Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/Zj1tO-q-Puc3Q0mGzg6OAqTVIVg.roa
File:                     Zj1tO-q-Puc3Q0mGzg6OAqTVIVg.roa (raw, json)
Hash identifier:          1LBMGTqPppIjvQRqI63B9KgLLPyRno6DAs97LHbn/gY=
Subject key identifier:   66:3D:6D:3B:EA:BE:3E:E7:37:43:49:86:CE:0E:8E:02:A4:D5:21:58
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       019A34C2A648052682AD325BE877144D143C
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/Zj1tO-q-Puc3Q0mGzg6OAqTVIVg.roa
Signing time:             Thu 30 Oct 2025 10:56:03 +0000
ROA not before:           Thu 30 Oct 2025 10:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.85.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Nov 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:34:c2:a6:48:05:26:82:ad:32:5b:e8:77:14:4d:14:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Oct 30 10:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=663d6d3beabe3ee737434986ce0e8e02a4d52158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:be:dd:54:a5:e6:7f:37:ca:51:be:32:7a:12:
                    f9:63:b3:c6:8f:6e:e1:06:ae:79:31:4d:02:79:d7:
                    5f:3a:f7:61:ea:e0:a5:23:7a:9c:a3:f7:0b:1a:66:
                    cc:2f:e8:63:03:5b:21:6d:c0:21:c9:f9:89:3e:57:
                    ef:3a:39:9f:c0:ba:e7:84:a0:15:b8:6c:47:e9:68:
                    aa:60:7e:7a:4d:25:bd:cf:23:c3:24:e6:33:7b:22:
                    82:d9:54:84:9c:ea:a6:2d:d8:59:54:62:47:37:4f:
                    25:cf:0f:2b:36:1a:1e:21:a3:74:61:90:e1:b7:bc:
                    8f:50:54:fd:6a:6f:6c:54:ae:a1:91:2b:45:92:ec:
                    7e:cc:37:45:24:74:81:13:59:e3:99:c5:d8:58:9f:
                    65:e2:8a:09:a4:58:27:a9:12:d0:eb:30:43:e5:db:
                    42:b0:dd:8b:f1:76:05:1f:20:39:fb:ca:c9:46:6f:
                    b7:f1:6c:fc:1f:59:a2:55:0d:1d:43:c4:61:01:bd:
                    b0:88:c2:43:85:a5:3f:fc:6d:0f:7f:26:b1:0b:bc:
                    7e:9d:b8:0c:92:3c:e8:2c:34:ad:45:41:3f:3e:a8:
                    bd:00:da:51:6d:fb:38:89:29:57:49:02:ac:51:57:
                    42:c3:18:55:14:39:aa:cb:b4:fe:0b:cf:49:2f:41:
                    3e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3D:6D:3B:EA:BE:3E:E7:37:43:49:86:CE:0E:8E:02:A4:D5:21:58
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/Zj1tO-q-Puc3Q0mGzg6OAqTVIVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:92:76:8e:90:60:e1:ee:d4:ed:ba:20:ed:ab:73:92:06:f3:
         df:d4:56:53:78:15:ae:e0:95:26:03:f6:9e:85:c9:1b:79:6e:
         65:de:aa:b2:72:c1:dd:09:f6:ee:16:ff:73:db:dd:fb:41:83:
         f1:66:9d:35:46:be:1a:d9:7b:41:2b:d3:c4:6c:b9:c6:e9:ea:
         32:9b:aa:ea:62:d9:d4:d9:b7:7c:07:f5:76:e6:15:ee:e9:03:
         30:26:5c:bc:25:8c:73:96:2e:c9:16:28:db:a3:6e:58:7d:2a:
         44:cd:9c:c1:55:9a:be:41:c5:2e:5d:e7:f5:a9:5a:b7:1d:ca:
         8f:8f:9b:14:cf:48:2c:11:16:03:06:9f:fe:32:18:de:cc:6e:
         85:ec:df:81:b1:bd:6d:df:ca:9c:eb:e6:28:56:62:ff:1c:15:
         bc:f6:40:89:3f:16:d2:63:cf:5f:c5:a9:44:1d:e1:39:fc:b0:
         2b:35:b1:1a:71:ba:5c:5a:ff:8e:c8:23:81:42:a1:48:bc:0f:
         78:94:3e:28:98:c1:33:15:9d:8d:39:24:51:46:7e:d8:f5:30:
         c3:92:9c:65:1f:aa:a3:9e:42:7a:15:df:9c:64:fe:03:4c:37:
         27:4e:d0:e5:81:07:49:3e:e7:46:1e:f3:25:81:5b:21:d4:fe:
         2b:88:3b:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo0wqZIBSaCrTJb6HcUTRQ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjUxMDMwMTA1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjNkNmQzYmVhYmUzZWU3Mzc0MzQ5ODZjZTBlOGUwMmE0ZDUyMTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxr7dVKXmfzfKUb4yehL5Y7PGj27h
Bq55MU0CeddfOvdh6uClI3qco/cLGmbML+hjA1shbcAhyfmJPlfvOjmfwLrnhKAV
uGxH6WiqYH56TSW9zyPDJOYzeyKC2VSEnOqmLdhZVGJHN08lzw8rNhoeIaN0YZDh
t7yPUFT9am9sVK6hkStFkux+zDdFJHSBE1njmcXYWJ9l4ooJpFgnqRLQ6zBD5dtC
sN2L8XYFHyA5+8rJRm+38Wz8H1miVQ0dQ8RhAb2wiMJDhaU//G0PfyaxC7x+nbgM
kjzoLDStRUE/Pqi9ANpRbfs4iSlXSQKsUVdCwxhVFDmqy7T+C89JL0E+swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGY9bTvqvj7nN0NJhs4OjgKk1SFYMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvWmoxdE8tcS1QdWMzUTBtR3pnNk9BcVRWSVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVUNMA0G
CSqGSIb3DQEBCwUAA4IBAQBEknaOkGDh7tTtuiDtq3OSBvPf1FZTeBWu4JUmA/ae
hckbeW5l3qqycsHdCfbuFv9z2937QYPxZp01Rr4a2XtBK9PEbLnG6eoym6rqYtnU
2bd8B/V25hXu6QMwJly8JYxzli7JFijbo25YfSpEzZzBVZq+QcUuXef1qVq3HcqP
j5sUz0gsERYDBp/+MhjezG6F7N+Bsb1t38qc6+YoVmL/HBW89kCJPxbSY89fxalE
HeE5/LArNbEacbpcWv+OyCOBQqFIvA94lD4omMEzFZ2NOSRRRn7Y9TDDkpxlH6qj
nkJ6Fd+cZP4DTDcnTtDlgQdJPudGHvMlgVsh1P4riDv6
-----END CERTIFICATE-----