Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/4B7MfDl6NByJmRgXlWM71-ODWyI.roa
File:                     4B7MfDl6NByJmRgXlWM71-ODWyI.roa (raw, json)
Hash identifier:          9aZO8CFVuoeDGT3o5gurHwnNU71DvTs2u9IU71mfm6I=
Subject key identifier:   E0:1E:CC:7C:39:7A:34:1C:89:99:18:17:95:63:3B:D7:E3:83:5B:22
Certificate issuer:       /CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
Certificate serial:       019A122C9605DE8F694EA519AAE31353964D
Authority key identifier: BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/4B7MfDl6NByJmRgXlWM71-ODWyI.roa
Signing time:             Thu 23 Oct 2025 17:45:03 +0000
ROA not before:           Thu 23 Oct 2025 17:45:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44947
IP address blocks:        212.108.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:12:2c:96:05:de:8f:69:4e:a5:19:aa:e3:13:53:96:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
        Validity
            Not Before: Oct 23 17:45:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e01ecc7c397a341c8999181795633bd7e3835b22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ab:59:60:ec:f6:61:7c:2e:d2:5f:ef:d8:f4:
                    74:8c:8a:5a:f5:1a:a1:46:9b:44:7e:d0:2a:d5:5d:
                    89:6c:d1:b3:c9:c3:f0:58:16:16:be:51:da:17:95:
                    21:7e:f8:b2:a9:0a:77:e4:d7:92:80:c8:b9:1b:50:
                    75:0d:48:7f:f7:b3:d5:0f:ff:60:de:36:ca:8d:d7:
                    3c:47:bf:c1:e7:19:ca:86:2a:c8:45:04:6a:d5:c5:
                    2a:8e:c7:6d:11:b7:55:09:38:9f:d9:0b:72:ba:14:
                    89:7f:b3:9e:34:97:d8:14:26:cd:71:95:c3:d8:26:
                    e8:81:3e:fa:77:d4:1a:14:9c:aa:c3:a2:24:1e:8c:
                    0c:68:b3:1b:4c:cc:87:25:59:db:b5:17:61:49:d7:
                    64:58:74:07:71:44:ac:21:0a:93:92:45:4a:5f:83:
                    9e:a6:bb:2a:9a:a9:48:57:18:6e:56:15:3b:fa:4f:
                    65:5a:4f:5f:27:4d:20:c1:ff:e9:38:67:20:23:7f:
                    dc:75:a6:49:a7:66:61:5a:62:d0:06:b1:89:45:c4:
                    a5:be:4f:f4:1c:8a:38:a2:59:24:dd:34:84:8a:d9:
                    83:4a:b3:45:ea:fb:ef:6f:b0:05:57:69:e0:7a:61:
                    4e:f2:37:57:0a:62:a0:06:6f:27:7c:48:b4:d3:54:
                    44:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:1E:CC:7C:39:7A:34:1C:89:99:18:17:95:63:3B:D7:E3:83:5B:22
            X509v3 Authority Key Identifier:
                keyid:BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/4B7MfDl6NByJmRgXlWM71-ODWyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:8f:51:66:b9:08:69:ba:b7:da:f4:2e:07:75:94:02:7b:1a:
         a8:1b:9c:0c:81:f8:15:4c:5e:dd:c4:cc:82:64:4b:86:67:41:
         f7:6a:94:42:c8:7b:48:ec:6d:2a:88:5b:7f:d2:11:30:db:d5:
         26:e3:2f:81:03:03:26:0d:4a:70:3a:38:23:c0:d7:37:ab:c9:
         84:3e:cd:9e:dd:dc:b3:49:f3:bd:59:af:85:23:80:1e:99:78:
         dc:7b:2d:b6:94:c8:45:82:90:e6:fc:6a:19:37:4a:5e:c3:3d:
         2e:ed:72:59:65:1b:bd:aa:b9:95:ba:85:9c:22:86:80:d7:b3:
         70:da:65:6a:55:9b:50:13:3a:a2:98:fa:a4:32:b0:48:05:ff:
         34:ea:92:49:ea:6a:90:94:37:4e:55:a4:c7:97:b7:da:e4:3a:
         25:c6:09:c1:de:4b:c7:0c:67:b1:58:d2:45:c2:35:7f:4e:12:
         dd:0e:19:d4:97:d9:16:fb:9a:6f:7f:89:da:cd:b7:9f:1a:fb:
         69:02:5f:26:69:78:a5:1f:e7:c8:48:b0:b5:6b:3e:e7:4e:06:
         e6:f6:26:74:6d:39:fc:47:ab:3c:0d:51:e2:04:03:dc:43:0f:
         bf:0b:1a:f0:4f:1f:dc:35:e8:bc:9b:ce:01:13:82:60:85:c4:
         ff:33:84:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoSLJYF3o9pTqUZquMTU5ZNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMjNiMDdhM2MwYWM5ZTMzM2Y1MmU4YjVkNDFhNzY4YTNk
MzkwMjUwHhcNMjUxMDIzMTc0NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDFlY2M3YzM5N2EzNDFjODk5OTE4MTc5NTYzM2JkN2UzODM1YjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKtZYOz2YXwu0l/v2PR0jIpa9Rqh
RptEftAq1V2JbNGzycPwWBYWvlHaF5UhfviyqQp35NeSgMi5G1B1DUh/97PVD/9g
3jbKjdc8R7/B5xnKhirIRQRq1cUqjsdtEbdVCTif2QtyuhSJf7OeNJfYFCbNcZXD
2CbogT76d9QaFJyqw6IkHowMaLMbTMyHJVnbtRdhSddkWHQHcUSsIQqTkkVKX4Oe
prsqmqlIVxhuVhU7+k9lWk9fJ00gwf/pOGcgI3/cdaZJp2ZhWmLQBrGJRcSlvk/0
HIo4olkk3TSEitmDSrNF6vvvb7AFV2ngemFO8jdXCmKgBm8nfEi001REXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAezHw5ejQciZkYF5VjO9fjg1siMB8GA1UdIwQY
MBaAFLojsHo8CsnjM/Uui11Bp2ij05AlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEt
ODA2OWM0Njc3MWNjLzEvNEI3TWZEbDZOQnlKbVJnWGxXTTcxLU9EV3lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEtODA2OWM0Njc3MWNj
LzEvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Gx8MA0G
CSqGSIb3DQEBCwUAA4IBAQBfj1FmuQhpurfa9C4HdZQCexqoG5wMgfgVTF7dxMyC
ZEuGZ0H3apRCyHtI7G0qiFt/0hEw29Um4y+BAwMmDUpwOjgjwNc3q8mEPs2e3dyz
SfO9Wa+FI4AemXjcey22lMhFgpDm/GoZN0pewz0u7XJZZRu9qrmVuoWcIoaA17Nw
2mVqVZtQEzqimPqkMrBIBf806pJJ6mqQlDdOVaTHl7fa5DolxgnB3kvHDGexWNJF
wjV/ThLdDhnUl9kW+5pvf4nazbefGvtpAl8maXilH+fISLC1az7nTgbm9iZ0bTn8
R6s8DVHiBAPcQw+/CxrwTx/cNei8m84BE4JghcT/M4SQ
-----END CERTIFICATE-----