Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/l0OkrdC46OXcFrAyK1efk-4Xsw0.roa
File:                     l0OkrdC46OXcFrAyK1efk-4Xsw0.roa (raw, json)
Hash identifier:          e6GLkxVIdJGeVoL8lxi6pYki19y1uXIM73RCaOWJKXc=
Subject key identifier:   97:43:A4:AD:D0:B8:E8:E5:DC:16:B0:32:2B:57:9F:93:EE:17:B3:0D
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0197F83FA0B9B8DA72BE824D093864887B0D
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/l0OkrdC46OXcFrAyK1efk-4Xsw0.roa
Signing time:             Fri 11 Jul 2025 06:50:08 +0000
ROA not before:           Fri 11 Jul 2025 06:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        46.236.244.0/22 maxlen: 24
                          46.236.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f8:3f:a0:b9:b8:da:72:be:82:4d:09:38:64:88:7b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jul 11 06:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9743a4add0b8e8e5dc16b0322b579f93ee17b30d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f1:b5:06:1f:98:16:f5:93:7c:66:00:ee:20:
                    b5:cb:50:e2:de:79:4f:48:91:fe:69:de:54:55:38:
                    20:1f:19:ff:4f:08:c9:b9:68:6d:58:6c:ee:53:37:
                    4b:8c:ff:eb:aa:a0:aa:73:81:bd:b9:eb:91:dc:6f:
                    8b:b0:ea:f3:f0:15:1f:61:79:e1:d9:11:76:27:bd:
                    7d:00:27:fa:e7:f9:ae:aa:ba:00:29:db:85:8d:b0:
                    6a:d8:eb:1c:ef:36:b0:3c:f8:56:9e:50:4a:04:5f:
                    63:e4:62:ac:31:f7:b4:a5:89:89:f6:5b:a6:69:a8:
                    5f:d4:64:ac:ce:3a:ee:71:20:0f:68:da:ef:c1:2b:
                    65:cf:4e:4b:eb:06:89:75:99:53:fa:bb:c4:97:a3:
                    fa:1d:da:1e:b8:1a:46:bd:cc:94:7b:68:38:72:9b:
                    a4:54:9b:3e:0e:eb:98:fc:f9:d8:8b:8d:20:5b:97:
                    0c:ae:9f:b9:6f:4a:a6:c9:77:65:ab:c4:aa:ff:71:
                    77:eb:d6:92:f2:c5:b9:e1:57:ba:ba:31:58:34:ca:
                    df:2f:71:74:6a:91:a3:8a:72:4e:92:26:87:1d:ca:
                    3e:cd:fe:64:86:0d:f7:23:59:8e:c9:81:e8:e3:87:
                    33:45:6a:6a:b2:91:0f:ab:3b:ac:9e:cf:f2:16:34:
                    c5:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:43:A4:AD:D0:B8:E8:E5:DC:16:B0:32:2B:57:9F:93:EE:17:B3:0D
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/l0OkrdC46OXcFrAyK1efk-4Xsw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.244.0-46.236.251.255

    Signature Algorithm: sha256WithRSAEncryption
         26:51:e9:f7:5f:e5:5b:a8:59:dc:08:54:72:c8:d3:d7:d9:66:
         b1:d9:5f:95:9f:7b:ec:b6:6c:cf:9d:aa:cc:39:72:1e:92:4c:
         38:a5:df:ee:ba:0d:9b:56:e9:b4:1e:a5:e6:06:7d:8e:59:db:
         14:50:59:c9:40:33:52:32:2e:9f:25:a0:dd:0e:7f:bc:a7:10:
         58:b4:a0:ff:e8:83:d0:15:a3:d3:83:a9:55:f0:4f:ac:e9:4c:
         20:f0:10:11:ea:d2:fe:db:57:e9:7f:4e:1a:08:5c:8c:2d:a7:
         5b:35:d2:cc:ba:79:68:54:53:e9:18:e1:20:13:af:a0:c6:92:
         39:84:ba:af:77:e1:2b:bc:22:ed:dd:b9:58:3f:7c:b5:01:d6:
         b1:f0:18:39:ae:d1:c3:4b:f5:37:50:cb:ca:97:40:93:58:83:
         f6:cc:4e:50:77:3f:cd:36:26:e0:37:b9:f6:17:fe:55:07:f1:
         29:ed:d2:62:82:d2:25:29:19:9c:ce:60:33:ee:ff:de:83:eb:
         7a:a4:22:16:3f:7d:23:a9:30:49:51:f8:82:88:31:11:79:59:
         5d:f3:2c:47:df:e7:6f:9f:d4:4d:36:8b:cf:29:e3:3d:db:7f:
         01:23:b7:41:3d:29:9c:1b:74:a3:0b:ce:f2:0e:1a:c2:64:bf:
         98:e6:b8:60
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZf4P6C5uNpyvoJNCThkiHsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNzExMDY1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQzYTRhZGQwYjhlOGU1ZGMxNmIwMzIyYjU3OWY5M2VlMTdiMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPG1Bh+YFvWTfGYA7iC1y1Di3nlP
SJH+ad5UVTggHxn/TwjJuWhtWGzuUzdLjP/rqqCqc4G9ueuR3G+LsOrz8BUfYXnh
2RF2J719ACf65/muqroAKduFjbBq2Osc7zawPPhWnlBKBF9j5GKsMfe0pYmJ9lum
aahf1GSszjrucSAPaNrvwStlz05L6waJdZlT+rvEl6P6HdoeuBpGvcyUe2g4cpuk
VJs+DuuY/PnYi40gW5cMrp+5b0qmyXdlq8Sq/3F369aS8sW54Ve6ujFYNMrfL3F0
apGjinJOkiaHHco+zf5khg33I1mOyYHo44czRWpqspEPqzusns/yFjTFfQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJdDpK3QuOjl3BawMitXn5PuF7MNMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvbDBPa3JkQzQ2T1hjRnJBeUsxZWZrLTRYc3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAIu7PQD
BAIu7PgwDQYJKoZIhvcNAQELBQADggEBACZR6fdf5VuoWdwIVHLI09fZZrHZX5Wf
e+y2bM+dqsw5ch6STDil3+66DZtW6bQepeYGfY5Z2xRQWclAM1IyLp8loN0Of7yn
EFi0oP/og9AVo9ODqVXwT6zpTCDwEBHq0v7bV+l/ThoIXIwtp1s10sy6eWhUU+kY
4SATr6DGkjmEuq934Su8Iu3duVg/fLUB1rHwGDmu0cNL9TdQy8qXQJNYg/bMTlB3
P802JuA3ufYX/lUH8Snt0mKC0iUpGZzOYDPu/96D63qkIhY/fSOpMElR+IKIMRF5
WV3zLEff52+f1E02i88p4z3bfwEjt0E9KZwbdKMLzvIOGsJkv5jmuGA=
-----END CERTIFICATE-----