Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/xyWS8GMXAK5cHVz0I4kSnXYHwUs.roa
File:                     xyWS8GMXAK5cHVz0I4kSnXYHwUs.roa (raw, json)
Hash identifier:          U2goV1mLS2kaWO5TW5yX21b9KWWpNNSkN88rAFVfNXQ=
Subject key identifier:   C7:25:92:F0:63:17:00:AE:5C:1D:5C:F4:23:89:12:9D:76:07:C1:4B
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       01992DE370E0B604131353A8CCA2186EF374
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/xyWS8GMXAK5cHVz0I4kSnXYHwUs.roa
Signing time:             Tue 09 Sep 2025 09:51:44 +0000
ROA not before:           Tue 09 Sep 2025 09:51:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57844
IP address blocks:        45.156.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 18:34:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2d:e3:70:e0:b6:04:13:13:53:a8:cc:a2:18:6e:f3:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Sep  9 09:51:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c72592f0631700ae5c1d5cf42389129d7607c14b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6c:d6:e3:dc:ab:18:2f:fb:26:8c:30:83:e1:
                    db:fd:f3:06:74:04:c8:67:d7:de:aa:75:6a:5f:44:
                    c1:ab:aa:21:96:26:2d:ab:af:7e:6f:f3:fc:75:fa:
                    27:06:36:b1:15:2c:82:8b:1c:08:86:c2:a8:05:49:
                    a4:07:ca:f9:3e:4c:0f:70:c9:3d:f1:4f:fc:86:1d:
                    b1:a9:fc:2a:d2:9e:fa:12:7b:38:06:33:c7:3a:f2:
                    36:d3:b6:96:d9:9c:f7:37:c1:eb:01:e0:e2:10:36:
                    8e:e3:b4:ec:99:da:fa:8d:62:6f:67:7f:24:d2:72:
                    26:64:8b:d4:a2:d8:ca:78:47:99:c6:b9:5d:f4:a1:
                    60:ad:98:2c:12:d8:b4:08:76:7d:a9:dc:e6:4f:82:
                    46:b7:e3:00:d5:d8:50:0b:22:b7:1a:aa:8f:3d:4d:
                    fe:3a:10:35:ba:47:fc:74:c6:18:fa:bf:7e:7a:f9:
                    1b:dd:87:96:e0:40:9c:82:89:b1:85:2b:51:01:56:
                    3f:1a:c4:4f:1f:33:a0:ea:a8:02:37:bb:da:13:6f:
                    80:fe:7e:c8:7c:4a:c7:60:f1:a2:3d:de:81:39:c5:
                    0d:1b:b6:43:52:c5:02:1b:67:77:2d:c7:be:2c:72:
                    63:24:23:5c:0c:fa:39:fd:7b:8e:84:0c:39:ac:9f:
                    2f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:25:92:F0:63:17:00:AE:5C:1D:5C:F4:23:89:12:9D:76:07:C1:4B
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/xyWS8GMXAK5cHVz0I4kSnXYHwUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         44:c7:7e:76:e5:b5:cb:75:07:88:40:1b:f5:09:57:79:88:03:
         d0:58:89:84:f8:5b:a3:32:07:a9:b0:26:8e:92:a1:ea:79:17:
         67:1e:a5:99:83:79:a4:2d:2a:bf:aa:e7:28:65:42:14:cc:5f:
         3f:a2:55:9f:a7:ea:5d:33:e0:45:36:9b:db:cd:5e:4a:34:bc:
         4e:db:83:f6:dc:5f:a2:9c:22:0b:ff:b4:00:cf:e7:33:61:25:
         79:56:d1:4e:5a:c0:4e:e3:34:2f:16:98:1f:e8:d8:90:4f:78:
         02:7f:a2:79:c5:df:4a:58:9e:68:4b:77:f6:48:dc:ec:3c:0d:
         9c:ea:d6:87:a3:a7:c4:f2:20:01:00:fd:64:b4:a8:43:43:b5:
         f0:c2:7d:d8:c2:26:f3:e4:94:d4:87:c4:23:34:e0:ca:69:ca:
         b0:c9:7a:a2:6a:23:4c:76:ea:62:25:ef:87:0c:50:fe:59:45:
         5b:27:fb:a2:4d:5d:81:fa:d5:6a:c6:b5:bc:1d:64:ed:e2:5a:
         99:1a:98:1c:32:90:eb:3b:bb:e3:82:2f:c6:02:fc:1c:6f:e9:
         1b:89:91:8b:c2:e3:d7:b9:bd:7f:51:d8:4c:81:7a:fd:5b:b8:
         76:4b:31:8b:7e:c1:5b:48:ea:40:24:75:1a:3f:9c:7a:15:6a:
         d9:f3:ae:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkt43DgtgQTE1OozKIYbvN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjUwOTA5MDk1MTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzI1OTJmMDYzMTcwMGFlNWMxZDVjZjQyMzg5MTI5ZDc2MDdjMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWzW49yrGC/7Jowwg+Hb/fMGdATI
Z9feqnVqX0TBq6ohliYtq69+b/P8dfonBjaxFSyCixwIhsKoBUmkB8r5PkwPcMk9
8U/8hh2xqfwq0p76Ens4BjPHOvI207aW2Zz3N8HrAeDiEDaO47Tsmdr6jWJvZ38k
0nImZIvUotjKeEeZxrld9KFgrZgsEti0CHZ9qdzmT4JGt+MA1dhQCyK3GqqPPU3+
OhA1ukf8dMYY+r9+evkb3YeW4ECcgomxhStRAVY/GsRPHzOg6qgCN7vaE2+A/n7I
fErHYPGiPd6BOcUNG7ZDUsUCG2d3Lce+LHJjJCNcDPo5/XuOhAw5rJ8vHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMclkvBjFwCuXB1c9COJEp12B8FLMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEveHlXUzhHTVhBSzVjSFZ6MEk0a1NuWFlId1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZwsMA0G
CSqGSIb3DQEBCwUAA4IBAQBEx3525bXLdQeIQBv1CVd5iAPQWImE+FujMgepsCaO
kqHqeRdnHqWZg3mkLSq/qucoZUIUzF8/olWfp+pdM+BFNpvbzV5KNLxO24P23F+i
nCIL/7QAz+czYSV5VtFOWsBO4zQvFpgf6NiQT3gCf6J5xd9KWJ5oS3f2SNzsPA2c
6taHo6fE8iABAP1ktKhDQ7Xwwn3Ywibz5JTUh8QjNODKacqwyXqiaiNMdupiJe+H
DFD+WUVbJ/uiTV2B+tVqxrW8HWTt4lqZGpgcMpDrO7vjgi/GAvwcb+kbiZGLwuPX
ub1/UdhMgXr9W7h2SzGLfsFbSOpAJHUaP5x6FWrZ865C
-----END CERTIFICATE-----