Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/fJ7QUHmY7g9_qP5KvxSEKPQgQ_w.roa
File:                     fJ7QUHmY7g9_qP5KvxSEKPQgQ_w.roa (raw, json)
Hash identifier:          ITyQh90VAvZCZTslbIDDuC/RBxNBRt44KDVHARLU210=
Subject key identifier:   7C:9E:D0:50:79:98:EE:0F:7F:A8:FE:4A:BF:14:84:28:F4:20:43:FC
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       019A3F62BCC155EE956A0B45C696E761A4BF
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/fJ7QUHmY7g9_qP5KvxSEKPQgQ_w.roa
Signing time:             Sat 01 Nov 2025 12:27:06 +0000
ROA not before:           Sat 01 Nov 2025 12:27:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215370
IP address blocks:        45.154.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3f:62:bc:c1:55:ee:95:6a:0b:45:c6:96:e7:61:a4:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Nov  1 12:27:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c9ed0507998ee0f7fa8fe4abf148428f42043fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4e:89:73:5a:28:74:ea:10:34:c1:89:28:6f:
                    07:f0:84:5f:a1:dd:39:99:4c:6b:2f:c5:ad:c2:b7:
                    29:d4:bb:40:07:15:03:81:66:6b:e8:a0:5e:1b:51:
                    f0:91:ac:75:02:ee:0e:42:7f:5e:65:d5:2c:c6:b0:
                    7c:80:14:2f:9a:b5:e1:6a:05:2d:32:cf:dc:42:87:
                    4f:a1:31:a2:d8:94:59:2b:0a:60:52:18:83:bb:03:
                    f6:f3:7b:bc:4c:2c:77:aa:a3:b7:e2:f6:25:ac:a1:
                    48:9b:7e:10:c4:22:e3:43:7f:31:50:db:4a:9c:5a:
                    b0:d9:ba:5e:8b:13:8d:17:a5:9d:0d:c7:2a:94:43:
                    aa:9b:16:f9:a7:f7:9f:4f:5e:a6:5b:8d:e8:a6:2b:
                    ff:52:cb:25:1a:3f:4e:b7:c0:26:28:9a:38:79:a6:
                    b4:11:cc:bb:f2:a2:05:f8:4c:4a:e9:37:34:4f:0d:
                    86:3c:bb:f5:63:4c:b3:d0:51:65:65:47:89:2e:bd:
                    dc:fd:b1:8d:d5:f0:04:e8:1d:fd:cd:30:01:34:f9:
                    1e:db:74:d0:57:2d:3c:d8:60:21:fd:63:47:c7:4d:
                    e5:8a:92:e9:a2:61:b7:9f:c4:ea:01:a5:fe:10:1c:
                    72:ed:c7:7b:fc:33:dd:9f:6b:57:ff:86:e7:54:be:
                    54:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9E:D0:50:79:98:EE:0F:7F:A8:FE:4A:BF:14:84:28:F4:20:43:FC
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/fJ7QUHmY7g9_qP5KvxSEKPQgQ_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:2e:ad:1e:e2:67:8a:50:18:ee:08:f9:b9:97:83:23:e5:1c:
         6e:82:44:ae:56:99:b3:2c:30:1d:55:bd:9c:f8:8e:23:4c:dc:
         68:18:2f:34:d7:0b:c1:fd:03:17:ab:4f:92:93:39:0a:46:e5:
         69:d9:77:36:e7:ed:1b:79:99:0c:0c:65:01:32:3b:43:04:6f:
         aa:e9:bc:27:71:2a:a1:ed:ea:4e:9f:c2:66:bc:41:f8:94:4a:
         93:4a:e8:c2:d6:a7:4b:74:bc:55:fc:4a:51:6b:80:06:2b:39:
         84:8b:d1:6f:ea:f4:b4:b1:ab:1f:03:79:72:4f:74:8d:ce:84:
         8d:4b:ec:26:61:5e:81:79:cf:db:e6:da:79:fc:03:a3:7a:5b:
         b6:ff:ea:29:ef:33:17:4c:67:d6:c7:dd:b0:b3:69:8c:fb:a8:
         09:6c:16:bf:ed:14:a4:34:23:b2:0d:f2:a6:a7:e9:71:37:dc:
         1a:2e:d8:c7:53:e8:b1:55:50:63:75:25:0b:50:12:4a:d1:6c:
         e0:9f:78:6c:a2:4b:7f:dd:68:81:43:20:e3:5c:a0:d6:70:39:
         41:f5:4c:b4:41:36:54:b5:4f:c7:2f:1b:9f:fa:5a:b2:19:aa:
         4e:7e:14:8e:1f:24:f8:7b:1e:b9:ff:55:eb:a9:42:64:a6:15:
         6e:3c:7c:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZo/YrzBVe6VagtFxpbnYaS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjUxMTAxMTIyNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzllZDA1MDc5OThlZTBmN2ZhOGZlNGFiZjE0ODQyOGY0MjA0M2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E6Jc1oodOoQNMGJKG8H8IRfod05
mUxrL8Wtwrcp1LtABxUDgWZr6KBeG1Hwkax1Au4OQn9eZdUsxrB8gBQvmrXhagUt
Ms/cQodPoTGi2JRZKwpgUhiDuwP283u8TCx3qqO34vYlrKFIm34QxCLjQ38xUNtK
nFqw2bpeixONF6WdDccqlEOqmxb5p/efT16mW43opiv/UsslGj9Ot8AmKJo4eaa0
Ecy78qIF+ExK6Tc0Tw2GPLv1Y0yz0FFlZUeJLr3c/bGN1fAE6B39zTABNPke23TQ
Vy082GAh/WNHx03lipLpomG3n8TqAaX+EBxy7cd7/DPdn2tX/4bnVL5U/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHye0FB5mO4Pf6j+Sr8UhCj0IEP8MB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvZko3UVVIbVk3ZzlfcVA1S3Z4U0VLUFFnUV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZoiMA0G
CSqGSIb3DQEBCwUAA4IBAQCYLq0e4meKUBjuCPm5l4Mj5RxugkSuVpmzLDAdVb2c
+I4jTNxoGC801wvB/QMXq0+SkzkKRuVp2Xc25+0beZkMDGUBMjtDBG+q6bwncSqh
7epOn8JmvEH4lEqTSujC1qdLdLxV/EpRa4AGKzmEi9Fv6vS0sasfA3lyT3SNzoSN
S+wmYV6Bec/b5tp5/AOjelu2/+op7zMXTGfWx92ws2mM+6gJbBa/7RSkNCOyDfKm
p+lxN9waLtjHU+ixVVBjdSULUBJK0Wzgn3hsokt/3WiBQyDjXKDWcDlB9Uy0QTZU
tU/HLxuf+lqyGapOfhSOHyT4ex65/1XrqUJkphVuPHzi
-----END CERTIFICATE-----