Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/8008fe-175b-41bf-b1d6-2ce0eb458788/1/btVJTycrOu73mUIXm-DmnQZDlPs.roa
File:                     btVJTycrOu73mUIXm-DmnQZDlPs.roa (raw, json)
Hash identifier:          XGmN+HVfqx/2ED53etC2ojf1SMKcGmAltxqzFq/xltI=
Subject key identifier:   6E:D5:49:4F:27:2B:3A:EE:F7:99:42:17:9B:E0:E6:9D:06:43:94:FB
Certificate issuer:       /CN=4c51636fde905f8521f411479e81321cdcf49049
Certificate serial:       019B77C71CD9AA42EF2B3934C0B50F85359B
Authority key identifier: 4C:51:63:6F:DE:90:5F:85:21:F4:11:47:9E:81:32:1C:DC:F4:90:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TFFjb96QX4Uh9BFHnoEyHNz0kEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/8008fe-175b-41bf-b1d6-2ce0eb458788/1/btVJTycrOu73mUIXm-DmnQZDlPs.roa
Signing time:             Thu 01 Jan 2026 04:18:16 +0000
ROA not before:           Thu 01 Jan 2026 04:18:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35224
IP address blocks:        45.93.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/8008fe-175b-41bf-b1d6-2ce0eb458788/1/TFFjb96QX4Uh9BFHnoEyHNz0kEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/8008fe-175b-41bf-b1d6-2ce0eb458788/1/TFFjb96QX4Uh9BFHnoEyHNz0kEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TFFjb96QX4Uh9BFHnoEyHNz0kEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:1c:d9:aa:42:ef:2b:39:34:c0:b5:0f:85:35:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c51636fde905f8521f411479e81321cdcf49049
        Validity
            Not Before: Jan  1 04:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ed5494f272b3aeef79942179be0e69d064394fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dd:de:db:f3:ed:14:2d:8d:58:24:41:fe:e9:
                    04:f5:99:66:53:8c:e5:9c:1a:9e:4c:cf:93:f6:c2:
                    e4:b0:b2:98:70:73:e1:71:dd:69:eb:68:53:a9:3d:
                    25:4d:ae:71:aa:ce:fe:9f:7b:16:d4:e4:04:7a:7f:
                    f1:0a:9a:f1:27:43:eb:f4:e5:bb:31:d3:3a:c1:fb:
                    9f:d9:5a:e3:1e:49:fa:d8:a7:d2:77:2e:2d:dd:e1:
                    c9:40:d8:a9:6c:d3:bd:71:5e:cd:43:c1:16:74:9f:
                    61:0a:92:7d:0f:d4:57:cb:67:3e:66:90:51:7b:a9:
                    e1:00:fc:33:54:d2:48:6c:a1:86:67:a8:8d:43:2c:
                    58:ff:e1:25:1d:4d:22:67:62:d9:19:91:52:5d:0c:
                    b9:91:ea:10:ff:44:75:75:5c:a0:0e:ea:90:90:1e:
                    d0:30:17:61:f8:35:1f:17:52:36:a9:c7:dc:ee:c1:
                    04:47:bd:58:2b:a2:4e:a2:32:6f:94:fd:01:4f:c0:
                    87:88:c7:37:f3:5f:8b:51:93:b6:71:f0:e6:10:c1:
                    a5:f9:97:c3:4c:dc:e5:67:65:a0:1b:08:25:59:71:
                    f9:d1:98:88:50:f9:7a:14:0c:91:60:43:3d:a5:0e:
                    ad:44:46:e1:46:d2:49:05:55:96:69:4b:54:c2:70:
                    7c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:D5:49:4F:27:2B:3A:EE:F7:99:42:17:9B:E0:E6:9D:06:43:94:FB
            X509v3 Authority Key Identifier:
                keyid:4C:51:63:6F:DE:90:5F:85:21:F4:11:47:9E:81:32:1C:DC:F4:90:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TFFjb96QX4Uh9BFHnoEyHNz0kEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/8008fe-175b-41bf-b1d6-2ce0eb458788/1/btVJTycrOu73mUIXm-DmnQZDlPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/8008fe-175b-41bf-b1d6-2ce0eb458788/1/TFFjb96QX4Uh9BFHnoEyHNz0kEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:0a:1f:7d:4c:47:ea:d3:30:74:66:a0:28:2b:be:d5:ef:10:
         c8:c9:6e:af:32:a7:44:d7:bd:71:77:8e:54:9e:84:97:d7:df:
         6d:fc:f0:ad:cf:f2:ce:00:3d:09:10:ff:de:a4:a7:8a:76:04:
         93:c8:2e:6e:f4:ff:ca:87:e7:31:d1:a5:67:41:c8:19:3a:34:
         d5:c8:1a:34:55:53:60:a3:e5:dc:5e:3b:fc:c6:df:7b:87:c9:
         67:99:a4:d1:2b:c8:a8:fd:6b:43:5c:03:d3:c4:97:a2:58:ca:
         73:cc:62:f1:df:9d:2a:9b:11:f5:4d:68:82:ed:4b:07:e1:4c:
         07:c3:dd:a5:f3:b0:6f:7d:1a:f5:25:ef:4d:35:a4:41:1e:c7:
         50:7c:8f:a0:f3:39:df:ef:c6:4f:db:2f:35:b7:49:5d:b7:15:
         95:34:c7:57:50:96:f0:64:23:76:b0:45:0a:b0:6c:81:df:5b:
         11:fc:5c:a8:bb:4b:01:dd:35:5b:40:ad:d3:b5:62:8e:a0:7e:
         9d:5c:53:bd:82:ce:d4:63:9a:2a:70:e0:a2:87:8b:fe:48:c9:
         d2:e8:b8:c5:4b:27:aa:95:d4:2e:29:38:d2:4c:7d:f1:e1:9d:
         16:f3:63:fc:72:a6:7f:5a:df:3c:bd:73:e0:f4:f8:20:49:00:
         f9:94:76:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xxzZqkLvKzk0wLUPhTWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNTE2MzZmZGU5MDVmODUyMWY0MTE0NzllODEzMjFjZGNm
NDkwNDkwHhcNMjYwMTAxMDQxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWQ1NDk0ZjI3MmIzYWVlZjc5OTQyMTc5YmUwZTY5ZDA2NDM5NGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN3e2/PtFC2NWCRB/ukE9ZlmU4zl
nBqeTM+T9sLksLKYcHPhcd1p62hTqT0lTa5xqs7+n3sW1OQEen/xCprxJ0Pr9OW7
MdM6wfuf2VrjHkn62KfSdy4t3eHJQNipbNO9cV7NQ8EWdJ9hCpJ9D9RXy2c+ZpBR
e6nhAPwzVNJIbKGGZ6iNQyxY/+ElHU0iZ2LZGZFSXQy5keoQ/0R1dVygDuqQkB7Q
MBdh+DUfF1I2qcfc7sEER71YK6JOojJvlP0BT8CHiMc381+LUZO2cfDmEMGl+ZfD
TNzlZ2WgGwglWXH50ZiIUPl6FAyRYEM9pQ6tREbhRtJJBVWWaUtUwnB8VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7VSU8nKzru95lCF5vg5p0GQ5T7MB8GA1UdIwQY
MBaAFExRY2/ekF+FIfQRR56BMhzc9JBJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEZGamI5NlFYNFVoOUJGSG5vRXlITnowa0VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny84MDA4ZmUtMTc1Yi00MWJmLWIxZDYt
MmNlMGViNDU4Nzg4LzEvYnRWSlR5Y3JPdTczbVVJWG0tRG1uUVpEbFBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny84MDA4ZmUtMTc1Yi00MWJmLWIxZDYtMmNlMGViNDU4Nzg4
LzEvVEZGamI5NlFYNFVoOUJGSG5vRXlITnowa0VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV0oMA0G
CSqGSIb3DQEBCwUAA4IBAQBZCh99TEfq0zB0ZqAoK77V7xDIyW6vMqdE171xd45U
noSX199t/PCtz/LOAD0JEP/epKeKdgSTyC5u9P/Kh+cx0aVnQcgZOjTVyBo0VVNg
o+XcXjv8xt97h8lnmaTRK8io/WtDXAPTxJeiWMpzzGLx350qmxH1TWiC7UsH4UwH
w92l87BvfRr1Je9NNaRBHsdQfI+g8znf78ZP2y81t0ldtxWVNMdXUJbwZCN2sEUK
sGyB31sR/Fyou0sB3TVbQK3TtWKOoH6dXFO9gs7UY5oqcOCih4v+SMnS6LjFSyeq
ldQuKTjSTH3x4Z0W82P8cqZ/Wt88vXPg9PggSQD5lHbc
-----END CERTIFICATE-----