Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/KB-h8Fkel5XMX-o95HwHpLCnxAc.roa
File:                     KB-h8Fkel5XMX-o95HwHpLCnxAc.roa (raw, json)
Hash identifier:          A5pXsjdEHFyVrWzWIHIaJ7+R2DSLK1pRV3wNGnMYcuw=
Subject key identifier:   28:1F:A1:F0:59:1E:97:95:CC:5F:EA:3D:E4:7C:07:A4:B0:A7:C4:07
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0198181D3C05705BF9FFE1006A7D933BB8C9
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/KB-h8Fkel5XMX-o95HwHpLCnxAc.roa
Signing time:             Thu 17 Jul 2025 11:20:25 +0000
ROA not before:           Thu 17 Jul 2025 11:20:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48198
IP address blocks:        176.46.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:18:1d:3c:05:70:5b:f9:ff:e1:00:6a:7d:93:3b:b8:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Jul 17 11:20:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=281fa1f0591e9795cc5fea3de47c07a4b0a7c407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d9:2f:1c:01:11:19:44:b0:b6:36:e4:32:ed:
                    5b:97:cf:9a:c3:e3:0b:88:48:a4:bb:2d:0d:25:8b:
                    36:98:d3:16:58:3d:99:10:7d:18:cb:69:08:73:c5:
                    31:05:d3:05:f8:6d:fb:4a:a6:55:a9:3a:87:09:39:
                    96:22:d4:18:f0:fa:07:05:42:c0:94:5e:44:f6:ed:
                    49:19:71:5b:eb:73:12:35:e5:ac:27:48:92:62:14:
                    3b:3b:11:6c:3e:8c:39:a0:06:d8:4c:1a:0e:88:49:
                    6f:a4:06:59:13:f3:6a:a5:c9:4d:19:4d:2a:e8:77:
                    6e:68:4a:e6:34:01:27:71:e8:6a:8e:22:bf:d2:7e:
                    84:4f:80:39:80:de:b3:e6:e7:ce:70:21:bb:b7:26:
                    4e:81:9c:fb:d6:cc:52:e1:78:04:93:ec:87:3e:39:
                    e3:05:d7:85:18:c1:b9:6b:ac:e1:44:0c:18:84:f2:
                    20:12:fa:14:71:bd:61:c9:96:58:d8:b4:6a:6d:bd:
                    80:34:39:bb:d2:f4:56:af:71:f7:a1:8d:1f:94:38:
                    0e:6d:58:a9:c0:0c:8e:0c:26:51:de:d8:6e:27:9c:
                    43:d7:ab:1e:f6:cd:ff:54:dd:75:d1:56:48:42:52:
                    43:df:1c:69:85:5f:c7:a7:7c:69:47:19:d5:34:6d:
                    f5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:1F:A1:F0:59:1E:97:95:CC:5F:EA:3D:E4:7C:07:A4:B0:A7:C4:07
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/KB-h8Fkel5XMX-o95HwHpLCnxAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.46.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:ec:1e:63:f8:8e:d4:b9:ff:c8:ba:25:98:8d:9b:9a:a4:5e:
         c3:fd:d1:ea:62:66:bb:db:3d:b7:0d:f6:78:a2:3b:ee:de:3a:
         20:0e:47:34:55:79:ef:00:a1:9f:4a:a2:e6:d9:59:fe:ce:93:
         a0:d6:54:58:fd:67:89:a1:fe:20:b2:b4:d2:28:06:df:d1:05:
         ab:e1:2e:b2:a7:ae:cb:e6:84:6d:86:42:d1:d1:d3:32:95:8a:
         a2:57:79:4d:47:86:53:2b:fd:cb:31:9b:a3:1d:87:10:e2:01:
         f3:a5:f4:0f:b0:db:33:e6:60:04:c0:19:db:1f:26:87:0e:36:
         9e:e0:ad:ef:01:28:74:23:3e:94:33:f6:69:77:47:7f:6a:5f:
         f0:9b:02:55:b7:d0:17:44:65:c4:83:cf:a4:ba:ca:5d:27:75:
         8c:be:c3:7a:c4:93:1b:3e:e9:01:30:99:38:71:41:e3:16:ba:
         46:a8:d5:31:f2:2e:19:e9:67:36:56:47:ed:ef:cb:9e:d6:36:
         38:e1:d9:61:36:cc:b3:c4:12:2f:4c:a0:54:68:97:74:26:55:
         18:90:62:c8:83:78:d3:5b:e2:cb:ee:0a:63:ff:85:9d:02:f8:
         54:6f:99:b0:05:ed:e7:71:b6:90:37:59:2f:38:48:95:68:79:
         db:ac:84:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgYHTwFcFv5/+EAan2TO7jJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwNzE3MTEyMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODFmYTFmMDU5MWU5Nzk1Y2M1ZmVhM2RlNDdjMDdhNGIwYTdjNDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9kvHAERGUSwtjbkMu1bl8+aw+ML
iEikuy0NJYs2mNMWWD2ZEH0Yy2kIc8UxBdMF+G37SqZVqTqHCTmWItQY8PoHBULA
lF5E9u1JGXFb63MSNeWsJ0iSYhQ7OxFsPow5oAbYTBoOiElvpAZZE/NqpclNGU0q
6HduaErmNAEncehqjiK/0n6ET4A5gN6z5ufOcCG7tyZOgZz71sxS4XgEk+yHPjnj
BdeFGMG5a6zhRAwYhPIgEvoUcb1hyZZY2LRqbb2ANDm70vRWr3H3oY0flDgObVip
wAyODCZR3thuJ5xD16se9s3/VN110VZIQlJD3xxphV/Hp3xpRxnVNG313wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgfofBZHpeVzF/qPeR8B6Swp8QHMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvS0ItaDhGa2VsNVhNWC1vOTVId0hwTENueEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsC6NMA0G
CSqGSIb3DQEBCwUAA4IBAQCi7B5j+I7Uuf/IuiWYjZuapF7D/dHqYma72z23DfZ4
ojvu3jogDkc0VXnvAKGfSqLm2Vn+zpOg1lRY/WeJof4gsrTSKAbf0QWr4S6yp67L
5oRthkLR0dMylYqiV3lNR4ZTK/3LMZujHYcQ4gHzpfQPsNsz5mAEwBnbHyaHDjae
4K3vASh0Iz6UM/Zpd0d/al/wmwJVt9AXRGXEg8+kuspdJ3WMvsN6xJMbPukBMJk4
cUHjFrpGqNUx8i4Z6Wc2Vkft78ue1jY44dlhNsyzxBIvTKBUaJd0JlUYkGLIg3jT
W+LL7gpj/4WdAvhUb5mwBe3ncbaQN1kvOEiVaHnbrITo
-----END CERTIFICATE-----