Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/R31VLBewgiodlHNc96NZMod-BMs.roa
File:                     R31VLBewgiodlHNc96NZMod-BMs.roa (raw, json)
Hash identifier:          L1tzfKdGbqAYKzdHCS4ryKzvNcfxJIW6KvE4rua2XQw=
Subject key identifier:   47:7D:55:2C:17:B0:82:2A:1D:94:73:5C:F7:A3:59:32:87:7E:04:CB
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       0199C9C903FE409676452D08B89223F4B8CF
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/R31VLBewgiodlHNc96NZMod-BMs.roa
Signing time:             Thu 09 Oct 2025 16:23:38 +0000
ROA not before:           Thu 09 Oct 2025 16:23:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401443
IP address blocks:        45.145.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Oct 2025 20:33:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c9:c9:03:fe:40:96:76:45:2d:08:b8:92:23:f4:b8:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Oct  9 16:23:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=477d552c17b0822a1d94735cf7a35932877e04cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:47:18:b2:e7:0d:97:02:52:ec:46:31:f1:45:
                    be:52:42:83:4a:6c:0b:4f:52:1e:55:18:61:82:67:
                    a4:16:ac:3e:b4:c5:b3:1e:8a:09:c9:01:ae:14:0f:
                    38:f7:bd:67:6f:d7:82:55:49:cd:95:a5:c6:67:ae:
                    9e:1d:31:46:f3:1f:9f:0c:59:6c:7d:36:39:8c:ca:
                    8f:d1:63:0d:5d:6d:dc:91:b0:6a:07:71:86:b5:18:
                    a8:64:46:45:7e:e8:29:b3:52:30:f5:ac:c9:e2:e5:
                    45:86:c5:ad:be:70:79:3f:0c:5a:60:b1:2d:64:15:
                    74:49:b2:9a:18:9b:5e:62:98:08:da:a3:d0:3b:9f:
                    ff:a5:3c:97:5f:d1:d0:44:8f:33:20:b0:f0:db:0f:
                    4c:9f:11:f2:c9:2b:f5:c0:9f:65:6f:07:74:e1:89:
                    48:eb:86:bb:1f:4a:33:55:41:b6:7b:84:ce:e7:7d:
                    f5:e1:e5:e9:7f:58:36:bf:00:31:32:0c:0f:08:12:
                    e0:f9:58:c2:4a:86:a9:71:b0:6d:2e:a9:21:a3:45:
                    83:33:49:e8:19:a6:b7:ac:f9:31:93:ab:1c:58:c5:
                    e1:64:88:73:4c:81:ce:5c:25:a1:b0:1e:cb:0e:72:
                    b6:11:5f:1e:01:1c:c7:67:c3:30:be:3a:bd:0d:b2:
                    8f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7D:55:2C:17:B0:82:2A:1D:94:73:5C:F7:A3:59:32:87:7E:04:CB
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/R31VLBewgiodlHNc96NZMod-BMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:47:0d:0a:cc:66:ff:c6:ce:39:e8:d7:85:cf:c4:7b:ba:8b:
         1d:99:98:44:5a:d9:09:28:e6:59:53:bd:22:0b:93:ad:bc:4e:
         1f:be:98:b0:3b:1b:d9:52:98:17:36:93:50:b0:29:29:b7:4d:
         5a:1d:1f:cb:31:3f:37:51:67:60:c3:bb:b2:35:e7:53:0d:ca:
         a1:c0:cf:f6:a0:e6:f9:88:8d:97:2e:ae:ad:98:8a:e3:50:03:
         18:55:05:0b:13:c2:0a:a5:c9:23:c5:65:68:db:d0:bd:d9:46:
         97:e3:a9:a5:e9:dd:f5:cc:bb:4b:1b:0d:87:5a:e9:f6:3b:f4:
         5d:2a:8a:29:5a:ae:8e:70:33:1d:b3:82:a8:30:fc:bd:fb:80:
         0a:81:07:93:c3:4c:59:00:f9:a6:73:c5:f7:9d:42:85:8b:f8:
         78:29:90:ed:d7:b0:79:8d:c9:f7:f0:c8:9a:62:33:5c:93:83:
         0a:05:08:65:b4:d4:6e:db:a9:20:60:dd:2e:13:5e:31:da:94:
         86:c8:e9:41:92:e8:0c:f7:28:23:22:cc:66:80:43:ee:31:cc:
         51:fc:f7:e6:8d:93:f4:5c:f9:d1:ee:48:43:3f:00:0b:1f:99:
         32:d4:b0:1d:7a:88:af:c3:3c:fa:ed:fe:f8:ad:7e:f8:35:08:
         b4:a9:19:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnJyQP+QJZ2RS0IuJIj9LjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUxMDA5MTYyMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzdkNTUyYzE3YjA4MjJhMWQ5NDczNWNmN2EzNTkzMjg3N2UwNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkcYsucNlwJS7EYx8UW+UkKDSmwL
T1IeVRhhgmekFqw+tMWzHooJyQGuFA84971nb9eCVUnNlaXGZ66eHTFG8x+fDFls
fTY5jMqP0WMNXW3ckbBqB3GGtRioZEZFfugps1Iw9azJ4uVFhsWtvnB5PwxaYLEt
ZBV0SbKaGJteYpgI2qPQO5//pTyXX9HQRI8zILDw2w9MnxHyySv1wJ9lbwd04YlI
64a7H0ozVUG2e4TO53314eXpf1g2vwAxMgwPCBLg+VjCSoapcbBtLqkho0WDM0no
Gaa3rPkxk6scWMXhZIhzTIHOXCWhsB7LDnK2EV8eARzHZ8Mwvjq9DbKP1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd9VSwXsIIqHZRzXPejWTKHfgTLMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvUjMxVkxCZXdnaW9kbEhOYzk2TlpNb2QtQk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGaMA0G
CSqGSIb3DQEBCwUAA4IBAQAnRw0KzGb/xs456NeFz8R7uosdmZhEWtkJKOZZU70i
C5OtvE4fvpiwOxvZUpgXNpNQsCkpt01aHR/LMT83UWdgw7uyNedTDcqhwM/2oOb5
iI2XLq6tmIrjUAMYVQULE8IKpckjxWVo29C92UaX46ml6d31zLtLGw2HWun2O/Rd
KoopWq6OcDMds4KoMPy9+4AKgQeTw0xZAPmmc8X3nUKFi/h4KZDt17B5jcn38Mia
YjNck4MKBQhltNRu26kgYN0uE14x2pSGyOlBkugM9ygjIsxmgEPuMcxR/PfmjZP0
XPnR7khDPwALH5ky1LAdeoivwzz67f74rX74NQi0qRk+
-----END CERTIFICATE-----