Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/AqKvWWTw_o64vG6wltS0YN5kGbo.roa
File:                     AqKvWWTw_o64vG6wltS0YN5kGbo.roa (raw, json)
Hash identifier:          wL3oeGyNzvfXI7ZS8KLi9p3lvV7vG26Q40zHsSA75CY=
Subject key identifier:   02:A2:AF:59:64:F0:FE:8E:B8:BC:6E:B0:96:D4:B4:60:DE:64:19:BA
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       01982CD22339310B67596F675E2665D67F71
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/AqKvWWTw_o64vG6wltS0YN5kGbo.roa
Signing time:             Mon 21 Jul 2025 11:50:25 +0000
ROA not before:           Mon 21 Jul 2025 11:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197537
IP address blocks:        46.236.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:d2:23:39:31:0b:67:59:6f:67:5e:26:65:d6:7f:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jul 21 11:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02a2af5964f0fe8eb8bc6eb096d4b460de6419ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9c:eb:f2:4c:6a:94:8a:3e:ef:84:b2:6e:91:
                    28:f8:b4:4d:56:4f:5d:7b:46:01:d8:30:66:ca:6c:
                    bf:d1:a5:8a:33:c3:b2:27:eb:26:bc:ca:b3:23:cc:
                    90:11:18:9e:06:f6:c4:ec:74:37:d2:76:0c:1c:2f:
                    63:63:c0:c5:32:0c:f6:f2:6a:9a:06:a7:ca:f9:b1:
                    7a:bd:70:8e:e4:b1:f4:c2:1c:d8:4e:8a:00:ee:07:
                    6c:ab:fd:69:94:83:ef:b3:dc:f7:36:45:58:fa:59:
                    41:6d:3a:ca:2d:fe:d0:05:09:24:9f:c1:d7:33:39:
                    6a:d1:42:39:97:ac:41:02:3f:26:42:27:81:38:49:
                    a2:63:a2:91:12:1b:2d:01:2c:51:3b:a1:f7:7c:3f:
                    3b:83:d7:3e:78:f5:56:c4:f6:11:b2:e3:a8:49:22:
                    16:33:e7:00:61:a5:6b:58:fa:7b:f1:8b:68:01:55:
                    5c:c6:f4:19:a4:02:f7:06:f0:7d:ec:87:e3:02:45:
                    1e:c5:9a:ac:b5:ca:e6:f9:9a:20:26:f3:5e:be:ea:
                    9b:83:40:ef:6e:2c:56:54:35:6f:d5:da:25:35:13:
                    cc:70:17:0b:7a:88:fc:93:fe:47:67:82:ee:76:23:
                    60:e6:7b:b2:88:0a:bb:11:80:7a:a8:96:fc:82:31:
                    17:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:A2:AF:59:64:F0:FE:8E:B8:BC:6E:B0:96:D4:B4:60:DE:64:19:BA
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/AqKvWWTw_o64vG6wltS0YN5kGbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:24:d2:77:17:f3:e4:6d:9d:ce:99:8c:25:fc:82:3b:35:66:
         f0:5f:c6:4d:e7:7b:df:82:fc:07:49:2b:0e:85:f2:84:88:d1:
         45:58:1c:c5:c2:5d:4f:f5:b4:d6:a8:98:2d:b6:51:27:c0:46:
         2f:1f:4b:ac:c1:10:80:e6:aa:0a:03:99:c4:a8:e5:c5:6b:eb:
         62:17:be:62:0f:43:1c:19:08:9a:7d:c4:d2:b6:bb:0b:06:80:
         bb:56:9c:a2:35:52:ad:de:cd:7a:bc:45:8e:2c:5b:57:a0:6f:
         d2:9b:1d:0f:b2:5a:cd:83:92:2d:eb:3d:a9:23:da:bd:7a:48:
         ba:e4:3b:d6:98:57:3a:14:c6:07:7c:46:b5:76:41:dc:5f:24:
         85:35:0a:01:4c:13:b8:50:76:d2:83:91:d4:3e:dc:23:dc:bd:
         1c:62:c7:48:c0:f3:a9:37:17:dc:18:31:dc:e8:94:22:ba:76:
         28:8f:0f:53:41:00:e8:70:55:c4:5b:d0:a3:27:f3:b4:9e:57:
         54:36:45:9e:27:2f:be:ab:b6:97:6f:2f:d3:bc:58:85:15:4b:
         5d:f7:63:03:c4:e0:23:07:af:b0:fb:02:65:2c:79:2f:c2:89:
         47:a9:53:3c:64:fb:76:70:2c:b2:1c:1c:ea:bf:56:76:04:d9:
         07:2c:03:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgs0iM5MQtnWW9nXiZl1n9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNzIxMTE1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmEyYWY1OTY0ZjBmZThlYjhiYzZlYjA5NmQ0YjQ2MGRlNjQxOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZzr8kxqlIo+74SybpEo+LRNVk9d
e0YB2DBmymy/0aWKM8OyJ+smvMqzI8yQERieBvbE7HQ30nYMHC9jY8DFMgz28mqa
BqfK+bF6vXCO5LH0whzYTooA7gdsq/1plIPvs9z3NkVY+llBbTrKLf7QBQkkn8HX
Mzlq0UI5l6xBAj8mQieBOEmiY6KREhstASxRO6H3fD87g9c+ePVWxPYRsuOoSSIW
M+cAYaVrWPp78YtoAVVcxvQZpAL3BvB97IfjAkUexZqstcrm+ZogJvNevuqbg0Dv
bixWVDVv1dolNRPMcBcLeoj8k/5HZ4LudiNg5nuyiAq7EYB6qJb8gjEXOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKir1lk8P6OuLxusJbUtGDeZBm6MB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvQXFLdldXVHdfbzY0dkc2d2x0UzBZTjVrR2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzwMA0G
CSqGSIb3DQEBCwUAA4IBAQBBJNJ3F/PkbZ3OmYwl/II7NWbwX8ZN53vfgvwHSSsO
hfKEiNFFWBzFwl1P9bTWqJgttlEnwEYvH0uswRCA5qoKA5nEqOXFa+tiF75iD0Mc
GQiafcTStrsLBoC7VpyiNVKt3s16vEWOLFtXoG/Smx0PslrNg5It6z2pI9q9eki6
5DvWmFc6FMYHfEa1dkHcXySFNQoBTBO4UHbSg5HUPtwj3L0cYsdIwPOpNxfcGDHc
6JQiunYojw9TQQDocFXEW9CjJ/O0nldUNkWeJy++q7aXby/TvFiFFUtd92MDxOAj
B6+w+wJlLHkvwolHqVM8ZPt2cCyyHBzqv1Z2BNkHLANS
-----END CERTIFICATE-----