Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/1jmJ2HwhrLQ2gbaEWJqzaryRG8c.roa
File:                     1jmJ2HwhrLQ2gbaEWJqzaryRG8c.roa (raw, json)
Hash identifier:          pO4VfZ/vbc6gNeT/zyuHOWdN7wKxeSrY9OMKhLOa++k=
Subject key identifier:   D6:39:89:D8:7C:21:AC:B4:36:81:B6:84:58:9A:B3:6A:BC:91:1B:C7
Certificate issuer:       /CN=75ea894ee05775e0ef061d086ca252147f5c91de
Certificate serial:       019A25F19E76F5AD449A685915AD3EE54830
Authority key identifier: 75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/1jmJ2HwhrLQ2gbaEWJqzaryRG8c.roa
Signing time:             Mon 27 Oct 2025 13:53:03 +0000
ROA not before:           Mon 27 Oct 2025 13:53:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57795
IP address blocks:        45.154.45.0/24 maxlen: 24
                          45.154.46.0/24 maxlen: 24
                          185.74.184.0/24 maxlen: 24
                          185.74.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 14:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:f1:9e:76:f5:ad:44:9a:68:59:15:ad:3e:e5:48:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75ea894ee05775e0ef061d086ca252147f5c91de
        Validity
            Not Before: Oct 27 13:53:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d63989d87c21acb43681b684589ab36abc911bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ed:5a:b0:54:2d:6a:9a:eb:76:8b:9d:76:87:
                    42:27:78:c1:fd:69:18:e0:59:c7:4a:08:5d:b2:6c:
                    05:1f:07:14:81:c9:28:ec:46:af:79:a4:61:37:7d:
                    ca:a2:df:21:11:8b:cb:0e:b0:ba:b1:b5:d0:4d:d5:
                    e9:37:7c:76:26:89:34:ef:61:4c:31:2e:29:89:d6:
                    e3:34:d0:0a:af:98:ec:d0:79:92:2e:4c:98:91:03:
                    72:18:61:8f:00:23:42:eb:01:3c:05:0d:14:d6:37:
                    20:ed:f9:f2:8e:b7:cf:44:4a:2a:85:fb:ca:64:bc:
                    99:a9:ff:e3:47:9b:97:40:57:a6:6a:2a:8f:2d:b3:
                    e7:7b:67:bf:49:cd:66:ff:ed:37:a6:75:32:5f:32:
                    96:f0:7b:58:a0:0f:3b:5e:da:a5:3c:d3:08:b3:b0:
                    64:9a:32:95:27:36:1b:2a:60:2e:e7:f9:eb:33:a4:
                    bd:88:1d:2b:3c:44:a1:b5:38:1e:34:01:06:dc:80:
                    02:70:f6:60:64:98:cd:55:fe:9b:7b:02:68:91:d5:
                    55:28:58:02:96:ae:e2:21:12:d9:77:51:cd:ef:4f:
                    b1:45:86:ac:34:0f:64:10:aa:ab:68:27:74:05:af:
                    08:34:f5:aa:22:8d:ec:e9:0f:cd:d9:17:89:11:bf:
                    f0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:39:89:D8:7C:21:AC:B4:36:81:B6:84:58:9A:B3:6A:BC:91:1B:C7
            X509v3 Authority Key Identifier:
                keyid:75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/1jmJ2HwhrLQ2gbaEWJqzaryRG8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.45.0-45.154.46.255
                  185.74.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:89:47:7c:4e:33:fd:8c:2a:b5:41:35:47:5d:e1:b9:fa:0f:
         b0:7a:b9:d9:15:42:22:22:a4:6b:cf:d9:cf:c5:d6:36:e1:0b:
         27:a6:92:3e:8f:80:bd:43:8b:82:f7:9a:4a:6e:8b:71:9a:4d:
         08:5a:14:af:fa:b1:58:e9:45:54:a5:33:1c:a7:61:d7:e1:2d:
         80:90:df:cc:9c:37:1c:b5:e3:dd:78:e7:f7:e6:6e:93:48:d9:
         69:ed:70:ad:03:1d:7a:36:6d:e9:63:54:4f:b3:df:ba:a6:66:
         6e:d6:56:8f:67:ad:59:5c:14:f5:1c:37:b1:aa:50:79:7b:c1:
         75:a9:ed:d1:b1:18:e0:e7:0b:48:90:45:4c:85:bd:9e:26:b1:
         d2:d8:8b:67:31:02:8f:bb:6b:e8:b4:46:5a:c8:34:2f:a5:e9:
         42:6c:f2:ab:c0:9f:f4:1e:04:9e:4a:d0:03:ca:2e:c5:27:94:
         1b:33:c2:5b:07:a1:a4:9d:49:89:0c:5b:ba:7e:a5:a4:dd:78:
         70:8f:65:93:45:d6:90:90:d8:10:ec:eb:bd:c8:bc:63:4a:4e:
         54:a7:fc:b2:0f:9c:50:7c:de:f5:e9:35:4e:23:9a:8a:c6:91:
         fc:db:75:c5:83:ea:f7:c7:df:c5:bf:8c:be:a7:e0:f9:9b:3e:
         3f:33:96:19
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZol8Z529a1EmmhZFa0+5UgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZWE4OTRlZTA1Nzc1ZTBlZjA2MWQwODZjYTI1MjE0N2Y1
YzkxZGUwHhcNMjUxMDI3MTM1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjM5ODlkODdjMjFhY2I0MzY4MWI2ODQ1ODlhYjM2YWJjOTExYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvu1asFQtaprrdouddodCJ3jB/WkY
4FnHSghdsmwFHwcUgcko7EaveaRhN33Kot8hEYvLDrC6sbXQTdXpN3x2Jok072FM
MS4pidbjNNAKr5js0HmSLkyYkQNyGGGPACNC6wE8BQ0U1jcg7fnyjrfPREoqhfvK
ZLyZqf/jR5uXQFemaiqPLbPne2e/Sc1m/+03pnUyXzKW8HtYoA87XtqlPNMIs7Bk
mjKVJzYbKmAu5/nrM6S9iB0rPEShtTgeNAEG3IACcPZgZJjNVf6bewJokdVVKFgC
lq7iIRLZd1HN70+xRYasNA9kEKqraCd0Ba8INPWqIo3s6Q/N2ReJEb/wCQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNY5idh8Iay0NoG2hFias2q8kRvHMB8GA1UdIwQY
MBaAFHXqiU7gV3Xg7wYdCGyiUhR/XJHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEt
YjdmMjk4NGViNjUzLzEvMWptSjJId2hyTFEyZ2JhRVdKcXphcnlSRzhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEtYjdmMjk4NGViNjUz
LzEvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAtmi0D
BAAtmi4DBAG5SrgwDQYJKoZIhvcNAQELBQADggEBAFuJR3xOM/2MKrVBNUdd4bn6
D7B6udkVQiIipGvP2c/F1jbhCyemkj6PgL1Di4L3mkpui3GaTQhaFK/6sVjpRVSl
MxynYdfhLYCQ38ycNxy149145/fmbpNI2WntcK0DHXo2beljVE+z37qmZm7WVo9n
rVlcFPUcN7GqUHl7wXWp7dGxGODnC0iQRUyFvZ4msdLYi2cxAo+7a+i0RlrINC+l
6UJs8qvAn/QeBJ5K0APKLsUnlBszwlsHoaSdSYkMW7p+paTdeHCPZZNF1pCQ2BDs
673IvGNKTlSn/LIPnFB83vXpNU4jmorGkfzbdcWD6vfH38W/jL6n4PmbPj8zlhk=
-----END CERTIFICATE-----