Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/dzR6au3FLXSUL6wnu3sGMtx5vuE.roa
File:                     dzR6au3FLXSUL6wnu3sGMtx5vuE.roa (raw, json)
Hash identifier:          TycFADlFb4vyHMprwY7RZeMmn+iT/ePeH0EO+pcdo8k=
Subject key identifier:   77:34:7A:6A:ED:C5:2D:74:94:2F:AC:27:BB:7B:06:32:DC:79:BE:E1
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0197EE4ACBF336B740BBE732A811B0D4CFF1
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/dzR6au3FLXSUL6wnu3sGMtx5vuE.roa
Signing time:             Wed 09 Jul 2025 08:26:08 +0000
ROA not before:           Wed 09 Jul 2025 08:26:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61244
IP address blocks:        46.236.224.0/21 maxlen: 21
                          46.236.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:4a:cb:f3:36:b7:40:bb:e7:32:a8:11:b0:d4:cf:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jul  9 08:26:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77347a6aedc52d74942fac27bb7b0632dc79bee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bc:dc:5d:49:c2:ce:39:17:a8:9e:1e:28:99:
                    4d:df:f1:66:1a:36:fb:3c:dc:18:a5:76:9f:a2:16:
                    f3:5e:e5:1f:d5:bc:63:3b:1c:e5:25:0f:58:cf:27:
                    fd:a3:b4:b5:02:57:2f:fd:54:25:0d:3a:4a:92:c5:
                    78:a4:93:7a:1e:b2:5d:82:1d:52:f2:e0:2e:fe:6b:
                    a1:b1:13:f1:e0:af:c2:fc:b3:8a:d9:7d:2a:4e:b7:
                    61:d0:15:3d:cd:16:a6:dd:07:13:bc:c7:2b:2b:ee:
                    ff:a2:90:3e:9d:d7:91:1c:42:45:e5:cd:1d:8d:9c:
                    9b:33:e2:b2:fc:f2:a6:50:2b:d4:58:26:7e:61:9b:
                    b6:c8:c0:e2:f7:b7:5d:cc:9e:f6:84:ff:0c:27:23:
                    c7:55:0d:2a:90:54:4f:dd:23:30:39:66:4a:ae:4a:
                    a9:5a:f6:ab:b7:15:dd:9a:e1:e6:bd:29:4f:17:10:
                    f0:36:a5:df:19:d9:a4:ab:83:da:81:90:a9:0a:b4:
                    83:df:3e:5a:8d:8a:73:31:ca:f8:1f:23:41:ed:4a:
                    8b:4b:ab:68:7d:79:03:77:f7:ba:58:9d:50:d2:51:
                    7f:47:8e:42:4c:c1:e5:04:a4:df:bc:72:71:3a:f3:
                    97:cf:a3:63:c9:6c:12:e6:ef:80:f5:f5:61:9b:c2:
                    cf:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:34:7A:6A:ED:C5:2D:74:94:2F:AC:27:BB:7B:06:32:DC:79:BE:E1
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/dzR6au3FLXSUL6wnu3sGMtx5vuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         36:30:af:a1:0c:32:ca:ab:87:5f:79:50:69:3c:9d:af:40:75:
         0c:e9:1b:f3:40:80:cc:59:9c:65:f8:c5:db:ed:1b:fc:3a:2a:
         6d:bc:f6:c4:31:27:c4:0f:27:d6:f8:83:e8:53:66:a0:d4:25:
         0d:db:8b:9b:fd:d5:0b:be:d7:56:dd:51:79:c6:2e:82:1f:b2:
         94:19:26:bd:70:f6:c8:eb:fc:9b:e7:8b:21:ab:91:b8:9b:32:
         c8:f2:c2:d1:0d:5e:37:79:92:37:ce:03:a7:4a:5d:11:a4:f8:
         be:23:f4:7c:b1:90:ff:4e:80:80:c8:f1:5e:cd:4f:da:6a:f5:
         65:8c:57:f9:3a:e0:19:e6:10:b7:08:ad:b1:bb:10:24:85:b7:
         9f:99:fd:a3:f2:6e:13:ce:48:0e:d5:16:8c:7f:5f:76:cc:d1:
         14:4d:23:1c:59:13:07:10:05:68:03:5e:41:b7:37:70:be:88:
         7c:f6:00:c8:d3:d4:3c:78:f7:f8:80:a3:17:96:82:17:d4:27:
         35:13:c3:73:40:ec:fc:58:c9:36:ee:6d:f6:6b:64:c2:f6:24:
         11:45:d7:71:90:ca:ac:48:bc:9f:e7:3d:07:e4:f7:85:6e:1f:
         0f:ab:6b:c8:04:49:0e:55:bc:f4:b2:d7:f7:9b:18:0e:31:23:
         a7:b4:c9:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfuSsvzNrdAu+cyqBGw1M/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNzA5MDgyNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzM0N2E2YWVkYzUyZDc0OTQyZmFjMjdiYjdiMDYzMmRjNzliZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bzcXUnCzjkXqJ4eKJlN3/FmGjb7
PNwYpXafohbzXuUf1bxjOxzlJQ9Yzyf9o7S1Alcv/VQlDTpKksV4pJN6HrJdgh1S
8uAu/muhsRPx4K/C/LOK2X0qTrdh0BU9zRam3QcTvMcrK+7/opA+ndeRHEJF5c0d
jZybM+Ky/PKmUCvUWCZ+YZu2yMDi97ddzJ72hP8MJyPHVQ0qkFRP3SMwOWZKrkqp
WvartxXdmuHmvSlPFxDwNqXfGdmkq4PagZCpCrSD3z5ajYpzMcr4HyNB7UqLS6to
fXkDd/e6WJ1Q0lF/R45CTMHlBKTfvHJxOvOXz6NjyWwS5u+A9fVhm8LP2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHc0emrtxS10lC+sJ7t7BjLceb7hMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvZHpSNmF1M0ZMWFNVTDZ3bnUzc0dNdHg1dnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELuzgMA0G
CSqGSIb3DQEBCwUAA4IBAQA2MK+hDDLKq4dfeVBpPJ2vQHUM6RvzQIDMWZxl+MXb
7Rv8OiptvPbEMSfEDyfW+IPoU2ag1CUN24ub/dULvtdW3VF5xi6CH7KUGSa9cPbI
6/yb54shq5G4mzLI8sLRDV43eZI3zgOnSl0RpPi+I/R8sZD/ToCAyPFezU/aavVl
jFf5OuAZ5hC3CK2xuxAkhbefmf2j8m4TzkgO1RaMf192zNEUTSMcWRMHEAVoA15B
tzdwvoh89gDI09Q8ePf4gKMXloIX1Cc1E8NzQOz8WMk27m32a2TC9iQRRddxkMqs
SLyf5z0H5PeFbh8Pq2vIBEkOVbz0stf3mxgOMSOntMlk
-----END CERTIFICATE-----