Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/RV1rjCwSnXKPzqWOYcizuue6Tmw.roa
File:                     RV1rjCwSnXKPzqWOYcizuue6Tmw.roa (raw, json)
Hash identifier:          ZJyuiQwoYun/WqH4NVoy2nm760NToV5F7bd+tbvhpZI=
Subject key identifier:   45:5D:6B:8C:2C:12:9D:72:8F:CE:A5:8E:61:C8:B3:BA:E7:BA:4E:6C
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       0199C86B480FED8DEB78AD2499F1FFC73768
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/RV1rjCwSnXKPzqWOYcizuue6Tmw.roa
Signing time:             Thu 09 Oct 2025 10:01:38 +0000
ROA not before:           Thu 09 Oct 2025 10:01:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     984
IP address blocks:        45.155.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c8:6b:48:0f:ed:8d:eb:78:ad:24:99:f1:ff:c7:37:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Oct  9 10:01:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=455d6b8c2c129d728fcea58e61c8b3bae7ba4e6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ec:d3:bf:77:0f:cb:db:f1:bb:54:c7:1a:ea:
                    53:13:4c:19:75:7e:44:24:2f:05:3d:8c:21:2b:23:
                    8d:e2:81:b6:31:31:86:20:5b:71:fc:fe:ef:41:3d:
                    88:be:3d:8b:80:6c:c7:b7:a6:f4:41:01:bb:b1:76:
                    66:2a:d1:53:4b:34:0f:da:78:27:7c:89:80:a9:8f:
                    e8:cd:f6:01:89:ea:79:3b:d1:24:7c:4a:1f:5e:09:
                    ed:80:2b:92:ee:72:3a:75:02:56:8f:b5:43:f6:02:
                    39:b4:48:80:26:17:99:e5:24:db:2a:5c:64:10:26:
                    49:97:5e:da:bb:95:ee:24:e6:57:09:fb:d2:a8:a9:
                    63:48:28:da:c9:ec:02:b7:9d:64:8c:3b:4d:32:3b:
                    eb:2e:0b:ef:47:31:08:e4:ad:d5:9b:24:40:00:f1:
                    ed:f8:a7:32:84:19:9b:48:7d:93:8b:40:23:77:33:
                    02:27:7e:e4:79:d5:0e:eb:82:2d:77:0d:fe:f1:b8:
                    37:dd:48:d0:b8:56:ee:10:a9:77:8d:b4:eb:06:0e:
                    13:14:bc:c4:2c:91:64:02:02:c1:aa:99:02:78:6d:
                    1b:04:2d:a8:5a:69:ba:90:27:03:d3:a8:2a:1d:6f:
                    16:f7:31:75:1a:28:49:e8:c4:87:c2:86:82:23:d8:
                    dc:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:5D:6B:8C:2C:12:9D:72:8F:CE:A5:8E:61:C8:B3:BA:E7:BA:4E:6C
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/RV1rjCwSnXKPzqWOYcizuue6Tmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:7b:bf:62:8d:e9:bf:da:9f:fd:9a:4d:e8:0f:7f:c3:cd:de:
         e7:73:b8:66:f8:05:47:09:2b:0f:a0:f3:9f:24:d4:0a:54:23:
         f5:19:c2:90:1b:b6:24:44:4d:4a:89:af:e5:98:d4:c0:32:1b:
         27:5f:05:34:ee:aa:79:28:3a:6a:9a:ec:63:ad:57:f1:c5:95:
         a9:70:e3:bc:de:9e:92:02:fe:44:79:2d:1c:69:b5:41:2e:4b:
         12:1d:21:e6:6f:7f:b4:b6:b1:c2:6b:72:4b:0b:72:49:df:de:
         be:02:aa:7b:85:ae:4d:82:94:8c:c6:17:d1:9d:82:91:57:ca:
         e9:51:26:db:94:2d:76:32:3d:52:3a:41:f4:f7:97:62:31:9b:
         53:e5:2a:c8:93:a7:f1:6d:03:81:57:17:90:08:05:b0:58:08:
         c6:d9:2e:6b:79:f6:00:d0:6d:fa:9a:be:33:75:5b:d5:06:2d:
         d6:4e:e1:50:5e:bf:d2:d5:20:2d:5c:df:09:d3:f3:26:22:13:
         c6:63:d3:c1:30:80:c3:4b:7d:b4:81:ff:0b:17:d9:6d:34:16:
         fc:5e:c0:d7:a0:fa:d5:f7:40:0b:0f:56:99:23:d2:fc:6e:4c:
         cf:90:30:0f:c3:3e:4c:83:1f:aa:e3:d3:bd:e6:0a:89:e0:01:
         a2:40:16:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnIa0gP7Y3reK0kmfH/xzdoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjUxMDA5MTAwMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTVkNmI4YzJjMTI5ZDcyOGZjZWE1OGU2MWM4YjNiYWU3YmE0ZTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+zTv3cPy9vxu1THGupTE0wZdX5E
JC8FPYwhKyON4oG2MTGGIFtx/P7vQT2Ivj2LgGzHt6b0QQG7sXZmKtFTSzQP2ngn
fImAqY/ozfYBiep5O9EkfEofXgntgCuS7nI6dQJWj7VD9gI5tEiAJheZ5STbKlxk
ECZJl17au5XuJOZXCfvSqKljSCjayewCt51kjDtNMjvrLgvvRzEI5K3VmyRAAPHt
+KcyhBmbSH2Ti0AjdzMCJ37kedUO64Itdw3+8bg33UjQuFbuEKl3jbTrBg4TFLzE
LJFkAgLBqpkCeG0bBC2oWmm6kCcD06gqHW8W9zF1GihJ6MSHwoaCI9jc3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVda4wsEp1yj86ljmHIs7rnuk5sMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvUlYxcmpDd1NuWEtQenFXT1ljaXp1dWU2VG13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZtPMA0G
CSqGSIb3DQEBCwUAA4IBAQCbe79ijem/2p/9mk3oD3/Dzd7nc7hm+AVHCSsPoPOf
JNQKVCP1GcKQG7YkRE1Kia/lmNTAMhsnXwU07qp5KDpqmuxjrVfxxZWpcOO83p6S
Av5EeS0cabVBLksSHSHmb3+0trHCa3JLC3JJ396+Aqp7ha5NgpSMxhfRnYKRV8rp
USbblC12Mj1SOkH095diMZtT5SrIk6fxbQOBVxeQCAWwWAjG2S5refYA0G36mr4z
dVvVBi3WTuFQXr/S1SAtXN8J0/MmIhPGY9PBMIDDS320gf8LF9ltNBb8XsDXoPrV
90ALD1aZI9L8bkzPkDAPwz5Mgx+q49O95gqJ4AGiQBZW
-----END CERTIFICATE-----