Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/pgNfMkpp3i69CoBAR_borZj9z3E.roa
File:                     pgNfMkpp3i69CoBAR_borZj9z3E.roa (raw, json)
Hash identifier:          zObb1YXEsof5rty353AjV2YuXW0tkbylm0QLsUYgMRY=
Subject key identifier:   A6:03:5F:32:4A:69:DE:2E:BD:0A:80:40:47:F6:E8:AD:98:FD:CF:71
Certificate issuer:       /CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
Certificate serial:       01991405203CB646AD305572F676F4EE389F
Authority key identifier: BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/pgNfMkpp3i69CoBAR_borZj9z3E.roa
Signing time:             Thu 04 Sep 2025 09:18:24 +0000
ROA not before:           Thu 04 Sep 2025 09:18:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        45.149.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:05:20:3c:b6:46:ad:30:55:72:f6:76:f4:ee:38:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4d0e69ab769f65bb2b155bdfa83a7186eeac44
        Validity
            Not Before: Sep  4 09:18:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6035f324a69de2ebd0a804047f6e8ad98fdcf71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0c:4e:01:57:bf:10:82:c5:51:7b:e4:bc:34:
                    69:5d:e2:6b:1d:89:a8:1b:9b:9c:20:c4:1a:f3:bd:
                    24:4d:e6:41:f4:b7:d7:46:56:0f:7f:d0:79:2d:c1:
                    99:82:51:75:7f:2a:5c:86:26:89:db:ab:9d:33:f2:
                    a5:37:a5:bb:26:5a:18:ae:6c:6f:11:7f:96:51:ec:
                    06:20:05:42:f3:ad:96:fc:ed:a2:37:06:12:37:08:
                    3f:99:69:16:3d:c2:22:e8:94:4f:fa:7c:b6:1f:8a:
                    85:84:de:d1:51:46:d6:3c:df:d4:ed:78:d4:42:45:
                    12:2d:0e:c5:70:31:4f:2c:49:7a:be:09:ef:88:8b:
                    67:41:a4:29:76:aa:49:6d:eb:96:62:3c:84:3a:30:
                    f7:9b:4f:42:d5:43:f5:cb:f8:0c:db:c8:02:5e:f9:
                    00:92:4b:1a:45:7d:10:74:f8:4e:6b:b1:d5:7f:e7:
                    a7:bf:55:8a:2f:c6:74:99:b5:29:92:4e:4e:95:ad:
                    c0:0e:0c:03:e6:d5:23:73:a3:73:7a:a8:68:84:85:
                    87:89:19:23:01:ae:c0:25:5d:b1:ff:18:a6:4a:5b:
                    22:f0:05:ec:e0:bc:8f:ad:5e:7a:cc:18:c4:56:12:
                    8e:8c:5e:a3:b5:20:b3:58:1c:c7:be:db:5d:f4:88:
                    06:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:03:5F:32:4A:69:DE:2E:BD:0A:80:40:47:F6:E8:AD:98:FD:CF:71
            X509v3 Authority Key Identifier:
                keyid:BA:4D:0E:69:AB:76:9F:65:BB:2B:15:5B:DF:A8:3A:71:86:EE:AC:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uk0Oaat2n2W7KxVb36g6cYburEQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/pgNfMkpp3i69CoBAR_borZj9z3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/3d6d6c-f58d-42e6-b688-8eff3fd3c48a/1/uk0Oaat2n2W7KxVb36g6cYburEQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1a:d8:a3:22:3a:2a:50:2a:ac:16:ea:f0:6e:6f:24:07:50:
         07:a0:1c:67:e8:3f:4d:f4:78:d4:eb:dc:53:41:1b:39:8b:ae:
         75:2f:5f:ce:e6:a1:04:02:0a:c0:8b:29:f7:aa:7f:66:1b:e1:
         0a:1e:75:cc:e3:fe:bd:cf:c5:98:90:04:00:f5:23:79:b0:5a:
         66:ed:b8:4a:dd:6f:56:f4:9a:76:c7:e3:0c:11:9b:cd:39:79:
         d0:7c:17:a4:2d:bb:45:a4:f7:c3:92:8e:3d:ac:69:f7:3a:c5:
         03:6e:6f:1e:01:72:61:de:a8:7d:dc:dd:ab:a1:4a:3d:00:7b:
         bf:bb:e4:9e:f4:89:3d:ba:24:68:7d:03:d4:7e:cb:42:b0:4e:
         d2:e1:c5:c5:b4:50:5a:54:58:e2:24:3f:d7:b0:b6:e3:24:bd:
         7c:06:3a:76:d7:e4:4a:93:72:f7:20:dd:a7:c8:4f:41:0c:cb:
         9b:88:17:8b:e0:18:9d:f6:a0:25:cd:9f:6a:05:ca:44:55:17:
         79:39:13:85:12:06:aa:81:c6:f5:6a:d3:84:ef:8c:c3:9e:8c:
         a9:ba:80:45:5a:93:41:93:1b:90:11:9b:9f:d1:22:14:e2:fa:
         e4:a1:f1:fa:4c:5b:88:41:b9:bb:67:84:e9:94:86:85:92:9a:
         d3:92:57:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkUBSA8tkatMFVy9nb07jifMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGQwZTY5YWI3NjlmNjViYjJiMTU1YmRmYTgzYTcxODZl
ZWFjNDQwHhcNMjUwOTA0MDkxODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjAzNWYzMjRhNjlkZTJlYmQwYTgwNDA0N2Y2ZThhZDk4ZmRjZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwxOAVe/EILFUXvkvDRpXeJrHYmo
G5ucIMQa870kTeZB9LfXRlYPf9B5LcGZglF1fypchiaJ26udM/KlN6W7JloYrmxv
EX+WUewGIAVC862W/O2iNwYSNwg/mWkWPcIi6JRP+ny2H4qFhN7RUUbWPN/U7XjU
QkUSLQ7FcDFPLEl6vgnviItnQaQpdqpJbeuWYjyEOjD3m09C1UP1y/gM28gCXvkA
kksaRX0QdPhOa7HVf+env1WKL8Z0mbUpkk5Ola3ADgwD5tUjc6NzeqhohIWHiRkj
Aa7AJV2x/ximSlsi8AXs4LyPrV56zBjEVhKOjF6jtSCzWBzHvttd9IgG4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYDXzJKad4uvQqAQEf26K2Y/c9xMB8GA1UdIwQY
MBaAFLpNDmmrdp9luysVW9+oOnGG7qxEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgt
OGVmZjNmZDNjNDhhLzEvcGdOZk1rcHAzaTY5Q29CQVJfYm9yWmo5ejNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC8zZDZkNmMtZjU4ZC00MmU2LWI2ODgtOGVmZjNmZDNjNDhh
LzEvdWswT2FhdDJuMlc3S3hWYjM2ZzZjWWJ1ckVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWkMA0G
CSqGSIb3DQEBCwUAA4IBAQAmGtijIjoqUCqsFurwbm8kB1AHoBxn6D9N9HjU69xT
QRs5i651L1/O5qEEAgrAiyn3qn9mG+EKHnXM4/69z8WYkAQA9SN5sFpm7bhK3W9W
9Jp2x+MMEZvNOXnQfBekLbtFpPfDko49rGn3OsUDbm8eAXJh3qh93N2roUo9AHu/
u+Se9Ik9uiRofQPUfstCsE7S4cXFtFBaVFjiJD/XsLbjJL18Bjp21+RKk3L3IN2n
yE9BDMubiBeL4Bid9qAlzZ9qBcpEVRd5OROFEgaqgcb1atOE74zDnoypuoBFWpNB
kxuQEZuf0SIU4vrkofH6TFuIQbm7Z4TplIaFkprTkldI
-----END CERTIFICATE-----