Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/03RN7OHzIa0Nho7Y7TJcU3K2cEc.roa
File:                     03RN7OHzIa0Nho7Y7TJcU3K2cEc.roa (raw, json)
Hash identifier:          VY+KuNJsTvbIIrnt/HRAmSCINeCUfVPDRE1gROhaFB4=
Subject key identifier:   D3:74:4D:EC:E1:F3:21:AD:0D:86:8E:D8:ED:32:5C:53:72:B6:70:47
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       019A25AA3664293C3526D93B92C042573BBC
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/03RN7OHzIa0Nho7Y7TJcU3K2cEc.roa
Signing time:             Mon 27 Oct 2025 12:35:03 +0000
ROA not before:           Mon 27 Oct 2025 12:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        212.81.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 Oct 2025 19:55:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:aa:36:64:29:3c:35:26:d9:3b:92:c0:42:57:3b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Oct 27 12:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3744dece1f321ad0d868ed8ed325c5372b67047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:94:13:d7:b6:63:89:1e:9d:6c:4e:1f:69:8a:
                    c8:fc:53:59:4b:05:46:a9:d7:63:55:0a:ff:5e:9f:
                    18:df:90:01:a4:02:6c:2d:26:0e:32:2c:9b:53:30:
                    ed:0a:39:6d:72:91:a4:65:e3:6a:cd:8e:77:b4:8f:
                    11:0c:46:9b:10:95:47:90:32:04:f6:2e:0d:ad:fc:
                    ae:f4:d0:58:d0:fd:d6:1d:cd:fd:2f:38:24:a6:f9:
                    f3:21:9d:62:e7:e2:6e:6b:d6:47:a1:56:f0:e9:66:
                    ba:8c:a9:50:28:cc:c7:6e:a2:28:6d:96:6a:01:d4:
                    01:e7:0e:2c:c5:19:8b:fe:10:21:1d:c2:a3:0e:c4:
                    8c:16:85:a4:2e:3a:1c:f2:33:de:58:85:76:7b:73:
                    bc:61:03:cd:d5:62:00:31:35:d7:0f:10:38:50:76:
                    96:9a:69:0b:6f:40:75:7f:88:26:66:4d:52:2c:94:
                    18:67:de:4a:85:80:2e:0c:fd:ee:bb:78:c8:92:a8:
                    67:b5:7c:69:bd:e9:e9:74:58:12:6a:6d:0f:cf:53:
                    d3:e9:3a:8d:09:0a:b0:10:84:78:7f:80:bc:f7:1d:
                    06:78:b8:5f:8a:66:56:64:5a:35:9f:30:ce:25:35:
                    b8:57:02:af:bb:08:fd:aa:4e:8c:12:57:d7:7f:c3:
                    d6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:74:4D:EC:E1:F3:21:AD:0D:86:8E:D8:ED:32:5C:53:72:B6:70:47
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/03RN7OHzIa0Nho7Y7TJcU3K2cEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.81.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:fd:44:6d:c0:ea:34:3e:d1:ce:5b:66:bf:77:bb:43:94:a6:
         5a:51:54:09:95:f7:9e:b9:c4:02:76:0b:72:17:70:4e:83:8a:
         96:c3:c4:56:35:c7:59:eb:88:79:52:54:74:8f:90:d7:66:5d:
         3a:96:82:ca:3e:e4:cb:28:e9:aa:07:b5:0d:31:ca:a5:b7:96:
         00:85:88:07:e1:42:31:74:98:62:2b:48:4f:5e:b4:33:65:98:
         ed:dd:62:19:bc:ee:72:2e:16:a4:60:14:c2:76:be:50:16:d2:
         49:5f:8b:4a:98:02:70:4e:6a:5d:a4:7c:1a:51:f0:fe:a6:fc:
         d3:af:69:ca:38:2e:85:50:ad:21:68:ae:ae:d8:f0:8f:81:76:
         9d:df:d1:a8:1d:62:3e:a3:f8:17:b0:79:4f:6f:0c:1a:9f:c9:
         68:44:62:86:d1:ad:35:a0:45:37:67:a2:d5:b8:0b:e6:79:57:
         98:0e:89:11:af:52:b3:60:f0:7f:e2:10:db:ff:1d:09:db:e8:
         a7:8d:7b:fc:ab:55:35:e0:44:97:71:2c:77:c1:03:a0:51:6a:
         d6:2e:ef:c5:30:40:cf:9d:b5:28:93:6b:6f:0e:17:2c:d5:8c:
         0f:83:1f:bb:04:d3:7b:88:63:fd:8c:b5:5b:84:b7:42:e0:40:
         ac:4f:e4:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZolqjZkKTw1Jtk7ksBCVzu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUxMDI3MTIzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzc0NGRlY2UxZjMyMWFkMGQ4NjhlZDhlZDMyNWM1MzcyYjY3MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZQT17ZjiR6dbE4faYrI/FNZSwVG
qddjVQr/Xp8Y35ABpAJsLSYOMiybUzDtCjltcpGkZeNqzY53tI8RDEabEJVHkDIE
9i4Nrfyu9NBY0P3WHc39LzgkpvnzIZ1i5+Jua9ZHoVbw6Wa6jKlQKMzHbqIobZZq
AdQB5w4sxRmL/hAhHcKjDsSMFoWkLjoc8jPeWIV2e3O8YQPN1WIAMTXXDxA4UHaW
mmkLb0B1f4gmZk1SLJQYZ95KhYAuDP3uu3jIkqhntXxpvenpdFgSam0Pz1PT6TqN
CQqwEIR4f4C89x0GeLhfimZWZFo1nzDOJTW4VwKvuwj9qk6MElfXf8PWnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNN0Tezh8yGtDYaO2O0yXFNytnBHMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvMDNSTjdPSHpJYTBOaG83WTdUSmNVM0syY0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FEtMA0G
CSqGSIb3DQEBCwUAA4IBAQBu/URtwOo0PtHOW2a/d7tDlKZaUVQJlfeeucQCdgty
F3BOg4qWw8RWNcdZ64h5UlR0j5DXZl06loLKPuTLKOmqB7UNMcqlt5YAhYgH4UIx
dJhiK0hPXrQzZZjt3WIZvO5yLhakYBTCdr5QFtJJX4tKmAJwTmpdpHwaUfD+pvzT
r2nKOC6FUK0haK6u2PCPgXad39GoHWI+o/gXsHlPbwwan8loRGKG0a01oEU3Z6LV
uAvmeVeYDokRr1KzYPB/4hDb/x0J2+injXv8q1U14ESXcSx3wQOgUWrWLu/FMEDP
nbUok2tvDhcs1YwPgx+7BNN7iGP9jLVbhLdC4ECsT+Sg
-----END CERTIFICATE-----