Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4LkBcAsH60Y0m4sjDykqzEXI1Sk.roa
File:                     4LkBcAsH60Y0m4sjDykqzEXI1Sk.roa (raw, json)
Hash identifier:          JaP407qv2XroPK5rb+48crR7hUs4Usjq32UPFFAgazY=
Subject key identifier:   E0:B9:01:70:0B:07:EB:46:34:9B:8B:23:0F:29:2A:CC:45:C8:D5:29
Certificate issuer:       /CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
Certificate serial:       0199095C207A59A732720F390A63D4D64749
Authority key identifier: A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4LkBcAsH60Y0m4sjDykqzEXI1Sk.roa
Signing time:             Tue 02 Sep 2025 07:37:36 +0000
ROA not before:           Tue 02 Sep 2025 07:37:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.146.200.0/23 maxlen: 23
                          45.146.200.0/24 maxlen: 24
                          45.146.202.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:5c:20:7a:59:a7:32:72:0f:39:0a:63:d4:d6:47:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a254a9f3a266513ddc6935d8be022e7e5230ea10
        Validity
            Not Before: Sep  2 07:37:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0b901700b07eb46349b8b230f292acc45c8d529
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:68:14:46:09:44:ea:f4:64:9f:7b:36:6a:a0:
                    ba:9c:4e:47:44:c2:69:cf:63:b8:aa:83:af:74:5c:
                    30:77:6b:bd:18:e8:b0:cc:df:b9:b0:ad:ec:82:2b:
                    dd:fb:c6:ce:e1:11:cc:91:d6:db:ec:c8:68:23:bd:
                    22:16:e6:24:96:0b:46:c4:38:c8:42:d8:74:c2:76:
                    d5:9a:17:46:9d:68:d5:fe:f5:79:26:72:93:a4:3d:
                    b4:65:25:ef:c3:dc:75:7a:3d:52:3e:2e:c7:d0:3a:
                    4d:96:fc:96:2b:92:14:70:b7:1a:6d:d5:c9:e0:12:
                    e7:e3:27:49:70:8a:01:c9:df:10:03:3b:51:c9:e2:
                    32:f9:be:4c:fe:8b:33:91:bc:23:b3:ce:dd:7c:26:
                    53:89:4b:5a:e9:b4:ab:a5:9a:34:e1:8b:c4:3d:24:
                    02:e3:6d:86:07:6a:74:fc:84:7b:39:df:15:5a:83:
                    e2:bd:69:2d:ec:71:d1:2c:73:20:99:91:ef:e8:e3:
                    fa:f7:44:30:7a:1c:e2:3d:30:eb:20:55:cb:4b:e1:
                    28:24:2c:3c:2e:5c:b0:10:a7:ad:0a:cb:a2:9a:86:
                    f9:3a:df:5f:e1:b0:1d:1c:95:f8:e6:51:2e:a5:b3:
                    d7:15:30:a6:aa:e8:3d:6a:b2:64:20:d7:fe:04:67:
                    0f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B9:01:70:0B:07:EB:46:34:9B:8B:23:0F:29:2A:CC:45:C8:D5:29
            X509v3 Authority Key Identifier:
                keyid:A2:54:A9:F3:A2:66:51:3D:DC:69:35:D8:BE:02:2E:7E:52:30:EA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/olSp86JmUT3caTXYvgIuflIw6hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/4LkBcAsH60Y0m4sjDykqzEXI1Sk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b60373-818e-40a9-9319-addf0e1849eb/1/olSp86JmUT3caTXYvgIuflIw6hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.146.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c0:b2:9c:d9:7d:be:75:76:0a:f0:b7:53:2d:17:80:b6:9c:fe:
         a3:ce:2b:2d:80:55:5c:1b:40:7f:e5:78:2c:82:2e:64:9c:4b:
         bd:0b:aa:03:0a:5e:fc:61:1e:a3:fc:55:76:17:cf:2b:59:53:
         27:2c:1d:4a:6b:30:ca:83:73:29:e7:2d:cc:5f:76:0e:b8:60:
         2b:d4:99:9e:11:5b:b1:82:fd:58:20:b9:ac:bb:a6:06:fd:84:
         ee:a0:38:05:95:dd:4f:21:2c:52:bb:56:35:9a:e8:b4:69:1d:
         03:57:6d:05:54:3a:22:3b:f4:e6:ea:4f:91:9b:08:53:40:04:
         17:ec:09:98:95:4d:73:14:a0:5a:55:0e:d1:d5:2e:30:24:d6:
         06:de:1f:91:7b:14:19:2e:1b:bf:c0:03:d4:77:23:3b:a4:c1:
         cd:bf:18:df:89:74:d5:97:6a:52:79:3f:5d:95:9d:69:49:28:
         62:c6:a0:07:f2:bb:44:d1:8e:9b:44:d0:33:ec:8d:88:53:b5:
         f0:35:da:37:97:90:60:a6:65:97:90:c4:31:71:9a:06:4a:80:
         3e:d7:3f:55:3a:66:38:4a:07:74:d3:57:0d:33:21:f8:69:20:
         2e:e2:b6:b6:b8:dc:1d:b0:94:54:ba:87:db:a7:09:ea:b5:8b:
         9c:af:0b:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJXCB6Wacycg85CmPU1kdJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNTRhOWYzYTI2NjUxM2RkYzY5MzVkOGJlMDIyZTdlNTIz
MGVhMTAwHhcNMjUwOTAyMDczNzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI5MDE3MDBiMDdlYjQ2MzQ5YjhiMjMwZjI5MmFjYzQ1YzhkNTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mgURglE6vRkn3s2aqC6nE5HRMJp
z2O4qoOvdFwwd2u9GOiwzN+5sK3sgivd+8bO4RHMkdbb7MhoI70iFuYklgtGxDjI
Qth0wnbVmhdGnWjV/vV5JnKTpD20ZSXvw9x1ej1SPi7H0DpNlvyWK5IUcLcabdXJ
4BLn4ydJcIoByd8QAztRyeIy+b5M/oszkbwjs87dfCZTiUta6bSrpZo04YvEPSQC
422GB2p0/IR7Od8VWoPivWkt7HHRLHMgmZHv6OP690QwehziPTDrIFXLS+EoJCw8
LlywEKetCsuimob5Ot9f4bAdHJX45lEupbPXFTCmqug9arJkINf+BGcP1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOC5AXALB+tGNJuLIw8pKsxFyNUpMB8GA1UdIwQY
MBaAFKJUqfOiZlE93Gk12L4CLn5SMOoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTkt
YWRkZjBlMTg0OWViLzEvNExrQmNBc0g2MFkwbTRzakR5a3F6RVhJMVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iNjAzNzMtODE4ZS00MGE5LTkzMTktYWRkZjBlMTg0OWVi
LzEvb2xTcDg2Sm1VVDNjYVRYWXZnSXVmbEl3NmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZLIMA0G
CSqGSIb3DQEBCwUAA4IBAQDAspzZfb51dgrwt1MtF4C2nP6jzistgFVcG0B/5Xgs
gi5knEu9C6oDCl78YR6j/FV2F88rWVMnLB1KazDKg3Mp5y3MX3YOuGAr1JmeEVux
gv1YILmsu6YG/YTuoDgFld1PISxSu1Y1mui0aR0DV20FVDoiO/Tm6k+RmwhTQAQX
7AmYlU1zFKBaVQ7R1S4wJNYG3h+RexQZLhu/wAPUdyM7pMHNvxjfiXTVl2pSeT9d
lZ1pSShixqAH8rtE0Y6bRNAz7I2IU7XwNdo3l5BgpmWXkMQxcZoGSoA+1z9VOmY4
Sgd001cNMyH4aSAu4ra2uNwdsJRUuofbpwnqtYucrwuS
-----END CERTIFICATE-----