1PDZ2b2A4/SFW+x1ZlF29kztybeoXMCTKCFJYne7NB6RcJc+lYgwabxuUXW
1QiEMaCGjKSUX/EZeEw5qBIiv0IYa6l2zcWc7IJMnpVABf7qzWagsGL1DnDPvKSG
FD5x5fYv4WMcsrf/yKI7Esr2x2Jrrphl7ypSEUXF5SkrTUY4L2c6DoKt2YLhcgKP
v6Cyxfq/+k/TQAioJ0HdoCcLvpyA5KWD1WCznGMq4pGh
-----END CERTIFICATE-----