Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/u0R52rUaaqAW7WnalO7GMXvEHYY.roa
File:                     u0R52rUaaqAW7WnalO7GMXvEHYY.roa (raw, json)
Hash identifier:          S4xl8vCIOydq7q41YqdzJiyFilqM8O+LDX43qXwfDBQ=
Subject key identifier:   BB:44:79:DA:B5:1A:6A:A0:16:ED:69:DA:94:EE:C6:31:7B:C4:1D:86
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       0198171B0F294F3AE071FDDC3AEA7A2E1F8D
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/u0R52rUaaqAW7WnalO7GMXvEHYY.roa
Signing time:             Thu 17 Jul 2025 06:38:26 +0000
ROA not before:           Thu 17 Jul 2025 06:38:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149430
IP address blocks:        46.8.182.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:1b:0f:29:4f:3a:e0:71:fd:dc:3a:ea:7a:2e:1f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jul 17 06:38:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb4479dab51a6aa016ed69da94eec6317bc41d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:56:0b:05:82:c9:13:fc:61:54:2d:51:f8:f3:
                    3b:c9:71:fb:76:ec:34:b5:71:71:67:b8:cb:44:f7:
                    51:e7:e4:f6:98:87:0d:ee:06:35:bc:e2:c4:ff:32:
                    77:47:4d:ba:ee:b8:f3:3c:b1:eb:e3:ca:7a:fe:d9:
                    53:3b:3b:90:89:a7:e2:f8:98:db:f2:4c:fd:b1:fd:
                    e9:10:60:13:69:92:fe:47:b4:cb:02:10:f0:cf:53:
                    a9:62:26:cb:97:d9:9a:0b:6f:c8:10:78:38:f1:53:
                    65:d0:81:83:f3:73:52:da:6b:8c:ba:34:3a:64:ae:
                    22:98:ca:eb:70:b3:47:cd:29:a9:ef:10:07:6f:3f:
                    31:31:6c:3e:76:77:c9:80:da:d5:fb:54:89:5e:4e:
                    96:09:e3:e2:2a:a8:0f:c1:79:eb:59:c5:9e:8b:2a:
                    40:16:82:18:86:3d:80:78:9c:17:2a:82:31:ca:50:
                    11:80:23:c0:8c:d2:38:a7:7f:ff:af:8a:f0:d8:dd:
                    1b:31:42:b4:8f:04:56:a1:5a:2d:32:67:e2:83:a4:
                    7a:a3:80:97:7d:a6:41:49:50:88:a7:af:ff:0e:a5:
                    9f:b6:04:0d:5f:2c:70:55:9f:f5:56:e0:f4:61:ea:
                    5f:ec:b0:7e:a6:63:ae:35:3b:2a:7c:7c:b5:9c:98:
                    65:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:44:79:DA:B5:1A:6A:A0:16:ED:69:DA:94:EE:C6:31:7B:C4:1D:86
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/u0R52rUaaqAW7WnalO7GMXvEHYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:b6:a2:81:e7:c0:6c:d8:40:1b:3e:c5:4c:12:19:e9:73:9d:
         d4:d0:db:de:05:82:6e:e3:f7:2c:08:15:b0:f1:e1:33:ea:35:
         b9:88:63:57:37:03:63:a6:6d:3c:b2:4c:ae:0a:41:13:32:94:
         47:c2:91:ae:86:66:99:d3:02:6f:83:6f:c0:52:1f:9d:3b:61:
         b8:71:6f:b9:ae:1b:d4:a2:b6:95:45:d9:a7:06:3f:55:db:48:
         61:24:03:e9:7f:0f:65:52:75:1f:e3:95:8f:08:f5:a4:0e:71:
         ad:da:d6:9b:c3:3f:ed:98:99:6d:8c:f2:84:74:63:ef:17:4d:
         d6:e0:6d:3a:95:58:04:3c:03:15:16:5c:6a:c8:e8:61:ee:96:
         5a:6f:39:76:22:1b:6d:5d:bd:5b:6e:b6:8e:a9:d6:2f:84:6b:
         d5:e8:10:08:3a:62:d5:c8:53:27:59:67:68:19:0a:4b:9e:e4:
         19:94:71:fa:b1:cb:ff:7b:b0:6c:5b:f9:93:b0:36:7e:ad:af:
         7b:c2:4a:1b:d8:c8:3f:35:56:0d:5c:03:24:04:8d:cc:d2:24:
         bd:ce:d7:0e:d8:8b:41:c5:53:60:14:f7:07:c0:4e:4d:5e:06:
         44:51:3f:a9:62:02:22:2e:5c:ae:63:eb:3b:8f:6a:5f:7a:82:
         b2:8e:a6:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgXGw8pTzrgcf3cOup6Lh+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwNzE3MDYzODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjQ0NzlkYWI1MWE2YWEwMTZlZDY5ZGE5NGVlYzYzMTdiYzQxZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslYLBYLJE/xhVC1R+PM7yXH7duw0
tXFxZ7jLRPdR5+T2mIcN7gY1vOLE/zJ3R0267rjzPLHr48p6/tlTOzuQiafi+Jjb
8kz9sf3pEGATaZL+R7TLAhDwz1OpYibLl9maC2/IEHg48VNl0IGD83NS2muMujQ6
ZK4imMrrcLNHzSmp7xAHbz8xMWw+dnfJgNrV+1SJXk6WCePiKqgPwXnrWcWeiypA
FoIYhj2AeJwXKoIxylARgCPAjNI4p3//r4rw2N0bMUK0jwRWoVotMmfig6R6o4CX
faZBSVCIp6//DqWftgQNXyxwVZ/1VuD0Yepf7LB+pmOuNTsqfHy1nJhliwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtEedq1GmqgFu1p2pTuxjF7xB2GMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvdTBSNTJyVWFhcUFXN1duYWxPN0dNWHZFSFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgi2MA0G
CSqGSIb3DQEBCwUAA4IBAQCNtqKB58Bs2EAbPsVMEhnpc53U0NveBYJu4/csCBWw
8eEz6jW5iGNXNwNjpm08skyuCkETMpRHwpGuhmaZ0wJvg2/AUh+dO2G4cW+5rhvU
oraVRdmnBj9V20hhJAPpfw9lUnUf45WPCPWkDnGt2tabwz/tmJltjPKEdGPvF03W
4G06lVgEPAMVFlxqyOhh7pZabzl2IhttXb1bbraOqdYvhGvV6BAIOmLVyFMnWWdo
GQpLnuQZlHH6scv/e7BsW/mTsDZ+ra97wkob2Mg/NVYNXAMkBI3M0iS9ztcO2ItB
xVNgFPcHwE5NXgZEUT+pYgIiLlyuY+s7j2pfeoKyjqZ0
-----END CERTIFICATE-----