Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/OJiEpuu19DL0DK8EqfynqGFXkQQ.roa
File:                     OJiEpuu19DL0DK8EqfynqGFXkQQ.roa (raw, json)
Hash identifier:          qdWhWnRWtAIkyoxDYPJOupy3MISxIyqCu/0vET2RQjw=
Subject key identifier:   38:98:84:A6:EB:B5:F4:32:F4:0C:AF:04:A9:FC:A7:A8:61:57:91:04
Certificate issuer:       /CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
Certificate serial:       01997F8F0711B0662995D02C414CA50C72FC
Authority key identifier: 13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/OJiEpuu19DL0DK8EqfynqGFXkQQ.roa
Signing time:             Thu 25 Sep 2025 06:28:23 +0000
ROA not before:           Thu 25 Sep 2025 06:28:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20648
IP address blocks:        45.80.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Oct 2025 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7f:8f:07:11:b0:66:29:95:d0:2c:41:4c:a5:0c:72:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13e281475b7bf8d0fa1f669d5ad2de1635e8c04f
        Validity
            Not Before: Sep 25 06:28:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=389884a6ebb5f432f40caf04a9fca7a861579104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3b:54:e9:e2:90:c1:87:9c:8f:db:b9:da:40:
                    80:23:43:bb:dc:3a:e9:c3:8a:a3:11:ac:ea:2f:18:
                    f7:11:f9:ef:7f:61:8b:78:b9:1e:f3:ef:82:cf:c7:
                    fe:68:6e:29:74:f3:9c:b9:83:e7:0b:a1:51:20:22:
                    5b:08:09:81:fb:8d:d6:fc:c9:86:dd:b6:80:8a:85:
                    20:89:4a:fe:e9:54:a5:a1:97:69:93:21:b4:7f:07:
                    19:f5:b3:e7:04:ec:b6:98:c1:04:60:14:60:67:2b:
                    a1:b4:77:f3:51:66:3d:d2:8b:fe:d3:b5:68:d0:2a:
                    c2:5e:21:c1:59:6e:b8:c5:b2:d1:4d:25:6d:22:18:
                    b6:a5:35:c6:95:29:49:5e:94:c5:ed:c5:e0:64:a1:
                    d4:8c:1c:7c:bf:f1:db:93:cc:21:77:6a:72:3e:0f:
                    38:1c:33:1d:2a:63:d8:a8:ac:e1:45:68:23:30:da:
                    f4:cc:f7:ed:50:a6:51:6d:77:fc:7c:f6:a5:96:63:
                    79:8b:93:4f:0c:1a:15:a3:e1:ef:16:1f:3e:6e:ee:
                    1a:5f:59:87:7a:1a:2e:e8:95:16:ee:58:b3:7a:f4:
                    2d:4f:94:32:05:29:9d:a0:e1:7f:bd:e9:ed:b3:72:
                    48:11:ca:c5:5b:e2:4c:cf:7c:27:9b:e1:66:17:2a:
                    47:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:98:84:A6:EB:B5:F4:32:F4:0C:AF:04:A9:FC:A7:A8:61:57:91:04
            X509v3 Authority Key Identifier:
                keyid:13:E2:81:47:5B:7B:F8:D0:FA:1F:66:9D:5A:D2:DE:16:35:E8:C0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-KBR1t7-ND6H2adWtLeFjXowE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/OJiEpuu19DL0DK8EqfynqGFXkQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/05b5d8-4541-48a9-8c0a-44fd04393e2b/1/E-KBR1t7-ND6H2adWtLeFjXowE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:0e:12:e7:b7:7d:e4:d8:a1:d3:56:09:6d:83:5b:ef:c6:3d:
         95:96:73:23:a8:43:4c:79:fd:1f:da:61:74:eb:6c:5f:58:bd:
         71:1d:45:cf:9f:29:7f:0c:c6:4e:29:d0:21:3e:8e:64:18:d4:
         de:f5:08:3f:a1:be:34:24:e0:21:f7:d7:4b:46:d8:87:b3:0f:
         ca:c4:6d:21:6d:b0:a5:47:cc:21:00:36:b1:5b:5c:00:c9:f2:
         46:65:71:45:0b:e5:fe:ac:5f:19:44:46:59:16:ae:a4:6f:4a:
         a7:30:82:6c:43:ab:5b:bb:f2:a3:81:64:c6:82:aa:f6:7c:8b:
         db:14:07:6d:82:8b:bc:f3:3b:0a:9a:8c:22:3b:cd:22:95:2c:
         ff:f4:a5:d8:b0:cc:d8:87:63:dc:11:2f:d7:1b:9a:1f:59:46:
         21:fb:1a:65:b6:eb:2b:67:b1:e8:37:2e:11:62:80:60:cb:81:
         29:7b:55:29:28:27:90:08:68:42:da:d2:75:a8:02:3d:eb:a9:
         c4:47:20:ba:e9:a6:ff:a2:f4:9f:8c:d7:aa:c5:19:f7:f8:a0:
         ca:0b:6b:0d:1f:e7:1d:e0:3c:95:4c:87:bd:03:af:9b:1e:25:
         f9:55:cf:48:29:71:f4:2d:40:ba:5e:a4:8b:b1:1e:0d:0e:7f:
         43:7c:80:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl/jwcRsGYpldAsQUylDHL8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZTI4MTQ3NWI3YmY4ZDBmYTFmNjY5ZDVhZDJkZTE2MzVl
OGMwNGYwHhcNMjUwOTI1MDYyODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODk4ODRhNmViYjVmNDMyZjQwY2FmMDRhOWZjYTdhODYxNTc5MTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsztU6eKQwYecj9u52kCAI0O73Drp
w4qjEazqLxj3Efnvf2GLeLke8++Cz8f+aG4pdPOcuYPnC6FRICJbCAmB+43W/MmG
3baAioUgiUr+6VSloZdpkyG0fwcZ9bPnBOy2mMEEYBRgZyuhtHfzUWY90ov+07Vo
0CrCXiHBWW64xbLRTSVtIhi2pTXGlSlJXpTF7cXgZKHUjBx8v/Hbk8whd2pyPg84
HDMdKmPYqKzhRWgjMNr0zPftUKZRbXf8fPallmN5i5NPDBoVo+HvFh8+bu4aX1mH
ehou6JUW7lizevQtT5QyBSmdoOF/vents3JIEcrFW+JMz3wnm+FmFypHAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiYhKbrtfQy9AyvBKn8p6hhV5EEMB8GA1UdIwQY
MBaAFBPigUdbe/jQ+h9mnVrS3hY16MBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEt
NDRmZDA0MzkzZTJiLzEvT0ppRXB1dTE5REwwREs4RXFmeW5xR0ZYa1FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8wNWI1ZDgtNDU0MS00OGE5LThjMGEtNDRmZDA0MzkzZTJi
LzEvRS1LQlIxdDctTkQ2SDJhZFd0TGVGalhvd0U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVAyMA0G
CSqGSIb3DQEBCwUAA4IBAQCQDhLnt33k2KHTVgltg1vvxj2VlnMjqENMef0f2mF0
62xfWL1xHUXPnyl/DMZOKdAhPo5kGNTe9Qg/ob40JOAh99dLRtiHsw/KxG0hbbCl
R8whADaxW1wAyfJGZXFFC+X+rF8ZREZZFq6kb0qnMIJsQ6tbu/KjgWTGgqr2fIvb
FAdtgou88zsKmowiO80ilSz/9KXYsMzYh2PcES/XG5ofWUYh+xpltusrZ7HoNy4R
YoBgy4Epe1UpKCeQCGhC2tJ1qAI966nERyC66ab/ovSfjNeqxRn3+KDKC2sNH+cd
4DyVTIe9A6+bHiX5Vc9IKXH0LUC6XqSLsR4NDn9DfIAA
-----END CERTIFICATE-----