Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/H8z4r6H8LYjpLKJ1cCrKD18uGn0.roa
File:                     H8z4r6H8LYjpLKJ1cCrKD18uGn0.roa (raw, json)
Hash identifier:          iuDiaW8fmmSMkkJYvoBKP+/a4jOUnqwnHMc0pBzDG3o=
Subject key identifier:   1F:CC:F8:AF:A1:FC:2D:88:E9:2C:A2:75:70:2A:CA:0F:5F:2E:1A:7D
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       0198F7706A317EBEAB5BBE7463957B1EA714
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/H8z4r6H8LYjpLKJ1cCrKD18uGn0.roa
Signing time:             Fri 29 Aug 2025 20:06:36 +0000
ROA not before:           Fri 29 Aug 2025 20:06:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47585
IP address blocks:        45.136.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 00:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f7:70:6a:31:7e:be:ab:5b:be:74:63:95:7b:1e:a7:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Aug 29 20:06:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fccf8afa1fc2d88e92ca275702aca0f5f2e1a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f0:4e:6f:1c:63:50:5b:d9:c5:4f:47:1d:de:
                    33:b5:6a:95:5f:42:2a:12:42:0d:da:41:16:00:12:
                    5b:76:71:c1:5e:8f:02:44:42:82:fe:77:04:34:14:
                    88:f0:c8:68:28:65:35:0f:57:23:0c:09:4e:a8:b2:
                    2b:46:8b:18:29:23:18:36:d6:6a:d5:51:22:33:38:
                    37:a2:47:4f:dc:23:43:a2:83:24:6d:6d:59:3c:e0:
                    4e:7c:26:0b:9d:08:47:b0:a3:ed:b6:bd:b4:a1:46:
                    05:ae:dd:e4:4b:6d:2a:1b:b9:a7:3e:21:bd:75:36:
                    66:e8:85:8e:08:bb:6a:8b:ea:1a:1f:aa:91:cf:59:
                    8e:99:ad:2f:26:a4:36:d1:d7:c7:bb:bc:e9:22:3a:
                    e3:5d:3a:3c:24:3a:f1:35:32:64:bf:3e:1d:99:a5:
                    c0:de:ce:47:27:f6:e1:98:62:8b:ea:35:18:84:f6:
                    35:fa:0c:77:2d:38:c7:32:4e:c9:10:38:d4:26:92:
                    48:fc:33:c7:9d:ea:72:39:48:9a:02:82:1d:2e:a4:
                    ed:e1:72:ea:ca:ae:9f:a4:e2:2a:d0:52:e2:fc:99:
                    91:e7:23:d6:a6:cb:df:f0:be:aa:d9:f6:ae:6a:4c:
                    8e:bb:fb:10:87:73:1f:6c:9c:f8:95:53:c2:16:11:
                    1f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:CC:F8:AF:A1:FC:2D:88:E9:2C:A2:75:70:2A:CA:0F:5F:2E:1A:7D
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/H8z4r6H8LYjpLKJ1cCrKD18uGn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:7b:82:6a:00:7c:69:43:1b:83:27:82:bf:18:5b:21:83:3a:
         9d:91:76:05:28:23:c3:ba:54:4a:08:d5:c1:38:9d:f0:d5:d8:
         d7:59:83:94:24:0b:7a:26:cc:c3:8d:ac:ac:1f:f5:ea:ac:2e:
         13:23:93:e9:35:30:64:15:32:6f:d9:37:bc:d9:c3:60:a4:1e:
         cd:45:76:cb:fc:a7:b0:71:53:31:5a:53:9d:a5:de:3f:39:d3:
         0a:7a:4e:1e:0b:28:53:a3:00:28:4f:55:d4:d7:b6:42:23:ea:
         73:27:cb:83:10:3e:87:4e:54:3d:a9:0e:61:17:1a:13:60:f0:
         d3:ad:7f:75:69:35:8b:ee:32:37:53:a8:c9:39:2e:b3:e3:77:
         9b:80:c7:34:96:25:f6:b7:5e:a4:2b:22:b1:32:bb:d2:4a:3b:
         58:1f:e1:84:fa:e2:83:fc:6e:d9:8e:c8:3c:01:8a:e5:38:6f:
         52:37:e4:91:8d:0b:b5:f2:06:23:b7:c8:79:e6:88:d1:3c:69:
         15:6c:a8:0f:ad:fe:e0:98:0b:ee:2d:d5:cb:7d:0c:10:a6:94:
         2f:dc:ce:d9:b7:3b:44:40:81:93:9d:2a:a7:6b:26:e9:db:c3:
         57:91:c9:ee:92:e1:b6:3e:1f:6d:c8:d0:7d:21:2c:cc:34:ea:
         c0:6b:05:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZj3cGoxfr6rW750Y5V7HqcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwODI5MjAwNjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmNjZjhhZmExZmMyZDg4ZTkyY2EyNzU3MDJhY2EwZjVmMmUxYTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPBObxxjUFvZxU9HHd4ztWqVX0Iq
EkIN2kEWABJbdnHBXo8CREKC/ncENBSI8MhoKGU1D1cjDAlOqLIrRosYKSMYNtZq
1VEiMzg3okdP3CNDooMkbW1ZPOBOfCYLnQhHsKPttr20oUYFrt3kS20qG7mnPiG9
dTZm6IWOCLtqi+oaH6qRz1mOma0vJqQ20dfHu7zpIjrjXTo8JDrxNTJkvz4dmaXA
3s5HJ/bhmGKL6jUYhPY1+gx3LTjHMk7JEDjUJpJI/DPHnepyOUiaAoIdLqTt4XLq
yq6fpOIq0FLi/JmR5yPWpsvf8L6q2fauakyOu/sQh3MfbJz4lVPCFhEfxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/M+K+h/C2I6SyidXAqyg9fLhp9MB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvSDh6NHI2SDhMWWpwTEtKMWNDcktEMTh1R24wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYgHMA0G
CSqGSIb3DQEBCwUAA4IBAQBne4JqAHxpQxuDJ4K/GFshgzqdkXYFKCPDulRKCNXB
OJ3w1djXWYOUJAt6JszDjaysH/XqrC4TI5PpNTBkFTJv2Te82cNgpB7NRXbL/Kew
cVMxWlOdpd4/OdMKek4eCyhTowAoT1XU17ZCI+pzJ8uDED6HTlQ9qQ5hFxoTYPDT
rX91aTWL7jI3U6jJOS6z43ebgMc0liX2t16kKyKxMrvSSjtYH+GE+uKD/G7Zjsg8
AYrlOG9SN+SRjQu18gYjt8h55ojRPGkVbKgPrf7gmAvuLdXLfQwQppQv3M7ZtztE
QIGTnSqnaybp28NXkcnukuG2Ph9tyNB9ISzMNOrAawUb
-----END CERTIFICATE-----