Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/1FRF7MqLLy5S79HOJxoWZJ8UOaA.roa
File:                     1FRF7MqLLy5S79HOJxoWZJ8UOaA.roa (raw, json)
Hash identifier:          ow+wKAwErxV9xIYWaY2M44tJyladC3uIFH5NKnr0Znk=
Subject key identifier:   D4:54:45:EC:CA:8B:2F:2E:52:EF:D1:CE:27:1A:16:64:9F:14:39:A0
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019A267834377D9A369D70041664AF03D1E9
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/1FRF7MqLLy5S79HOJxoWZJ8UOaA.roa
Signing time:             Mon 27 Oct 2025 16:20:03 +0000
ROA not before:           Mon 27 Oct 2025 16:20:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     272330
IP address blocks:        45.142.40.0/24 maxlen: 24
                          178.19.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:26:78:34:37:7d:9a:36:9d:70:04:16:64:af:03:d1:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct 27 16:20:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d45445ecca8b2f2e52efd1ce271a16649f1439a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:fa:ad:eb:36:56:3f:8f:64:70:17:db:70:0d:
                    d4:07:17:14:e6:39:7a:2d:b3:fe:2f:9a:86:fe:fa:
                    11:c7:00:d5:fe:eb:6c:98:76:48:60:ae:d6:30:7c:
                    22:f6:81:29:ae:5c:c2:aa:ab:f4:7e:4b:47:c5:44:
                    bf:82:06:1f:12:ab:77:22:44:c8:1a:48:2d:57:12:
                    2c:63:9d:91:c3:78:a4:cb:87:b2:7d:7a:22:3c:b8:
                    ef:ad:28:84:b1:7d:c6:2b:13:1b:9b:38:8c:2a:28:
                    a3:f2:c4:7a:0e:45:f4:cb:ee:3e:6b:cc:66:52:9b:
                    55:72:40:fe:4f:16:ed:17:34:d9:9d:9d:9d:24:4a:
                    67:c2:15:07:94:99:96:20:22:59:c4:a0:ac:5f:84:
                    cc:6e:1f:1c:3a:42:e9:ed:66:e7:ab:a4:4b:ef:5c:
                    6c:0a:a1:17:c6:b9:b1:f2:95:14:29:35:18:bb:12:
                    e6:c5:8c:c2:2f:23:98:6d:46:07:80:0d:a2:c8:72:
                    1e:99:09:88:2d:63:6f:3b:c2:9c:7e:a7:9b:06:09:
                    59:40:24:8f:29:f7:c2:9c:f9:63:7c:e6:11:d0:e6:
                    3a:ca:4d:07:7a:f1:31:a7:a2:a0:c7:43:dc:62:4c:
                    ad:d3:93:a8:90:b3:18:71:95:26:35:c5:95:67:66:
                    42:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:54:45:EC:CA:8B:2F:2E:52:EF:D1:CE:27:1A:16:64:9F:14:39:A0
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/1FRF7MqLLy5S79HOJxoWZJ8UOaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.40.0/24
                  178.19.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:1b:f4:78:dc:0d:80:bc:d4:3c:eb:87:7f:78:fc:83:99:77:
         78:18:36:95:22:27:0c:78:b7:86:b8:b2:2c:34:3e:8d:52:c3:
         28:4d:cb:8e:62:46:8b:c6:68:e0:ab:f9:89:23:54:06:33:8e:
         da:5c:8d:14:78:ec:c2:7b:3b:6e:7c:7f:2f:7b:be:ab:fd:76:
         e4:30:d9:a9:ae:30:ed:9d:82:60:4d:ce:2d:b6:42:73:c8:3f:
         c8:39:1d:b8:7f:a7:2f:be:6c:56:85:4a:8d:2b:b5:ca:d4:b3:
         c9:4c:a6:e5:a5:a8:55:2c:d4:d4:f8:1d:81:00:48:9d:ba:a2:
         d1:53:89:58:5f:59:0e:65:0a:82:d8:60:61:58:99:8b:db:c5:
         91:f4:fa:90:35:1e:34:98:ed:42:b2:b6:29:b2:87:6b:d1:5c:
         d8:30:3f:e4:e4:36:be:c0:f9:7a:8c:76:c9:b6:83:d5:40:c8:
         0d:47:1a:ab:2a:cc:19:98:43:1f:df:14:4a:82:c1:27:9b:fb:
         5c:33:c3:10:9b:1d:1d:bb:05:87:3b:a0:17:da:fd:03:1d:81:
         82:00:8a:52:26:27:49:90:82:0b:17:4d:be:27:13:9b:d9:94:
         14:07:f1:c3:e9:9b:c8:89:42:51:a1:f5:2b:b6:c0:35:88:e2:
         98:f5:30:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZomeDQ3fZo2nXAEFmSvA9HpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMDI3MTYyMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDU0NDVlY2NhOGIyZjJlNTJlZmQxY2UyNzFhMTY2NDlmMTQzOWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5/qt6zZWP49kcBfbcA3UBxcU5jl6
LbP+L5qG/voRxwDV/utsmHZIYK7WMHwi9oEprlzCqqv0fktHxUS/ggYfEqt3IkTI
GkgtVxIsY52Rw3iky4eyfXoiPLjvrSiEsX3GKxMbmziMKiij8sR6DkX0y+4+a8xm
UptVckD+TxbtFzTZnZ2dJEpnwhUHlJmWICJZxKCsX4TMbh8cOkLp7Wbnq6RL71xs
CqEXxrmx8pUUKTUYuxLmxYzCLyOYbUYHgA2iyHIemQmILWNvO8KcfqebBglZQCSP
KffCnPljfOYR0OY6yk0HevExp6Kgx0PcYkyt05OokLMYcZUmNcWVZ2ZCFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNRURezKiy8uUu/RzicaFmSfFDmgMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvMUZSRjdNcUxMeTVTNzlIT0p4b1daSjhVT2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY4oAwQA
shMhMA0GCSqGSIb3DQEBCwUAA4IBAQB5G/R43A2AvNQ864d/ePyDmXd4GDaVIicM
eLeGuLIsND6NUsMoTcuOYkaLxmjgq/mJI1QGM47aXI0UeOzCeztufH8ve76r/Xbk
MNmprjDtnYJgTc4ttkJzyD/IOR24f6cvvmxWhUqNK7XK1LPJTKblpahVLNTU+B2B
AEiduqLRU4lYX1kOZQqC2GBhWJmL28WR9PqQNR40mO1CsrYpsodr0VzYMD/k5Da+
wPl6jHbJtoPVQMgNRxqrKswZmEMf3xRKgsEnm/tcM8MQmx0duwWHO6AX2v0DHYGC
AIpSJidJkIILF02+JxOb2ZQUB/HD6ZvIiUJRofUrtsA1iOKY9TBI
-----END CERTIFICATE-----