Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/4zqjJQ54tnfvuWqP4q5HT_tG78I.roa
File:                     4zqjJQ54tnfvuWqP4q5HT_tG78I.roa (raw, json)
Hash identifier:          4CxXSPWcwR0vooLT58rCHtl4yna461Xu3YJUyKhp4T8=
Subject key identifier:   E3:3A:A3:25:0E:78:B6:77:EF:B9:6A:8F:E2:AE:47:4F:FB:46:EF:C2
Certificate issuer:       /CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
Certificate serial:       0197818F3E26685F046F0A985BE3A5A93B1C
Authority key identifier: EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/4zqjJQ54tnfvuWqP4q5HT_tG78I.roa
Signing time:             Wed 18 Jun 2025 05:42:17 +0000
ROA not before:           Wed 18 Jun 2025 05:42:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12510
IP address blocks:        155.56.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:81:8f:3e:26:68:5f:04:6f:0a:98:5b:e3:a5:a9:3b:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea46963cc479dadbe3c52234ab9fabaa8122d25b
        Validity
            Not Before: Jun 18 05:42:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e33aa3250e78b677efb96a8fe2ae474ffb46efc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6a:d3:1d:52:30:51:a0:d5:50:8a:b1:b3:35:
                    85:f6:dc:d4:d2:95:e7:cb:67:0e:60:0c:94:d4:4a:
                    10:5c:55:2c:77:06:02:f5:0b:e4:2e:f3:3e:14:c3:
                    a4:d1:9e:20:8a:25:e1:38:32:55:3c:65:8f:70:ed:
                    86:f1:78:e0:a8:85:54:f3:45:24:eb:71:5a:31:7b:
                    1a:bb:c2:22:10:c2:ca:c8:85:59:43:d2:ae:44:08:
                    31:bf:df:4f:1b:ef:6c:3e:11:ca:41:5b:a9:27:d0:
                    7c:a9:2b:06:6b:2a:1f:c4:69:e1:89:d8:35:b7:01:
                    cc:bb:ae:ee:b4:a9:9a:5c:54:11:6d:00:8b:f9:6b:
                    34:2c:b2:90:9c:f8:c6:34:52:39:a6:12:4a:b6:1c:
                    b5:1d:33:05:41:0c:0e:6f:d6:03:14:95:c9:26:ea:
                    cd:5e:ec:e8:d7:98:cd:3d:de:77:3b:12:d5:30:40:
                    fc:49:17:a3:f2:b9:63:51:92:3b:d6:3f:77:77:73:
                    22:4f:66:61:26:50:4e:a8:29:c8:12:6d:e1:11:0d:
                    93:d9:35:6d:8f:91:ef:93:bd:a3:11:ba:2f:21:e3:
                    84:85:ef:81:78:98:c1:4b:99:95:4a:4e:6c:b8:2d:
                    41:10:93:02:d5:c9:82:aa:97:8e:31:3b:3f:5e:f3:
                    f6:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:3A:A3:25:0E:78:B6:77:EF:B9:6A:8F:E2:AE:47:4F:FB:46:EF:C2
            X509v3 Authority Key Identifier:
                keyid:EA:46:96:3C:C4:79:DA:DB:E3:C5:22:34:AB:9F:AB:AA:81:22:D2:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6kaWPMR52tvjxSI0q5-rqoEi0ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/4zqjJQ54tnfvuWqP4q5HT_tG78I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/e862de-c46c-4f21-b38e-eb5bc7d97aa0/1/6kaWPMR52tvjxSI0q5-rqoEi0ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.56.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         80:b0:5e:1f:0c:b2:25:17:89:2a:60:e8:ff:da:07:fb:8c:2f:
         9b:b6:3f:47:37:14:c5:97:bc:fe:cc:43:7c:11:88:cc:11:fa:
         a0:f2:b4:13:f5:6e:d3:ed:f5:61:98:88:78:9f:88:2c:ae:69:
         7f:6d:b4:40:dd:14:07:37:ac:c8:84:51:6f:e6:69:db:bd:4e:
         dd:1c:b0:48:4c:5e:9f:21:a3:d4:0d:db:3f:44:46:30:8c:f5:
         51:62:4d:25:9e:0b:0f:d9:93:bf:44:b1:5a:4a:73:01:97:2f:
         d6:e8:d4:21:e3:5f:3d:b3:6e:81:38:a5:70:c1:9c:a6:af:84:
         0f:43:ba:6e:b5:26:5c:ee:cc:b0:9f:41:3e:3c:3a:b3:be:a4:
         6e:49:76:f5:31:86:88:90:f2:06:8c:08:55:13:c7:f4:3d:2f:
         66:66:03:bb:d1:69:31:a9:9d:0a:31:a0:98:60:49:6b:8b:3d:
         1d:91:73:a7:77:0b:7f:31:bd:6f:77:4d:a9:43:52:10:c4:a2:
         28:19:e7:44:ff:a0:68:0e:83:e7:9a:88:a0:62:a0:74:49:10:
         8d:29:b5:f1:df:7e:4c:80:9c:b9:66:41:23:e9:1b:4a:4e:a0:
         04:0e:d5:53:b4:a1:5c:dc:b6:42:50:4a:15:fc:22:16:1c:4d:
         29:2e:67:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeBjz4maF8EbwqYW+OlqTscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNDY5NjNjYzQ3OWRhZGJlM2M1MjIzNGFiOWZhYmFhODEy
MmQyNWIwHhcNMjUwNjE4MDU0MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzNhYTMyNTBlNzhiNjc3ZWZiOTZhOGZlMmFlNDc0ZmZiNDZlZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2rTHVIwUaDVUIqxszWF9tzU0pXn
y2cOYAyU1EoQXFUsdwYC9QvkLvM+FMOk0Z4giiXhODJVPGWPcO2G8XjgqIVU80Uk
63FaMXsau8IiEMLKyIVZQ9KuRAgxv99PG+9sPhHKQVupJ9B8qSsGayofxGnhidg1
twHMu67utKmaXFQRbQCL+Ws0LLKQnPjGNFI5phJKthy1HTMFQQwOb9YDFJXJJurN
Xuzo15jNPd53OxLVMED8SRej8rljUZI71j93d3MiT2ZhJlBOqCnIEm3hEQ2T2TVt
j5Hvk72jEbovIeOEhe+BeJjBS5mVSk5suC1BEJMC1cmCqpeOMTs/XvP2rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOM6oyUOeLZ377lqj+KuR0/7Ru/CMB8GA1UdIwQY
MBaAFOpGljzEedrb48UiNKufq6qBItJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUt
ZWI1YmM3ZDk3YWEwLzEvNHpxakpRNTR0bmZ2dVdxUDRxNUhUX3RHNzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9lODYyZGUtYzQ2Yy00ZjIxLWIzOGUtZWI1YmM3ZDk3YWEw
LzEvNmthV1BNUjUydHZqeFNJMHE1LXJxb0VpMGxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGmzjAMA0G
CSqGSIb3DQEBCwUAA4IBAQCAsF4fDLIlF4kqYOj/2gf7jC+btj9HNxTFl7z+zEN8
EYjMEfqg8rQT9W7T7fVhmIh4n4gsrml/bbRA3RQHN6zIhFFv5mnbvU7dHLBITF6f
IaPUDds/REYwjPVRYk0lngsP2ZO/RLFaSnMBly/W6NQh4189s26BOKVwwZymr4QP
Q7putSZc7sywn0E+PDqzvqRuSXb1MYaIkPIGjAhVE8f0PS9mZgO70WkxqZ0KMaCY
YElriz0dkXOndwt/Mb1vd02pQ1IQxKIoGedE/6BoDoPnmoigYqB0SRCNKbXx335M
gJy5ZkEj6RtKTqAEDtVTtKFc3LZCUEoV/CIWHE0pLmd0
-----END CERTIFICATE-----