Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/G350oN6xck9sDuFPco_m0pUGJ-4.roa
File:                     G350oN6xck9sDuFPco_m0pUGJ-4.roa (raw, json)
Hash identifier:          lAZMvwW39peHPp7Gi+NQnv+PV4aVrgoRzPsjZkOfCAA=
Subject key identifier:   1B:7E:74:A0:DE:B1:72:4F:6C:0E:E1:4F:72:8F:E6:D2:95:06:27:EE
Certificate issuer:       /CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
Certificate serial:       019A2C73E12365159CA49009F5ADBD41349F
Authority key identifier: 8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/G350oN6xck9sDuFPco_m0pUGJ-4.roa
Signing time:             Tue 28 Oct 2025 20:13:02 +0000
ROA not before:           Tue 28 Oct 2025 20:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53991
IP address blocks:        45.11.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Nov 2025 06:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2c:73:e1:23:65:15:9c:a4:90:09:f5:ad:bd:41:34:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
        Validity
            Not Before: Oct 28 20:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b7e74a0deb1724f6c0ee14f728fe6d2950627ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:02:26:ff:86:de:2d:9c:87:a3:18:ac:48:1a:
                    4c:a2:1c:12:b9:48:37:2d:d2:bd:9e:ea:ca:d5:1f:
                    99:a4:14:c4:49:ad:48:c7:60:f7:1f:f5:e6:fb:7c:
                    1f:ee:e5:1e:3a:2a:36:21:92:0c:2c:ee:8c:5c:8a:
                    bc:2a:68:77:50:b7:1e:52:0a:3f:99:ab:c3:78:d6:
                    9f:8c:1b:5d:b8:eb:86:eb:41:ee:88:bb:30:9a:34:
                    4d:48:09:02:cd:89:62:3c:7d:f9:04:1d:3c:e6:4a:
                    e9:3d:3c:fc:dd:d9:63:54:63:1a:3d:38:bb:e7:be:
                    ee:25:7d:c4:b6:f9:b0:76:56:31:c9:76:91:2e:cb:
                    23:f7:12:1c:27:fc:9d:58:71:03:06:87:be:48:42:
                    e2:a5:e0:de:18:ea:f7:66:e6:28:af:d6:84:15:88:
                    11:5a:90:cc:c2:a8:eb:de:d6:21:f9:42:67:01:77:
                    d5:12:b3:a6:0f:4d:1e:d3:93:00:cb:c9:89:d4:f1:
                    e8:9d:78:82:be:47:02:a1:29:c6:b6:24:84:88:3a:
                    8e:8e:40:c5:f8:54:47:0c:f7:a4:96:36:77:13:a1:
                    b8:05:3a:11:72:a6:70:19:bc:e6:18:b4:4f:d6:e1:
                    c7:41:4b:fb:aa:d9:3c:7a:a9:6e:18:57:12:a1:3d:
                    6a:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:7E:74:A0:DE:B1:72:4F:6C:0E:E1:4F:72:8F:E6:D2:95:06:27:EE
            X509v3 Authority Key Identifier:
                keyid:8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/G350oN6xck9sDuFPco_m0pUGJ-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:20:b7:47:87:d5:3a:98:c1:3f:a7:ec:40:b5:9a:39:35:8c:
         da:ef:42:45:55:a4:e1:1c:28:6f:ad:82:26:5e:9b:e1:61:ca:
         63:e5:a2:b8:77:c1:41:3a:16:3a:79:7e:75:95:9b:21:50:a2:
         09:17:55:ae:d1:98:fc:f8:66:e1:ac:0c:ed:85:59:d7:19:41:
         ed:64:f5:c8:b3:ce:bf:16:1d:54:0e:4c:1f:e8:4b:ec:95:98:
         cd:a6:6f:93:61:40:3f:67:84:8b:3d:c7:c7:07:21:02:2c:3c:
         2c:8e:2e:7c:b7:fd:53:61:98:cd:5a:62:50:a6:54:8d:33:84:
         27:de:6c:c5:0f:e0:02:eb:ab:93:06:2f:eb:e1:dc:68:ec:c8:
         7a:ee:d6:5c:ae:0e:17:38:96:e5:3f:1d:32:d1:d9:54:77:dc:
         6b:81:bc:c5:21:cc:8a:90:70:c5:84:d5:bc:b7:35:02:da:06:
         fc:c6:c7:7f:8a:19:44:b2:7e:b9:49:80:02:8c:5a:e5:df:79:
         b9:4e:71:43:47:6b:17:77:6a:b4:2b:20:7e:4b:cd:b2:3e:e0:
         fe:2e:9f:66:2f:af:e7:ea:a9:9c:ea:1c:95:8b:0d:40:37:de:
         3c:74:cc:32:82:b2:5e:54:36:04:46:70:27:c6:83:b8:bd:5d:
         40:d2:6e:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZosc+EjZRWcpJAJ9a29QTSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWI0YzBjZjIxYzFhM2Q2ZWE0MTA2OGNiZTkwOGJlMzg4
ZTQ1MGEwHhcNMjUxMDI4MjAxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjdlNzRhMGRlYjE3MjRmNmMwZWUxNGY3MjhmZTZkMjk1MDYyN2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugIm/4beLZyHoxisSBpMohwSuUg3
LdK9nurK1R+ZpBTESa1Ix2D3H/Xm+3wf7uUeOio2IZIMLO6MXIq8Kmh3ULceUgo/
mavDeNafjBtduOuG60HuiLswmjRNSAkCzYliPH35BB085krpPTz83dljVGMaPTi7
577uJX3EtvmwdlYxyXaRLssj9xIcJ/ydWHEDBoe+SELipeDeGOr3ZuYor9aEFYgR
WpDMwqjr3tYh+UJnAXfVErOmD00e05MAy8mJ1PHonXiCvkcCoSnGtiSEiDqOjkDF
+FRHDPekljZ3E6G4BToRcqZwGbzmGLRP1uHHQUv7qtk8eqluGFcSoT1qLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBt+dKDesXJPbA7hT3KP5tKVBifuMB8GA1UdIwQY
MBaAFIqrTAzyHBo9bqQQaMvpCL44jkUKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMt
NTM3YjFiNDlkZmU3LzEvRzM1MG9ONnhjazlzRHVGUGNvX20wcFVHSi00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMtNTM3YjFiNDlkZmU3
LzEvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQuAMA0G
CSqGSIb3DQEBCwUAA4IBAQBpILdHh9U6mME/p+xAtZo5NYza70JFVaThHChvrYIm
XpvhYcpj5aK4d8FBOhY6eX51lZshUKIJF1Wu0Zj8+GbhrAzthVnXGUHtZPXIs86/
Fh1UDkwf6EvslZjNpm+TYUA/Z4SLPcfHByECLDwsji58t/1TYZjNWmJQplSNM4Qn
3mzFD+AC66uTBi/r4dxo7Mh67tZcrg4XOJblPx0y0dlUd9xrgbzFIcyKkHDFhNW8
tzUC2gb8xsd/ihlEsn65SYACjFrl33m5TnFDR2sXd2q0KyB+S82yPuD+Lp9mL6/n
6qmc6hyViw1AN948dMwygrJeVDYERnAnxoO4vV1A0m7V
-----END CERTIFICATE-----