Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/cZ35CSPr-e6s9ZzZ1cCpKSrcsxQ.roa
File:                     cZ35CSPr-e6s9ZzZ1cCpKSrcsxQ.roa (raw, json)
Hash identifier:          Q+tgir+fUPA3KtG37Q+v+2DT+F3gXFs+ldjurtDdJms=
Subject key identifier:   71:9D:F9:09:23:EB:F9:EE:AC:F5:9C:D9:D5:C0:A9:29:2A:DC:B3:14
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0197F83FA1EFF3EF8EED8613B4EDF658CAEE
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/cZ35CSPr-e6s9ZzZ1cCpKSrcsxQ.roa
Signing time:             Fri 11 Jul 2025 06:50:08 +0000
ROA not before:           Fri 11 Jul 2025 06:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        46.236.244.0/22 maxlen: 24
                          46.236.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:3f:a1:ef:f3:ef:8e:ed:86:13:b4:ed:f6:58:ca:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jul 11 06:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=719df90923ebf9eeacf59cd9d5c0a9292adcb314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:80:0b:36:b9:29:e6:32:dc:72:de:af:4c:1a:
                    c9:00:68:6c:77:f6:e6:76:06:a3:f3:05:50:af:4d:
                    d1:d9:6c:e3:b6:a2:de:f6:48:15:fe:95:2e:0d:81:
                    00:36:b4:90:9a:d6:ba:53:bb:26:e3:6a:a4:b7:b6:
                    ad:94:2a:59:1b:da:e7:8e:26:50:aa:45:62:be:cf:
                    cc:1b:76:45:c0:56:fa:9c:d0:b6:93:01:83:a9:c8:
                    a0:71:2d:c2:88:88:81:4a:bd:e8:52:5f:d6:3e:8b:
                    c5:7f:6f:a2:e3:76:ce:2c:cd:2f:b6:3b:bb:01:0f:
                    d3:bb:9a:10:ea:ed:18:94:d8:d8:00:5a:9e:69:60:
                    84:b0:c3:3a:d1:8a:1a:29:99:a8:03:e4:78:8b:3c:
                    88:97:73:ae:8e:14:3d:a5:d5:b5:4a:fb:10:b0:f9:
                    56:0c:2f:bd:f6:31:01:65:b2:5d:0d:d1:32:60:48:
                    48:74:c6:e8:1a:ae:95:6e:28:6d:ef:f7:0f:ee:ae:
                    f1:d0:6a:5a:e4:4a:33:64:b7:d2:41:cf:6f:fc:1c:
                    a7:02:11:b4:bc:82:fb:99:ee:91:82:dc:2f:50:d9:
                    c4:61:59:5e:45:22:4e:a1:3d:6e:21:c7:a4:04:01:
                    39:f0:f8:c8:1a:19:b3:31:fe:1d:5a:2a:c4:84:f6:
                    3f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9D:F9:09:23:EB:F9:EE:AC:F5:9C:D9:D5:C0:A9:29:2A:DC:B3:14
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/cZ35CSPr-e6s9ZzZ1cCpKSrcsxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.244.0-46.236.251.255

    Signature Algorithm: sha256WithRSAEncryption
         ad:80:da:4d:11:3a:9c:2f:ba:27:55:08:47:a0:33:56:f2:9a:
         52:6b:fc:3e:08:32:61:2d:fd:de:3c:ce:7e:4b:1e:65:44:94:
         19:41:b5:3e:99:4e:95:4b:aa:8c:76:ea:ed:2f:b4:f3:14:5c:
         e7:b2:3f:e6:a2:15:ad:51:e0:e2:b0:fe:a3:37:87:27:0d:f8:
         54:06:3b:1d:df:83:fc:33:66:45:c6:4d:22:2a:78:7e:32:bc:
         a7:4d:4b:17:84:3e:58:9a:cf:fc:b7:28:77:65:86:03:61:ed:
         56:c9:4c:c2:4f:e3:ce:be:24:7d:8b:f2:eb:d4:38:55:33:dd:
         81:e8:87:b8:ab:50:5e:9d:af:f4:40:01:4a:6a:4b:4a:3a:90:
         dc:3a:e6:c9:ac:52:c3:ed:ce:85:4a:e4:be:10:56:af:e3:9c:
         b3:10:eb:f0:aa:f6:83:0e:21:49:42:f9:fb:51:60:b3:7e:fe:
         4b:34:59:cd:c9:d5:dd:37:28:0d:5c:89:be:86:5a:69:c1:cc:
         92:83:2f:3d:db:91:13:9b:a0:f0:b1:9c:35:f7:17:63:72:e7:
         8e:5e:64:98:df:c4:14:84:7e:64:48:41:af:10:33:12:e8:05:
         9d:87:b9:f4:63:7c:be:58:65:87:53:dc:06:26:80:a2:7f:5c:
         fd:17:a1:7c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZf4P6Hv8++O7YYTtO32WMruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNzExMDY1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTlkZjkwOTIzZWJmOWVlYWNmNTljZDlkNWMwYTkyOTJhZGNiMzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIALNrkp5jLcct6vTBrJAGhsd/bm
dgaj8wVQr03R2WzjtqLe9kgV/pUuDYEANrSQmta6U7sm42qkt7atlCpZG9rnjiZQ
qkVivs/MG3ZFwFb6nNC2kwGDqcigcS3CiIiBSr3oUl/WPovFf2+i43bOLM0vtju7
AQ/Tu5oQ6u0YlNjYAFqeaWCEsMM60YoaKZmoA+R4izyIl3OujhQ9pdW1SvsQsPlW
DC+99jEBZbJdDdEyYEhIdMboGq6Vbiht7/cP7q7x0Gpa5EozZLfSQc9v/BynAhG0
vIL7me6RgtwvUNnEYVleRSJOoT1uIcekBAE58PjIGhmzMf4dWirEhPY/LQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHGd+Qkj6/nurPWc2dXAqSkq3LMUMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvY1ozNUNTUHItZTZzOVp6WjFjQ3BLU3Jjc3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIu7PQD
BAIu7PgwDQYJKoZIhvcNAQELBQADggEBAK2A2k0ROpwvuidVCEegM1bymlJr/D4I
MmEt/d48zn5LHmVElBlBtT6ZTpVLqox26u0vtPMUXOeyP+aiFa1R4OKw/qM3hycN
+FQGOx3fg/wzZkXGTSIqeH4yvKdNSxeEPliaz/y3KHdlhgNh7VbJTMJP486+JH2L
8uvUOFUz3YHoh7irUF6dr/RAAUpqS0o6kNw65smsUsPtzoVK5L4QVq/jnLMQ6/Cq
9oMOIUlC+ftRYLN+/ks0Wc3J1d03KA1cib6GWmnBzJKDLz3bkROboPCxnDX3F2Ny
545eZJjfxBSEfmRIQa8QMxLoBZ2HufRjfL5YZYdT3AYmgKJ/XP0XoXw=
-----END CERTIFICATE-----