Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/gip5FVo0Thg9rgOohPOAHz3AMNI.roa
File:                     gip5FVo0Thg9rgOohPOAHz3AMNI.roa (raw, json)
Hash identifier:          dwFwMbHcTmcHE8u54qfz09vfs9sNgI/Ccl4iI8PUFxA=
Subject key identifier:   82:2A:79:15:5A:34:4E:18:3D:AE:03:A8:84:F3:80:1F:3D:C0:30:D2
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       0198556391051FED36B45329581CD934AC88
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/gip5FVo0Thg9rgOohPOAHz3AMNI.roa
Signing time:             Tue 29 Jul 2025 08:54:05 +0000
ROA not before:           Tue 29 Jul 2025 08:54:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213802
IP address blocks:        45.131.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:63:91:05:1f:ed:36:b4:53:29:58:1c:d9:34:ac:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jul 29 08:54:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=822a79155a344e183dae03a884f3801f3dc030d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4c:c9:dc:24:23:6f:78:01:6d:0e:c1:36:a1:
                    1d:69:f6:1f:6c:8d:0b:c7:38:80:27:b7:6a:12:0c:
                    1c:e5:76:52:9f:dd:aa:ce:3e:6e:ca:64:e7:fb:ae:
                    5f:41:a5:1c:e6:aa:44:ad:01:06:98:5a:3b:d1:8b:
                    f7:93:e2:a5:c5:45:d7:13:30:be:0e:8a:7b:5c:9a:
                    13:4b:ab:f8:d8:98:3a:ce:3e:74:b4:b7:ca:97:83:
                    ce:ae:9a:e6:a9:6c:a1:97:d9:9b:83:04:23:44:c8:
                    20:ed:76:d5:4f:85:1b:b4:f0:e1:7f:0c:0b:d9:d0:
                    13:5d:ce:f7:21:77:8a:49:d9:c7:c4:24:d5:ad:a7:
                    5b:1e:5d:a1:73:62:15:89:72:d4:9f:ba:bf:ac:7b:
                    22:9f:8e:67:6a:2a:ee:03:6f:26:d1:c9:58:d8:f4:
                    5d:ab:9a:8c:3b:0d:e3:29:a8:82:ec:28:c7:56:d7:
                    fd:ad:43:fc:0f:d9:2c:06:69:96:65:08:37:7e:06:
                    c5:fb:c0:cc:46:f8:cd:8f:2c:15:a6:96:6d:1b:8c:
                    8e:8e:ba:36:0a:9f:c1:7a:8c:5c:92:48:95:0e:c3:
                    46:9a:44:cb:e8:25:d0:af:be:76:e5:06:2b:bd:b7:
                    a3:96:4c:ab:62:02:90:cc:c4:c2:39:0d:a0:cf:c7:
                    72:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:2A:79:15:5A:34:4E:18:3D:AE:03:A8:84:F3:80:1F:3D:C0:30:D2
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/gip5FVo0Thg9rgOohPOAHz3AMNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:57:ce:cd:72:ff:86:89:44:79:f8:ec:a0:95:28:f7:e2:f0:
         d3:09:aa:ff:31:54:6d:ab:41:47:15:fd:00:7d:f6:f8:83:7d:
         b3:7a:2b:78:b5:87:9c:52:69:ff:16:d9:b7:44:33:c5:43:0f:
         9c:f8:8d:2c:11:17:f8:fb:de:a8:a4:cf:3d:8c:ea:68:0d:b9:
         e0:f6:80:a4:27:3c:95:6e:61:4b:a9:08:ce:52:11:bf:19:28:
         61:22:1f:b1:c6:03:31:2f:60:0c:bb:0b:2a:90:68:47:65:db:
         f2:ab:7e:a8:ce:37:48:14:ee:d1:84:d2:d0:6d:69:10:08:39:
         96:51:51:8f:8e:6f:08:df:bd:65:86:65:eb:fd:3c:d1:78:95:
         12:14:73:48:9a:f1:e9:e9:17:dd:7d:3e:b3:cb:f9:31:fb:d8:
         ae:0f:b7:cd:59:4d:b7:56:1a:65:61:30:7e:08:18:42:96:51:
         11:26:e8:a4:5b:9b:36:51:a1:20:b5:08:33:14:d0:0c:63:89:
         b8:0c:75:d1:d0:ce:4f:59:ae:41:74:aa:0b:8c:ec:7c:4a:2e:
         e3:d5:1d:95:9c:d6:50:94:f5:d1:45:b8:a1:c2:a2:37:9a:09:
         dd:e0:71:bb:80:0b:06:84:c8:a3:d2:56:8b:e7:e8:50:ae:82:
         5e:a8:27:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhVY5EFH+02tFMpWBzZNKyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwNzI5MDg1NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjJhNzkxNTVhMzQ0ZTE4M2RhZTAzYTg4NGYzODAxZjNkYzAzMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEzJ3CQjb3gBbQ7BNqEdafYfbI0L
xziAJ7dqEgwc5XZSn92qzj5uymTn+65fQaUc5qpErQEGmFo70Yv3k+KlxUXXEzC+
Dop7XJoTS6v42Jg6zj50tLfKl4POrprmqWyhl9mbgwQjRMgg7XbVT4UbtPDhfwwL
2dATXc73IXeKSdnHxCTVradbHl2hc2IViXLUn7q/rHsin45nairuA28m0clY2PRd
q5qMOw3jKaiC7CjHVtf9rUP8D9ksBmmWZQg3fgbF+8DMRvjNjywVppZtG4yOjro2
Cp/BeoxckkiVDsNGmkTL6CXQr7525QYrvbejlkyrYgKQzMTCOQ2gz8dy8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIqeRVaNE4YPa4DqITzgB89wDDSMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvZ2lwNUZWbzBUaGc5cmdPb2hQT0FIejNBTU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYOYMA0G
CSqGSIb3DQEBCwUAA4IBAQB/V87Ncv+GiUR5+OyglSj34vDTCar/MVRtq0FHFf0A
ffb4g32zeit4tYecUmn/Ftm3RDPFQw+c+I0sERf4+96opM89jOpoDbng9oCkJzyV
bmFLqQjOUhG/GShhIh+xxgMxL2AMuwsqkGhHZdvyq36ozjdIFO7RhNLQbWkQCDmW
UVGPjm8I371lhmXr/TzReJUSFHNImvHp6RfdfT6zy/kx+9iuD7fNWU23VhplYTB+
CBhCllERJuikW5s2UaEgtQgzFNAMY4m4DHXR0M5PWa5BdKoLjOx8Si7j1R2VnNZQ
lPXRRbihwqI3mgnd4HG7gAsGhMij0laL5+hQroJeqCed
-----END CERTIFICATE-----