Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/ZgFUKtoAGiNjKUo9XcPEn1qeAFc.roa
File:                     ZgFUKtoAGiNjKUo9XcPEn1qeAFc.roa (raw, json)
Hash identifier:          TDQBb/Bd8P97rUcBMKsWbYhMoJ4eNE0/rZeeqnamWwY=
Subject key identifier:   66:01:54:2A:DA:00:1A:23:63:29:4A:3D:5D:C3:C4:9F:5A:9E:00:57
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0197F8408C05BB4E6C0A4BA9C1606915DE03
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/ZgFUKtoAGiNjKUo9XcPEn1qeAFc.roa
Signing time:             Fri 11 Jul 2025 06:51:08 +0000
ROA not before:           Fri 11 Jul 2025 06:51:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13347
IP address blocks:        46.236.244.0/22 maxlen: 24
                          46.236.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 17:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:40:8c:05:bb:4e:6c:0a:4b:a9:c1:60:69:15:de:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jul 11 06:51:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6601542ada001a2363294a3d5dc3c49f5a9e0057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:23:ec:bb:f5:fc:50:c3:17:eb:74:fa:1f:07:
                    f6:e0:7b:ac:7a:ea:ff:db:69:87:8f:de:ef:81:42:
                    9d:56:29:b2:1e:1f:cc:8f:08:e3:7c:12:2d:c9:ac:
                    3d:a0:e8:67:61:d3:55:83:b3:2b:99:84:0b:7d:b3:
                    f0:ec:56:a1:6f:88:f3:e5:bf:a9:39:6d:97:81:ae:
                    df:4e:50:66:c0:34:fb:34:61:c9:4e:ab:05:84:b6:
                    c6:1a:c6:c6:52:00:c8:9d:3a:b5:58:b6:3f:30:08:
                    7b:ca:70:ba:0d:54:65:95:4b:4f:1c:21:22:c4:97:
                    aa:cf:ab:49:75:a7:1a:cc:cc:80:77:05:47:8c:c2:
                    9a:3e:9d:38:7b:f2:0d:6a:b2:fe:b4:77:a7:ce:f5:
                    c1:f7:ee:20:c9:8e:04:c2:35:de:4c:26:ca:87:62:
                    c1:14:2d:a8:79:ad:61:7c:4f:0e:a4:b9:5c:50:a5:
                    91:d2:fd:32:eb:05:89:4e:23:5f:68:ce:5a:52:14:
                    0f:5e:d8:88:88:00:95:44:6c:02:05:64:05:69:18:
                    eb:ab:65:06:64:f9:1f:a8:14:dd:24:d3:a0:e4:66:
                    2b:d8:3f:8d:64:ee:60:b5:f7:4b:81:ff:58:e1:27:
                    c2:90:17:fd:d7:7f:fd:3f:e4:ce:84:20:d5:22:61:
                    c9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:01:54:2A:DA:00:1A:23:63:29:4A:3D:5D:C3:C4:9F:5A:9E:00:57
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/ZgFUKtoAGiNjKUo9XcPEn1qeAFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.244.0-46.236.251.255

    Signature Algorithm: sha256WithRSAEncryption
         50:03:7f:41:d0:3f:00:33:3d:b3:9a:f0:31:eb:b7:d9:47:e6:
         33:54:69:18:70:84:f7:86:01:12:97:30:ae:90:21:7a:50:b1:
         90:10:8b:df:cb:da:73:fe:93:44:04:4c:3d:c7:d8:97:a7:04:
         a0:88:6b:6a:59:e2:55:6e:66:26:38:7e:9e:13:85:83:b5:d4:
         07:e9:30:d9:a1:0f:87:2e:fe:c6:06:32:5a:3b:40:26:06:43:
         76:3d:fe:63:fb:ae:34:f2:a5:0c:08:a1:e5:8a:ab:ba:58:52:
         30:75:d3:a7:f2:c3:41:62:3f:91:10:7b:e7:70:af:77:2a:a3:
         df:99:a2:5e:72:18:97:0a:ff:a7:0f:23:a0:61:db:37:92:9c:
         9d:44:ce:89:c1:e1:9f:e4:f0:9d:c3:38:bd:82:f4:8a:1b:07:
         d2:4c:62:28:55:2c:22:e7:3c:26:91:53:77:fe:cb:d5:ac:7d:
         6b:9f:9e:02:fe:c8:ec:e9:fd:0e:51:49:5a:fb:68:f2:91:85:
         ac:ad:8c:bc:96:7e:4f:d7:72:26:21:44:69:d8:58:52:c1:db:
         6c:d1:95:5f:74:2a:d1:c8:01:20:88:c6:5d:92:3c:26:3b:81:
         cd:28:6c:21:fd:2e:0a:51:8f:e4:4c:f9:5b:e3:9a:41:5a:d9:
         3a:ae:ba:75
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZf4QIwFu05sCkupwWBpFd4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNzExMDY1MTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjAxNTQyYWRhMDAxYTIzNjMyOTRhM2Q1ZGMzYzQ5ZjVhOWUwMDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCPsu/X8UMMX63T6Hwf24Huseur/
22mHj97vgUKdVimyHh/MjwjjfBItyaw9oOhnYdNVg7MrmYQLfbPw7Fahb4jz5b+p
OW2Xga7fTlBmwDT7NGHJTqsFhLbGGsbGUgDInTq1WLY/MAh7ynC6DVRllUtPHCEi
xJeqz6tJdacazMyAdwVHjMKaPp04e/INarL+tHenzvXB9+4gyY4EwjXeTCbKh2LB
FC2oea1hfE8OpLlcUKWR0v0y6wWJTiNfaM5aUhQPXtiIiACVRGwCBWQFaRjrq2UG
ZPkfqBTdJNOg5GYr2D+NZO5gtfdLgf9Y4SfCkBf913/9P+TOhCDVImHJ4QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGYBVCraABojYylKPV3DxJ9angBXMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvWmdGVUt0b0FHaU5qS1VvOVhjUEVuMXFlQUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIu7PQD
BAIu7PgwDQYJKoZIhvcNAQELBQADggEBAFADf0HQPwAzPbOa8DHrt9lH5jNUaRhw
hPeGARKXMK6QIXpQsZAQi9/L2nP+k0QETD3H2JenBKCIa2pZ4lVuZiY4fp4ThYO1
1AfpMNmhD4cu/sYGMlo7QCYGQ3Y9/mP7rjTypQwIoeWKq7pYUjB106fyw0FiP5EQ
e+dwr3cqo9+Zol5yGJcK/6cPI6Bh2zeSnJ1EzonB4Z/k8J3DOL2C9IobB9JMYihV
LCLnPCaRU3f+y9WsfWufngL+yOzp/Q5RSVr7aPKRhaytjLyWfk/XciYhRGnYWFLB
22zRlV90KtHIASCIxl2SPCY7gc0obCH9LgpRj+RM+VvjmkFa2TquunU=
-----END CERTIFICATE-----