Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/oWV04MIM-RKhpL3iCBPxMNYdvNg.roa
File:                     oWV04MIM-RKhpL3iCBPxMNYdvNg.roa (raw, json)
Hash identifier:          y5jWD0UHuDBxNvyztj9K4XUOWYfO7oJMHZUIIkVTcM0=
Subject key identifier:   A1:65:74:E0:C2:0C:F9:12:A1:A4:BD:E2:08:13:F1:30:D6:1D:BC:D8
Certificate issuer:       /CN=12a657f3424c8dd55215af853b93307c366c538a
Certificate serial:       019A00B256C7AD8847C19515575E49A94748
Authority key identifier: 12:A6:57:F3:42:4C:8D:D5:52:15:AF:85:3B:93:30:7C:36:6C:53:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EqZX80JMjdVSFa-FO5MwfDZsU4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/oWV04MIM-RKhpL3iCBPxMNYdvNg.roa
Signing time:             Mon 20 Oct 2025 08:17:58 +0000
ROA not before:           Mon 20 Oct 2025 08:17:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203680
IP address blocks:        109.237.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/EqZX80JMjdVSFa-FO5MwfDZsU4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/EqZX80JMjdVSFa-FO5MwfDZsU4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EqZX80JMjdVSFa-FO5MwfDZsU4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:b2:56:c7:ad:88:47:c1:95:15:57:5e:49:a9:47:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12a657f3424c8dd55215af853b93307c366c538a
        Validity
            Not Before: Oct 20 08:17:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a16574e0c20cf912a1a4bde20813f130d61dbcd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e5:49:14:6f:31:27:af:53:3c:69:81:9f:c3:
                    6e:e3:ac:e9:08:57:5f:1a:bf:b3:e2:a0:96:f1:4e:
                    36:d0:86:b9:c5:9f:b2:e2:f0:6c:fe:f6:13:cd:a6:
                    a7:4f:5a:2b:97:3e:06:90:ca:3a:76:0c:e2:11:6a:
                    06:d1:2c:83:fb:7f:bc:22:64:b8:9d:ed:c6:12:5a:
                    6b:d5:34:17:14:0c:5c:2b:53:e7:15:82:5b:e6:6b:
                    8d:a8:c1:15:4b:8a:66:2c:e4:54:07:92:86:b7:ac:
                    a6:6d:e2:b4:e3:aa:41:b2:4b:8e:9a:31:47:20:9b:
                    61:0d:b7:cf:e8:c3:66:8e:b7:5e:97:bb:b5:72:b5:
                    e8:d1:11:ed:a1:9d:15:80:b2:eb:8a:fa:bc:c8:17:
                    76:8d:58:d2:46:3a:ac:11:94:2e:12:d0:c5:a4:a2:
                    5a:7b:25:5e:33:65:ab:e9:45:6a:8b:94:59:81:35:
                    48:e2:4a:68:9b:dd:ee:89:da:4a:73:32:11:4d:00:
                    17:c6:07:cb:1f:72:99:d6:35:35:2a:c9:67:05:5a:
                    22:fb:bf:81:02:26:59:2f:de:8a:2c:37:47:2e:46:
                    3d:96:9a:6d:c1:9f:11:59:8f:c3:b6:ae:a2:72:65:
                    dd:b3:31:9d:f8:2a:18:9e:76:aa:1c:76:15:1c:ff:
                    ff:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:65:74:E0:C2:0C:F9:12:A1:A4:BD:E2:08:13:F1:30:D6:1D:BC:D8
            X509v3 Authority Key Identifier:
                keyid:12:A6:57:F3:42:4C:8D:D5:52:15:AF:85:3B:93:30:7C:36:6C:53:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EqZX80JMjdVSFa-FO5MwfDZsU4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/oWV04MIM-RKhpL3iCBPxMNYdvNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/465aae-2a2c-4200-8e5c-05f093385ac8/1/EqZX80JMjdVSFa-FO5MwfDZsU4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.237.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:ea:29:34:a9:05:cd:6c:00:67:68:8e:b1:51:54:53:ff:3d:
         14:15:d5:7f:d8:17:ac:9b:14:28:4b:9a:bc:ba:6f:61:4f:16:
         1a:ae:c5:42:1b:77:5d:82:cd:dd:ec:a2:e4:1e:cd:41:5a:6f:
         1f:e2:1a:d8:4b:a8:9b:a4:28:43:ee:69:49:f6:32:da:03:c9:
         b3:4c:bf:6a:19:b5:7d:ca:74:da:a0:c4:bc:ce:1b:90:03:c4:
         aa:3d:cf:0e:da:fa:15:46:0b:80:2f:e7:4c:6e:87:15:66:1a:
         82:a1:71:60:d6:00:6a:db:45:ab:b0:c8:7f:3e:52:2c:bb:8c:
         b4:c1:9b:e0:4b:4c:ed:56:45:ef:51:e0:30:30:33:b7:63:7e:
         26:82:11:14:42:7c:dd:7b:11:fa:01:fd:86:41:f8:4f:06:ce:
         69:31:5b:0d:3a:0f:c4:27:4c:6f:19:50:28:2f:81:b3:94:bc:
         78:11:c3:08:d1:a4:12:5f:a9:9d:7b:48:6e:23:4d:3e:97:e2:
         d0:8d:a7:e0:1b:4c:0b:bd:f3:61:fe:9f:b3:6c:20:6c:13:da:
         4d:99:6c:e7:19:ca:b0:1b:64:d9:39:01:95:6f:be:b5:07:9e:
         17:42:55:8b:ea:d4:40:3c:a8:d4:14:bb:62:ab:3a:e9:e6:02:
         07:da:96:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoAslbHrYhHwZUVV15JqUdIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYTY1N2YzNDI0YzhkZDU1MjE1YWY4NTNiOTMzMDdjMzY2
YzUzOGEwHhcNMjUxMDIwMDgxNzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTY1NzRlMGMyMGNmOTEyYTFhNGJkZTIwODEzZjEzMGQ2MWRiY2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuVJFG8xJ69TPGmBn8Nu46zpCFdf
Gr+z4qCW8U420Ia5xZ+y4vBs/vYTzaanT1orlz4GkMo6dgziEWoG0SyD+3+8ImS4
ne3GElpr1TQXFAxcK1PnFYJb5muNqMEVS4pmLORUB5KGt6ymbeK046pBskuOmjFH
IJthDbfP6MNmjrdel7u1crXo0RHtoZ0VgLLrivq8yBd2jVjSRjqsEZQuEtDFpKJa
eyVeM2Wr6UVqi5RZgTVI4kpom93uidpKczIRTQAXxgfLH3KZ1jU1KslnBVoi+7+B
AiZZL96KLDdHLkY9lpptwZ8RWY/Dtq6icmXdszGd+CoYnnaqHHYVHP//pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKFldODCDPkSoaS94ggT8TDWHbzYMB8GA1UdIwQY
MBaAFBKmV/NCTI3VUhWvhTuTMHw2bFOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXFaWDgwSk1qZFZTRmEtRk81TXdmRFpzVTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80NjVhYWUtMmEyYy00MjAwLThlNWMt
MDVmMDkzMzg1YWM4LzEvb1dWMDRNSU0tUktocEwzaUNCUHhNTllkdk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80NjVhYWUtMmEyYy00MjAwLThlNWMtMDVmMDkzMzg1YWM4
LzEvRXFaWDgwSk1qZFZTRmEtRk81TXdmRFpzVTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbe18MA0G
CSqGSIb3DQEBCwUAA4IBAQAQ6ik0qQXNbABnaI6xUVRT/z0UFdV/2BesmxQoS5q8
um9hTxYarsVCG3ddgs3d7KLkHs1BWm8f4hrYS6ibpChD7mlJ9jLaA8mzTL9qGbV9
ynTaoMS8zhuQA8SqPc8O2voVRguAL+dMbocVZhqCoXFg1gBq20WrsMh/PlIsu4y0
wZvgS0ztVkXvUeAwMDO3Y34mghEUQnzdexH6Af2GQfhPBs5pMVsNOg/EJ0xvGVAo
L4GzlLx4EcMI0aQSX6mde0huI00+l+LQjafgG0wLvfNh/p+zbCBsE9pNmWznGcqw
G2TZOQGVb761B54XQlWL6tRAPKjUFLtiqzrp5gIH2pae
-----END CERTIFICATE-----