Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/q9YD1AQQUWITniwywBgoo-FuPNs.roa
File:                     q9YD1AQQUWITniwywBgoo-FuPNs.roa (raw, json)
Hash identifier:          sAsQ6lx+PnyEEu4u/dH7pkk+aU8SC72iwLG2/+BXJkg=
Subject key identifier:   AB:D6:03:D4:04:10:51:62:13:9E:2C:32:C0:18:28:A3:E1:6E:3C:DB
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0198171B0EABB1898C1F3A8F5C318871B663
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/q9YD1AQQUWITniwywBgoo-FuPNs.roa
Signing time:             Thu 17 Jul 2025 06:38:25 +0000
ROA not before:           Thu 17 Jul 2025 06:38:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        46.8.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:1b:0e:ab:b1:89:8c:1f:3a:8f:5c:31:88:71:b6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jul 17 06:38:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abd603d404105162139e2c32c01828a3e16e3cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4a:65:cb:0b:eb:1e:55:bd:89:96:67:f1:69:
                    63:ad:83:6b:2e:9d:6d:18:78:6d:62:4a:ea:0b:a0:
                    e5:1f:b7:a1:6b:64:cf:c4:a1:f6:1c:54:ea:ad:dd:
                    de:57:7c:17:bd:e6:e7:9d:5a:bb:fa:72:4a:cb:a4:
                    ed:4a:e4:72:09:90:a8:0b:2f:f9:9b:6b:2f:8e:1a:
                    1b:29:f3:a9:93:67:0f:8a:f9:15:b5:51:3d:e1:b2:
                    c7:9d:9d:42:6f:bb:76:2e:85:2f:f8:80:f2:36:f3:
                    cc:8c:14:a9:b2:00:8d:bd:79:9f:b0:18:45:e1:35:
                    32:b9:97:b6:6a:08:9d:1a:2f:fa:71:29:14:c4:0f:
                    dc:b9:2c:27:e3:54:1b:c1:16:b7:49:79:aa:fc:d2:
                    94:4d:68:cc:65:cc:70:41:0c:ba:dd:03:84:3e:f4:
                    e0:b2:e9:b2:be:fe:96:07:9f:ed:59:a0:10:b8:e6:
                    a6:c2:8c:ea:7b:a4:7a:7d:1c:f6:26:f4:db:04:bd:
                    05:2c:4f:35:7e:a0:0b:f6:53:70:9b:72:11:da:e1:
                    fd:a9:01:a3:d8:ea:6c:cf:19:ce:02:97:08:a0:ae:
                    ec:eb:b0:40:71:61:e1:f7:97:f7:aa:aa:af:db:c1:
                    08:14:93:53:61:39:e6:3f:a1:ca:94:a0:55:a2:a7:
                    7f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D6:03:D4:04:10:51:62:13:9E:2C:32:C0:18:28:A3:E1:6E:3C:DB
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/q9YD1AQQUWITniwywBgoo-FuPNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:5c:af:4c:58:1a:35:bd:80:a3:67:f8:15:b1:a0:0e:61:36:
         e4:d6:a2:37:70:38:99:1d:75:58:28:43:53:e3:aa:6d:9b:d1:
         e6:0e:05:16:b7:3d:35:1f:da:6b:63:6e:53:bc:92:7b:f7:9f:
         4b:e5:22:24:12:2f:16:1f:d9:1f:eb:c6:96:34:9f:c8:ef:42:
         ea:c7:ab:e2:20:b9:39:83:c9:d4:04:16:aa:21:b1:97:ab:33:
         bb:7a:d1:39:d0:78:8f:9f:06:94:76:33:04:2b:1f:c9:97:16:
         76:c8:56:f1:d4:9b:e2:21:c6:84:ef:01:5c:e2:b1:20:de:a4:
         48:bd:c5:c0:7c:21:1c:26:0b:d5:f1:5a:c4:6c:f4:78:0d:ef:
         16:0a:86:b8:05:b0:08:6d:5d:af:4f:2a:9d:e9:16:77:bd:b3:
         f6:7c:74:39:f9:5c:58:a3:66:63:90:62:8b:c1:d4:f6:86:d8:
         fd:92:3e:c0:75:d9:22:c2:71:85:6a:b3:16:62:a7:7c:a0:c9:
         e1:b2:17:39:70:96:38:bb:25:62:fd:27:d1:6b:e6:da:3b:d1:
         67:42:7f:15:17:69:bc:03:1a:58:d4:0a:b5:d3:72:b1:e8:ed:
         bb:ed:02:30:77:b8:40:1c:94:80:d4:b0:4c:19:57:d0:63:43:
         f9:00:8b:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgXGw6rsYmMHzqPXDGIcbZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwNzE3MDYzODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQ2MDNkNDA0MTA1MTYyMTM5ZTJjMzJjMDE4MjhhM2UxNmUzY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEplywvrHlW9iZZn8WljrYNrLp1t
GHhtYkrqC6DlH7eha2TPxKH2HFTqrd3eV3wXvebnnVq7+nJKy6TtSuRyCZCoCy/5
m2svjhobKfOpk2cPivkVtVE94bLHnZ1Cb7t2LoUv+IDyNvPMjBSpsgCNvXmfsBhF
4TUyuZe2agidGi/6cSkUxA/cuSwn41QbwRa3SXmq/NKUTWjMZcxwQQy63QOEPvTg
sumyvv6WB5/tWaAQuOamwozqe6R6fRz2JvTbBL0FLE81fqAL9lNwm3IR2uH9qQGj
2OpszxnOApcIoK7s67BAcWHh95f3qqqv28EIFJNTYTnmP6HKlKBVoqd/nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvWA9QEEFFiE54sMsAYKKPhbjzbMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvcTlZRDFBUVFVV0lUbml3eXdCZ29vLUZ1UE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgh2MA0G
CSqGSIb3DQEBCwUAA4IBAQAbXK9MWBo1vYCjZ/gVsaAOYTbk1qI3cDiZHXVYKENT
46ptm9HmDgUWtz01H9prY25TvJJ7959L5SIkEi8WH9kf68aWNJ/I70Lqx6viILk5
g8nUBBaqIbGXqzO7etE50HiPnwaUdjMEKx/JlxZ2yFbx1JviIcaE7wFc4rEg3qRI
vcXAfCEcJgvV8VrEbPR4De8WCoa4BbAIbV2vTyqd6RZ3vbP2fHQ5+VxYo2ZjkGKL
wdT2htj9kj7AddkiwnGFarMWYqd8oMnhshc5cJY4uyVi/SfRa+baO9FnQn8VF2m8
AxpY1Aq103Kx6O277QIwd7hAHJSA1LBMGVfQY0P5AIt7
-----END CERTIFICATE-----