Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/XIaayusDHQd-T-OQnZeJmKeMqGM.roa
File:                     XIaayusDHQd-T-OQnZeJmKeMqGM.roa (raw, json)
Hash identifier:          4YgriKRQoCnrntt03LwL2mbgR+kxZCmjlyyQb3gT+ZE=
Subject key identifier:   5C:86:9A:CA:EB:03:1D:07:7E:4F:E3:90:9D:97:89:98:A7:8C:A8:63
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       0199448FDCE8ACE97C453B85FF57810DB74D
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/XIaayusDHQd-T-OQnZeJmKeMqGM.roa
Signing time:             Sat 13 Sep 2025 19:31:42 +0000
ROA not before:           Sat 13 Sep 2025 19:31:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        45.88.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Oct 2025 21:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:44:8f:dc:e8:ac:e9:7c:45:3b:85:ff:57:81:0d:b7:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Sep 13 19:31:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c869acaeb031d077e4fe3909d978998a78ca863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:20:a6:dd:34:d4:18:4e:0c:80:44:79:27:28:
                    ac:a1:4c:2b:14:29:29:0f:02:ac:7c:a1:17:3c:20:
                    26:a6:d4:d9:89:89:3d:53:33:90:6e:22:7c:f5:b7:
                    50:1b:2e:03:84:2a:21:80:80:5e:fd:1c:c3:7a:0c:
                    11:b4:06:5e:f4:3a:dc:d2:88:19:1c:bc:40:a7:97:
                    7d:e5:78:00:4e:c2:21:8c:71:68:9e:71:ac:9f:03:
                    ae:20:1b:e8:59:86:ab:7c:89:25:eb:3f:08:2e:d3:
                    d5:50:56:a8:44:89:55:24:92:38:f8:8c:e6:8e:bf:
                    27:c2:ef:5e:a2:6a:76:80:f1:32:f1:e3:5d:e7:47:
                    77:4c:b5:75:7e:c8:5f:04:35:e4:71:6f:c3:9b:32:
                    e0:e5:b8:3e:f2:31:7b:5b:a9:15:1e:e8:6b:cf:ba:
                    78:3b:29:5d:8b:92:97:66:de:bc:61:21:bb:ad:59:
                    2a:52:a5:9e:83:8a:0b:f4:99:74:c6:43:86:51:c2:
                    1b:ba:12:11:e3:34:95:d5:86:66:da:bf:be:23:fe:
                    c6:8d:c4:97:c3:61:16:9b:de:0a:08:cc:ee:81:7e:
                    dc:33:4f:77:23:13:48:4a:98:eb:34:15:93:95:dc:
                    f4:a2:a0:c7:b0:97:14:a9:7f:5c:5b:58:b7:f6:06:
                    3e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:86:9A:CA:EB:03:1D:07:7E:4F:E3:90:9D:97:89:98:A7:8C:A8:63
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/XIaayusDHQd-T-OQnZeJmKeMqGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:b0:84:86:8e:b1:b6:67:84:a4:a1:56:ba:bf:60:c4:62:57:
         a6:bb:bf:e1:03:92:50:17:ad:8f:99:64:b0:3e:76:38:69:f1:
         1a:da:3b:32:de:a9:77:ed:99:f7:25:96:d9:24:eb:5d:0c:0d:
         4d:40:e7:c5:0e:06:6f:0c:8c:68:b3:f6:35:fa:e7:7f:76:85:
         fd:8f:cc:3a:b2:bc:3b:1a:6e:ae:cf:c2:de:52:76:0b:86:0a:
         50:24:6f:49:89:87:83:12:16:2c:6d:2c:57:ba:49:ea:3a:7b:
         d4:14:a3:f7:8f:82:8d:30:d4:e5:ee:7e:92:2a:2f:ff:25:99:
         a3:da:53:63:67:05:3c:19:bc:42:ce:6d:b7:9a:9d:f2:2d:cf:
         28:0e:89:db:fc:8d:b8:7e:7c:e0:53:a6:5d:58:d3:b8:9d:c3:
         4e:ac:39:af:45:a0:4f:a4:b9:94:1b:06:29:0a:3b:84:0b:20:
         0f:09:62:11:71:f9:1d:62:63:2f:a7:5f:66:2e:08:f2:d0:b6:
         8a:07:4d:92:05:00:e1:66:ab:4c:d4:98:05:c9:15:5d:3f:b8:
         27:5c:a9:7c:32:ed:3b:dc:d7:9c:13:9c:fc:53:a0:30:64:14:
         4e:09:86:5d:b5:12:85:b7:5e:43:c9:4c:94:fa:a5:e0:a2:f5:
         cd:d2:e2:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlEj9zorOl8RTuF/1eBDbdNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwOTEzMTkzMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzg2OWFjYWViMDMxZDA3N2U0ZmUzOTA5ZDk3ODk5OGE3OGNhODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCCm3TTUGE4MgER5JyisoUwrFCkp
DwKsfKEXPCAmptTZiYk9UzOQbiJ89bdQGy4DhCohgIBe/RzDegwRtAZe9Drc0ogZ
HLxAp5d95XgATsIhjHFonnGsnwOuIBvoWYarfIkl6z8ILtPVUFaoRIlVJJI4+Izm
jr8nwu9eomp2gPEy8eNd50d3TLV1fshfBDXkcW/DmzLg5bg+8jF7W6kVHuhrz7p4
Oyldi5KXZt68YSG7rVkqUqWeg4oL9Jl0xkOGUcIbuhIR4zSV1YZm2r++I/7GjcSX
w2EWm94KCMzugX7cM093IxNISpjrNBWTldz0oqDHsJcUqX9cW1i39gY+KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyGmsrrAx0Hfk/jkJ2XiZinjKhjMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvWElhYXl1c0RIUWQtVC1PUW5aZUptS2VNcUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVhkMA0G
CSqGSIb3DQEBCwUAA4IBAQCSsISGjrG2Z4SkoVa6v2DEYlemu7/hA5JQF62PmWSw
PnY4afEa2jsy3ql37Zn3JZbZJOtdDA1NQOfFDgZvDIxos/Y1+ud/doX9j8w6srw7
Gm6uz8LeUnYLhgpQJG9JiYeDEhYsbSxXuknqOnvUFKP3j4KNMNTl7n6SKi//JZmj
2lNjZwU8GbxCzm23mp3yLc8oDonb/I24fnzgU6ZdWNO4ncNOrDmvRaBPpLmUGwYp
CjuECyAPCWIRcfkdYmMvp19mLgjy0LaKB02SBQDhZqtM1JgFyRVdP7gnXKl8Mu07
3NecE5z8U6AwZBROCYZdtRKFt15DyUyU+qXgovXN0uIr
-----END CERTIFICATE-----