Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/994b56-2f0c-4908-be47-81f7f7b93300/1/X8Nnra_HltNRWULUv0jOvOL0YgA.roa
File:                     X8Nnra_HltNRWULUv0jOvOL0YgA.roa (raw, json)
Hash identifier:          VancjWcYbkfiXC8CFP9Ka11PiwvtrDF34c2Qr/v152E=
Subject key identifier:   5F:C3:67:AD:AF:C7:96:D3:51:59:42:D4:BF:48:CE:BC:E2:F4:62:00
Certificate issuer:       /CN=078e463f36c47f76ab7c196a7f5edd4f1beda642
Certificate serial:       019A4F1319491C065A58AD6099D5767C3D1F
Authority key identifier: 07:8E:46:3F:36:C4:7F:76:AB:7C:19:6A:7F:5E:DD:4F:1B:ED:A6:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B45GPzbEf3arfBlqf17dTxvtpkI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/994b56-2f0c-4908-be47-81f7f7b93300/1/X8Nnra_HltNRWULUv0jOvOL0YgA.roa
Signing time:             Tue 04 Nov 2025 13:34:03 +0000
ROA not before:           Tue 04 Nov 2025 13:34:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215075
IP address blocks:        45.139.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/994b56-2f0c-4908-be47-81f7f7b93300/1/B45GPzbEf3arfBlqf17dTxvtpkI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/994b56-2f0c-4908-be47-81f7f7b93300/1/B45GPzbEf3arfBlqf17dTxvtpkI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B45GPzbEf3arfBlqf17dTxvtpkI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4f:13:19:49:1c:06:5a:58:ad:60:99:d5:76:7c:3d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=078e463f36c47f76ab7c196a7f5edd4f1beda642
        Validity
            Not Before: Nov  4 13:34:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc367adafc796d3515942d4bf48cebce2f46200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:39:80:da:1b:12:d0:27:9e:36:05:73:2d:29:
                    a2:86:ee:9a:09:86:df:ad:18:8b:c0:86:f5:45:d4:
                    d7:d9:96:3a:fe:7c:ec:ea:83:c1:6d:51:f5:41:97:
                    dd:4a:73:5a:54:2b:86:55:32:21:18:ba:f5:3f:e6:
                    99:72:22:74:77:c5:61:38:7c:8f:be:82:16:5c:e9:
                    6f:78:c1:1c:db:b5:76:97:a0:8f:6d:8d:57:23:0b:
                    cf:04:fa:f6:0a:e4:fc:f1:68:1a:9a:35:ac:02:17:
                    45:71:6c:cc:c8:8f:74:65:c4:40:49:4e:e1:8a:87:
                    4a:d8:14:37:4a:29:a9:39:99:ff:5d:79:16:77:dd:
                    88:6d:20:22:70:77:ac:f2:50:80:0f:5c:44:b9:8c:
                    44:d3:36:e5:24:e3:7a:15:ca:eb:f4:7f:3d:9c:00:
                    5a:7f:45:96:76:39:33:fd:d8:7c:e5:c8:5a:49:f4:
                    06:b9:b4:fd:06:e3:4d:74:f1:0f:3c:70:90:16:57:
                    50:ac:a6:08:14:99:91:14:a7:17:82:87:b5:9f:89:
                    2c:d7:1f:00:87:3d:43:58:b0:5a:56:e5:62:00:f9:
                    6b:6b:08:0d:7e:ba:98:eb:4c:dd:d8:26:23:28:b9:
                    32:5a:95:15:2b:39:41:17:76:78:39:3e:e2:de:f8:
                    b3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C3:67:AD:AF:C7:96:D3:51:59:42:D4:BF:48:CE:BC:E2:F4:62:00
            X509v3 Authority Key Identifier:
                keyid:07:8E:46:3F:36:C4:7F:76:AB:7C:19:6A:7F:5E:DD:4F:1B:ED:A6:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B45GPzbEf3arfBlqf17dTxvtpkI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/994b56-2f0c-4908-be47-81f7f7b93300/1/X8Nnra_HltNRWULUv0jOvOL0YgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/994b56-2f0c-4908-be47-81f7f7b93300/1/B45GPzbEf3arfBlqf17dTxvtpkI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:8f:c4:af:e9:f7:19:52:a2:ac:05:a6:f4:6e:20:f3:8d:98:
         f9:5f:f6:9f:c8:c5:92:d7:4c:f6:94:ae:ec:9e:bd:27:ac:9e:
         84:f5:61:3b:3f:ba:43:08:30:40:20:62:8f:5d:18:c2:9c:8f:
         b1:ee:20:39:ab:0c:17:39:66:bf:92:0c:d0:9a:bf:ac:8e:d2:
         a6:21:99:c3:ef:d3:5c:d1:00:84:fd:3b:46:94:3b:b7:92:45:
         98:65:c5:59:ee:c8:a9:d9:94:55:3d:7e:09:41:4d:f8:08:31:
         aa:dd:01:65:96:2c:4d:2a:ce:93:93:6c:2b:71:8c:be:ad:02:
         4e:80:03:8a:fb:42:fe:d1:6f:0b:3f:f5:9a:41:3d:77:55:58:
         ad:b4:d5:5d:a5:2a:87:76:51:23:6e:00:63:3d:66:38:31:a8:
         17:d7:a1:a8:a2:7a:5f:d4:2f:b9:4e:20:eb:01:65:46:8d:23:
         5c:a2:cf:c0:9e:23:98:d9:c1:be:d0:60:d3:53:68:be:bb:2d:
         7e:7b:ad:49:ae:e4:91:aa:00:57:24:8f:76:50:47:df:91:8e:
         fb:a6:d0:a2:81:dc:36:33:f5:df:1f:06:4b:85:2d:6a:35:e1:
         8a:13:58:33:61:56:61:80:aa:56:2e:91:92:f7:16:1c:68:a8:
         56:b1:32:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpPExlJHAZaWK1gmdV2fD0fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3OGU0NjNmMzZjNDdmNzZhYjdjMTk2YTdmNWVkZDRmMWJl
ZGE2NDIwHhcNMjUxMTA0MTMzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmMzNjdhZGFmYzc5NmQzNTE1OTQyZDRiZjQ4Y2ViY2UyZjQ2MjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDmA2hsS0CeeNgVzLSmihu6aCYbf
rRiLwIb1RdTX2ZY6/nzs6oPBbVH1QZfdSnNaVCuGVTIhGLr1P+aZciJ0d8VhOHyP
voIWXOlveMEc27V2l6CPbY1XIwvPBPr2CuT88WgamjWsAhdFcWzMyI90ZcRASU7h
iodK2BQ3SimpOZn/XXkWd92IbSAicHes8lCAD1xEuYxE0zblJON6Fcrr9H89nABa
f0WWdjkz/dh85chaSfQGubT9BuNNdPEPPHCQFldQrKYIFJmRFKcXgoe1n4ks1x8A
hz1DWLBaVuViAPlrawgNfrqY60zd2CYjKLkyWpUVKzlBF3Z4OT7i3vizeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/DZ62vx5bTUVlC1L9Izrzi9GIAMB8GA1UdIwQY
MBaAFAeORj82xH92q3wZan9e3U8b7aZCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjQ1R1B6YkVmM2FyZkJscWYxN2RUeHZ0cGtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi85OTRiNTYtMmYwYy00OTA4LWJlNDct
ODFmN2Y3YjkzMzAwLzEvWDhObnJhX0hsdE5SV1VMVXYwak92T0wwWWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi85OTRiNTYtMmYwYy00OTA4LWJlNDctODFmN2Y3YjkzMzAw
LzEvQjQ1R1B6YkVmM2FyZkJscWYxN2RUeHZ0cGtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYtqMA0G
CSqGSIb3DQEBCwUAA4IBAQBij8Sv6fcZUqKsBab0biDzjZj5X/afyMWS10z2lK7s
nr0nrJ6E9WE7P7pDCDBAIGKPXRjCnI+x7iA5qwwXOWa/kgzQmr+sjtKmIZnD79Nc
0QCE/TtGlDu3kkWYZcVZ7sip2ZRVPX4JQU34CDGq3QFllixNKs6Tk2wrcYy+rQJO
gAOK+0L+0W8LP/WaQT13VVittNVdpSqHdlEjbgBjPWY4MagX16Goonpf1C+5TiDr
AWVGjSNcos/AniOY2cG+0GDTU2i+uy1+e61JruSRqgBXJI92UEffkY77ptCigdw2
M/XfHwZLhS1qNeGKE1gzYVZhgKpWLpGS9xYcaKhWsTIC
-----END CERTIFICATE-----