Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/vgbUnC_EtGHPsttTAlPRCDW-SsU.roa
File:                     vgbUnC_EtGHPsttTAlPRCDW-SsU.roa (raw, json)
Hash identifier:          k7JEVMNhCW6j0THkFUfAEwvt2QhqthTT3p3e1RGwzCU=
Subject key identifier:   BE:06:D4:9C:2F:C4:B4:61:CF:B2:DB:53:02:53:D1:08:35:BE:4A:C5
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01993D4478538FFDEE6849E1A5E14F98A331
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/vgbUnC_EtGHPsttTAlPRCDW-SsU.roa
Signing time:             Fri 12 Sep 2025 09:32:01 +0000
ROA not before:           Fri 12 Sep 2025 09:32:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213999
IP address blocks:        45.150.35.0/24 maxlen: 24
                          64.137.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 19:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3d:44:78:53:8f:fd:ee:68:49:e1:a5:e1:4f:98:a3:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Sep 12 09:32:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be06d49c2fc4b461cfb2db530253d10835be4ac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a1:08:8c:ce:6f:eb:66:5f:4f:3f:fc:eb:a4:
                    13:94:92:1c:3c:37:5b:ca:84:df:0a:23:af:4f:94:
                    94:49:46:10:47:95:bb:b1:88:61:2d:ce:0d:78:6a:
                    70:f6:8b:11:ad:f5:ee:ec:a3:60:ad:68:5d:84:dd:
                    72:2d:66:2b:c5:7c:0b:6c:7a:de:6a:03:51:a5:37:
                    b2:4f:eb:26:04:f0:17:6d:ca:13:90:10:70:b6:d7:
                    3f:d3:45:96:5f:f5:2c:d3:2d:8c:2d:8f:5a:ac:63:
                    26:66:41:bb:5c:ae:02:a1:b4:0b:19:10:18:bc:a8:
                    f6:e5:ad:94:2a:88:36:be:27:15:0c:fd:a4:cc:9d:
                    73:2c:d8:71:b2:cf:6d:c8:c5:e3:9e:a1:79:b4:7c:
                    f7:86:b4:48:0a:8e:79:94:a2:bb:bf:60:e3:42:81:
                    8b:46:70:21:d3:9d:9c:fe:60:69:49:65:15:39:17:
                    68:31:3b:ee:3e:c6:66:18:46:fa:82:75:7c:e0:ef:
                    6b:a3:b0:11:44:b4:a3:09:40:50:5b:6a:28:39:29:
                    a6:15:3a:ba:f6:99:ae:fd:af:e2:47:db:4f:41:5b:
                    ce:f5:ea:16:25:60:5d:8a:15:46:36:b6:dc:4e:03:
                    26:ed:ea:20:a2:34:89:cc:9d:07:31:15:21:6a:c6:
                    ee:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:06:D4:9C:2F:C4:B4:61:CF:B2:DB:53:02:53:D1:08:35:BE:4A:C5
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/vgbUnC_EtGHPsttTAlPRCDW-SsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.35.0/24
                  64.137.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f5:ce:8d:8a:b3:cf:23:c6:37:5f:43:72:ca:4b:19:24:6b:
         ae:3f:c8:42:af:7f:46:ae:b6:67:cb:64:d6:c0:2a:3c:57:35:
         a7:af:38:d1:6e:4b:68:78:92:f7:f5:f1:d2:20:2f:a2:05:2f:
         ac:7c:c2:2a:a0:53:06:51:22:dd:4c:3e:93:86:a3:da:2f:43:
         7a:62:c2:97:95:58:39:28:b7:47:dc:e2:1e:e1:17:a7:a0:06:
         19:b8:51:b4:37:46:9c:e9:c2:09:28:9f:0e:8e:25:45:fe:86:
         8f:ec:16:5e:ab:84:22:21:e7:12:fe:9d:d8:77:dd:83:49:a1:
         8f:20:b8:7f:82:a5:e7:75:f2:25:08:52:06:03:0a:dc:3a:47:
         ae:d8:a2:69:03:f2:50:ab:3b:27:cd:be:6b:37:69:ff:e3:81:
         50:77:ce:fd:ac:c0:c0:9e:10:f4:7f:bd:5d:4a:f6:85:56:bc:
         6f:dc:4d:62:a1:02:8c:58:10:b5:ae:b9:15:f3:f8:e4:cc:56:
         06:b4:c1:75:6b:87:cd:58:15:49:63:8c:91:88:74:27:8f:a0:
         7a:87:a1:77:ba:2d:c4:a0:51:73:33:2b:8c:e5:41:d5:c9:84:
         0f:57:a4:ba:d8:87:49:83:84:b0:ea:e1:f0:0e:7f:ac:b7:a4:
         3b:45:bc:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk9RHhTj/3uaEnhpeFPmKMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwOTEyMDkzMjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTA2ZDQ5YzJmYzRiNDYxY2ZiMmRiNTMwMjUzZDEwODM1YmU0YWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaEIjM5v62ZfTz/866QTlJIcPDdb
yoTfCiOvT5SUSUYQR5W7sYhhLc4NeGpw9osRrfXu7KNgrWhdhN1yLWYrxXwLbHre
agNRpTeyT+smBPAXbcoTkBBwttc/00WWX/Us0y2MLY9arGMmZkG7XK4CobQLGRAY
vKj25a2UKog2vicVDP2kzJ1zLNhxss9tyMXjnqF5tHz3hrRICo55lKK7v2DjQoGL
RnAh052c/mBpSWUVORdoMTvuPsZmGEb6gnV84O9ro7ARRLSjCUBQW2ooOSmmFTq6
9pmu/a/iR9tPQVvO9eoWJWBdihVGNrbcTgMm7eogojSJzJ0HMRUhasbuXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL4G1JwvxLRhz7LbUwJT0Qg1vkrFMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvdmdiVW5DX0V0R0hQc3R0VEFsUFJDRFctU3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZYjAwQA
QIltMA0GCSqGSIb3DQEBCwUAA4IBAQAv9c6NirPPI8Y3X0NyyksZJGuuP8hCr39G
rrZny2TWwCo8VzWnrzjRbktoeJL39fHSIC+iBS+sfMIqoFMGUSLdTD6ThqPaL0N6
YsKXlVg5KLdH3OIe4RenoAYZuFG0N0ac6cIJKJ8OjiVF/oaP7BZeq4QiIecS/p3Y
d92DSaGPILh/gqXndfIlCFIGAwrcOkeu2KJpA/JQqzsnzb5rN2n/44FQd879rMDA
nhD0f71dSvaFVrxv3E1ioQKMWBC1rrkV8/jkzFYGtMF1a4fNWBVJY4yRiHQnj6B6
h6F3ui3EoFFzMyuM5UHVyYQPV6S62IdJg4Sw6uHwDn+st6Q7RbyJ
-----END CERTIFICATE-----