Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/uPrw0OJDVBxpxFJDlEcmvS7AdfE.roa
File:                     uPrw0OJDVBxpxFJDlEcmvS7AdfE.roa (raw, json)
Hash identifier:          ZLUZ8aK8rLmaLEYRryr7m+FORRKKh3d1dz/WcNlJb3c=
Subject key identifier:   B8:FA:F0:D0:E2:43:54:1C:69:C4:52:43:94:47:26:BD:2E:C0:75:F1
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019842769852BE7C0FD102CAB562E50144DA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/uPrw0OJDVBxpxFJDlEcmvS7AdfE.roa
Signing time:             Fri 25 Jul 2025 16:42:05 +0000
ROA not before:           Fri 25 Jul 2025 16:42:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        45.86.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:42:76:98:52:be:7c:0f:d1:02:ca:b5:62:e5:01:44:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul 25 16:42:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8faf0d0e243541c69c45243944726bd2ec075f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:6f:ae:f5:9e:93:0e:95:70:0e:49:5a:33:37:
                    ff:41:2b:d2:d2:ed:83:37:68:a1:23:8c:06:51:88:
                    10:a6:65:4d:e4:6e:ea:c6:7b:a2:a2:b3:ef:e7:8a:
                    df:f5:4a:b4:79:12:99:94:67:5a:a2:f5:8c:25:fe:
                    00:f3:0f:81:df:ab:7b:be:b7:3f:71:e7:a9:8a:bf:
                    c2:f8:4e:de:04:6d:8c:3f:24:ca:19:d9:84:f4:0a:
                    d4:fc:2d:44:8b:ee:85:23:7e:d1:cf:93:74:4c:9b:
                    1d:34:af:98:bd:0c:a1:a4:fe:54:57:a5:8b:80:8e:
                    9b:c0:4e:7a:9c:30:9c:eb:b6:ac:a4:c1:1a:ac:45:
                    28:a7:4b:2a:ab:36:e2:cf:50:d3:08:ab:1c:9e:0f:
                    0d:24:80:59:7c:c9:b6:eb:2e:f8:37:d6:fb:36:b0:
                    a4:96:ad:1b:66:c2:2c:e2:9d:55:1c:f9:a5:72:dd:
                    a8:27:f9:64:ab:be:39:cf:2c:9f:77:36:39:4d:13:
                    9a:03:b1:f1:9a:6c:52:17:4e:23:8e:a1:f1:de:d9:
                    df:85:06:99:e5:7e:c0:7c:42:26:b9:4d:42:5a:f7:
                    be:f6:58:71:98:f1:98:59:92:aa:22:5c:a3:b2:95:
                    9e:7d:d2:e1:23:43:53:05:42:c5:55:70:f0:f1:ec:
                    97:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:FA:F0:D0:E2:43:54:1C:69:C4:52:43:94:47:26:BD:2E:C0:75:F1
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/uPrw0OJDVBxpxFJDlEcmvS7AdfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:ea:33:9a:77:ca:a3:1d:23:81:54:e2:9c:1c:16:fd:5d:37:
         6c:14:9c:7c:67:e3:ff:c1:69:53:07:e0:54:ee:75:b4:ab:6b:
         b0:3a:cf:b5:ce:74:c6:f1:62:0a:42:74:ee:ed:d9:eb:4e:f7:
         f5:e3:31:59:d3:df:eb:8d:9b:28:c7:ac:c6:77:f8:5b:5a:37:
         e4:25:0a:c1:18:e0:16:4e:ff:e0:06:bd:31:ad:1d:cb:a9:59:
         d0:ae:0a:30:9f:60:e3:01:bf:0c:0c:1f:fa:45:e4:ff:57:81:
         91:3d:4e:9b:ed:56:02:d3:ed:e5:ae:05:fd:ea:de:a0:41:0a:
         70:68:c2:98:4e:05:21:3a:22:52:cb:89:bf:38:3d:91:f0:6c:
         31:00:a2:f1:32:53:c2:b7:cd:db:73:7f:a8:81:b8:12:31:da:
         aa:d3:e4:91:9f:ab:0d:3a:a1:de:ba:03:01:ff:4b:3e:29:1e:
         ae:99:93:7d:e9:55:6d:6e:2b:a9:e4:fd:9c:2e:db:92:15:74:
         fd:26:79:19:f1:2a:57:70:3e:42:7e:8d:33:4e:74:26:df:8f:
         e8:23:84:ff:94:7c:76:db:15:79:5b:54:d2:c0:93:0b:17:15:
         67:b5:39:29:bb:77:2f:8e:e8:de:a5:6b:0a:df:78:61:bd:9b:
         3d:4a:cd:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhCdphSvnwP0QLKtWLlAUTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzI1MTY0MjA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGZhZjBkMGUyNDM1NDFjNjljNDUyNDM5NDQ3MjZiZDJlYzA3NWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2+u9Z6TDpVwDklaMzf/QSvS0u2D
N2ihI4wGUYgQpmVN5G7qxnuiorPv54rf9Uq0eRKZlGdaovWMJf4A8w+B36t7vrc/
ceepir/C+E7eBG2MPyTKGdmE9ArU/C1Ei+6FI37Rz5N0TJsdNK+YvQyhpP5UV6WL
gI6bwE56nDCc67aspMEarEUop0sqqzbiz1DTCKscng8NJIBZfMm26y74N9b7NrCk
lq0bZsIs4p1VHPmlct2oJ/lkq745zyyfdzY5TROaA7HxmmxSF04jjqHx3tnfhQaZ
5X7AfEImuU1CWve+9lhxmPGYWZKqIlyjspWefdLhI0NTBULFVXDw8eyXTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLj68NDiQ1QcacRSQ5RHJr0uwHXxMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdVBydzBPSkRWQnhweEZKRGxFY212UzdBZGZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVYPMA0G
CSqGSIb3DQEBCwUAA4IBAQBM6jOad8qjHSOBVOKcHBb9XTdsFJx8Z+P/wWlTB+BU
7nW0q2uwOs+1znTG8WIKQnTu7dnrTvf14zFZ09/rjZsox6zGd/hbWjfkJQrBGOAW
Tv/gBr0xrR3LqVnQrgown2DjAb8MDB/6ReT/V4GRPU6b7VYC0+3lrgX96t6gQQpw
aMKYTgUhOiJSy4m/OD2R8GwxAKLxMlPCt83bc3+ogbgSMdqq0+SRn6sNOqHeugMB
/0s+KR6umZN96VVtbiup5P2cLtuSFXT9JnkZ8SpXcD5Cfo0zTnQm34/oI4T/lHx2
2xV5W1TSwJMLFxVntTkpu3cvjujepWsK33hhvZs9Ss1W
-----END CERTIFICATE-----