Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/J4WqvGLUdzH2KJvxNQU0pCkq0aA.roa
File:                     J4WqvGLUdzH2KJvxNQU0pCkq0aA.roa (raw, json)
Hash identifier:          mf9EykESrNjFDS6fD5zxAACv6FLnEbf1JhXiKdFkZTc=
Subject key identifier:   27:85:AA:BC:62:D4:77:31:F6:28:9B:F1:35:05:34:A4:29:2A:D1:A0
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019A44D6DD954BA1B2F235EBBA27371299DC
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/J4WqvGLUdzH2KJvxNQU0pCkq0aA.roa
Signing time:             Sun 02 Nov 2025 13:52:03 +0000
ROA not before:           Sun 02 Nov 2025 13:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273267
IP address blocks:        45.133.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:44:d6:dd:95:4b:a1:b2:f2:35:eb:ba:27:37:12:99:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Nov  2 13:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2785aabc62d47731f6289bf1350534a4292ad1a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:1d:8d:d2:38:4e:ef:cd:67:03:6c:59:67:34:
                    5f:0e:11:c7:43:43:00:a9:50:21:3c:1a:6e:10:2f:
                    94:66:9f:d6:23:50:fd:d5:2b:70:e4:c3:d7:37:bc:
                    2d:88:f9:53:83:e2:93:93:e7:fb:04:a1:0b:a4:18:
                    e0:a6:89:e9:3f:03:88:0c:fb:5f:8e:e2:79:fa:77:
                    45:c3:15:eb:2c:8a:d8:b9:73:2b:ae:0a:b0:84:57:
                    65:b4:6a:60:91:cf:1a:2a:09:37:57:8e:da:60:5b:
                    c6:5e:41:69:ab:5a:41:a1:31:b2:08:53:c0:36:75:
                    db:9e:d8:a8:2c:92:3a:39:f8:61:86:6f:f5:f4:07:
                    3d:f9:81:2e:47:77:1a:38:13:06:97:81:2e:5e:f3:
                    0b:6e:93:db:f7:c0:8a:9a:b7:38:04:af:67:d8:4a:
                    3f:12:95:fd:cd:ac:64:96:9e:b7:d5:ad:99:db:54:
                    34:76:b3:27:b1:5d:c8:1c:b6:e4:cb:7e:54:c5:33:
                    fa:e8:40:6d:7c:93:00:10:26:94:2c:ce:4c:45:b9:
                    18:b5:15:7b:e2:12:08:2c:29:d4:e3:8b:38:12:90:
                    1a:24:48:a6:d0:4d:ea:62:9d:67:db:41:32:78:a7:
                    9f:8c:6e:0f:c0:3c:16:f3:a9:81:d5:65:67:40:14:
                    68:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:85:AA:BC:62:D4:77:31:F6:28:9B:F1:35:05:34:A4:29:2A:D1:A0
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/J4WqvGLUdzH2KJvxNQU0pCkq0aA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:39:96:65:cd:87:97:dd:78:4a:c3:ea:87:2e:ba:6b:a5:f3:
         57:fb:10:db:72:fe:00:5a:12:a8:a7:de:b5:d7:13:5b:db:c8:
         13:c6:8e:71:bb:62:5f:d6:92:05:50:f7:e3:95:f5:1b:2a:a6:
         af:38:89:34:56:fd:22:30:85:57:a8:69:3e:11:11:23:69:f2:
         0e:69:25:2a:20:e4:f4:82:b0:6d:2c:bf:ff:30:7e:84:30:a7:
         af:f9:72:f3:2e:e4:30:0c:db:56:7e:70:f5:c6:96:d0:71:bd:
         ce:a3:88:ff:18:61:ad:ce:07:fb:49:10:2f:39:5e:0a:6c:ec:
         56:a5:ec:40:f4:e3:9b:2e:28:2e:4c:62:0a:99:58:35:98:9c:
         ef:a7:f1:2a:2e:98:02:c9:6e:b5:3a:c7:26:7e:f3:1f:38:40:
         d3:0e:4d:21:4a:3b:d1:dd:7d:5f:1b:0a:06:5b:04:51:b7:5e:
         72:b6:f4:34:de:e2:d8:ba:0c:49:cc:c0:61:8f:7b:3d:ea:ad:
         08:fd:89:68:44:0c:50:4f:52:2a:64:42:5e:d1:71:87:6c:0a:
         0c:a8:11:94:56:5b:e4:7d:b1:c9:78:46:97:b8:e1:72:d6:4d:
         72:a0:13:8e:9e:b7:fb:4e:a1:05:0a:5c:da:5a:b5:9f:b1:ff:
         b0:5d:38:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpE1t2VS6Gy8jXruic3EpncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMTAyMTM1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzg1YWFiYzYyZDQ3NzMxZjYyODliZjEzNTA1MzRhNDI5MmFkMWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2N0jhO781nA2xZZzRfDhHHQ0MA
qVAhPBpuEC+UZp/WI1D91Stw5MPXN7wtiPlTg+KTk+f7BKELpBjgponpPwOIDPtf
juJ5+ndFwxXrLIrYuXMrrgqwhFdltGpgkc8aKgk3V47aYFvGXkFpq1pBoTGyCFPA
NnXbntioLJI6Ofhhhm/19Ac9+YEuR3caOBMGl4EuXvMLbpPb98CKmrc4BK9n2Eo/
EpX9zaxklp631a2Z21Q0drMnsV3IHLbky35UxTP66EBtfJMAECaULM5MRbkYtRV7
4hIILCnU44s4EpAaJEim0E3qYp1n20EyeKefjG4PwDwW86mB1WVnQBRomQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeFqrxi1Hcx9iib8TUFNKQpKtGgMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvSjRXcXZHTFVkekgyS0p2eE5RVTBwQ2txMGFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYU8MA0G
CSqGSIb3DQEBCwUAA4IBAQBvOZZlzYeX3XhKw+qHLrprpfNX+xDbcv4AWhKop961
1xNb28gTxo5xu2Jf1pIFUPfjlfUbKqavOIk0Vv0iMIVXqGk+EREjafIOaSUqIOT0
grBtLL//MH6EMKev+XLzLuQwDNtWfnD1xpbQcb3Oo4j/GGGtzgf7SRAvOV4KbOxW
pexA9OObLiguTGIKmVg1mJzvp/EqLpgCyW61OscmfvMfOEDTDk0hSjvR3X1fGwoG
WwRRt15ytvQ03uLYugxJzMBhj3s96q0I/YloRAxQT1IqZEJe0XGHbAoMqBGUVlvk
fbHJeEaXuOFy1k1yoBOOnrf7TqEFClzaWrWfsf+wXTgQ
-----END CERTIFICATE-----