Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/K0MqLUgS2tQhBLKHortNTvUwCrE.roa
File:                     K0MqLUgS2tQhBLKHortNTvUwCrE.roa (raw, json)
Hash identifier:          5dPzYZes7Yb9Rgi9L7tgBSih8hgu0mkoKEg5555chdI=
Subject key identifier:   2B:43:2A:2D:48:12:DA:D4:21:04:B2:87:A2:BB:4D:4E:F5:30:0A:B1
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       019832A930FC8113B609AB6D26E90B5B102E
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/K0MqLUgS2tQhBLKHortNTvUwCrE.roa
Signing time:             Tue 22 Jul 2025 15:03:25 +0000
ROA not before:           Tue 22 Jul 2025 15:03:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.46.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:32:a9:30:fc:81:13:b6:09:ab:6d:26:e9:0b:5b:10:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: Jul 22 15:03:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b432a2d4812dad42104b287a2bb4d4ef5300ab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:74:52:c5:ee:d2:75:a2:9d:3e:fd:87:e1:24:
                    20:dc:23:90:32:66:22:1c:eb:5d:b4:ba:62:34:e9:
                    44:06:84:f0:7d:29:31:ce:d3:f9:96:1d:d3:4b:19:
                    55:9e:4e:c8:b3:04:bd:8c:cc:2c:b5:b0:ed:6d:55:
                    e5:ed:f7:1a:7b:84:00:1c:0c:b5:da:34:df:6e:b5:
                    b4:b0:21:a7:f9:e7:fc:87:e9:da:f5:16:3c:e2:87:
                    32:7b:da:41:ea:e6:16:0c:57:e3:87:1d:a7:80:12:
                    29:31:a7:0b:e5:22:db:b8:6a:41:f2:cc:c9:15:78:
                    e6:3e:63:4c:f4:23:2e:5b:cc:d8:e1:e7:08:7b:3c:
                    de:1e:ba:b9:e8:59:b8:a3:be:14:78:a5:ae:87:19:
                    78:5b:83:d9:f5:df:70:be:6b:aa:9e:c5:98:98:58:
                    f2:1b:87:c4:24:dc:7c:27:bc:e4:db:b9:08:c5:72:
                    fe:e6:05:fd:f0:84:85:93:36:98:d0:d1:1d:f6:c4:
                    fc:9b:37:43:f6:ae:1f:52:4d:1d:e1:9d:c6:02:49:
                    4a:2d:c0:8b:0f:94:4d:91:5b:69:22:a2:2f:ca:9a:
                    8e:42:ef:26:a4:8d:39:7f:ce:90:93:f3:01:5f:e2:
                    18:e9:fb:79:1f:13:86:fc:00:34:50:f3:f6:52:b5:
                    18:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:43:2A:2D:48:12:DA:D4:21:04:B2:87:A2:BB:4D:4E:F5:30:0A:B1
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/K0MqLUgS2tQhBLKHortNTvUwCrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:b5:6e:6d:12:a1:6a:a0:f4:37:25:af:50:a8:08:ca:e3:28:
         bd:a9:b3:3a:e6:12:5c:75:c6:8d:3a:65:f6:09:78:ee:d8:ba:
         99:0d:43:fd:17:9c:e5:71:06:cf:1f:84:d7:bf:18:e1:e1:12:
         da:89:89:90:17:bb:7c:ce:cb:6b:0d:e8:c5:07:5d:22:93:1d:
         b1:66:24:48:86:61:53:4f:34:7b:38:d1:20:1d:52:64:d0:af:
         13:44:99:52:30:0c:6f:05:5f:6f:d0:86:09:19:36:62:87:76:
         d1:c4:49:32:cb:9c:93:ff:84:5c:d1:31:89:1e:bf:23:98:05:
         5e:09:6e:5e:ac:b4:26:90:b0:59:81:ee:15:3a:0a:62:35:70:
         af:18:0a:a5:d4:30:64:40:90:f1:25:ad:50:fb:d9:df:ec:61:
         60:70:97:06:44:31:cd:19:9f:a3:df:7d:4a:f5:f9:03:ef:e4:
         64:b3:b1:f1:6c:ed:89:68:b8:b7:35:56:42:29:d9:60:0e:34:
         69:a9:03:d2:05:9a:ee:8b:7d:3a:54:a8:82:ba:31:9d:93:0f:
         76:a8:f5:cd:68:df:ce:68:bf:6a:c4:f2:77:d4:05:a8:81:b1:
         9e:e3:2b:8b:50:5c:08:bd:31:34:34:dc:6e:a5:53:95:dd:ec:
         9d:05:5c:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgyqTD8gRO2CattJukLWxAuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjUwNzIyMTUwMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjQzMmEyZDQ4MTJkYWQ0MjEwNGIyODdhMmJiNGQ0ZWY1MzAwYWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3RSxe7SdaKdPv2H4SQg3COQMmYi
HOtdtLpiNOlEBoTwfSkxztP5lh3TSxlVnk7IswS9jMwstbDtbVXl7fcae4QAHAy1
2jTfbrW0sCGn+ef8h+na9RY84ocye9pB6uYWDFfjhx2ngBIpMacL5SLbuGpB8szJ
FXjmPmNM9CMuW8zY4ecIezzeHrq56Fm4o74UeKWuhxl4W4PZ9d9wvmuqnsWYmFjy
G4fEJNx8J7zk27kIxXL+5gX98ISFkzaY0NEd9sT8mzdD9q4fUk0d4Z3GAklKLcCL
D5RNkVtpIqIvypqOQu8mpI05f86Qk/MBX+IY6ft5HxOG/AA0UPP2UrUYeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtDKi1IEtrUIQSyh6K7TU71MAqxMB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvSzBNcUxVZ1MydFFoQkxLSG9ydE5UdlV3Q3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5yMA0G
CSqGSIb3DQEBCwUAA4IBAQAutW5tEqFqoPQ3Ja9QqAjK4yi9qbM65hJcdcaNOmX2
CXju2LqZDUP9F5zlcQbPH4TXvxjh4RLaiYmQF7t8zstrDejFB10ikx2xZiRIhmFT
TzR7ONEgHVJk0K8TRJlSMAxvBV9v0IYJGTZih3bRxEkyy5yT/4Rc0TGJHr8jmAVe
CW5erLQmkLBZge4VOgpiNXCvGAql1DBkQJDxJa1Q+9nf7GFgcJcGRDHNGZ+j331K
9fkD7+Rks7HxbO2JaLi3NVZCKdlgDjRpqQPSBZrui306VKiCujGdkw92qPXNaN/O
aL9qxPJ31AWogbGe4yuLUFwIvTE0NNxupVOV3eydBVzm
-----END CERTIFICATE-----