Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/DXmFl68ZzKbqEncxK9EZHxIqylM.roa
File:                     DXmFl68ZzKbqEncxK9EZHxIqylM.roa (raw, json)
Hash identifier:          N3mENR29mNKtOOFkrl0wNAecJurlbOILfUHUa/gdTXA=
Subject key identifier:   0D:79:85:97:AF:19:CC:A6:EA:12:77:31:2B:D1:19:1F:12:2A:CA:53
Certificate issuer:       /CN=5598ae5d5f12825a84e6c401c013ca5e5dcd9ec9
Certificate serial:       0198DC3603D58F87A65D4CDF52E2122EBB9C
Authority key identifier: 55:98:AE:5D:5F:12:82:5A:84:E6:C4:01:C0:13:CA:5E:5D:CD:9E:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/DXmFl68ZzKbqEncxK9EZHxIqylM.roa
Signing time:             Sun 24 Aug 2025 13:13:04 +0000
ROA not before:           Sun 24 Aug 2025 13:13:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210413
IP address blocks:        45.157.52.0/24 maxlen: 24
                          45.157.53.0/24 maxlen: 24
                          45.157.54.0/24 maxlen: 24
                          45.157.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:dc:36:03:d5:8f:87:a6:5d:4c:df:52:e2:12:2e:bb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5598ae5d5f12825a84e6c401c013ca5e5dcd9ec9
        Validity
            Not Before: Aug 24 13:13:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d798597af19cca6ea1277312bd1191f122aca53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7b:1b:d2:41:3b:eb:52:85:88:ac:52:cd:7b:
                    a5:fb:5c:31:97:bb:4b:e7:e7:01:c4:cf:b5:61:19:
                    72:b2:90:7a:cb:0e:bd:67:31:27:c3:8c:ef:dc:12:
                    fb:38:9e:64:9e:10:ba:56:d3:0b:0c:27:b6:a6:ac:
                    45:42:ea:0f:fb:eb:c1:ae:84:29:59:f6:19:4e:77:
                    1c:63:30:ae:4d:61:91:33:cc:cb:4a:b9:69:55:a6:
                    d4:50:55:7a:4c:3c:b6:f4:d3:e6:1d:bb:c4:4b:ee:
                    bc:15:f3:95:48:03:ba:58:83:72:5c:a2:84:fc:d8:
                    f7:11:78:df:57:34:5e:4b:73:1f:90:5d:12:53:61:
                    8c:f8:36:55:34:2d:75:61:5c:b0:a6:64:af:0a:25:
                    7a:2b:21:b2:16:60:b5:ad:4f:b0:ff:7b:e9:90:2c:
                    66:27:e6:b7:1a:ea:e0:06:c9:dd:d9:5e:c9:ed:fa:
                    7b:a5:fd:d9:8a:da:0b:ec:81:6b:a4:14:7a:ab:27:
                    e8:2d:58:84:d2:8e:3f:9e:e6:62:0f:55:7e:e0:32:
                    80:02:87:53:ec:85:24:dc:59:27:33:b5:b4:1f:6e:
                    ff:0f:c4:a5:22:b2:86:f6:0c:1e:f3:7b:5d:bb:84:
                    cb:53:53:22:77:b6:bb:c3:68:69:ae:75:3e:21:dc:
                    65:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:79:85:97:AF:19:CC:A6:EA:12:77:31:2B:D1:19:1F:12:2A:CA:53
            X509v3 Authority Key Identifier:
                keyid:55:98:AE:5D:5F:12:82:5A:84:E6:C4:01:C0:13:CA:5E:5D:CD:9E:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VZiuXV8SglqE5sQBwBPKXl3Nnsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/DXmFl68ZzKbqEncxK9EZHxIqylM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1f6073-87b2-4bb3-acb7-5c3db98bf864/1/VZiuXV8SglqE5sQBwBPKXl3Nnsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:1d:a3:a4:d5:2d:dd:1d:a4:5c:1a:7e:93:e2:a1:ac:1c:28:
         67:44:cb:4b:15:8a:a4:24:ec:c6:9d:16:96:c8:9f:df:c2:91:
         00:e6:66:f9:f0:db:91:64:1b:ea:b1:d6:aa:f4:87:19:31:6e:
         48:9f:3a:81:ce:f8:9b:17:4f:da:b8:e1:b8:69:a3:f3:7d:8b:
         a6:5f:3b:7f:c9:9f:22:b9:15:97:64:36:2b:0e:12:9c:87:9d:
         1b:d8:d0:be:e4:9c:ca:21:14:c3:f4:32:a2:3a:c6:3d:ca:ae:
         f6:8d:f5:bf:a4:cc:bf:35:27:af:e6:8c:35:40:b7:52:6d:c6:
         5d:8a:6d:e0:c5:b0:6c:28:dd:84:1f:e7:80:24:7e:ad:8e:c9:
         aa:00:33:66:07:30:f0:d5:32:d6:e0:51:cb:c8:4a:eb:42:19:
         cc:ee:0b:5f:f3:77:d5:70:6f:a5:14:8b:c4:b1:1d:76:a0:7a:
         5f:36:18:b4:27:71:c0:8a:00:e3:07:34:3d:c1:ee:b8:25:ea:
         21:93:53:32:b6:71:36:1e:91:23:7e:c2:ca:bd:89:3f:ca:b6:
         04:25:7e:6e:a6:c3:fd:93:5d:20:0b:3d:85:b4:4e:09:1e:aa:
         92:28:b6:b6:54:99:39:bf:e1:d8:48:35:c3:3d:d0:9c:17:4c:
         f9:f3:a4:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjcNgPVj4emXUzfUuISLrucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1OThhZTVkNWYxMjgyNWE4NGU2YzQwMWMwMTNjYTVlNWRj
ZDllYzkwHhcNMjUwODI0MTMxMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDc5ODU5N2FmMTljY2E2ZWExMjc3MzEyYmQxMTkxZjEyMmFjYTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3sb0kE761KFiKxSzXul+1wxl7tL
5+cBxM+1YRlyspB6yw69ZzEnw4zv3BL7OJ5knhC6VtMLDCe2pqxFQuoP++vBroQp
WfYZTnccYzCuTWGRM8zLSrlpVabUUFV6TDy29NPmHbvES+68FfOVSAO6WINyXKKE
/Nj3EXjfVzReS3MfkF0SU2GM+DZVNC11YVywpmSvCiV6KyGyFmC1rU+w/3vpkCxm
J+a3GurgBsnd2V7J7fp7pf3ZitoL7IFrpBR6qyfoLViE0o4/nuZiD1V+4DKAAodT
7IUk3FknM7W0H27/D8SlIrKG9gwe83tdu4TLU1Mid7a7w2hprnU+IdxlVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA15hZevGcym6hJ3MSvRGR8SKspTMB8GA1UdIwQY
MBaAFFWYrl1fEoJahObEAcATyl5dzZ7JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlppdVhWOFNnbHFFNXNRQndCUEtYbDNObnNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xZjYwNzMtODdiMi00YmIzLWFjYjct
NWMzZGI5OGJmODY0LzEvRFhtRmw2OFp6S2JxRW5jeEs5RVpIeElxeWxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xZjYwNzMtODdiMi00YmIzLWFjYjctNWMzZGI5OGJmODY0
LzEvVlppdVhWOFNnbHFFNXNRQndCUEtYbDNObnNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ00MA0G
CSqGSIb3DQEBCwUAA4IBAQATHaOk1S3dHaRcGn6T4qGsHChnRMtLFYqkJOzGnRaW
yJ/fwpEA5mb58NuRZBvqsdaq9IcZMW5InzqBzvibF0/auOG4aaPzfYumXzt/yZ8i
uRWXZDYrDhKch50b2NC+5JzKIRTD9DKiOsY9yq72jfW/pMy/NSev5ow1QLdSbcZd
im3gxbBsKN2EH+eAJH6tjsmqADNmBzDw1TLW4FHLyErrQhnM7gtf83fVcG+lFIvE
sR12oHpfNhi0J3HAigDjBzQ9we64Jeohk1MytnE2HpEjfsLKvYk/yrYEJX5upsP9
k10gCz2FtE4JHqqSKLa2VJk5v+HYSDXDPdCcF0z586S5
-----END CERTIFICATE-----