Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/kknIu23hfAJV_kNcy26SU76l3O8.roa
File:                     kknIu23hfAJV_kNcy26SU76l3O8.roa (raw, json)
Hash identifier:          ojLouaHOkbJQ8C87UzTzDPwwJCr2mYsGyGvbRKGtoBo=
Subject key identifier:   92:49:C8:BB:6D:E1:7C:02:55:FE:43:5C:CB:6E:92:53:BE:A5:DC:EF
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       01980160F804361EBA1A4A33D35B1ED7D3B1
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/kknIu23hfAJV_kNcy26SU76l3O8.roa
Signing time:             Sun 13 Jul 2025 01:23:08 +0000
ROA not before:           Sun 13 Jul 2025 01:23:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        46.37.98.0/24 maxlen: 24
                          46.37.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:01:60:f8:04:36:1e:ba:1a:4a:33:d3:5b:1e:d7:d3:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jul 13 01:23:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9249c8bb6de17c0255fe435ccb6e9253bea5dcef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ba:26:18:d5:1e:e3:4e:84:ee:67:6a:48:f9:
                    9d:70:7f:e2:ba:81:68:3e:c0:d0:cf:7a:89:07:4f:
                    4f:98:97:66:ba:ed:02:d8:d5:91:4e:f0:72:17:e5:
                    b6:3c:68:79:a3:f7:fb:17:c9:d4:6c:58:4b:ea:c0:
                    a4:82:f0:db:4e:ad:73:30:21:79:a3:81:8e:98:91:
                    98:06:5d:da:d7:a6:5f:30:41:14:e8:e1:2b:72:e0:
                    4e:81:45:36:82:3c:e7:5e:63:bd:34:fa:67:59:ed:
                    0f:8a:5d:fc:e0:d8:e0:c9:5f:fa:ef:53:f9:08:f2:
                    ff:3c:4c:b0:9d:cd:e9:d6:23:68:3b:2f:f7:4e:ed:
                    cd:56:46:63:6d:f5:94:42:e9:38:2b:07:95:d7:6a:
                    28:9f:7c:1c:64:fa:b7:c1:7f:01:06:3d:0e:a5:1b:
                    ef:c8:ee:26:c8:27:63:54:47:5c:a7:03:a7:36:97:
                    07:e6:9e:11:dd:c0:b0:62:c2:33:60:0a:33:1d:4d:
                    76:e1:b6:12:d4:88:1a:7e:bf:28:70:99:f8:4d:89:
                    bc:52:80:da:5e:b9:c0:ea:d9:5f:e1:c3:ab:97:d3:
                    94:c9:57:cb:b5:eb:22:d3:2f:33:1f:e7:50:ea:25:
                    44:a6:9d:d3:e7:17:6f:9c:d1:15:cd:12:1c:e5:f7:
                    47:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:49:C8:BB:6D:E1:7C:02:55:FE:43:5C:CB:6E:92:53:BE:A5:DC:EF
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/kknIu23hfAJV_kNcy26SU76l3O8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.98.0/24
                  46.37.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:1e:ae:1e:da:50:08:2f:3c:cc:e9:75:69:8e:4f:7e:17:6c:
         1d:5d:58:c4:4b:c0:b1:a7:79:f5:71:5e:27:bd:91:f8:18:01:
         f9:83:4c:d0:9a:e1:b6:e4:a9:51:23:69:31:95:6c:27:7e:7c:
         b6:03:06:48:55:a6:ea:c5:58:92:3f:aa:bb:eb:2d:0a:b5:7b:
         7c:e0:0e:4d:81:65:04:a2:fa:b3:16:24:fc:8a:6a:56:36:86:
         5d:64:0f:22:fa:00:ff:e4:7b:55:22:57:49:ca:d9:be:c6:45:
         81:7d:0b:9e:a6:3b:4c:3c:8c:b5:1c:fa:84:56:89:1a:52:e2:
         6f:50:91:02:c5:b9:e7:bd:f0:32:47:17:32:2c:48:9f:b5:93:
         36:23:e7:bd:81:18:08:2d:f8:c0:0f:13:f2:21:9e:75:05:f9:
         e5:53:03:ff:65:bc:fd:c3:73:97:49:a2:8c:de:e3:3a:81:70:
         22:fb:ca:8a:e3:fa:ec:f9:f5:3f:4f:7a:4c:98:d1:b6:90:e6:
         2d:57:5d:a7:35:d6:a3:ce:6b:e3:af:77:4c:95:0e:47:16:02:
         3d:07:90:8f:a6:2d:ff:c0:46:61:3f:33:0e:f1:d7:c9:82:e4:
         ea:d4:0c:ab:56:c7:c2:c1:cd:59:d1:c6:7b:2f:a0:1c:bd:81:
         75:b4:e9:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgBYPgENh66Gkoz01se19OxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNzEzMDEyMzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjQ5YzhiYjZkZTE3YzAyNTVmZTQzNWNjYjZlOTI1M2JlYTVkY2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLomGNUe406E7mdqSPmdcH/iuoFo
PsDQz3qJB09PmJdmuu0C2NWRTvByF+W2PGh5o/f7F8nUbFhL6sCkgvDbTq1zMCF5
o4GOmJGYBl3a16ZfMEEU6OErcuBOgUU2gjznXmO9NPpnWe0Pil384NjgyV/671P5
CPL/PEywnc3p1iNoOy/3Tu3NVkZjbfWUQuk4KweV12oon3wcZPq3wX8BBj0OpRvv
yO4myCdjVEdcpwOnNpcH5p4R3cCwYsIzYAozHU124bYS1Igafr8ocJn4TYm8UoDa
XrnA6tlf4cOrl9OUyVfLtesi0y8zH+dQ6iVEpp3T5xdvnNEVzRIc5fdHYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJJJyLtt4XwCVf5DXMtuklO+pdzvMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEva2tuSXUyM2hmQUpWX2tOY3kyNlNVNzZsM084LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiViAwQA
LiVxMA0GCSqGSIb3DQEBCwUAA4IBAQBEHq4e2lAILzzM6XVpjk9+F2wdXVjES8Cx
p3n1cV4nvZH4GAH5g0zQmuG25KlRI2kxlWwnfny2AwZIVabqxViSP6q76y0KtXt8
4A5NgWUEovqzFiT8impWNoZdZA8i+gD/5HtVIldJytm+xkWBfQuepjtMPIy1HPqE
VokaUuJvUJECxbnnvfAyRxcyLEiftZM2I+e9gRgILfjADxPyIZ51BfnlUwP/Zbz9
w3OXSaKM3uM6gXAi+8qK4/rs+fU/T3pMmNG2kOYtV12nNdajzmvjr3dMlQ5HFgI9
B5CPpi3/wEZhPzMO8dfJguTq1AyrVsfCwc1Z0cZ7L6AcvYF1tOnl
-----END CERTIFICATE-----