Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/y5m_rHh94hm7s_roT6tgjV0bYFM.roa
File:                     y5m_rHh94hm7s_roT6tgjV0bYFM.roa (raw, json)
Hash identifier:          4v/VMYzi1Xi6KW+Q8k5KPuzBpu8zE8jLazu2ptlLL50=
Subject key identifier:   CB:99:BF:AC:78:7D:E2:19:BB:B3:FA:E8:4F:AB:60:8D:5D:1B:60:53
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       0198EAB84FE5FE75A1692F656AF221A55D55
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/y5m_rHh94hm7s_roT6tgjV0bYFM.roa
Signing time:             Wed 27 Aug 2025 08:50:04 +0000
ROA not before:           Wed 27 Aug 2025 08:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216475
IP address blocks:        45.155.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Sep 2025 08:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:b8:4f:e5:fe:75:a1:69:2f:65:6a:f2:21:a5:5d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Aug 27 08:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb99bfac787de219bbb3fae84fab608d5d1b6053
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d8:64:4d:b1:02:0f:8f:67:66:db:3d:b8:12:
                    cb:cf:cb:bd:34:03:d8:33:0c:27:27:41:6d:db:03:
                    58:52:e9:02:6b:fd:91:d4:4f:67:c2:3a:e9:79:65:
                    cc:28:61:b3:6a:e2:f0:fb:f9:3a:53:fd:18:6c:8d:
                    02:94:1c:c9:81:78:24:84:cf:d1:4e:43:63:f1:6d:
                    8a:ba:99:69:cd:03:15:72:21:96:77:35:51:00:b9:
                    3f:4f:6d:17:ac:21:8a:db:3c:53:52:4d:af:f4:94:
                    2c:ec:2e:e0:78:15:11:58:2e:78:8f:5e:1c:3e:d3:
                    d5:02:44:af:be:38:7a:27:53:e8:d4:fb:75:92:5a:
                    2a:3f:b6:57:77:8e:02:c0:91:6e:c4:d8:4c:ee:81:
                    e2:67:4a:fd:59:4e:e4:11:ff:db:6c:1d:bf:c1:8c:
                    4c:bd:15:d0:4a:aa:71:23:a9:11:d0:39:87:8e:3d:
                    73:07:b7:4b:cd:47:35:0e:e7:94:3a:65:60:6b:09:
                    59:34:36:80:95:b4:81:94:10:ec:d6:3d:b4:7e:20:
                    66:5b:be:c1:a1:3b:d1:81:a6:74:80:db:05:6b:9a:
                    e3:30:7e:26:c9:51:5f:b3:76:5b:9a:49:aa:10:13:
                    4b:6b:b7:fa:6e:5d:75:7a:7c:86:59:ac:77:2e:aa:
                    0b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:99:BF:AC:78:7D:E2:19:BB:B3:FA:E8:4F:AB:60:8D:5D:1B:60:53
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/y5m_rHh94hm7s_roT6tgjV0bYFM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:86:7f:9e:11:60:6e:f2:b3:12:99:59:91:a3:e0:5e:e0:2e:
         6d:3b:59:3e:4b:de:2d:b4:11:53:8e:69:5f:5a:c2:62:0c:eb:
         76:58:8c:62:84:84:f3:21:c8:23:77:1e:9d:5f:78:fb:13:c1:
         56:df:26:02:2a:a3:cd:08:df:53:22:cd:63:01:2d:ff:94:58:
         64:ba:07:5d:99:c5:b6:59:64:39:57:e2:eb:5a:79:3f:9c:9b:
         e6:26:c3:68:d5:38:63:5e:3f:d8:ab:84:ea:4c:35:96:c5:59:
         49:4b:1c:f9:c8:d7:31:c8:8d:85:07:c7:11:fd:c1:04:65:63:
         f6:06:8f:86:62:71:34:2b:15:cc:6f:34:cd:5b:67:57:90:62:
         ae:a1:44:f3:78:10:d9:ec:d8:f7:58:ae:2d:44:61:e2:d6:68:
         c3:c5:12:5b:5c:db:27:5e:3d:e8:75:25:f9:98:42:f2:70:37:
         11:df:43:3e:00:21:40:e3:8d:38:b0:56:cd:f8:f8:16:42:b4:
         cf:40:0c:5a:52:d7:03:22:47:c0:26:46:9b:a5:e0:3b:54:9d:
         4f:32:cf:c8:87:dd:3e:9d:6d:bd:ea:83:01:d5:a6:9a:b4:ff:
         cc:65:52:03:2f:ff:25:22:cb:75:95:8d:a8:81:4d:67:d0:fb:
         69:3f:0a:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZjquE/l/nWhaS9lavIhpV1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUwODI3MDg1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk5YmZhYzc4N2RlMjE5YmJiM2ZhZTg0ZmFiNjA4ZDVkMWI2MDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsthkTbECD49nZts9uBLLz8u9NAPY
MwwnJ0Ft2wNYUukCa/2R1E9nwjrpeWXMKGGzauLw+/k6U/0YbI0ClBzJgXgkhM/R
TkNj8W2KuplpzQMVciGWdzVRALk/T20XrCGK2zxTUk2v9JQs7C7geBURWC54j14c
PtPVAkSvvjh6J1Po1Pt1kloqP7ZXd44CwJFuxNhM7oHiZ0r9WU7kEf/bbB2/wYxM
vRXQSqpxI6kR0DmHjj1zB7dLzUc1DueUOmVgawlZNDaAlbSBlBDs1j20fiBmW77B
oTvRgaZ0gNsFa5rjMH4myVFfs3ZbmkmqEBNLa7f6bl11enyGWax3LqoLuwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMuZv6x4feIZu7P66E+rYI1dG2BTMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL3k1bV9ySGg5NGhtN3Nfcm9UNnRnalYwYllGTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtm6Qw
DQYJKoZIhvcNAQELBQADggEBAFeGf54RYG7ysxKZWZGj4F7gLm07WT5L3i20EVOO
aV9awmIM63ZYjGKEhPMhyCN3Hp1fePsTwVbfJgIqo80I31MizWMBLf+UWGS6B12Z
xbZZZDlX4utaeT+cm+Ymw2jVOGNeP9irhOpMNZbFWUlLHPnI1zHIjYUHxxH9wQRl
Y/YGj4ZicTQrFcxvNM1bZ1eQYq6hRPN4ENns2PdYri1EYeLWaMPFEltc2ydePeh1
JfmYQvJwNxHfQz4AIUDjjTiwVs34+BZCtM9ADFpS1wMiR8AmRpul4DtUnU8yz8iH
3T6dbb3qgwHVppq0/8xlUgMv/yUiy3WVjaiBTWfQ+2k/Cs4=
-----END CERTIFICATE-----