Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/19n-Wj9bKFgdkGZ82WCYa5kkcv8.roa
File:                     19n-Wj9bKFgdkGZ82WCYa5kkcv8.roa (raw, json)
Hash identifier:          CeRMttDGjBvI7Ws7ExgxlD/xGz9sGjVLELjOntijMlE=
Subject key identifier:   D7:D9:FE:5A:3F:5B:28:58:1D:90:66:7C:D9:60:98:6B:99:24:72:FF
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       01987B217D75AC1316E2ED3C2C1AE934C6F5
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/19n-Wj9bKFgdkGZ82WCYa5kkcv8.roa
Signing time:             Tue 05 Aug 2025 16:47:29 +0000
ROA not before:           Tue 05 Aug 2025 16:47:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.155.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 08:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7b:21:7d:75:ac:13:16:e2:ed:3c:2c:1a:e9:34:c6:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Aug  5 16:47:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7d9fe5a3f5b28581d90667cd960986b992472ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d3:d4:42:8e:c8:dc:ce:ce:f3:ba:89:b7:a6:
                    0b:d2:6d:28:f5:72:7c:ce:73:13:1e:93:e6:f7:c7:
                    54:e1:43:5b:06:6e:ba:71:e7:ac:81:3b:cd:94:4f:
                    14:b6:2c:85:17:bf:06:cb:07:b2:35:ec:85:8c:6a:
                    16:f4:0c:ee:c5:bf:98:20:60:7c:3d:0c:d1:32:0f:
                    4d:f6:44:9c:14:e0:9c:be:6c:4f:39:2c:c7:e8:db:
                    bd:0c:db:41:d5:1a:77:4f:27:87:55:5e:84:d9:35:
                    b9:02:b1:eb:df:96:82:9c:31:5e:3c:12:88:6f:10:
                    28:f8:3d:d5:fa:4c:d3:f1:b6:e4:f7:32:c7:6b:1b:
                    e6:de:83:92:b3:32:45:ea:e1:04:c7:25:70:d7:17:
                    c4:70:01:5c:c1:57:c8:32:ab:90:9a:47:c9:df:5b:
                    a1:22:58:5b:0f:3a:c4:4f:df:7a:2b:b5:c0:34:ae:
                    0e:b3:2d:3c:76:87:9c:44:74:50:0c:57:c2:9f:ba:
                    03:aa:3c:22:55:19:5d:e7:48:5e:08:0c:21:4a:0d:
                    4f:49:20:61:25:b8:4c:35:5a:e0:61:59:32:bb:e6:
                    38:87:31:f2:6e:50:8f:cb:5f:d3:2e:99:2b:1e:e4:
                    91:4d:57:20:12:2e:ad:90:ff:54:f9:ea:44:04:7a:
                    3f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:D9:FE:5A:3F:5B:28:58:1D:90:66:7C:D9:60:98:6B:99:24:72:FF
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/19n-Wj9bKFgdkGZ82WCYa5kkcv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:5f:ae:48:a9:6b:b4:7b:5b:04:81:32:a5:e1:c0:c0:b4:fc:
         0f:a3:d3:1f:66:5e:46:d6:df:cd:0e:39:51:70:6d:c1:1a:da:
         83:f0:86:af:68:73:76:c2:93:a6:a2:8e:d1:43:48:0a:a8:7e:
         dc:b2:48:06:e5:e4:2f:b9:a0:d6:d7:07:19:54:2e:52:6b:0f:
         49:f8:83:5f:5e:c5:ff:80:45:ea:f0:5b:1f:71:a7:be:de:c5:
         dc:d6:a1:07:cf:73:5c:43:b5:c5:de:b7:eb:5c:12:e0:8a:b2:
         c5:d2:7f:82:de:7f:2b:8a:d5:d6:dd:51:62:f0:ac:89:1c:bf:
         2f:ca:03:93:ae:ec:48:f1:c3:3d:44:4d:10:1b:21:b3:50:46:
         d6:5d:b1:00:5c:c3:1a:95:a0:7b:95:35:b2:02:74:a8:40:33:
         92:15:31:aa:47:bb:15:4f:d2:e3:98:f2:29:a5:ae:14:33:da:
         31:a3:ed:f9:cb:2a:f5:fc:4c:ae:a8:ed:15:27:a7:cf:e4:1d:
         d2:f3:3a:62:51:e0:c0:c5:04:7f:f4:82:5a:8f:8a:27:80:5c:
         68:3d:e5:67:6c:36:1c:59:7a:64:a5:d3:d7:b7:50:12:c1:d5:
         31:0e:80:25:3d:36:f9:44:3a:33:d7:2d:95:d7:0d:7f:19:45:
         58:ee:55:0a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZh7IX11rBMW4u08LBrpNMb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUwODA1MTY0NzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Q5ZmU1YTNmNWIyODU4MWQ5MDY2N2NkOTYwOTg2Yjk5MjQ3MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNPUQo7I3M7O87qJt6YL0m0o9XJ8
znMTHpPm98dU4UNbBm66ceesgTvNlE8UtiyFF78GyweyNeyFjGoW9Azuxb+YIGB8
PQzRMg9N9kScFOCcvmxPOSzH6Nu9DNtB1Rp3TyeHVV6E2TW5ArHr35aCnDFePBKI
bxAo+D3V+kzT8bbk9zLHaxvm3oOSszJF6uEExyVw1xfEcAFcwVfIMquQmkfJ31uh
IlhbDzrET996K7XANK4Osy08doecRHRQDFfCn7oDqjwiVRld50heCAwhSg1PSSBh
JbhMNVrgYVkyu+Y4hzHyblCPy1/TLpkrHuSRTVcgEi6tkP9U+epEBHo/GwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNfZ/lo/WyhYHZBmfNlgmGuZJHL/MB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xLzE5bi1XajliS0ZnZGtHWjgyV0NZYTVra2N2OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtm6Qw
DQYJKoZIhvcNAQELBQADggEBAEFfrkipa7R7WwSBMqXhwMC0/A+j0x9mXkbW380O
OVFwbcEa2oPwhq9oc3bCk6aijtFDSAqoftyySAbl5C+5oNbXBxlULlJrD0n4g19e
xf+ARerwWx9xp77exdzWoQfPc1xDtcXet+tcEuCKssXSf4LefyuK1dbdUWLwrIkc
vy/KA5Ou7Ejxwz1ETRAbIbNQRtZdsQBcwxqVoHuVNbICdKhAM5IVMapHuxVP0uOY
8imlrhQz2jGj7fnLKvX8TK6o7RUnp8/kHdLzOmJR4MDFBH/0glqPiieAXGg95Wds
NhxZemSl09e3UBLB1TEOgCU9NvlEOjPXLZXXDX8ZRVjuVQo=
-----END CERTIFICATE-----