Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/ttSCm0GX77Lv7F9AG7Ej_PDwc8E.roa
File:                     ttSCm0GX77Lv7F9AG7Ej_PDwc8E.roa (raw, json)
Hash identifier:          CXBZohUwM39VG497MDaDZEXDgP7mhwxpOgtdpsLOGh4=
Subject key identifier:   B6:D4:82:9B:41:97:EF:B2:EF:EC:5F:40:1B:B1:23:FC:F0:F0:73:C1
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       019953CE56ECDDE44BA4C9BBF827134744D4
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/ttSCm0GX77Lv7F9AG7Ej_PDwc8E.roa
Signing time:             Tue 16 Sep 2025 18:34:15 +0000
ROA not before:           Tue 16 Sep 2025 18:34:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401951
IP address blocks:        45.139.36.0/22 maxlen: 24
                          45.139.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 18:34:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:53:ce:56:ec:dd:e4:4b:a4:c9:bb:f8:27:13:47:44:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Sep 16 18:34:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6d4829b4197efb2efec5f401bb123fcf0f073c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8a:09:2d:86:f1:92:e3:d4:c3:5f:34:d3:f5:
                    af:b3:bc:4f:b7:c8:1a:dd:8d:9b:7f:a4:67:81:e2:
                    ae:43:82:ee:4b:03:84:dc:b0:ff:7e:95:ec:43:c1:
                    a5:3a:d6:d9:fc:32:18:50:16:a9:68:88:6b:c8:e1:
                    0e:60:85:f3:95:c0:33:a7:eb:0a:14:23:6f:e0:c4:
                    75:ff:e2:c9:8a:9e:b1:51:5b:d0:bf:db:fe:2d:1a:
                    63:d6:8e:4c:ea:15:52:bc:bb:10:76:58:a0:8c:c0:
                    d3:9e:70:23:e4:74:05:cf:d4:76:a1:81:49:67:9d:
                    25:5b:10:d0:a5:7d:9b:1b:95:27:e4:95:ef:89:64:
                    4f:e2:2c:16:09:aa:1a:c7:5f:2e:23:c4:80:28:18:
                    2d:8b:bd:76:af:97:72:50:aa:11:50:15:7c:98:de:
                    22:cf:60:a9:55:4a:80:0d:6c:3c:a8:31:77:a5:e5:
                    03:d3:ad:2f:3e:80:31:ea:a1:af:d2:2d:87:bd:f1:
                    30:ce:6a:7f:63:4f:ce:22:af:e0:fd:4b:7d:6c:e2:
                    48:f1:f2:76:7e:60:e4:5f:59:d1:a2:24:d6:6a:c0:
                    9f:cb:11:96:9d:14:ba:55:c9:6d:b3:63:9e:68:9a:
                    fc:a6:7c:c5:5e:06:e5:3b:db:96:e6:4e:f5:33:56:
                    56:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D4:82:9B:41:97:EF:B2:EF:EC:5F:40:1B:B1:23:FC:F0:F0:73:C1
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/ttSCm0GX77Lv7F9AG7Ej_PDwc8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.36.0/22
                  45.139.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:75:a1:9d:24:7d:58:1b:85:d8:a5:c3:28:e8:11:5a:07:d0:
         87:f5:23:f9:9a:8c:48:ab:4f:21:b0:d8:92:23:7f:cf:9e:6e:
         cc:f5:31:87:0d:83:e9:e3:e1:85:08:23:03:ae:24:a4:03:51:
         99:52:0a:f4:91:e6:b2:de:e5:3b:50:3f:9a:74:20:cd:44:2a:
         76:a8:33:83:67:cb:30:4b:fe:1e:74:28:d6:c2:f4:ee:4d:44:
         9d:d3:82:eb:9a:71:99:36:38:b7:06:17:78:21:cb:e4:7d:b7:
         1f:18:e2:08:9a:5d:6b:34:92:c5:7a:6b:cb:ee:82:f6:6f:6e:
         da:2f:50:1c:d3:3c:bb:8e:34:e0:ab:10:40:dc:81:46:f3:a6:
         e5:31:34:e4:e8:42:1e:ff:50:0a:1f:90:bd:bb:c4:f2:26:c9:
         dd:0b:dc:55:c1:d8:e4:fc:00:6e:f6:e5:18:09:e7:ee:c8:22:
         93:0d:fa:5c:09:25:b6:a3:10:29:a7:35:24:a2:3b:1b:66:20:
         61:6f:e6:43:46:ae:a3:2c:20:bf:33:5d:ab:74:27:6e:58:8d:
         1c:3b:ba:53:76:d8:e0:93:0e:ab:03:17:a1:1b:ed:d4:52:08:
         4b:df:e4:2d:9f:c0:43:fd:05:ac:5f:f4:c7:61:e9:00:01:91:
         08:17:35:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlTzlbs3eRLpMm7+CcTR0TUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjUwOTE2MTgzNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQ0ODI5YjQxOTdlZmIyZWZlYzVmNDAxYmIxMjNmY2YwZjA3M2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIoJLYbxkuPUw1800/Wvs7xPt8ga
3Y2bf6RngeKuQ4LuSwOE3LD/fpXsQ8GlOtbZ/DIYUBapaIhryOEOYIXzlcAzp+sK
FCNv4MR1/+LJip6xUVvQv9v+LRpj1o5M6hVSvLsQdligjMDTnnAj5HQFz9R2oYFJ
Z50lWxDQpX2bG5Un5JXviWRP4iwWCaoax18uI8SAKBgti712r5dyUKoRUBV8mN4i
z2CpVUqADWw8qDF3peUD060vPoAx6qGv0i2HvfEwzmp/Y0/OIq/g/Ut9bOJI8fJ2
fmDkX1nRoiTWasCfyxGWnRS6Vclts2OeaJr8pnzFXgblO9uW5k71M1ZWowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLbUgptBl++y7+xfQBuxI/zw8HPBMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvdHRTQ20wR1g3N0x2N0Y5QUc3RWpfUER3YzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYskAwQC
LYtAMA0GCSqGSIb3DQEBCwUAA4IBAQAydaGdJH1YG4XYpcMo6BFaB9CH9SP5moxI
q08hsNiSI3/Pnm7M9TGHDYPp4+GFCCMDriSkA1GZUgr0keay3uU7UD+adCDNRCp2
qDODZ8swS/4edCjWwvTuTUSd04LrmnGZNji3Bhd4IcvkfbcfGOIIml1rNJLFemvL
7oL2b27aL1Ac0zy7jjTgqxBA3IFG86blMTTk6EIe/1AKH5C9u8TyJsndC9xVwdjk
/ABu9uUYCefuyCKTDfpcCSW2oxAppzUkojsbZiBhb+ZDRq6jLCC/M12rdCduWI0c
O7pTdtjgkw6rAxehG+3UUghL3+Qtn8BD/QWsX/THYekAAZEIFzUu
-----END CERTIFICATE-----