Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/roPYnO0cl0ID0u7U-t49g-Eb530.roa
File:                     roPYnO0cl0ID0u7U-t49g-Eb530.roa (raw, json)
Hash identifier:          MBSI76KPBVQQ8ytmr+JfA4yyYPQ56/lKKVRYy7vbVPQ=
Subject key identifier:   AE:83:D8:9C:ED:1C:97:42:03:D2:EE:D4:FA:DE:3D:83:E1:1B:E7:7D
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0198B442F08B0E2A5194688C9E209D145B64
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/roPYnO0cl0ID0u7U-t49g-Eb530.roa
Signing time:             Sat 16 Aug 2025 19:02:22 +0000
ROA not before:           Sat 16 Aug 2025 19:02:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        46.236.252.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 14:31:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b4:42:f0:8b:0e:2a:51:94:68:8c:9e:20:9d:14:5b:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Aug 16 19:02:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae83d89ced1c974203d2eed4fade3d83e11be77d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0c:60:c9:27:f1:74:a3:c6:3d:ea:77:cc:46:
                    be:fa:7f:8c:30:28:b9:2f:4f:c9:f5:e7:2b:97:37:
                    22:11:cf:41:6e:b1:9b:46:d1:45:f7:17:33:67:b0:
                    e2:63:1b:f6:9f:24:b2:a6:26:c8:c9:a8:88:82:a3:
                    4c:94:7c:a6:7c:a6:7b:aa:32:c7:77:24:f0:37:29:
                    60:2b:66:3b:0a:0c:5f:5a:46:77:2e:db:db:aa:b4:
                    98:56:4c:01:45:67:42:8e:59:4f:f0:47:8b:e0:67:
                    c3:3f:a6:83:3c:21:c6:b0:e3:e4:7f:69:e4:2d:40:
                    78:9d:41:14:b7:96:9b:84:68:65:48:99:0c:1e:1e:
                    eb:df:99:50:2c:85:c2:db:4a:4d:59:f1:78:1f:0a:
                    93:dc:af:ff:ff:d5:3b:30:71:56:51:4f:34:f2:af:
                    c0:20:7d:d0:a0:b2:fa:d9:24:9f:e1:63:09:74:69:
                    df:6a:93:57:2b:89:91:4a:09:86:01:79:2f:a5:b7:
                    6b:b4:66:16:0e:0b:e6:9e:55:ca:41:df:56:01:4f:
                    58:dc:4c:08:7b:9e:e8:15:7c:8b:8f:5e:7b:4e:f8:
                    f1:d9:e4:5e:a1:54:2e:5f:75:33:5f:0c:1d:6d:f9:
                    5b:00:f4:59:62:fe:63:d1:ee:e4:b6:8c:42:71:e1:
                    22:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:83:D8:9C:ED:1C:97:42:03:D2:EE:D4:FA:DE:3D:83:E1:1B:E7:7D
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/roPYnO0cl0ID0u7U-t49g-Eb530.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:d0:52:6f:9a:74:e1:b3:fc:a2:3a:d9:94:ed:0d:98:2c:72:
         c9:40:a0:b8:40:dd:54:d3:dd:37:61:f3:56:73:cf:c8:ae:7d:
         25:2c:50:b0:f4:81:57:7b:8c:31:be:ff:38:fe:8c:86:0b:e5:
         d1:63:ca:8e:56:fa:e8:40:65:ae:15:cc:70:1a:c0:20:df:48:
         81:c6:26:34:e4:41:c0:b6:a2:df:94:10:b6:04:42:be:21:8f:
         be:c3:10:71:97:95:a7:62:f6:b3:35:5b:dc:b8:65:a2:72:2d:
         81:c2:c1:ba:57:63:ef:ba:48:ea:70:dd:c9:07:b8:de:ff:6f:
         74:50:3b:b1:ee:dd:85:8f:82:5b:3c:a7:b4:1d:5d:97:e6:8b:
         2f:fb:15:ac:4a:c2:d1:73:0f:05:bd:6f:a5:64:52:4c:cc:04:
         da:91:35:21:4a:ca:13:d5:48:eb:70:b5:d0:36:2b:24:17:8a:
         a4:2d:a1:de:79:f4:65:79:24:19:c5:ee:b6:c6:d7:1e:01:cb:
         70:d3:2d:57:ff:53:bc:0b:b2:b4:ea:4b:da:85:8d:11:b1:20:
         7a:8f:33:1a:74:d8:e7:f1:ce:01:39:8c:49:63:4e:e4:61:18:
         6d:22:c9:49:5e:78:1a:aa:03:e5:e2:f0:78:7b:d6:8c:70:2a:
         48:5a:13:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi0QvCLDipRlGiMniCdFFtkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwODE2MTkwMjIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTgzZDg5Y2VkMWM5NzQyMDNkMmVlZDRmYWRlM2Q4M2UxMWJlNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQxgySfxdKPGPep3zEa++n+MMCi5
L0/J9ecrlzciEc9BbrGbRtFF9xczZ7DiYxv2nySypibIyaiIgqNMlHymfKZ7qjLH
dyTwNylgK2Y7CgxfWkZ3LtvbqrSYVkwBRWdCjllP8EeL4GfDP6aDPCHGsOPkf2nk
LUB4nUEUt5abhGhlSJkMHh7r35lQLIXC20pNWfF4HwqT3K///9U7MHFWUU808q/A
IH3QoLL62SSf4WMJdGnfapNXK4mRSgmGAXkvpbdrtGYWDgvmnlXKQd9WAU9Y3EwI
e57oFXyLj157Tvjx2eReoVQuX3UzXwwdbflbAPRZYv5j0e7ktoxCceEiKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6D2JztHJdCA9Lu1PrePYPhG+d9MB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvcm9QWW5PMGNsMElEMHU3VS10NDlnLUViNTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLuz8MA0G
CSqGSIb3DQEBCwUAA4IBAQAB0FJvmnThs/yiOtmU7Q2YLHLJQKC4QN1U0903YfNW
c8/Irn0lLFCw9IFXe4wxvv84/oyGC+XRY8qOVvroQGWuFcxwGsAg30iBxiY05EHA
tqLflBC2BEK+IY++wxBxl5WnYvazNVvcuGWici2BwsG6V2PvukjqcN3JB7je/290
UDux7t2Fj4JbPKe0HV2X5osv+xWsSsLRcw8FvW+lZFJMzATakTUhSsoT1UjrcLXQ
NiskF4qkLaHeefRleSQZxe62xtceActw0y1X/1O8C7K06kvahY0RsSB6jzMadNjn
8c4BOYxJY07kYRhtIslJXngaqgPl4vB4e9aMcCpIWhNK
-----END CERTIFICATE-----