Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/e2gBheeQ-h6LQAH4kGynlpOfUG0.roa
File:                     e2gBheeQ-h6LQAH4kGynlpOfUG0.roa (raw, json)
Hash identifier:          i+i+A+cmo+/dSvWik/eIR+XGcmNoLuscVlDvQ5ZCfSQ=
Subject key identifier:   7B:68:01:85:E7:90:FA:1E:8B:40:01:F8:90:6C:A7:96:93:9F:50:6D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019A15C6861F8B2D53AF883E81059150B0D7
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/e2gBheeQ-h6LQAH4kGynlpOfUG0.roa
Signing time:             Fri 24 Oct 2025 10:32:03 +0000
ROA not before:           Fri 24 Oct 2025 10:32:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     269838
IP address blocks:        45.150.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:15:c6:86:1f:8b:2d:53:af:88:3e:81:05:91:50:b0:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Oct 24 10:32:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b680185e790fa1e8b4001f8906ca796939f506d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:77:c1:c0:ea:7c:86:e8:01:bf:d4:b4:17:cc:
                    fa:e2:f4:ed:c2:29:a5:21:2a:8e:17:18:8a:58:21:
                    cf:6a:3f:18:6d:12:cd:dd:88:38:4e:99:53:ba:59:
                    28:1c:d3:3b:a1:35:b9:81:66:f9:cd:67:9b:e8:40:
                    45:61:25:b9:c2:ae:70:05:ac:de:ce:72:9f:f3:3f:
                    9b:fa:15:5d:d6:60:e3:97:f1:9b:78:46:8b:db:04:
                    88:8d:16:99:94:41:ac:cc:8f:d2:75:35:55:79:8d:
                    02:f6:e6:80:4e:bb:95:56:34:85:2c:bc:62:6b:1e:
                    cd:39:a2:3f:19:b4:7e:4c:2a:06:4d:42:68:59:c5:
                    b3:dc:92:d7:b8:80:a6:8e:5f:35:63:82:5c:a1:5b:
                    22:f6:5e:3f:f8:81:86:f5:a9:f6:dc:78:c4:7b:22:
                    ec:62:ad:c7:57:29:20:e8:74:d6:cf:68:3c:cc:9c:
                    51:3a:8e:49:1e:15:3f:4d:43:9a:1f:51:6e:43:14:
                    7e:fb:4f:9a:82:02:44:ae:da:2e:64:9a:b7:58:ad:
                    0c:7e:59:69:a8:2b:eb:38:54:00:4a:4f:e0:5b:62:
                    90:b2:54:b5:6f:21:ad:7e:cc:c7:b1:7e:aa:8b:e5:
                    8d:f4:80:6b:15:0d:b4:f3:53:03:2e:12:29:bc:03:
                    88:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:68:01:85:E7:90:FA:1E:8B:40:01:F8:90:6C:A7:96:93:9F:50:6D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/e2gBheeQ-h6LQAH4kGynlpOfUG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:31:30:0f:0a:fd:6d:3e:63:bc:d4:cd:7a:bf:29:8a:40:88:
         3c:41:7e:e4:0b:4e:30:4f:e8:8e:6e:64:80:a7:07:73:f9:48:
         b7:79:f0:3f:fe:a7:6c:19:f8:33:04:73:a9:fd:64:eb:db:31:
         3e:8e:fb:27:d1:c6:ac:18:0d:18:33:a7:d6:5e:32:e8:88:a1:
         d2:4b:d5:a7:99:c0:92:4f:ac:ec:16:53:5c:4f:2f:50:87:b2:
         3f:87:99:67:2f:7a:3d:09:64:4a:c2:f5:10:2b:84:02:e9:a6:
         a7:fe:71:3b:3a:96:cf:3c:a6:87:d9:91:32:88:6d:19:28:e1:
         d2:e0:95:00:5f:98:14:73:4c:98:5f:c8:5d:48:2b:48:fc:a3:
         a3:4a:05:41:30:cd:97:7f:be:89:ec:f3:40:f5:23:31:78:2b:
         ae:40:15:71:8d:d1:c4:58:12:68:e1:3d:ab:a5:f4:10:38:52:
         c5:e4:0e:62:5e:0b:75:12:53:46:e8:7e:65:40:a7:05:c1:f3:
         5f:79:32:af:8d:b5:ac:55:ce:00:63:bc:c5:44:b0:da:e8:8a:
         d3:ad:69:0a:3f:0d:07:c2:c7:7d:cd:ae:77:65:af:66:53:07:
         4a:0b:ab:17:55:b9:06:d7:30:60:87:35:e3:50:8c:2b:af:0e:
         c0:31:c3:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoVxoYfiy1Tr4g+gQWRULDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUxMDI0MTAzMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjY4MDE4NWU3OTBmYTFlOGI0MDAxZjg5MDZjYTc5NjkzOWY1MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXfBwOp8hugBv9S0F8z64vTtwiml
ISqOFxiKWCHPaj8YbRLN3Yg4TplTulkoHNM7oTW5gWb5zWeb6EBFYSW5wq5wBaze
znKf8z+b+hVd1mDjl/GbeEaL2wSIjRaZlEGszI/SdTVVeY0C9uaATruVVjSFLLxi
ax7NOaI/GbR+TCoGTUJoWcWz3JLXuICmjl81Y4JcoVsi9l4/+IGG9an23HjEeyLs
Yq3HVykg6HTWz2g8zJxROo5JHhU/TUOaH1FuQxR++0+aggJErtouZJq3WK0Mfllp
qCvrOFQASk/gW2KQslS1byGtfszHsX6qi+WN9IBrFQ2081MDLhIpvAOIXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHtoAYXnkPoei0AB+JBsp5aTn1BtMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZTJnQmhlZVEtaDZMUUFINGtHeW5scE9mVUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZZUMA0G
CSqGSIb3DQEBCwUAA4IBAQALMTAPCv1tPmO81M16vymKQIg8QX7kC04wT+iObmSA
pwdz+Ui3efA//qdsGfgzBHOp/WTr2zE+jvsn0casGA0YM6fWXjLoiKHSS9WnmcCS
T6zsFlNcTy9Qh7I/h5lnL3o9CWRKwvUQK4QC6aan/nE7OpbPPKaH2ZEyiG0ZKOHS
4JUAX5gUc0yYX8hdSCtI/KOjSgVBMM2Xf76J7PNA9SMxeCuuQBVxjdHEWBJo4T2r
pfQQOFLF5A5iXgt1ElNG6H5lQKcFwfNfeTKvjbWsVc4AY7zFRLDa6IrTrWkKPw0H
wsd9za53Za9mUwdKC6sXVbkG1zBghzXjUIwrrw7AMcMR
-----END CERTIFICATE-----