Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/91a4AyjiQ11AE-ejkjHD7dP2jCw.roa
File:                     91a4AyjiQ11AE-ejkjHD7dP2jCw.roa (raw, json)
Hash identifier:          mqMxschgmHfJobGTtzuGdiipq4NqJDFBcrZK6ygd+ok=
Subject key identifier:   F7:56:B8:03:28:E2:43:5D:40:13:E7:A3:92:31:C3:ED:D3:F6:8C:2C
Certificate issuer:       /CN=1b18e0a19ae790fa503951559f47d41b47e7fd0f
Certificate serial:       01990D5545AFBDFA508C51FC10CCF5B8AA36
Authority key identifier: 1B:18:E0:A1:9A:E7:90:FA:50:39:51:55:9F:47:D4:1B:47:E7:FD:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/91a4AyjiQ11AE-ejkjHD7dP2jCw.roa
Signing time:             Wed 03 Sep 2025 02:08:36 +0000
ROA not before:           Wed 03 Sep 2025 02:08:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        45.85.168.0/22 maxlen: 22
                          45.85.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0d:55:45:af:bd:fa:50:8c:51:fc:10:cc:f5:b8:aa:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b18e0a19ae790fa503951559f47d41b47e7fd0f
        Validity
            Not Before: Sep  3 02:08:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f756b80328e2435d4013e7a39231c3edd3f68c2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:d3:95:32:90:5b:d5:7f:dd:31:01:9f:cf:5c:
                    de:e0:63:47:a8:bc:89:24:54:9b:04:5f:6a:f9:4d:
                    e8:9f:97:d0:9d:b1:a6:c1:bc:2e:3c:e8:f5:2e:f5:
                    55:51:dd:b5:64:3e:ce:9c:18:1f:c3:97:2d:be:2c:
                    e1:f5:db:14:97:05:58:39:2d:a7:09:44:d6:cc:75:
                    da:af:d6:33:de:78:d2:fd:16:8f:cf:48:57:43:c3:
                    ed:2d:94:7b:94:fb:ef:48:0d:e5:dd:43:7a:a9:cf:
                    9c:c9:a5:44:46:67:26:fb:8c:bc:c2:06:5f:65:aa:
                    07:0e:5d:08:7e:d9:83:80:7a:e1:64:62:7f:c8:26:
                    e9:7c:86:ee:4f:65:93:51:c9:9d:98:d9:34:9b:69:
                    40:0e:aa:44:41:88:f2:55:6e:b6:d5:1c:72:74:17:
                    58:99:2f:5f:a1:c8:2b:f2:1f:05:3a:a0:48:7e:14:
                    b1:5b:ff:2d:0a:2a:d9:dd:61:09:07:4d:77:fe:90:
                    c0:89:4a:57:66:1f:7d:56:b4:df:d1:52:3b:0e:7b:
                    0f:4a:ab:0a:c4:28:d6:ad:54:14:44:93:c2:13:7d:
                    e6:a7:2c:aa:41:86:46:e6:84:a8:ea:71:b1:ed:c9:
                    e2:70:ad:d6:e3:9b:4e:79:ae:bf:a7:58:1a:51:8b:
                    3d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:56:B8:03:28:E2:43:5D:40:13:E7:A3:92:31:C3:ED:D3:F6:8C:2C
            X509v3 Authority Key Identifier:
                keyid:1B:18:E0:A1:9A:E7:90:FA:50:39:51:55:9F:47:D4:1B:47:E7:FD:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/91a4AyjiQ11AE-ejkjHD7dP2jCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f2e2c9-ceab-4d7b-a9d8-a105776c3347/1/GxjgoZrnkPpQOVFVn0fUG0fn_Q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         dc:ec:05:75:60:5c:cc:4a:31:dd:e3:ee:0a:2b:09:74:55:5b:
         da:0b:83:78:87:0d:f1:f1:f8:4c:a8:0e:a2:ff:c9:9a:56:26:
         f9:d7:94:56:f7:d6:82:55:cb:8e:44:c4:5e:5e:0a:a1:60:c6:
         ed:7d:70:de:10:8e:f4:c7:d9:f6:7a:1e:eb:22:77:bf:5a:e6:
         3f:c0:aa:09:28:3a:36:31:76:00:3d:84:31:08:8a:e0:27:26:
         3d:5c:af:bb:ed:3b:92:52:70:83:7a:0c:0d:a4:a0:74:ef:81:
         dc:9f:42:d7:82:10:f6:a4:0b:d4:b2:8e:df:c8:e4:bb:7e:e9:
         85:9f:70:09:cf:3a:b9:8a:f9:1f:63:0a:c6:1a:a7:7b:16:4a:
         b8:ca:c2:1c:18:2f:da:c3:af:07:46:1b:ce:26:c6:72:13:7c:
         bb:03:a7:14:ca:60:2d:37:43:19:d4:56:e5:83:62:ea:e7:96:
         c5:51:dd:95:c2:12:f9:8f:38:c8:00:6e:c6:00:94:32:e1:6c:
         65:d0:1b:31:b6:17:00:98:6b:1b:8d:75:1c:a1:59:9d:d6:f2:
         dd:02:10:20:67:76:d3:b7:6b:47:79:a3:ec:fd:46:cf:2d:03:
         5e:08:c4:73:2a:d9:3e:f2:f9:8d:80:41:d3:dc:4d:ca:f0:59:
         13:d5:48:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkNVUWvvfpQjFH8EMz1uKo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMThlMGExOWFlNzkwZmE1MDM5NTE1NTlmNDdkNDFiNDdl
N2ZkMGYwHhcNMjUwOTAzMDIwODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzU2YjgwMzI4ZTI0MzVkNDAxM2U3YTM5MjMxYzNlZGQzZjY4YzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA89OVMpBb1X/dMQGfz1ze4GNHqLyJ
JFSbBF9q+U3on5fQnbGmwbwuPOj1LvVVUd21ZD7OnBgfw5ctvizh9dsUlwVYOS2n
CUTWzHXar9Yz3njS/RaPz0hXQ8PtLZR7lPvvSA3l3UN6qc+cyaVERmcm+4y8wgZf
ZaoHDl0IftmDgHrhZGJ/yCbpfIbuT2WTUcmdmNk0m2lADqpEQYjyVW621RxydBdY
mS9focgr8h8FOqBIfhSxW/8tCirZ3WEJB013/pDAiUpXZh99VrTf0VI7DnsPSqsK
xCjWrVQURJPCE33mpyyqQYZG5oSo6nGx7cnicK3W45tOea6/p1gaUYs92QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdWuAMo4kNdQBPno5Ixw+3T9owsMB8GA1UdIwQY
MBaAFBsY4KGa55D6UDlRVZ9H1BtH5/0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3hqZ29acm5rUHBRT1ZGVm4wZlVHMGZuX1E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mMmUyYzktY2VhYi00ZDdiLWE5ZDgt
YTEwNTc3NmMzMzQ3LzEvOTFhNEF5amlRMTFBRS1lamtqSEQ3ZFAyakN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mMmUyYzktY2VhYi00ZDdiLWE5ZDgtYTEwNTc3NmMzMzQ3
LzEvR3hqZ29acm5rUHBRT1ZGVm4wZlVHMGZuX1E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVWoMA0G
CSqGSIb3DQEBCwUAA4IBAQDc7AV1YFzMSjHd4+4KKwl0VVvaC4N4hw3x8fhMqA6i
/8maVib515RW99aCVcuORMReXgqhYMbtfXDeEI70x9n2eh7rIne/WuY/wKoJKDo2
MXYAPYQxCIrgJyY9XK+77TuSUnCDegwNpKB074Hcn0LXghD2pAvUso7fyOS7fumF
n3AJzzq5ivkfYwrGGqd7Fkq4ysIcGC/aw68HRhvOJsZyE3y7A6cUymAtN0MZ1Fbl
g2Lq55bFUd2VwhL5jzjIAG7GAJQy4Wxl0BsxthcAmGsbjXUcoVmd1vLdAhAgZ3bT
t2tHeaPs/UbPLQNeCMRzKtk+8vmNgEHT3E3K8FkT1Uie
-----END CERTIFICATE-----