Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/ZAO9zOgwcnH7CVr3zg-zAmkFmEU.roa
File:                     ZAO9zOgwcnH7CVr3zg-zAmkFmEU.roa (raw, json)
Hash identifier:          jzMcOQPGwbHcpf5AaSFTbx4J1lBs/EwoqM2RnhLe/64=
Subject key identifier:   64:03:BD:CC:E8:30:72:71:FB:09:5A:F7:CE:0F:B3:02:69:05:98:45
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       019A12914B390D335236A7F5736219BBE22D
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/ZAO9zOgwcnH7CVr3zg-zAmkFmEU.roa
Signing time:             Thu 23 Oct 2025 19:35:03 +0000
ROA not before:           Thu 23 Oct 2025 19:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25198
IP address blocks:        45.154.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:12:91:4b:39:0d:33:52:36:a7:f5:73:62:19:bb:e2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Oct 23 19:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6403bdcce8307271fb095af7ce0fb30269059845
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:38:1d:71:1a:0c:7c:28:f7:bc:b2:21:90:ed:
                    c1:f5:49:0b:c0:ce:40:b0:c1:9b:54:0e:9b:c7:9e:
                    20:40:9a:d4:5d:84:ce:70:39:ed:ab:89:c2:18:68:
                    4a:1b:4c:94:f1:f0:90:c4:ce:81:22:cd:07:a8:26:
                    98:98:47:5c:56:7b:d1:6c:78:0d:47:d0:07:b2:24:
                    54:92:12:46:db:7c:e6:62:1c:4a:32:d0:84:1a:e2:
                    3e:64:17:a1:5b:13:eb:f6:54:bb:d8:28:75:26:35:
                    bb:3f:d3:1f:7d:0d:60:b2:70:09:28:a0:40:63:40:
                    0f:ae:90:1e:1a:4c:12:fa:6b:3e:29:82:46:2a:a0:
                    bf:b3:0f:62:5a:18:a1:05:5b:18:bb:c0:48:d6:02:
                    2a:32:1a:52:bd:7c:09:10:33:79:89:77:70:b4:7f:
                    57:b2:8d:47:17:15:66:38:6b:43:8f:8a:bf:8f:39:
                    47:64:54:bf:84:f0:2e:54:17:5a:d4:af:68:53:68:
                    94:c6:8e:37:01:be:40:f2:26:c3:51:3a:cf:74:4e:
                    9c:ee:c4:75:e6:ef:64:e8:2a:27:55:c6:92:56:62:
                    e7:bf:5f:57:38:cc:94:d3:92:3e:c7:80:ee:49:35:
                    e8:d3:56:2c:cc:37:51:51:32:73:a0:18:9a:3c:35:
                    a5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:03:BD:CC:E8:30:72:71:FB:09:5A:F7:CE:0F:B3:02:69:05:98:45
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/ZAO9zOgwcnH7CVr3zg-zAmkFmEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:cb:a9:ac:63:56:ff:09:61:42:98:4d:0c:6f:3e:47:92:60:
         eb:0c:21:bf:83:51:96:b2:24:79:5c:7c:24:52:6e:6e:88:0d:
         ba:42:6d:82:06:33:ba:a5:5c:67:bc:87:35:91:02:89:c9:77:
         78:b6:56:3c:ce:94:75:b3:66:77:fe:a2:47:5c:ac:51:ad:48:
         48:10:99:e4:cd:03:b3:09:85:ea:94:80:b7:c5:e2:4a:c6:3e:
         4d:e2:03:df:9e:cb:6f:fb:f2:9a:fe:60:56:43:da:da:e1:b9:
         24:68:db:04:2d:6f:a1:aa:78:44:21:f6:82:90:20:54:62:39:
         64:5c:d3:42:7f:99:1d:3e:3e:f6:e0:eb:da:3c:05:4a:2d:e4:
         ce:c7:f9:22:c2:23:18:6d:6a:1c:64:4f:d5:52:2f:16:ea:f4:
         59:03:7a:5f:99:ee:f8:e3:74:a6:3c:a6:5f:fe:21:00:ef:22:
         38:b7:44:67:07:38:9d:82:e4:f9:97:04:65:8e:f7:dd:b4:04:
         6f:bb:38:4f:e8:26:1f:1e:21:cc:cf:79:be:19:b6:2c:5a:f6:
         fa:92:b2:6e:d8:22:aa:8b:d3:74:c6:28:51:91:83:84:14:00:
         46:85:b8:8f:8b:01:30:48:a7:4e:36:fb:e3:a3:79:bb:4c:04:
         04:e3:88:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoSkUs5DTNSNqf1c2IZu+ItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUxMDIzMTkzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDAzYmRjY2U4MzA3MjcxZmIwOTVhZjdjZTBmYjMwMjY5MDU5ODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjgdcRoMfCj3vLIhkO3B9UkLwM5A
sMGbVA6bx54gQJrUXYTOcDntq4nCGGhKG0yU8fCQxM6BIs0HqCaYmEdcVnvRbHgN
R9AHsiRUkhJG23zmYhxKMtCEGuI+ZBehWxPr9lS72Ch1JjW7P9MffQ1gsnAJKKBA
Y0APrpAeGkwS+ms+KYJGKqC/sw9iWhihBVsYu8BI1gIqMhpSvXwJEDN5iXdwtH9X
so1HFxVmOGtDj4q/jzlHZFS/hPAuVBda1K9oU2iUxo43Ab5A8ibDUTrPdE6c7sR1
5u9k6ConVcaSVmLnv19XOMyU05I+x4DuSTXo01YszDdRUTJzoBiaPDWlGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGQDvczoMHJx+wla984PswJpBZhFMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvWkFPOXpPZ3djbkg3Q1ZyM3pnLXpBbWtGbUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZqcMA0G
CSqGSIb3DQEBCwUAA4IBAQA2y6msY1b/CWFCmE0Mbz5HkmDrDCG/g1GWsiR5XHwk
Um5uiA26Qm2CBjO6pVxnvIc1kQKJyXd4tlY8zpR1s2Z3/qJHXKxRrUhIEJnkzQOz
CYXqlIC3xeJKxj5N4gPfnstv+/Ka/mBWQ9ra4bkkaNsELW+hqnhEIfaCkCBUYjlk
XNNCf5kdPj724OvaPAVKLeTOx/kiwiMYbWocZE/VUi8W6vRZA3pfme7443SmPKZf
/iEA7yI4t0RnBzidguT5lwRljvfdtARvuzhP6CYfHiHMz3m+GbYsWvb6krJu2CKq
i9N0xihRkYOEFABGhbiPiwEwSKdONvvjo3m7TAQE44i0
-----END CERTIFICATE-----