Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/sXombvKi4nr7vxHECbDWlTCtz78.roa
File:                     sXombvKi4nr7vxHECbDWlTCtz78.roa (raw, json)
Hash identifier:          NLIx49ILN6SKs0Nh0AFpPfhfEs1G537segBfCzz3EEw=
Subject key identifier:   B1:7A:26:6E:F2:A2:E2:7A:FB:BF:11:C4:09:B0:D6:95:30:AD:CF:BF
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019A397A3AABA4F37935FC3CFD975F762A23
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/sXombvKi4nr7vxHECbDWlTCtz78.roa
Signing time:             Fri 31 Oct 2025 08:55:03 +0000
ROA not before:           Fri 31 Oct 2025 08:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214382
IP address blocks:        45.141.150.0/24 maxlen: 24
                          2a13:a440:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 17:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:7a:3a:ab:a4:f3:79:35:fc:3c:fd:97:5f:76:2a:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Oct 31 08:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b17a266ef2a2e27afbbf11c409b0d69530adcfbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e9:06:25:2a:9a:4e:f3:43:be:5c:18:da:29:
                    d3:b0:77:c7:98:f2:77:fb:d0:15:e3:2d:26:e0:98:
                    a6:28:2c:e1:6c:f0:7f:3f:f9:02:4f:2c:36:2d:ea:
                    b9:52:fc:0d:ca:c7:67:72:a6:26:6c:9a:7c:7b:2a:
                    52:cf:9c:48:1c:e2:83:26:b8:e5:71:46:83:13:98:
                    91:72:cd:d1:10:5c:7e:d1:da:ea:1b:66:f2:60:26:
                    03:fd:f7:cb:40:8e:b7:4f:a3:e4:ed:6d:87:42:2f:
                    d0:27:81:16:d5:70:a4:15:32:fe:63:f1:9f:a0:57:
                    b8:4c:48:78:e4:27:2d:5e:24:76:05:5e:3e:65:55:
                    71:3d:ff:be:de:7d:43:9f:2e:00:c4:0b:c0:7b:c1:
                    db:1d:ba:1d:6a:af:1a:df:b0:16:4a:1e:aa:6b:26:
                    bf:49:62:fc:84:bf:da:12:c0:72:5a:53:a2:09:52:
                    70:41:e8:26:1d:77:ce:68:5a:93:1b:3d:76:28:18:
                    a1:20:49:b8:5b:77:0c:0f:d3:53:ec:c5:4d:10:0f:
                    e3:05:d6:68:c0:42:6b:18:60:78:06:51:f3:ff:e9:
                    25:b2:bb:f2:c7:4c:b1:32:59:49:b1:4d:32:c1:2b:
                    9c:2a:eb:bf:db:65:cc:9b:02:27:07:1e:63:9e:52:
                    83:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7A:26:6E:F2:A2:E2:7A:FB:BF:11:C4:09:B0:D6:95:30:AD:CF:BF
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/sXombvKi4nr7vxHECbDWlTCtz78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.150.0/24
                IPv6:
                  2a13:a440:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:81:5a:a6:68:bc:c8:e7:1b:2a:dd:5b:e2:be:58:5a:2b:c4:
         30:c5:e8:cf:5a:f2:07:0c:e1:b6:60:78:be:ea:ec:7d:fd:38:
         a3:2b:02:1f:37:be:2c:31:01:fe:f3:84:4e:b3:09:15:f2:35:
         73:d7:ee:e1:cb:9e:a4:9b:d2:b7:66:98:ad:34:93:be:11:9d:
         b6:84:ae:64:57:18:43:31:69:83:90:15:42:39:a7:b7:72:33:
         ba:67:0f:82:d9:93:00:dc:a2:7c:58:43:ec:76:f9:20:2a:0c:
         0f:3d:c3:14:2e:47:cc:65:14:35:52:91:7b:93:db:8f:6f:4c:
         1e:c7:fc:3e:b9:88:74:fd:50:3b:a2:1a:e5:28:3a:a5:0b:c7:
         47:ab:e2:2b:bb:1b:d6:7b:7a:4b:4d:f5:65:f0:58:d9:d6:a5:
         2d:17:39:ee:bd:e8:ee:90:90:8c:b3:1a:7f:94:20:8d:f3:1f:
         49:3c:55:9c:16:56:00:76:3d:2d:24:b3:4f:1e:aa:e1:9b:60:
         35:9d:70:2c:1e:3c:77:5d:9e:90:f1:d9:37:5b:68:ad:ec:bc:
         bc:82:61:88:79:6d:7d:26:79:09:f7:7f:fa:fe:05:0d:8e:8a:
         64:1c:45:56:82:bc:ec:fd:aa:32:fe:cd:80:83:ae:00:75:1a:
         4c:bd:7c:c5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZo5ejqrpPN5Nfw8/ZdfdiojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUxMDMxMDg1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTdhMjY2ZWYyYTJlMjdhZmJiZjExYzQwOWIwZDY5NTMwYWRjZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArukGJSqaTvNDvlwY2inTsHfHmPJ3
+9AV4y0m4JimKCzhbPB/P/kCTyw2Leq5UvwNysdncqYmbJp8eypSz5xIHOKDJrjl
cUaDE5iRcs3REFx+0drqG2byYCYD/ffLQI63T6Pk7W2HQi/QJ4EW1XCkFTL+Y/Gf
oFe4TEh45CctXiR2BV4+ZVVxPf++3n1Dny4AxAvAe8HbHbodaq8a37AWSh6qaya/
SWL8hL/aEsByWlOiCVJwQegmHXfOaFqTGz12KBihIEm4W3cMD9NT7MVNEA/jBdZo
wEJrGGB4BlHz/+klsrvyx0yxMllJsU0ywSucKuu/22XMmwInBx5jnlKDTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLF6Jm7youJ6+78RxAmw1pUwrc+/MB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvc1hvbWJ2S2k0bnI3dnhIRUNiRFdsVEN0ejc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALY2WMA8E
AgACMAkDBwAqE6RAAAgwDQYJKoZIhvcNAQELBQADggEBAIqBWqZovMjnGyrdW+K+
WForxDDF6M9a8gcM4bZgeL7q7H39OKMrAh83viwxAf7zhE6zCRXyNXPX7uHLnqSb
0rdmmK00k74RnbaErmRXGEMxaYOQFUI5p7dyM7pnD4LZkwDconxYQ+x2+SAqDA89
wxQuR8xlFDVSkXuT249vTB7H/D65iHT9UDuiGuUoOqULx0er4iu7G9Z7ektN9WXw
WNnWpS0XOe696O6QkIyzGn+UII3zH0k8VZwWVgB2PS0ks08equGbYDWdcCwePHdd
npDx2TdbaK3svLyCYYh5bX0meQn3f/r+BQ2OimQcRVaCvOz9qjL+zYCDrgB1Gky9
fMU=
-----END CERTIFICATE-----