Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dFIXBpM7w5wQndm4RUAnaZ7_lB8.roa
File:                     dFIXBpM7w5wQndm4RUAnaZ7_lB8.roa (raw, json)
Hash identifier:          6tQvWzYVjywB5cQqSJhEvDlNwzz3ZKW/l3338zmnUG4=
Subject key identifier:   74:52:17:06:93:3B:C3:9C:10:9D:D9:B8:45:40:27:69:9E:FF:94:1F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198EBA086E130E905B3B60D7FB6DE36A0AD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dFIXBpM7w5wQndm4RUAnaZ7_lB8.roa
Signing time:             Wed 27 Aug 2025 13:03:42 +0000
ROA not before:           Wed 27 Aug 2025 13:03:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50053
IP address blocks:        45.131.187.0/24 maxlen: 24
                          45.148.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 13:49:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:a0:86:e1:30:e9:05:b3:b6:0d:7f:b6:de:36:a0:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 27 13:03:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74521706933bc39c109dd9b8454027699eff941f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:49:94:1d:8d:5b:14:0c:d3:6d:00:47:63:5d:
                    6d:0b:4c:df:14:51:25:ed:13:0d:83:2c:5f:e2:03:
                    09:82:b7:73:fa:ab:f8:f9:c0:2c:1b:07:62:74:65:
                    e0:3f:77:97:a7:dc:4a:86:2d:a7:9b:7d:df:52:23:
                    16:03:bf:09:e3:d0:ce:6d:ee:bc:26:b1:ac:3d:9e:
                    e6:8f:3d:be:82:ee:cc:cd:53:2e:3b:c8:0f:b5:39:
                    d6:8d:f4:37:76:53:b0:5b:e9:f0:77:14:19:2a:fa:
                    be:42:ef:c5:9f:fb:99:38:66:1f:1a:53:19:3c:e5:
                    49:32:c1:e6:99:02:59:52:10:34:f9:1a:0d:19:9d:
                    9a:c5:25:72:3b:40:00:05:3f:a6:34:54:6b:b3:44:
                    22:ce:72:d3:20:ea:6d:96:9f:b1:e3:8b:cf:0f:4e:
                    c0:cd:0a:a4:05:a7:22:f8:be:ee:83:ae:3a:dc:52:
                    eb:14:69:69:93:30:64:46:0d:4c:38:d8:5e:41:27:
                    ed:9d:03:25:ca:79:b3:ff:06:d8:42:81:9e:dd:5e:
                    bd:ac:5e:0e:89:26:f8:90:0d:87:84:47:1f:56:a6:
                    aa:3c:76:d9:58:28:88:d4:5c:22:ad:23:7a:e9:96:
                    52:57:e6:37:dc:7c:cc:a3:35:89:68:33:ea:e2:a9:
                    55:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:52:17:06:93:3B:C3:9C:10:9D:D9:B8:45:40:27:69:9E:FF:94:1F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dFIXBpM7w5wQndm4RUAnaZ7_lB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.187.0/24
                  45.148.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:58:3a:49:00:ac:15:bd:03:b9:7e:cc:45:ca:f3:27:c3:95:
         d4:0d:e1:b9:ab:6e:e5:cc:03:86:ed:83:9a:82:be:9a:47:b5:
         66:e6:20:4d:c2:c7:06:75:3d:9e:0b:f1:61:5c:97:33:4e:69:
         5d:39:35:37:a0:9b:c4:a2:e0:73:29:1f:b1:4f:8d:92:1d:1d:
         06:03:63:8c:24:5b:8d:ac:94:12:e7:da:89:29:6a:74:00:94:
         84:8a:3e:7d:c3:a2:32:e4:d1:fb:af:68:e9:7c:12:2a:44:5b:
         bd:82:87:22:f6:75:96:f2:38:7f:99:03:23:65:36:92:79:6d:
         11:60:3b:91:ed:8d:a7:2a:50:ec:1f:67:8f:98:7d:ad:38:08:
         56:0e:c5:3d:b7:25:fd:4c:b1:b0:da:5b:a6:69:93:20:a3:90:
         fe:6e:5f:d6:6e:51:8d:45:c5:49:86:f5:91:75:cf:16:eb:16:
         bf:cb:38:25:28:78:cc:cf:3f:22:c4:3b:07:d3:65:40:8b:cb:
         c8:64:77:df:84:0b:02:a1:f2:88:3e:4f:0e:4a:f8:f2:b1:a7:
         89:aa:c3:02:cc:4a:72:7b:99:6c:55:3a:29:9c:28:6f:18:1a:
         37:27:8a:d3:48:4f:95:11:d7:1c:46:47:39:61:62:ae:2f:41:
         40:35:57:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjroIbhMOkFs7YNf7beNqCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODI3MTMwMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDUyMTcwNjkzM2JjMzljMTA5ZGQ5Yjg0NTQwMjc2OTllZmY5NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UmUHY1bFAzTbQBHY11tC0zfFFEl
7RMNgyxf4gMJgrdz+qv4+cAsGwdidGXgP3eXp9xKhi2nm33fUiMWA78J49DObe68
JrGsPZ7mjz2+gu7MzVMuO8gPtTnWjfQ3dlOwW+nwdxQZKvq+Qu/Fn/uZOGYfGlMZ
POVJMsHmmQJZUhA0+RoNGZ2axSVyO0AABT+mNFRrs0QiznLTIOptlp+x44vPD07A
zQqkBaci+L7ug6463FLrFGlpkzBkRg1MONheQSftnQMlynmz/wbYQoGe3V69rF4O
iSb4kA2HhEcfVqaqPHbZWCiI1FwirSN66ZZSV+Y33HzMozWJaDPq4qlVbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHRSFwaTO8OcEJ3ZuEVAJ2me/5QfMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZEZJWEJwTTd3NXdRbmRtNFJVQW5hWjdfbEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYO7AwQA
LZR1MA0GCSqGSIb3DQEBCwUAA4IBAQBFWDpJAKwVvQO5fsxFyvMnw5XUDeG5q27l
zAOG7YOagr6aR7Vm5iBNwscGdT2eC/FhXJczTmldOTU3oJvEouBzKR+xT42SHR0G
A2OMJFuNrJQS59qJKWp0AJSEij59w6Iy5NH7r2jpfBIqRFu9goci9nWW8jh/mQMj
ZTaSeW0RYDuR7Y2nKlDsH2ePmH2tOAhWDsU9tyX9TLGw2lumaZMgo5D+bl/WblGN
RcVJhvWRdc8W6xa/yzglKHjMzz8ixDsH02VAi8vIZHffhAsCofKIPk8OSvjysaeJ
qsMCzEpye5lsVTopnChvGBo3J4rTSE+VEdccRkc5YWKuL0FANVcx
-----END CERTIFICATE-----