Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/4NmV2EA-4_XNyg8aS-3TPtxZvi4.roa
File:                     4NmV2EA-4_XNyg8aS-3TPtxZvi4.roa (raw, json)
Hash identifier:          +iPBXGnxxMXsqFCmUYvKQlhKW2jvl7XanfjVBcERplw=
Subject key identifier:   E0:D9:95:D8:40:3E:E3:F5:CD:CA:0F:1A:4B:ED:D3:3E:DC:59:BE:2E
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       01993389CFF70C7EA34AD92BAA0F58BFEDB6
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/4NmV2EA-4_XNyg8aS-3TPtxZvi4.roa
Signing time:             Wed 10 Sep 2025 12:11:33 +0000
ROA not before:           Wed 10 Sep 2025 12:11:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        45.133.108.0/22 maxlen: 22
                          45.147.152.0/24 maxlen: 24
                          185.60.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:89:cf:f7:0c:7e:a3:4a:d9:2b:aa:0f:58:bf:ed:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Sep 10 12:11:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0d995d8403ee3f5cdca0f1a4bedd33edc59be2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3e:3b:86:0c:15:3a:fd:a1:91:57:78:5a:9e:
                    37:95:83:ac:45:a0:e7:49:00:e0:56:1f:b1:df:0c:
                    cd:51:1a:3b:fd:04:6e:8e:9f:bc:65:7a:71:1d:cb:
                    6f:20:f4:61:ef:3b:1e:d7:14:a1:2e:48:7e:90:c5:
                    4e:02:41:52:d3:31:5f:fc:59:6f:99:2b:b0:ee:6a:
                    74:8d:cc:4a:a5:0f:7b:32:4b:b4:c5:c4:56:df:62:
                    de:ee:58:c5:a0:dd:6b:51:35:9f:f8:0f:19:94:ee:
                    84:a7:b4:0b:a5:9d:33:c7:8c:7e:92:3e:c2:cb:46:
                    06:bb:8e:ec:2f:9d:d8:ff:f4:0a:4f:c5:46:48:61:
                    79:53:1c:22:3e:cb:4c:12:59:3a:48:b7:47:91:25:
                    07:dd:12:80:6f:87:49:45:0b:56:3e:44:54:d7:82:
                    1d:28:88:f2:c7:e5:89:12:a3:70:10:c9:d0:e4:97:
                    1a:e7:72:25:82:68:e2:18:56:56:29:92:03:d2:04:
                    d2:45:dd:0d:90:f3:f5:ad:7c:d0:71:8a:b1:9c:ea:
                    83:93:6f:0f:91:73:de:e0:ca:f6:25:48:a2:b4:6e:
                    55:b4:f2:59:78:5f:28:40:73:b9:ff:89:e8:62:4d:
                    0f:b0:09:61:28:76:34:05:d0:00:22:cf:46:6e:4c:
                    b3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D9:95:D8:40:3E:E3:F5:CD:CA:0F:1A:4B:ED:D3:3E:DC:59:BE:2E
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/4NmV2EA-4_XNyg8aS-3TPtxZvi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.108.0/22
                  45.147.152.0/24
                  185.60.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:f7:8e:44:ed:f0:d0:71:a9:d1:2b:78:f3:d8:ff:93:1e:8d:
         dc:29:a3:65:d7:e1:6f:88:f2:a9:c4:3b:84:32:60:19:44:be:
         ad:bf:fd:9d:5e:83:68:69:fe:cb:17:e3:a7:8e:88:90:5f:60:
         2e:68:20:69:28:95:87:cf:bc:2c:9c:81:20:e0:03:70:92:e2:
         85:5d:8d:f6:30:7e:cb:01:20:f3:1c:72:c3:1b:8d:3a:fd:2c:
         97:69:7f:18:27:70:21:7c:d8:0e:1c:a4:c5:b6:14:7b:5e:d8:
         8c:6c:67:14:48:15:ab:9a:34:89:2f:c2:84:26:1c:cb:38:b3:
         27:12:b7:0e:a7:84:3c:c4:f3:a2:d3:2f:13:a1:00:c7:6e:1b:
         8b:46:50:91:32:8b:44:75:20:7d:c7:cf:4a:98:6a:62:69:87:
         df:64:c1:69:19:55:aa:4f:96:48:38:bc:9a:e8:9f:42:7a:55:
         f2:3b:6d:e4:67:2f:cc:63:30:a7:f7:9a:57:aa:9d:cb:b4:44:
         8f:a8:b1:14:e8:f1:62:dc:89:b4:fd:85:a0:0e:2c:3a:22:93:
         38:44:ae:1b:a0:66:43:41:99:33:a4:1c:95:87:31:dc:91:5e:
         b5:dc:40:87:c6:ed:24:71:11:b3:2d:7e:75:37:68:e0:12:a3:
         6e:2d:03:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkzic/3DH6jStkrqg9Yv+22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUwOTEwMTIxMTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGQ5OTVkODQwM2VlM2Y1Y2RjYTBmMWE0YmVkZDMzZWRjNTliZTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj47hgwVOv2hkVd4Wp43lYOsRaDn
SQDgVh+x3wzNURo7/QRujp+8ZXpxHctvIPRh7zse1xShLkh+kMVOAkFS0zFf/Flv
mSuw7mp0jcxKpQ97Mku0xcRW32Le7ljFoN1rUTWf+A8ZlO6Ep7QLpZ0zx4x+kj7C
y0YGu47sL53Y//QKT8VGSGF5UxwiPstMElk6SLdHkSUH3RKAb4dJRQtWPkRU14Id
KIjyx+WJEqNwEMnQ5Jca53IlgmjiGFZWKZID0gTSRd0NkPP1rXzQcYqxnOqDk28P
kXPe4Mr2JUiitG5VtPJZeF8oQHO5/4noYk0PsAlhKHY0BdAAIs9GbkyzywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFODZldhAPuP1zcoPGkvt0z7cWb4uMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvNE5tVjJFQS00X1hOeWc4YVMtM1RQdHhadmk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLYVsAwQA
LZOYAwQCuTyQMA0GCSqGSIb3DQEBCwUAA4IBAQAS945E7fDQcanRK3jz2P+THo3c
KaNl1+FviPKpxDuEMmAZRL6tv/2dXoNoaf7LF+OnjoiQX2AuaCBpKJWHz7wsnIEg
4ANwkuKFXY32MH7LASDzHHLDG406/SyXaX8YJ3AhfNgOHKTFthR7XtiMbGcUSBWr
mjSJL8KEJhzLOLMnErcOp4Q8xPOi0y8ToQDHbhuLRlCRMotEdSB9x89KmGpiaYff
ZMFpGVWqT5ZIOLya6J9CelXyO23kZy/MYzCn95pXqp3LtESPqLEU6PFi3Im0/YWg
Diw6IpM4RK4boGZDQZkzpByVhzHckV613ECHxu0kcRGzLX51N2jgEqNuLQNP
-----END CERTIFICATE-----