Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/k97CrjwrQPT8_y6vdIb8L8R85BY.roa
File:                     k97CrjwrQPT8_y6vdIb8L8R85BY.roa (raw, json)
Hash identifier:          +DDKSroEDnHlqdOq/UjhA3pHL4D5bJ4vsDTADTBgxwE=
Subject key identifier:   93:DE:C2:AE:3C:2B:40:F4:FC:FF:2E:AF:74:86:FC:2F:C4:7C:E4:16
Certificate issuer:       /CN=598fa4201344d4107f792eee2566c62d65714e2d
Certificate serial:       01985FF1A62CB7F0BCEA5F3BE4689BFB0E6C
Authority key identifier: 59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/k97CrjwrQPT8_y6vdIb8L8R85BY.roa
Signing time:             Thu 31 Jul 2025 10:05:28 +0000
ROA not before:           Thu 31 Jul 2025 10:05:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211141
IP address blocks:        45.80.13.0/24 maxlen: 24
                          45.80.14.0/24 maxlen: 24
                          45.80.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:5f:f1:a6:2c:b7:f0:bc:ea:5f:3b:e4:68:9b:fb:0e:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=598fa4201344d4107f792eee2566c62d65714e2d
        Validity
            Not Before: Jul 31 10:05:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93dec2ae3c2b40f4fcff2eaf7486fc2fc47ce416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:68:c2:b4:d7:4a:c1:81:7d:b5:1e:28:54:5d:
                    ef:57:1f:f5:88:d3:a8:d6:b7:c5:50:32:8c:d4:3d:
                    c8:0e:01:a5:ca:72:0b:27:92:a7:87:63:fb:11:b7:
                    d9:a8:f4:c5:ec:67:7d:03:cb:b4:d1:15:e0:57:99:
                    5d:56:52:7a:a7:c6:d9:f6:fd:68:ec:73:43:88:21:
                    fb:4a:f1:b3:f1:a5:99:6c:c2:0a:ac:b7:d2:4b:e1:
                    28:a8:27:13:17:e3:88:8b:41:a9:5f:1e:ff:c5:2e:
                    72:b5:4b:66:5f:64:3f:05:9e:1a:41:30:0d:f6:a1:
                    9e:93:66:03:93:51:fa:8e:a4:93:52:2b:9d:7a:7d:
                    ca:bf:44:52:fb:e2:ed:e3:76:ac:e6:b8:6a:ab:60:
                    8e:3b:93:3b:12:7f:c4:2d:5b:c0:d0:aa:2a:4e:2c:
                    91:c6:3c:74:a9:df:b5:16:58:bf:5e:e8:e9:06:53:
                    72:8d:26:c4:70:26:a9:ef:7d:02:57:e5:75:bb:4d:
                    54:d1:ed:1e:e3:33:67:68:58:0b:03:7b:f3:90:55:
                    32:63:f1:b9:ed:7e:68:4d:0f:27:0e:c0:7a:e1:1b:
                    5d:84:70:bf:85:45:2f:b0:bf:61:2e:da:e6:0d:0d:
                    cd:f8:92:d1:a0:53:05:c4:6e:99:6f:83:bb:33:ce:
                    89:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:DE:C2:AE:3C:2B:40:F4:FC:FF:2E:AF:74:86:FC:2F:C4:7C:E4:16
            X509v3 Authority Key Identifier:
                keyid:59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/k97CrjwrQPT8_y6vdIb8L8R85BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.13.0-45.80.15.255

    Signature Algorithm: sha256WithRSAEncryption
         ae:73:43:20:9c:40:81:93:31:37:21:6f:e8:c2:c8:6e:5f:36:
         76:95:b8:7c:34:7a:d6:ab:60:55:32:b5:d2:96:3c:5d:84:ff:
         ff:4f:c4:e9:36:47:48:15:0f:50:8e:cf:d9:86:0b:cb:b2:ec:
         cf:df:ce:5e:83:cb:d9:99:f6:9b:cf:a6:bb:87:0e:a7:4f:35:
         ea:65:bd:0c:dd:dd:ce:67:31:53:4e:92:cd:29:19:9a:0d:21:
         96:60:20:c0:1f:ff:e3:5e:e1:59:4d:81:73:d7:89:b9:88:ce:
         a0:fb:08:4f:6c:03:52:d8:5c:12:ac:7b:07:fd:91:b0:52:68:
         d9:a1:10:07:34:34:3a:01:92:66:23:20:4b:89:38:e5:0f:c0:
         8a:a3:89:d7:4a:65:34:ca:11:1e:6b:ee:e2:25:f3:17:2e:ad:
         bb:58:19:fc:a0:d0:72:96:53:eb:55:87:e6:78:40:46:12:cb:
         07:ed:ea:af:a5:c7:47:7c:be:7a:f9:05:3f:f4:4c:9b:b3:36:
         8d:60:fe:ef:0a:11:38:86:ba:2f:13:94:f9:ba:8a:3e:a8:dc:
         56:58:74:1a:aa:e7:c2:0e:98:08:4d:75:c0:57:db:d8:b2:34:
         24:1b:ec:66:02:37:3e:c4:c0:d7:d4:25:df:ad:d1:52:38:d4:
         85:6a:a0:4e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZhf8aYst/C86l875Gib+w5sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5OGZhNDIwMTM0NGQ0MTA3Zjc5MmVlZTI1NjZjNjJkNjU3
MTRlMmQwHhcNMjUwNzMxMTAwNTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2RlYzJhZTNjMmI0MGY0ZmNmZjJlYWY3NDg2ZmMyZmM0N2NlNDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2jCtNdKwYF9tR4oVF3vVx/1iNOo
1rfFUDKM1D3IDgGlynILJ5Knh2P7EbfZqPTF7Gd9A8u00RXgV5ldVlJ6p8bZ9v1o
7HNDiCH7SvGz8aWZbMIKrLfSS+EoqCcTF+OIi0GpXx7/xS5ytUtmX2Q/BZ4aQTAN
9qGek2YDk1H6jqSTUiuden3Kv0RS++Lt43as5rhqq2COO5M7En/ELVvA0KoqTiyR
xjx0qd+1Fli/XujpBlNyjSbEcCap730CV+V1u01U0e0e4zNnaFgLA3vzkFUyY/G5
7X5oTQ8nDsB64RtdhHC/hUUvsL9hLtrmDQ3N+JLRoFMFxG6Zb4O7M86J1QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJPewq48K0D0/P8ur3SG/C/EfOQWMB8GA1UdIwQY
MBaAFFmPpCATRNQQf3ku7iVmxi1lcU4tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2It
NjY0YjhmMDNkMTgwLzEvazk3Q3Jqd3JRUFQ4X3k2dmRJYjhMOFI4NUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2ItNjY0YjhmMDNkMTgw
LzEvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtUA0D
BAQtUAAwDQYJKoZIhvcNAQELBQADggEBAK5zQyCcQIGTMTchb+jCyG5fNnaVuHw0
etarYFUytdKWPF2E//9PxOk2R0gVD1COz9mGC8uy7M/fzl6Dy9mZ9pvPpruHDqdP
NeplvQzd3c5nMVNOks0pGZoNIZZgIMAf/+Ne4VlNgXPXibmIzqD7CE9sA1LYXBKs
ewf9kbBSaNmhEAc0NDoBkmYjIEuJOOUPwIqjiddKZTTKER5r7uIl8xcurbtYGfyg
0HKWU+tVh+Z4QEYSywft6q+lx0d8vnr5BT/0TJuzNo1g/u8KETiGui8TlPm6ij6o
3FZYdBqq58IOmAhNdcBX29iyNCQb7GYCNz7EwNfUJd+t0VI41IVqoE4=
-----END CERTIFICATE-----