Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/pVTqCR0peatjWSp4Jxs9VZ9aHR0.roa
File:                     pVTqCR0peatjWSp4Jxs9VZ9aHR0.roa (raw, json)
Hash identifier:          yjFFs3Sic83blHCl+jWhjWUGXXoo+/pXsN4k7VdljkI=
Subject key identifier:   A5:54:EA:09:1D:29:79:AB:63:59:2A:78:27:1B:3D:55:9F:5A:1D:1D
Certificate issuer:       /CN=fc35877cc038bffdb97bb3d6ea216ab52b3a0582
Certificate serial:       01987E0F4E386101CE53FE671741A879C0B7
Authority key identifier: FC:35:87:7C:C0:38:BF:FD:B9:7B:B3:D6:EA:21:6A:B5:2B:3A:05:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/pVTqCR0peatjWSp4Jxs9VZ9aHR0.roa
Signing time:             Wed 06 Aug 2025 06:26:28 +0000
ROA not before:           Wed 06 Aug 2025 06:26:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208864
IP address blocks:        45.11.15.0/24 maxlen: 24
                          185.42.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:0f:4e:38:61:01:ce:53:fe:67:17:41:a8:79:c0:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc35877cc038bffdb97bb3d6ea216ab52b3a0582
        Validity
            Not Before: Aug  6 06:26:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a554ea091d2979ab63592a78271b3d559f5a1d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9e:26:26:19:ad:38:80:79:4f:38:4a:54:51:
                    3e:23:ba:62:88:b6:11:a2:05:0b:12:fa:a2:af:a5:
                    1b:a3:69:30:01:b6:83:5a:da:8a:08:4f:61:ce:69:
                    c8:7c:69:99:b9:0d:99:cd:ca:2b:11:4d:ac:a3:76:
                    5d:11:bd:20:d3:91:88:48:b7:68:53:09:7c:f1:13:
                    b2:31:e7:2d:82:6a:9d:0d:90:4b:e1:91:41:af:03:
                    80:db:c0:04:ff:98:66:7b:a2:0d:92:11:e5:fd:a9:
                    be:59:48:81:0a:b8:4d:dc:ec:72:b0:56:28:75:3d:
                    87:ec:d9:62:57:98:24:d8:02:3a:de:50:6a:9c:76:
                    71:04:21:8f:0c:d2:24:6b:e0:c8:1c:9f:7e:00:dd:
                    07:b5:2b:e4:52:9a:7f:5b:f6:b7:90:68:fc:82:8c:
                    a9:76:5a:87:26:26:55:97:52:b7:c2:51:52:28:27:
                    31:73:aa:b0:8e:4c:b6:d3:44:99:67:55:a2:e1:e7:
                    f0:2f:1d:db:2e:26:c4:b7:ce:61:1a:ad:0b:bf:92:
                    fc:c1:27:82:60:93:b9:f0:26:94:52:ec:fb:28:d5:
                    1d:63:6f:b6:e4:04:bb:36:89:ec:91:8f:31:38:fa:
                    dc:97:34:1c:1f:ec:5d:ff:42:b3:a9:c9:6a:ad:b3:
                    93:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:54:EA:09:1D:29:79:AB:63:59:2A:78:27:1B:3D:55:9F:5A:1D:1D
            X509v3 Authority Key Identifier:
                keyid:FC:35:87:7C:C0:38:BF:FD:B9:7B:B3:D6:EA:21:6A:B5:2B:3A:05:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_DWHfMA4v_25e7PW6iFqtSs6BYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/pVTqCR0peatjWSp4Jxs9VZ9aHR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e8072a-6017-4ed5-bee3-8e65b347f218/1/_DWHfMA4v_25e7PW6iFqtSs6BYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.15.0/24
                  185.42.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:12:27:92:7e:a6:fa:7c:02:a5:87:7d:05:b2:1e:cc:73:55:
         f8:4e:5e:bc:18:74:6b:d2:16:78:6f:6b:87:d7:b2:53:63:3c:
         cc:20:4a:84:99:94:9f:6d:3e:65:48:65:bf:d6:45:cf:4e:2e:
         3b:86:b5:01:8e:54:90:b8:10:05:0c:71:c6:09:27:a7:59:81:
         31:60:f9:bf:b9:c2:c3:dd:99:3d:e4:9a:c1:67:a0:94:b0:d0:
         03:bb:51:04:06:9b:3b:be:4c:4e:44:c8:f3:51:d2:95:5a:46:
         ca:d0:c8:55:74:c1:65:29:45:28:9e:f7:6a:55:10:85:f8:52:
         17:ee:8c:1b:53:d3:27:c7:a1:40:1c:c1:ea:d5:16:ff:33:27:
         9e:81:3d:18:36:a9:78:ba:37:ab:60:a7:29:89:fc:b0:48:33:
         07:da:d6:40:47:71:d5:37:89:a6:b6:9f:5e:68:1f:b7:cd:5f:
         ee:26:c0:fc:d0:3d:40:2b:ea:3e:7d:af:20:3b:1e:22:0e:c2:
         7e:19:f2:be:15:7e:4e:86:f8:a9:f5:f8:d4:3b:e4:83:1d:18:
         fc:46:a8:b7:8e:ad:9e:89:67:04:25:12:e7:95:43:33:cc:cb:
         00:26:35:e0:66:51:b4:3c:ba:8c:d8:f3:8c:86:98:03:d0:c3:
         e2:2c:b1:19
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZh+D044YQHOU/5nF0GoecC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMzU4NzdjYzAzOGJmZmRiOTdiYjNkNmVhMjE2YWI1MmIz
YTA1ODIwHhcNMjUwODA2MDYyNjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTU0ZWEwOTFkMjk3OWFiNjM1OTJhNzgyNzFiM2Q1NTlmNWExZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxp4mJhmtOIB5TzhKVFE+I7piiLYR
ogULEvqir6Ubo2kwAbaDWtqKCE9hzmnIfGmZuQ2ZzcorEU2so3ZdEb0g05GISLdo
Uwl88ROyMectgmqdDZBL4ZFBrwOA28AE/5hme6INkhHl/am+WUiBCrhN3OxysFYo
dT2H7NliV5gk2AI63lBqnHZxBCGPDNIka+DIHJ9+AN0HtSvkUpp/W/a3kGj8goyp
dlqHJiZVl1K3wlFSKCcxc6qwjky200SZZ1Wi4efwLx3bLibEt85hGq0Lv5L8wSeC
YJO58CaUUuz7KNUdY2+25AS7NonskY8xOPrclzQcH+xd/0KzqclqrbOTmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKVU6gkdKXmrY1kqeCcbPVWfWh0dMB8GA1UdIwQY
MBaAFPw1h3zAOL/9uXuz1uoharUrOgWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RXSGZNQTR2XzI1ZTdQVzZpRnF0U3M2QllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lODA3MmEtNjAxNy00ZWQ1LWJlZTMt
OGU2NWIzNDdmMjE4LzEvcFZUcUNSMHBlYXRqV1NwNEp4czlWWjlhSFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lODA3MmEtNjAxNy00ZWQ1LWJlZTMtOGU2NWIzNDdmMjE4
LzEvX0RXSGZNQTR2XzI1ZTdQVzZpRnF0U3M2QllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQsPAwQA
uSo7MA0GCSqGSIb3DQEBCwUAA4IBAQAQEieSfqb6fAKlh30Fsh7Mc1X4Tl68GHRr
0hZ4b2uH17JTYzzMIEqEmZSfbT5lSGW/1kXPTi47hrUBjlSQuBAFDHHGCSenWYEx
YPm/ucLD3Zk95JrBZ6CUsNADu1EEBps7vkxORMjzUdKVWkbK0MhVdMFlKUUonvdq
VRCF+FIX7owbU9Mnx6FAHMHq1Rb/MyeegT0YNql4ujerYKcpifywSDMH2tZAR3HV
N4mmtp9eaB+3zV/uJsD80D1AK+o+fa8gOx4iDsJ+GfK+FX5Ohvip9fjUO+SDHRj8
Rqi3jq2eiWcEJRLnlUMzzMsAJjXgZlG0PLqM2POMhpgD0MPiLLEZ
-----END CERTIFICATE-----