Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/xs8kgLY-61uyKfGESALykLk9Pj0.roa
File:                     xs8kgLY-61uyKfGESALykLk9Pj0.roa (raw, json)
Hash identifier:          uV1wjICOu9X1DokywqYjnW+r/mANbpnz+9BPI0bQ5c8=
Subject key identifier:   C6:CF:24:80:B6:3E:EB:5B:B2:29:F1:84:48:02:F2:90:B9:3D:3E:3D
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01987572B89C0D767F7204BF02A537F2652A
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/xs8kgLY-61uyKfGESALykLk9Pj0.roa
Signing time:             Mon 04 Aug 2025 14:18:29 +0000
ROA not before:           Mon 04 Aug 2025 14:18:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8796
IP address blocks:        45.10.68.0/24 maxlen: 24
                          91.216.169.0/24 maxlen: 24
                          91.216.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 14:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:72:b8:9c:0d:76:7f:72:04:bf:02:a5:37:f2:65:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Aug  4 14:18:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6cf2480b63eeb5bb229f1844802f290b93d3e3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bc:3a:80:bf:e1:90:4c:28:d7:c9:66:f5:98:
                    fe:4d:c8:ee:13:6f:f9:4c:db:71:f1:63:79:f1:3b:
                    ac:01:5e:06:97:6a:6f:38:a6:4a:16:d4:36:37:94:
                    06:31:23:24:b9:2b:53:23:48:76:14:a7:fe:99:d5:
                    ec:6b:3c:c9:c7:50:99:8a:f7:37:dc:f2:88:1f:b5:
                    6a:da:79:17:61:ee:98:b3:33:34:1f:87:fc:fd:0b:
                    78:48:ae:e7:40:b8:0e:dc:9e:60:a5:74:b5:14:f2:
                    ad:c6:bf:28:7f:f3:a8:9a:d5:98:39:70:ce:1e:6c:
                    b7:ba:c3:6a:56:f9:07:94:cb:b2:6f:87:31:b1:03:
                    b7:d1:64:09:a0:ec:d5:c3:53:00:bb:ee:45:e0:bf:
                    98:81:5e:b1:b6:43:fb:f9:6a:4c:08:98:21:06:0d:
                    f6:70:2f:8f:c3:e3:7b:13:cb:4b:f9:28:f0:c0:2a:
                    b7:f3:14:10:ae:3b:f8:55:15:08:d7:73:42:f9:44:
                    05:87:cd:0d:46:a4:7c:86:9b:4e:77:1d:0f:e3:21:
                    d6:f5:6b:10:9b:2e:e3:11:0f:a4:30:7d:a2:11:f0:
                    01:67:41:e3:75:c0:5a:b8:f0:76:41:9c:03:5c:0e:
                    e2:7d:56:7c:74:99:8a:3f:5f:1d:d2:b7:ca:cc:e2:
                    5b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:CF:24:80:B6:3E:EB:5B:B2:29:F1:84:48:02:F2:90:B9:3D:3E:3D
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/xs8kgLY-61uyKfGESALykLk9Pj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.68.0/24
                  91.216.169.0/24
                  91.216.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:ca:7d:c6:fc:e2:20:04:e9:f1:15:7c:28:75:aa:77:fc:49:
         ca:d8:c8:77:5f:01:5b:92:15:7d:a0:cb:bf:76:5b:c6:e5:1f:
         9e:d4:53:2f:7f:4c:b9:76:30:08:7e:95:8c:28:98:83:18:a4:
         ce:cf:f7:3f:78:f8:17:55:74:fa:d4:1e:7f:27:d7:35:b6:e8:
         06:22:fd:f3:c4:d1:44:77:89:29:95:b9:ca:47:97:3b:f3:6a:
         93:53:68:0d:a9:c4:d4:05:ba:15:e8:2e:3d:e5:3b:06:4c:e7:
         37:f9:ee:57:09:f9:72:0b:19:2f:dd:c5:27:a0:f1:9f:f2:34:
         94:b7:2b:1c:09:00:c0:7d:f7:82:3c:52:15:ae:47:d0:59:1e:
         4c:3f:a7:7d:b0:e5:f1:9f:75:35:6b:e6:31:c5:a2:1f:fb:e0:
         4f:07:dd:83:5d:37:68:7d:a7:f9:63:c4:6f:02:53:2a:20:23:
         e0:48:d3:a8:d9:8d:22:9a:39:2f:d3:7c:46:e8:f8:a0:59:ab:
         f8:88:49:e1:88:87:77:f9:98:d3:e5:20:ba:18:0c:76:2e:43:
         37:32:12:83:1e:61:71:d0:02:8e:94:a8:d6:04:c3:7e:9f:ba:
         24:ba:a8:af:2f:62:da:5f:18:59:e1:7b:59:c1:54:9a:40:2c:
         19:5e:cb:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZh1cricDXZ/cgS/AqU38mUqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwODA0MTQxODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmNmMjQ4MGI2M2VlYjViYjIyOWYxODQ0ODAyZjI5MGI5M2QzZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7w6gL/hkEwo18lm9Zj+TcjuE2/5
TNtx8WN58TusAV4Gl2pvOKZKFtQ2N5QGMSMkuStTI0h2FKf+mdXsazzJx1CZivc3
3PKIH7Vq2nkXYe6YszM0H4f8/Qt4SK7nQLgO3J5gpXS1FPKtxr8of/OomtWYOXDO
Hmy3usNqVvkHlMuyb4cxsQO30WQJoOzVw1MAu+5F4L+YgV6xtkP7+WpMCJghBg32
cC+Pw+N7E8tL+SjwwCq38xQQrjv4VRUI13NC+UQFh80NRqR8hptOdx0P4yHW9WsQ
my7jEQ+kMH2iEfABZ0HjdcBauPB2QZwDXA7ifVZ8dJmKP18d0rfKzOJb2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMbPJIC2PutbsinxhEgC8pC5PT49MB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEveHM4a2dMWS02MXV5S2ZHRVNBTHlrTGs5UGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQpEAwQA
W9ipAwQAW9i+MA0GCSqGSIb3DQEBCwUAA4IBAQBmyn3G/OIgBOnxFXwodap3/EnK
2Mh3XwFbkhV9oMu/dlvG5R+e1FMvf0y5djAIfpWMKJiDGKTOz/c/ePgXVXT61B5/
J9c1tugGIv3zxNFEd4kplbnKR5c782qTU2gNqcTUBboV6C495TsGTOc3+e5XCfly
Cxkv3cUnoPGf8jSUtyscCQDAffeCPFIVrkfQWR5MP6d9sOXxn3U1a+YxxaIf++BP
B92DXTdofaf5Y8RvAlMqICPgSNOo2Y0imjkv03xG6PigWav4iEnhiId3+ZjT5SC6
GAx2LkM3MhKDHmFx0AKOlKjWBMN+n7okuqivL2LaXxhZ4XtZwVSaQCwZXsvj
-----END CERTIFICATE-----