Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8ZC0k7rzA0E1rhNje27CVkEZJ3k.roa
File:                     8ZC0k7rzA0E1rhNje27CVkEZJ3k.roa (raw, json)
Hash identifier:          A0opDIEQI4MN92tRbOLHdM7zZc/0nBThej01ve87lSE=
Subject key identifier:   F1:90:B4:93:BA:F3:03:41:35:AE:13:63:7B:6E:C2:56:41:19:27:79
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       0197C77DD7E10A7F160D323D3820F2ADF4B2
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8ZC0k7rzA0E1rhNje27CVkEZJ3k.roa
Signing time:             Tue 01 Jul 2025 19:36:42 +0000
ROA not before:           Tue 01 Jul 2025 19:36:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        45.150.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:7d:d7:e1:0a:7f:16:0d:32:3d:38:20:f2:ad:f4:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jul  1 19:36:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f190b493baf3034135ae13637b6ec25641192779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2b:3b:7f:b7:8b:19:ba:02:b8:ae:7e:58:87:
                    19:c9:ea:f8:8b:e5:45:f0:fc:66:61:4a:1e:13:33:
                    ce:76:f1:ea:0c:7b:c1:2e:4d:9e:b8:71:70:11:a2:
                    d6:25:76:cb:e2:12:64:d8:04:75:1f:e6:49:ca:aa:
                    67:0e:a1:be:0c:e9:be:ac:36:7e:7a:dc:e2:ed:40:
                    34:fe:ae:f0:e6:58:2d:44:5b:c4:71:a6:c5:21:29:
                    c3:2d:11:11:48:4f:b7:ef:66:ba:47:82:1e:93:13:
                    b1:19:39:22:b2:75:a8:4e:9e:18:bb:c9:b1:1c:9c:
                    d9:f9:f9:90:0f:82:e4:b9:e1:ce:df:cf:ff:c2:93:
                    31:eb:a1:1e:b5:5b:9b:64:28:e9:43:78:55:ec:19:
                    88:df:99:b6:7f:ec:de:b7:a8:8c:db:b3:cf:36:27:
                    38:73:fd:04:93:f6:56:01:15:65:26:94:f9:3a:4e:
                    90:ce:39:fe:e0:af:7b:0a:8a:89:0d:13:30:ff:b0:
                    a5:50:3c:c9:6b:d9:cb:c2:a2:12:2c:92:8d:cc:7a:
                    10:c7:74:7e:87:4e:67:43:3f:bd:2e:97:40:e7:27:
                    ec:16:27:3f:59:c9:ff:e3:24:1d:ed:17:bf:8a:41:
                    95:d7:4b:88:57:f4:00:0e:47:7f:9f:37:44:0f:2a:
                    4f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:90:B4:93:BA:F3:03:41:35:AE:13:63:7B:6E:C2:56:41:19:27:79
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/8ZC0k7rzA0E1rhNje27CVkEZJ3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:17:a1:62:0e:ee:3c:f4:c0:1a:33:cd:68:08:bf:46:9b:00:
         4b:64:85:69:20:76:31:e4:25:84:f5:26:cb:c5:7d:f1:c7:4e:
         7c:d7:c1:6f:57:73:8c:00:15:16:98:46:d3:9e:c0:84:1d:94:
         96:57:75:50:6f:aa:7e:e0:06:02:59:d3:5b:9b:54:47:25:46:
         62:3a:28:78:eb:ff:36:f2:a3:14:46:4b:e8:9e:86:50:de:2a:
         34:97:c0:f9:44:63:27:ed:d7:69:40:6c:ca:11:d9:4a:00:06:
         8c:aa:5d:6e:c2:2a:13:81:82:ea:0e:fd:1d:6f:13:c0:58:96:
         f9:0c:62:6c:0e:82:49:0e:71:18:b2:2d:54:f0:b1:90:55:76:
         0d:d1:9a:e9:6f:97:75:f5:e6:de:37:ec:b9:19:32:9e:ce:a9:
         15:e5:d3:3d:4c:fa:85:3d:f2:06:cd:65:f0:53:e1:ec:97:48:
         00:f5:97:f2:23:eb:00:44:30:e6:b4:29:cd:2f:a8:ac:88:0d:
         ef:ec:dd:f5:06:c1:72:e1:28:be:24:0b:2f:34:72:cc:dd:5f:
         1e:da:94:f9:7d:58:c7:ed:2a:92:80:e4:97:3e:cf:40:c3:b2:
         6e:82:8b:8b:09:ff:1b:ac:e7:72:4c:7a:dd:41:85:db:07:b2:
         aa:ec:b9:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfHfdfhCn8WDTI9OCDyrfSyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwNzAxMTkzNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTkwYjQ5M2JhZjMwMzQxMzVhZTEzNjM3YjZlYzI1NjQxMTkyNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuis7f7eLGboCuK5+WIcZyer4i+VF
8PxmYUoeEzPOdvHqDHvBLk2euHFwEaLWJXbL4hJk2AR1H+ZJyqpnDqG+DOm+rDZ+
etzi7UA0/q7w5lgtRFvEcabFISnDLRERSE+372a6R4IekxOxGTkisnWoTp4Yu8mx
HJzZ+fmQD4LkueHO38//wpMx66EetVubZCjpQ3hV7BmI35m2f+zet6iM27PPNic4
c/0Ek/ZWARVlJpT5Ok6Qzjn+4K97CoqJDRMw/7ClUDzJa9nLwqISLJKNzHoQx3R+
h05nQz+9LpdA5yfsFic/Wcn/4yQd7Re/ikGV10uIV/QADkd/nzdEDypPZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGQtJO68wNBNa4TY3tuwlZBGSd5MB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvOFpDMGs3cnpBMEUxcmhOamUyN0NWa0VaSjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZbFMA0G
CSqGSIb3DQEBCwUAA4IBAQCZF6FiDu489MAaM81oCL9GmwBLZIVpIHYx5CWE9SbL
xX3xx05818FvV3OMABUWmEbTnsCEHZSWV3VQb6p+4AYCWdNbm1RHJUZiOih46/82
8qMURkvonoZQ3io0l8D5RGMn7ddpQGzKEdlKAAaMql1uwioTgYLqDv0dbxPAWJb5
DGJsDoJJDnEYsi1U8LGQVXYN0Zrpb5d19ebeN+y5GTKezqkV5dM9TPqFPfIGzWXw
U+Hsl0gA9ZfyI+sARDDmtCnNL6isiA3v7N31BsFy4Si+JAsvNHLM3V8e2pT5fVjH
7SqSgOSXPs9Aw7JugouLCf8brOdyTHrdQYXbB7Kq7Lm3
-----END CERTIFICATE-----