Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/_EZYAYWnkWrx8GFoMW8-0cKUYHM.roa
File:                     _EZYAYWnkWrx8GFoMW8-0cKUYHM.roa (raw, json)
Hash identifier:          bCRFxl+U0kW3hioIG33Wb/3TS856q+Il3KxpuubGmqA=
Subject key identifier:   FC:46:58:01:85:A7:91:6A:F1:F0:61:68:31:6F:3E:D1:C2:94:60:73
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       019A54AF904EF36A1195A9C54462683BC21A
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/_EZYAYWnkWrx8GFoMW8-0cKUYHM.roa
Signing time:             Wed 05 Nov 2025 15:43:03 +0000
ROA not before:           Wed 05 Nov 2025 15:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        45.11.79.0/24 maxlen: 24
                          45.81.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Nov 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:54:af:90:4e:f3:6a:11:95:a9:c5:44:62:68:3b:c2:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Nov  5 15:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc46580185a7916af1f06168316f3ed1c2946073
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:16:63:04:7d:fe:f2:25:d5:73:0a:9d:69:ea:
                    7b:56:b4:de:61:ce:10:ab:1b:42:c8:e0:f6:a0:8c:
                    c9:5f:43:5f:ef:4d:0a:bf:a3:64:96:d7:39:06:dc:
                    61:1d:11:64:dc:32:ce:94:d3:db:08:82:f1:2c:8e:
                    5c:e2:5e:ab:51:ab:9c:87:5a:0e:19:d3:6b:a6:fc:
                    37:e3:aa:f8:e0:be:df:31:c6:a0:d7:f2:8a:07:1f:
                    35:7c:a8:73:ab:92:db:d3:75:41:89:98:eb:05:13:
                    08:c8:ad:d0:fc:66:77:1c:85:71:e4:cc:0b:91:51:
                    15:47:1c:84:e2:75:4d:07:81:58:eb:0a:08:dd:ba:
                    eb:dc:4a:46:47:5d:db:7a:31:51:0d:f1:ee:9f:36:
                    1d:d8:91:a9:85:52:8e:89:4b:dd:61:b4:c8:ab:d4:
                    a4:5b:ad:ac:8f:58:ba:1d:b5:20:cb:d4:88:47:75:
                    a6:00:0c:56:f9:38:54:c8:9d:3e:59:1c:db:c5:7c:
                    c4:75:fa:d0:47:f3:25:8b:09:27:91:5c:0b:e7:69:
                    1b:2f:5f:83:dd:6e:df:3a:be:71:04:f3:f9:65:fd:
                    06:a4:50:ae:fa:6d:54:e1:bd:c0:80:6d:9d:0b:10:
                    dd:fe:02:53:4f:6d:2a:b4:19:80:81:b1:c3:5b:4c:
                    df:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:46:58:01:85:A7:91:6A:F1:F0:61:68:31:6F:3E:D1:C2:94:60:73
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/_EZYAYWnkWrx8GFoMW8-0cKUYHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.79.0/24
                  45.81.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:1b:35:0f:ae:87:e7:b2:71:b2:56:48:76:a9:43:d7:cb:3d:
         79:2f:c8:9f:b8:12:26:48:55:8f:05:60:bf:7e:9b:61:70:6c:
         f6:80:5f:45:3e:70:6f:da:5a:1f:04:7d:e0:8b:c2:3b:14:0d:
         ad:46:84:eb:77:95:1a:56:2b:68:5b:97:53:a9:7f:35:0a:ad:
         aa:70:59:7e:e8:fb:10:82:85:3a:b1:06:38:ca:6d:0f:74:69:
         65:92:0b:30:d5:57:74:41:91:a0:36:8d:14:ae:3a:bf:32:4d:
         2f:28:e1:e7:bd:e1:91:8c:bf:a6:99:6f:fc:d0:51:da:2d:fd:
         16:f6:be:d4:c2:88:40:26:71:1d:04:a8:75:32:d2:64:11:70:
         ed:80:46:b5:74:44:16:d8:09:89:ce:42:18:02:7e:a4:88:2c:
         14:2e:dc:4b:a2:cd:e9:2c:9e:12:e0:cf:d3:c0:51:ea:65:ac:
         fb:9f:4a:b1:97:59:e4:52:8b:ea:34:07:b9:ad:45:a5:3c:e0:
         16:e6:73:07:41:b2:b1:4c:d1:11:e9:7f:5c:f4:41:77:98:3d:
         0e:87:4d:26:11:50:10:1c:0e:63:27:57:b5:23:c3:37:07:69:
         45:c2:fd:68:65:a1:79:2f:26:41:e4:23:cb:d5:03:f5:ec:29:
         b7:2c:b0:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZpUr5BO82oRlanFRGJoO8IaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjUxMTA1MTU0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ2NTgwMTg1YTc5MTZhZjFmMDYxNjgzMTZmM2VkMWMyOTQ2MDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRZjBH3+8iXVcwqdaep7VrTeYc4Q
qxtCyOD2oIzJX0Nf700Kv6Nkltc5BtxhHRFk3DLOlNPbCILxLI5c4l6rUauch1oO
GdNrpvw346r44L7fMcag1/KKBx81fKhzq5Lb03VBiZjrBRMIyK3Q/GZ3HIVx5MwL
kVEVRxyE4nVNB4FY6woI3brr3EpGR13bejFRDfHunzYd2JGphVKOiUvdYbTIq9Sk
W62sj1i6HbUgy9SIR3WmAAxW+ThUyJ0+WRzbxXzEdfrQR/MliwknkVwL52kbL1+D
3W7fOr5xBPP5Zf0GpFCu+m1U4b3AgG2dCxDd/gJTT20qtBmAgbHDW0zfDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPxGWAGFp5Fq8fBhaDFvPtHClGBzMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvX0VaWUFZV25rV3J4OEdGb01XOC0wY0tVWUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQtPAwQA
LVEjMA0GCSqGSIb3DQEBCwUAA4IBAQCRGzUProfnsnGyVkh2qUPXyz15L8ifuBIm
SFWPBWC/fpthcGz2gF9FPnBv2lofBH3gi8I7FA2tRoTrd5UaVitoW5dTqX81Cq2q
cFl+6PsQgoU6sQY4ym0PdGllkgsw1Vd0QZGgNo0Urjq/Mk0vKOHnveGRjL+mmW/8
0FHaLf0W9r7UwohAJnEdBKh1MtJkEXDtgEa1dEQW2AmJzkIYAn6kiCwULtxLos3p
LJ4S4M/TwFHqZaz7n0qxl1nkUovqNAe5rUWlPOAW5nMHQbKxTNER6X9c9EF3mD0O
h00mEVAQHA5jJ1e1I8M3B2lFwv1oZaF5LyZB5CPL1QP17Cm3LLCi
-----END CERTIFICATE-----