Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/mlYAGWh15vGd93694fMr69kZ1-s.roa
File:                     mlYAGWh15vGd93694fMr69kZ1-s.roa (raw, json)
Hash identifier:          otHCfgliIY/SrOf4+V6i45uE7RR60PmYBw532SayjKk=
Subject key identifier:   9A:56:00:19:68:75:E6:F1:9D:F7:7E:BD:E1:F3:2B:EB:D9:19:D7:EB
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       019A25F375D384DC9673AB340318732F8322
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/mlYAGWh15vGd93694fMr69kZ1-s.roa
Signing time:             Mon 27 Oct 2025 13:55:03 +0000
ROA not before:           Mon 27 Oct 2025 13:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207475
IP address blocks:        45.12.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:f3:75:d3:84:dc:96:73:ab:34:03:18:73:2f:83:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Oct 27 13:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a5600196875e6f19df77ebde1f32bebd919d7eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:69:98:d7:c7:d6:ff:a5:bf:5a:89:0d:e2:b3:
                    ee:c9:1e:e0:2e:7a:58:82:7c:16:98:2c:68:43:36:
                    eb:c8:9a:06:d0:59:33:eb:b9:3f:d1:48:dc:f9:1e:
                    19:f9:21:98:97:5d:97:71:9d:d6:bd:cc:b8:0c:00:
                    05:b9:5d:3e:7b:ed:b7:64:b2:11:34:1f:9c:67:c9:
                    96:69:79:fd:fc:8c:52:d3:27:78:e4:92:53:69:49:
                    56:07:12:dd:4b:99:36:74:86:58:6f:6a:ac:25:de:
                    d6:a3:14:ec:8e:83:bf:24:a4:57:7d:99:87:d1:b6:
                    e1:db:fd:eb:5f:1a:b0:4f:e6:d9:c9:fa:ce:9b:6a:
                    c9:75:38:89:99:8d:57:ab:f6:18:c3:db:80:31:4b:
                    c0:1b:dd:79:2c:8f:32:c9:28:7f:90:86:2f:ed:f3:
                    ae:bd:c4:da:6f:70:18:20:0f:75:57:fc:1d:0e:4f:
                    18:0b:a0:80:e6:89:fd:6a:8f:c1:d1:47:72:a3:35:
                    8d:84:66:14:48:7d:e3:3e:ee:24:e6:1f:10:29:37:
                    a2:c0:06:c8:5e:95:16:b3:ac:00:2d:db:bd:76:44:
                    ef:ab:56:49:49:f7:9a:88:c0:f6:dc:4e:5b:0f:1e:
                    6b:f8:5f:72:c0:4a:d6:51:4f:d8:92:36:b3:d6:c4:
                    61:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:56:00:19:68:75:E6:F1:9D:F7:7E:BD:E1:F3:2B:EB:D9:19:D7:EB
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/mlYAGWh15vGd93694fMr69kZ1-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:62:9a:d2:32:89:a0:1d:06:89:e4:0a:c3:ee:1c:ca:6c:c4:
         6e:23:24:2d:0c:fe:c0:49:81:fd:0d:61:bd:27:26:82:34:73:
         44:f1:a1:bf:7b:82:30:58:9b:79:fc:cf:7b:0c:c6:80:e4:12:
         62:63:ad:e9:91:a4:e0:8c:1e:ff:8f:ce:b6:08:bb:76:2e:97:
         34:0f:75:90:f4:49:30:8f:6c:09:5e:3a:5e:92:15:82:5b:91:
         ef:15:e8:15:2a:b0:04:14:8e:4e:51:e8:0c:34:a7:3e:5e:42:
         12:3c:fd:cf:f2:ea:9f:51:ad:38:c3:71:f8:15:04:59:da:76:
         26:0e:00:54:d4:be:1e:51:51:93:4a:52:8c:7a:b4:3f:7f:78:
         81:2f:ed:ed:fd:02:35:2c:05:33:57:17:03:9d:27:50:b5:d6:
         0f:cc:02:b9:7d:1f:d9:cc:c5:59:4b:72:54:1e:dd:39:33:0f:
         6f:8b:48:9b:70:4a:ce:54:55:89:e1:f1:94:b6:4a:39:fe:b3:
         f1:0a:30:14:60:9e:67:25:ed:03:ab:7d:2f:ef:61:84:e6:73:
         b3:36:da:81:8d:d5:17:22:e0:1b:5e:83:cb:d1:81:e4:5b:6a:
         8e:74:07:15:4a:18:3a:f8:2d:67:5c:f4:c9:3d:7e:0a:eb:8f:
         63:7e:f0:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZol83XThNyWc6s0AxhzL4MiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjUxMDI3MTM1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTU2MDAxOTY4NzVlNmYxOWRmNzdlYmRlMWYzMmJlYmQ5MTlkN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2mY18fW/6W/WokN4rPuyR7gLnpY
gnwWmCxoQzbryJoG0Fkz67k/0Ujc+R4Z+SGYl12XcZ3Wvcy4DAAFuV0+e+23ZLIR
NB+cZ8mWaXn9/IxS0yd45JJTaUlWBxLdS5k2dIZYb2qsJd7WoxTsjoO/JKRXfZmH
0bbh2/3rXxqwT+bZyfrOm2rJdTiJmY1Xq/YYw9uAMUvAG915LI8yySh/kIYv7fOu
vcTab3AYIA91V/wdDk8YC6CA5on9ao/B0UdyozWNhGYUSH3jPu4k5h8QKTeiwAbI
XpUWs6wALdu9dkTvq1ZJSfeaiMD23E5bDx5r+F9ywErWUU/Ykjaz1sRhXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpWABlodebxnfd+veHzK+vZGdfrMB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvbWxZQUdXaDE1dkdkOTM2OTRmTXI2OWtaMS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQwbMA0G
CSqGSIb3DQEBCwUAA4IBAQCVYprSMomgHQaJ5ArD7hzKbMRuIyQtDP7ASYH9DWG9
JyaCNHNE8aG/e4IwWJt5/M97DMaA5BJiY63pkaTgjB7/j862CLt2Lpc0D3WQ9Ekw
j2wJXjpekhWCW5HvFegVKrAEFI5OUegMNKc+XkISPP3P8uqfUa04w3H4FQRZ2nYm
DgBU1L4eUVGTSlKMerQ/f3iBL+3t/QI1LAUzVxcDnSdQtdYPzAK5fR/ZzMVZS3JU
Ht05Mw9vi0ibcErOVFWJ4fGUtko5/rPxCjAUYJ5nJe0Dq30v72GE5nOzNtqBjdUX
IuAbXoPL0YHkW2qOdAcVShg6+C1nXPTJPX4K649jfvBZ
-----END CERTIFICATE-----