Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/rY3YaEfNR8aK_Auk0z3q4MtQKGY.roa
File:                     rY3YaEfNR8aK_Auk0z3q4MtQKGY.roa (raw, json)
Hash identifier:          n8nvB0B+rc4j1I8LugdLmK4QQWr+nH8/CQl43jdxd20=
Subject key identifier:   AD:8D:D8:68:47:CD:47:C6:8A:FC:0B:A4:D3:3D:EA:E0:CB:50:28:66
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       0198EAB84F86FA9610C100FFB3EC8D839218
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/rY3YaEfNR8aK_Auk0z3q4MtQKGY.roa
Signing time:             Wed 27 Aug 2025 08:50:04 +0000
ROA not before:           Wed 27 Aug 2025 08:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208626
IP address blocks:        45.155.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:b8:4f:86:fa:96:10:c1:00:ff:b3:ec:8d:83:92:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Aug 27 08:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad8dd86847cd47c68afc0ba4d33deae0cb502866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:28:6a:75:e8:9b:1c:1a:1c:c7:a8:31:28:d5:
                    bb:60:d5:e4:2f:3b:eb:76:b2:3a:27:5e:ec:52:45:
                    12:ee:0d:1d:cc:dc:69:1a:d7:10:89:10:c2:4f:9a:
                    85:b3:03:fd:25:df:56:8e:4b:a7:95:c9:4f:01:2d:
                    99:27:64:91:a1:66:a6:6a:c3:4f:77:31:45:77:f2:
                    b0:67:1b:c6:2c:d4:0c:de:26:80:6a:99:4b:32:8e:
                    95:1a:05:7f:ce:45:f1:c6:25:56:31:3a:f0:1f:c7:
                    53:a9:02:b3:84:01:97:be:c0:f2:53:57:f7:f3:05:
                    03:b9:c1:bb:f9:0e:e1:52:30:63:46:7a:dd:68:ed:
                    ed:5f:f4:35:78:2e:72:32:c4:a6:fb:61:6c:48:b7:
                    15:ac:30:e6:43:a5:83:9a:0c:37:25:40:30:06:73:
                    ef:83:1c:47:1f:ee:18:f5:2f:00:fd:fc:b9:e6:67:
                    e0:33:d0:1c:77:12:8d:87:d9:22:ea:a2:2a:6f:d8:
                    e0:a4:70:f5:35:37:e7:43:6a:08:98:65:54:4d:5e:
                    e0:f1:4e:40:8d:2f:99:9f:78:f6:07:29:e5:fe:a6:
                    bd:7b:a8:70:d0:19:e7:02:65:4e:fd:b8:3f:1f:cd:
                    1e:0b:d9:d0:aa:09:2d:bf:47:36:bc:c6:a4:c9:ed:
                    71:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:8D:D8:68:47:CD:47:C6:8A:FC:0B:A4:D3:3D:EA:E0:CB:50:28:66
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/rY3YaEfNR8aK_Auk0z3q4MtQKGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:40:b8:80:19:60:4e:af:1d:3f:13:6f:ee:b5:cd:75:94:e4:
         e7:fe:e3:b8:bf:47:db:37:9a:e1:ea:70:9f:a0:c6:7f:ed:34:
         17:49:0e:2c:b8:c3:77:1b:1a:eb:6f:a9:4e:89:11:90:ed:37:
         9a:86:03:47:73:bb:5e:86:22:b0:e3:73:21:ff:9e:b6:4c:dd:
         c8:8d:ce:3a:4a:c5:72:ad:4a:82:78:50:b0:01:b7:f3:2f:03:
         b9:6a:01:dd:49:79:82:7d:9d:6b:91:a5:10:d5:2c:a0:12:f7:
         8c:55:ff:30:37:d3:b3:04:ed:a4:f6:38:50:b1:67:b3:32:48:
         ed:5c:64:a4:54:40:b0:ce:bc:9b:41:80:b3:a2:34:12:92:3d:
         67:dc:73:03:bf:56:c9:a6:e0:b2:e5:27:87:2e:a9:b9:56:85:
         21:1a:f1:ff:9d:58:32:bb:ae:5d:79:02:0e:70:7d:6b:99:3a:
         4c:28:9b:53:e5:ff:21:69:f9:c6:1b:07:e7:55:a2:dc:d3:b1:
         d9:4d:38:71:16:9b:a2:5a:a5:15:82:64:43:fd:76:c8:32:50:
         5e:82:89:a9:01:0a:88:33:cc:48:31:72:08:29:a1:99:f4:a0:
         d5:62:7b:f5:ca:9d:fe:73:ec:6c:9b:2f:85:4f:0c:2e:d6:15:
         81:d8:5b:fc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZjquE+G+pYQwQD/s+yNg5IYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUwODI3MDg1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDhkZDg2ODQ3Y2Q0N2M2OGFmYzBiYTRkMzNkZWFlMGNiNTAyODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoihqdeibHBocx6gxKNW7YNXkLzvr
drI6J17sUkUS7g0dzNxpGtcQiRDCT5qFswP9Jd9WjkunlclPAS2ZJ2SRoWamasNP
dzFFd/KwZxvGLNQM3iaAaplLMo6VGgV/zkXxxiVWMTrwH8dTqQKzhAGXvsDyU1f3
8wUDucG7+Q7hUjBjRnrdaO3tX/Q1eC5yMsSm+2FsSLcVrDDmQ6WDmgw3JUAwBnPv
gxxHH+4Y9S8A/fy55mfgM9AcdxKNh9ki6qIqb9jgpHD1NTfnQ2oImGVUTV7g8U5A
jS+Zn3j2Bynl/qa9e6hw0BnnAmVO/bg/H80eC9nQqgktv0c2vMakye1xEwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFK2N2GhHzUfGivwLpNM96uDLUChmMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL3JZM1lhRWZOUjhhS19BdWswejNxNE10UUtHWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtm6Qw
DQYJKoZIhvcNAQELBQADggEBAGFAuIAZYE6vHT8Tb+61zXWU5Of+47i/R9s3muHq
cJ+gxn/tNBdJDiy4w3cbGutvqU6JEZDtN5qGA0dzu16GIrDjcyH/nrZM3ciNzjpK
xXKtSoJ4ULABt/MvA7lqAd1JeYJ9nWuRpRDVLKAS94xV/zA307ME7aT2OFCxZ7My
SO1cZKRUQLDOvJtBgLOiNBKSPWfccwO/Vsmm4LLlJ4cuqblWhSEa8f+dWDK7rl15
Ag5wfWuZOkwom1Pl/yFp+cYbB+dVotzTsdlNOHEWm6JapRWCZEP9dsgyUF6CiakB
CogzzEgxcggpoZn0oNVie/XKnf5z7GybL4VPDC7WFYHYW/w=
-----END CERTIFICATE-----