Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/D3bRMlTDClBFr3S51rSxiY9VG9A.roa
File:                     D3bRMlTDClBFr3S51rSxiY9VG9A.roa (raw, json)
Hash identifier:          aR3n5btl/hz9D4qsdHX0kbRtCNTOPvoaLGVTTlP76Qo=
Subject key identifier:   0F:76:D1:32:54:C3:0A:50:45:AF:74:B9:D6:B4:B1:89:8F:55:1B:D0
Certificate issuer:       /CN=843d1afcf13bd2117d47df683e40a63287004cfe
Certificate serial:       01985B7853528D0509CEA87A1F5DFA5F23FA
Authority key identifier: 84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/D3bRMlTDClBFr3S51rSxiY9VG9A.roa
Signing time:             Wed 30 Jul 2025 13:14:28 +0000
ROA not before:           Wed 30 Jul 2025 13:14:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43824
IP address blocks:        45.142.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:37:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5b:78:53:52:8d:05:09:ce:a8:7a:1f:5d:fa:5f:23:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=843d1afcf13bd2117d47df683e40a63287004cfe
        Validity
            Not Before: Jul 30 13:14:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f76d13254c30a5045af74b9d6b4b1898f551bd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fd:1d:ce:9d:28:00:de:ca:37:7d:33:97:37:
                    53:f2:26:93:59:a5:2a:11:08:1b:96:4a:a3:8e:31:
                    c2:08:90:11:c8:2b:b3:6a:38:7b:e6:66:4d:96:11:
                    de:4d:3e:67:03:4b:a8:91:75:e6:0a:7b:08:1b:78:
                    d2:33:63:38:e5:10:31:d0:10:46:31:cd:70:7c:93:
                    59:2e:fc:b7:7a:20:08:f5:ae:16:a1:3d:13:d6:26:
                    1c:8f:a6:9d:af:d4:bc:29:3e:4b:d1:e4:79:26:a3:
                    de:fe:44:77:e8:82:b5:1a:a7:37:1b:f4:6a:9f:2c:
                    0d:4b:af:5a:50:ab:49:ea:92:ad:a3:6f:80:b7:95:
                    de:76:a2:5e:24:54:4e:8f:6a:f0:19:ba:34:cc:7b:
                    be:68:2c:be:87:5a:d6:9c:6d:fe:66:bb:4d:75:af:
                    84:12:01:35:8d:f8:39:f8:55:f8:d6:ee:ff:d8:a7:
                    a3:3e:0d:dc:78:b4:1f:67:aa:bf:72:fe:ac:61:13:
                    f6:98:94:f9:b8:41:f6:c5:43:e9:1c:25:99:4e:10:
                    6a:a2:65:81:d4:ec:00:fe:97:8f:78:01:42:da:33:
                    75:07:8e:32:8b:ba:53:f9:c3:58:e1:e2:69:d4:e4:
                    54:0f:4f:66:51:17:a5:33:e9:d6:5a:6f:b3:b2:cf:
                    12:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:76:D1:32:54:C3:0A:50:45:AF:74:B9:D6:B4:B1:89:8F:55:1B:D0
            X509v3 Authority Key Identifier:
                keyid:84:3D:1A:FC:F1:3B:D2:11:7D:47:DF:68:3E:40:A6:32:87:00:4C:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hD0a_PE70hF9R99oPkCmMocATP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/D3bRMlTDClBFr3S51rSxiY9VG9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/173306-2dbd-4ad8-bd51-b1f3bcc67aae/1/hD0a_PE70hF9R99oPkCmMocATP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:c2:94:37:bd:e5:de:42:01:54:8f:c1:d7:be:fa:b7:14:5a:
         3a:34:c0:fc:e8:b3:21:6a:98:4e:f8:6b:2b:ad:ef:3b:98:89:
         2b:c9:e6:ef:ab:8b:cb:66:55:af:53:b9:3f:2c:93:80:55:7d:
         16:59:e0:c8:e5:bc:b6:b0:c7:c2:89:9c:50:63:31:87:24:fc:
         74:a6:a2:8b:98:e8:98:f2:30:af:7c:b0:54:95:48:44:2d:2d:
         8e:ef:4d:c4:03:fc:ea:7f:d2:d2:3a:b1:2e:86:90:fd:aa:d1:
         cc:65:a7:8d:38:9a:23:da:e8:df:3c:23:ec:0b:88:3e:b1:d1:
         30:b3:f2:c0:a5:7b:5d:d6:26:53:4f:23:33:3b:7d:a0:13:0b:
         24:9a:1f:e6:ac:65:0d:01:b5:28:7a:bf:2c:1d:f1:a1:75:7b:
         1b:35:12:7d:06:35:70:1e:0a:84:8c:2f:b0:ae:63:1d:72:b7:
         0d:a7:a5:72:34:a7:58:3d:ce:99:cc:b2:a0:ef:9a:79:b5:9c:
         93:f6:34:18:14:49:2f:7f:ad:e2:c5:ad:95:34:11:e2:2c:f2:
         f2:24:c7:ed:95:d2:e0:6c:e9:37:36:68:c8:e7:3f:1f:23:84:
         31:d6:7c:d9:8b:3d:bc:aa:ba:cf:91:2d:09:3f:c3:5e:f5:df:
         44:a7:23:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhbeFNSjQUJzqh6H136XyP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0M2QxYWZjZjEzYmQyMTE3ZDQ3ZGY2ODNlNDBhNjMyODcw
MDRjZmUwHhcNMjUwNzMwMTMxNDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjc2ZDEzMjU0YzMwYTUwNDVhZjc0YjlkNmI0YjE4OThmNTUxYmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/0dzp0oAN7KN30zlzdT8iaTWaUq
EQgblkqjjjHCCJARyCuzajh75mZNlhHeTT5nA0uokXXmCnsIG3jSM2M45RAx0BBG
Mc1wfJNZLvy3eiAI9a4WoT0T1iYcj6adr9S8KT5L0eR5JqPe/kR36IK1Gqc3G/Rq
nywNS69aUKtJ6pKto2+At5XedqJeJFROj2rwGbo0zHu+aCy+h1rWnG3+ZrtNda+E
EgE1jfg5+FX41u7/2KejPg3ceLQfZ6q/cv6sYRP2mJT5uEH2xUPpHCWZThBqomWB
1OwA/pePeAFC2jN1B44yi7pT+cNY4eJp1ORUD09mURelM+nWWm+zss8SSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA920TJUwwpQRa90uda0sYmPVRvQMB8GA1UdIwQY
MBaAFIQ9GvzxO9IRfUffaD5ApjKHAEz+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEt
YjFmM2JjYzY3YWFlLzEvRDNiUk1sVERDbEJGcjNTNTFyU3hpWTlWRzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8xNzMzMDYtMmRiZC00YWQ4LWJkNTEtYjFmM2JjYzY3YWFl
LzEvaEQwYV9QRTcwaEY5Ujk5b1BrQ21Nb2NBVFA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY5XMA0G
CSqGSIb3DQEBCwUAA4IBAQBDwpQ3veXeQgFUj8HXvvq3FFo6NMD86LMhaphO+Gsr
re87mIkryebvq4vLZlWvU7k/LJOAVX0WWeDI5by2sMfCiZxQYzGHJPx0pqKLmOiY
8jCvfLBUlUhELS2O703EA/zqf9LSOrEuhpD9qtHMZaeNOJoj2ujfPCPsC4g+sdEw
s/LApXtd1iZTTyMzO32gEwskmh/mrGUNAbUoer8sHfGhdXsbNRJ9BjVwHgqEjC+w
rmMdcrcNp6VyNKdYPc6ZzLKg75p5tZyT9jQYFEkvf63ixa2VNBHiLPLyJMftldLg
bOk3NmjI5z8fI4Qx1nzZiz28qrrPkS0JP8Ne9d9EpyMo
-----END CERTIFICATE-----