Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/l3ZDT2gNOtZjLuBLuwpE6ZnBm-s.roa
File:                     l3ZDT2gNOtZjLuBLuwpE6ZnBm-s.roa (raw, json)
Hash identifier:          1+yCgtq5Im5Fg/SSqsuub6MIDinjmkRADHcXtUuHpR8=
Subject key identifier:   97:76:43:4F:68:0D:3A:D6:63:2E:E0:4B:BB:0A:44:E9:99:C1:9B:EB
Certificate issuer:       /CN=c89c2cc489ebe48f490584ac866fe362c4117e75
Certificate serial:       019803D8AEC8ADBB8486A3F9D8468808AA46
Authority key identifier: C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/l3ZDT2gNOtZjLuBLuwpE6ZnBm-s.roa
Signing time:             Sun 13 Jul 2025 12:53:08 +0000
ROA not before:           Sun 13 Jul 2025 12:53:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47376
IP address blocks:        46.148.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:03:d8:ae:c8:ad:bb:84:86:a3:f9:d8:46:88:08:aa:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c89c2cc489ebe48f490584ac866fe362c4117e75
        Validity
            Not Before: Jul 13 12:53:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9776434f680d3ad6632ee04bbb0a44e999c19beb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:88:1f:01:b5:0c:59:fc:e4:36:67:0c:49:25:
                    8c:d3:48:b9:7c:37:a8:8c:fb:13:e4:ad:0d:b3:20:
                    00:f7:ae:04:d7:00:d5:04:3a:19:6e:ca:87:60:0f:
                    d6:89:69:db:91:58:cf:35:96:79:eb:ab:d5:5e:87:
                    cb:00:c5:5b:da:37:af:d2:be:ae:a0:ea:66:b4:f9:
                    92:5d:d7:7e:52:d3:ba:5b:0d:a4:d3:cb:8a:a7:1a:
                    7b:22:3c:d4:f0:9e:5e:64:39:af:3b:0e:55:ba:18:
                    47:e4:e4:dc:f6:1a:6d:7e:5e:b3:2e:d7:74:a2:51:
                    f7:72:f8:ec:46:a9:80:ac:25:5b:83:7e:37:4f:a1:
                    f3:1e:a4:ff:9b:e4:02:3f:2f:16:f3:dc:b4:d0:fe:
                    73:dc:25:4a:bf:37:6f:e7:93:6a:85:33:7a:5c:40:
                    2a:8d:8f:d0:05:ef:fc:0d:a4:cc:4a:bc:b3:7b:f4:
                    00:a3:ba:8d:52:f5:c1:94:9a:7e:09:73:72:f1:a8:
                    76:61:f2:c5:b2:86:a8:af:72:06:1a:f6:05:4f:95:
                    63:57:29:50:27:5e:cc:9a:b4:f5:91:dc:8c:3e:26:
                    45:72:3d:34:8a:79:0b:af:7e:e0:9b:89:58:69:9e:
                    6a:f8:da:af:c0:d9:78:ee:c5:05:ff:60:85:af:3e:
                    ea:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:76:43:4F:68:0D:3A:D6:63:2E:E0:4B:BB:0A:44:E9:99:C1:9B:EB
            X509v3 Authority Key Identifier:
                keyid:C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/l3ZDT2gNOtZjLuBLuwpE6ZnBm-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:55:75:90:68:71:d2:ea:f5:a5:c3:9e:0c:4a:88:07:b4:28:
         81:55:23:48:af:e0:3d:4e:e5:9a:cc:a5:71:e7:6e:00:aa:27:
         9b:ba:c4:96:e9:fd:08:d4:29:49:c1:df:d0:bb:4d:36:ed:1c:
         20:29:c3:e8:78:37:24:89:cb:5f:8a:2c:92:bf:68:cd:c1:9a:
         2c:0d:c0:02:56:3c:95:b6:e6:36:6b:61:60:a6:02:1b:3f:a6:
         95:a4:58:f5:86:51:30:82:82:d6:61:e0:23:95:ad:67:0c:fd:
         7e:2e:ed:c9:2f:f2:78:76:84:a0:36:5c:e0:5e:a0:83:06:ae:
         9e:29:3a:de:68:e8:98:29:f5:74:41:c3:ce:a7:21:ee:b6:55:
         12:64:9e:05:91:ba:d0:d7:a4:aa:3f:a1:07:ad:02:38:cc:a5:
         ca:ed:14:6e:cb:c1:35:da:7d:a8:89:d5:79:5b:28:f5:d2:79:
         cc:98:62:01:5b:cf:38:7e:2a:f7:a6:d1:36:b1:82:7e:fa:c6:
         27:bf:16:ba:df:03:40:4e:c8:d2:f2:48:c7:1b:8c:3a:59:ff:
         37:9c:44:24:8d:23:83:5e:a9:6b:60:7b:24:09:37:0b:a2:f1:
         bd:f8:69:32:40:60:1e:91:42:18:58:7c:b8:c4:b5:71:40:01:
         6e:57:bf:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgD2K7IrbuEhqP52EaICKpGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4OWMyY2M0ODllYmU0OGY0OTA1ODRhYzg2NmZlMzYyYzQx
MTdlNzUwHhcNMjUwNzEzMTI1MzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzc2NDM0ZjY4MGQzYWQ2NjMyZWUwNGJiYjBhNDRlOTk5YzE5YmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnIgfAbUMWfzkNmcMSSWM00i5fDeo
jPsT5K0NsyAA964E1wDVBDoZbsqHYA/WiWnbkVjPNZZ566vVXofLAMVb2jev0r6u
oOpmtPmSXdd+UtO6Ww2k08uKpxp7IjzU8J5eZDmvOw5VuhhH5OTc9hptfl6zLtd0
olH3cvjsRqmArCVbg343T6HzHqT/m+QCPy8W89y00P5z3CVKvzdv55NqhTN6XEAq
jY/QBe/8DaTMSryze/QAo7qNUvXBlJp+CXNy8ah2YfLFsoaor3IGGvYFT5VjVylQ
J17MmrT1kdyMPiZFcj00inkLr37gm4lYaZ5q+NqvwNl47sUF/2CFrz7q1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJd2Q09oDTrWYy7gS7sKROmZwZvrMB8GA1UdIwQY
MBaAFMicLMSJ6+SPSQWErIZv42LEEX51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEt
YWYyY2ZhNjIyZDE4LzEvbDNaRFQyZ05PdFpqTHVCTHV3cEU2Wm5CbS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEtYWYyY2ZhNjIyZDE4
LzEveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpQpMA0G
CSqGSIb3DQEBCwUAA4IBAQBrVXWQaHHS6vWlw54MSogHtCiBVSNIr+A9TuWazKVx
524AqiebusSW6f0I1ClJwd/Qu0027RwgKcPoeDckictfiiySv2jNwZosDcACVjyV
tuY2a2FgpgIbP6aVpFj1hlEwgoLWYeAjla1nDP1+Lu3JL/J4doSgNlzgXqCDBq6e
KTreaOiYKfV0QcPOpyHutlUSZJ4FkbrQ16SqP6EHrQI4zKXK7RRuy8E12n2oidV5
Wyj10nnMmGIBW884fir3ptE2sYJ++sYnvxa63wNATsjS8kjHG4w6Wf83nEQkjSOD
XqlrYHskCTcLovG9+GkyQGAekUIYWHy4xLVxQAFuV78s
-----END CERTIFICATE-----