Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/vqrqFiZ6XbejAb9FwHtSr9yQ4m0.roa
File:                     vqrqFiZ6XbejAb9FwHtSr9yQ4m0.roa (raw, json)
Hash identifier:          T2iIwoNA7Vg78DvVyOs8Q+hHpGA9zpQtyMB17nDMScY=
Subject key identifier:   BE:AA:EA:16:26:7A:5D:B7:A3:01:BF:45:C0:7B:52:AF:DC:90:E2:6D
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       01987E5FDFD9724A50B1DA24BB1E84B63F18
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/vqrqFiZ6XbejAb9FwHtSr9yQ4m0.roa
Signing time:             Wed 06 Aug 2025 07:54:29 +0000
ROA not before:           Wed 06 Aug 2025 07:54:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214382
IP address blocks:        5.180.104.0/24 maxlen: 24
                          45.141.150.0/24 maxlen: 24
                          2a13:a440:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:5f:df:d9:72:4a:50:b1:da:24:bb:1e:84:b6:3f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Aug  6 07:54:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=beaaea16267a5db7a301bf45c07b52afdc90e26d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c9:f7:e0:9d:b2:fb:3d:aa:e5:e1:0f:14:82:
                    64:f4:5e:61:ad:18:df:50:77:48:c3:26:fa:72:a3:
                    ef:2b:22:7c:bb:0d:75:ff:69:5a:b8:ff:d1:f8:6b:
                    6b:e9:f8:c7:f7:c3:fe:25:45:b4:f2:c2:2e:9b:98:
                    c6:95:4c:89:33:96:cb:17:42:b1:07:6d:3c:03:4e:
                    af:6e:16:00:bb:b8:ca:9a:f2:e9:bc:d1:66:9e:d6:
                    c2:20:79:c8:e3:74:29:08:7b:91:6b:f4:7c:08:24:
                    94:fb:a0:ce:77:56:f6:c2:de:85:fe:9b:c7:9e:bf:
                    97:0d:6c:61:e7:f3:33:d6:99:f2:92:be:99:9b:97:
                    84:90:b3:fc:b6:52:c9:1c:b6:ec:bf:44:b7:9c:b1:
                    91:1c:91:81:5c:f6:60:ad:1c:02:79:1f:3a:79:6c:
                    2e:54:ee:67:42:32:85:1d:9a:13:0a:b1:80:c0:97:
                    23:bd:e1:92:14:0f:2d:c9:19:36:f1:51:73:b6:91:
                    33:3e:3d:fd:43:f2:67:52:13:52:4a:84:ff:73:e2:
                    54:4a:96:62:fa:73:7e:9a:e8:7c:fa:73:92:a1:f9:
                    d8:5e:c4:c6:6a:e9:67:b7:49:40:3b:80:27:81:df:
                    81:35:60:f5:a3:62:b5:a1:84:5f:c9:9d:ae:e3:b9:
                    f2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:AA:EA:16:26:7A:5D:B7:A3:01:BF:45:C0:7B:52:AF:DC:90:E2:6D
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/vqrqFiZ6XbejAb9FwHtSr9yQ4m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.104.0/24
                  45.141.150.0/24
                IPv6:
                  2a13:a440:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:82:8c:9b:a7:ee:2a:d6:b5:f5:11:b0:0d:22:86:87:fd:2d:
         50:4f:06:56:c7:08:b0:a8:67:8a:34:b2:11:64:c6:3e:4e:0c:
         f4:0f:14:fd:50:42:c5:3e:79:13:04:51:c8:71:98:44:90:18:
         e7:1f:dd:6a:6b:ae:91:49:72:ff:2c:59:f1:67:0b:94:6e:9b:
         de:b6:9c:bb:57:83:57:2a:38:92:81:f2:22:2a:d7:ae:01:13:
         6c:a8:32:a2:c6:0e:81:50:be:46:95:e4:aa:0a:fd:d0:82:7b:
         8d:96:32:b5:77:3f:82:ff:08:4b:22:2d:d6:dc:9e:82:79:cd:
         26:a9:9c:b1:0a:af:42:c0:50:59:08:66:b0:c4:91:50:df:03:
         71:21:c2:8e:ab:0e:35:fc:4b:00:eb:2d:2b:24:8a:1c:aa:18:
         e2:d2:c8:c3:6e:41:7a:71:c3:95:52:d8:65:1f:6a:35:77:17:
         a4:28:e4:90:3a:61:57:b6:76:a0:bc:20:56:31:bc:ba:f1:a7:
         50:70:2a:05:22:9d:0f:5f:f3:6b:fc:e8:ac:67:5b:80:46:5d:
         eb:09:bf:97:df:4e:d1:bb:9c:a6:ea:3b:6d:7e:2d:69:8f:3c:
         35:12:95:0b:d0:fd:0e:7b:98:24:cf:19:69:ab:f7:bc:60:53:
         b6:6d:92:e8
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZh+X9/ZckpQsdokux6Etj8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwODA2MDc1NDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWFhZWExNjI2N2E1ZGI3YTMwMWJmNDVjMDdiNTJhZmRjOTBlMjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48n34J2y+z2q5eEPFIJk9F5hrRjf
UHdIwyb6cqPvKyJ8uw11/2lauP/R+Gtr6fjH98P+JUW08sIum5jGlUyJM5bLF0Kx
B208A06vbhYAu7jKmvLpvNFmntbCIHnI43QpCHuRa/R8CCSU+6DOd1b2wt6F/pvH
nr+XDWxh5/Mz1pnykr6Zm5eEkLP8tlLJHLbsv0S3nLGRHJGBXPZgrRwCeR86eWwu
VO5nQjKFHZoTCrGAwJcjveGSFA8tyRk28VFztpEzPj39Q/JnUhNSSoT/c+JUSpZi
+nN+muh8+nOSofnYXsTGaulnt0lAO4Angd+BNWD1o2K1oYRfyZ2u47nylwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFL6q6hYmel23owG/RcB7Uq/ckOJtMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvdnFycUZpWjZYYmVqQWI5RndIdFNyOXlRNG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQABbRoAwQA
LY2WMA8EAgACMAkDBwAqE6RAAAgwDQYJKoZIhvcNAQELBQADggEBADyCjJun7irW
tfURsA0ihof9LVBPBlbHCLCoZ4o0shFkxj5ODPQPFP1QQsU+eRMEUchxmESQGOcf
3WprrpFJcv8sWfFnC5Rum962nLtXg1cqOJKB8iIq164BE2yoMqLGDoFQvkaV5KoK
/dCCe42WMrV3P4L/CEsiLdbcnoJ5zSapnLEKr0LAUFkIZrDEkVDfA3Ehwo6rDjX8
SwDrLSskihyqGOLSyMNuQXpxw5VS2GUfajV3F6Qo5JA6YVe2dqC8IFYxvLrxp1Bw
KgUinQ9f82v86KxnW4BGXesJv5ffTtG7nKbqO21+LWmPPDUSlQvQ/Q57mCTPGWmr
97xgU7Ztkug=
-----END CERTIFICATE-----