Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/5SRdROovrhyXWGtWXnDFhbpkyNE.roa
File:                     5SRdROovrhyXWGtWXnDFhbpkyNE.roa (raw, json)
Hash identifier:          hUbJFE1+vLQRNMkjWduaxN2rKYsbGtqSAbyAyZE357w=
Subject key identifier:   E5:24:5D:44:EA:2F:AE:1C:97:58:6B:56:5E:70:C5:85:BA:64:C8:D1
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       019929CCAF0668400B51AA649F16C36F4C96
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/5SRdROovrhyXWGtWXnDFhbpkyNE.roa
Signing time:             Mon 08 Sep 2025 14:48:23 +0000
ROA not before:           Mon 08 Sep 2025 14:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        185.46.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Sep 2025 05:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:29:cc:af:06:68:40:0b:51:aa:64:9f:16:c3:6f:4c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: Sep  8 14:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5245d44ea2fae1c97586b565e70c585ba64c8d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9f:2a:87:4b:b6:3c:ff:2b:0e:ed:22:03:c1:
                    28:ba:5a:5c:5e:cd:f6:f8:5b:5d:d8:a8:92:af:4d:
                    8f:ad:eb:19:c0:ca:94:8d:09:e3:16:f1:b9:c4:71:
                    a2:aa:e3:c0:ad:13:f0:90:2e:ec:90:09:78:2d:5a:
                    dd:43:60:e4:0f:a6:23:37:c4:b3:64:03:ac:f5:2f:
                    c3:64:7a:c7:20:97:ee:b9:67:a9:72:75:c6:80:82:
                    46:42:4c:3c:36:6e:3e:43:c1:b3:64:42:ef:b9:e1:
                    5f:c8:2c:2f:29:41:f2:fe:19:1c:06:b3:9a:5d:ca:
                    03:3c:2f:34:2a:ff:07:63:a9:a6:ce:d0:e0:2e:8b:
                    fc:52:a3:4b:63:a6:4b:e2:36:3b:35:c0:40:6d:6c:
                    16:2b:8a:c4:7f:b2:30:62:f8:24:2f:a8:d3:eb:96:
                    bf:1c:96:f3:dd:4c:dd:b0:24:a1:a6:d2:5f:4b:5c:
                    32:f5:63:94:4c:99:b9:35:a6:f6:b4:ca:41:55:d2:
                    c6:f7:b6:cf:51:79:44:ac:30:d0:6d:91:08:b7:da:
                    4c:c0:2f:78:de:64:0a:5a:97:16:b1:d5:04:f2:40:
                    d1:cf:3c:61:56:dc:f3:c7:b6:86:37:db:75:04:41:
                    8c:3e:ba:31:a7:8c:88:cb:ef:80:77:53:b1:8f:29:
                    ab:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:24:5D:44:EA:2F:AE:1C:97:58:6B:56:5E:70:C5:85:BA:64:C8:D1
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/5SRdROovrhyXWGtWXnDFhbpkyNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:ec:ba:b9:aa:b4:41:57:ff:40:40:9c:f5:2b:fe:5a:4a:7b:
         4e:db:54:eb:0c:44:4e:02:f2:0a:6b:26:9a:6c:77:eb:f3:2c:
         7e:c4:8b:d2:2a:fe:61:22:97:6d:4f:90:e9:2b:a8:a6:14:19:
         72:27:69:de:c7:39:0b:67:97:33:4b:9d:83:2c:c0:b7:08:ac:
         ee:b0:3c:c1:f8:33:f0:b1:3c:11:56:ed:fd:5c:66:06:b2:0e:
         a3:e9:8e:67:03:85:13:1f:c3:a2:86:6c:f5:62:85:b5:14:45:
         58:a8:08:aa:52:85:d0:33:c0:42:da:25:f6:65:d3:14:8c:26:
         be:13:cf:23:c8:a0:a9:81:cb:61:b4:3f:77:8d:e4:99:d3:d8:
         1f:9b:9c:9f:d3:be:6f:57:38:15:b9:6b:05:f5:eb:19:71:7f:
         d0:3a:bc:5e:4c:6f:aa:d1:f1:8b:22:fe:5c:8a:72:2b:e4:5a:
         7d:8d:f8:af:71:ed:eb:61:69:49:3c:ff:d9:78:70:3a:4c:b5:
         ff:e7:06:ae:76:b9:bc:65:13:a7:89:a5:11:e3:03:12:f6:30:
         fc:8d:79:3c:1c:ef:76:d5:ec:b8:fa:2d:07:d1:10:43:e8:73:
         1c:d9:2f:f5:53:cf:d0:e8:3e:1a:a8:fb:04:ba:3f:0e:16:01:
         8a:c3:8f:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkpzK8GaEALUapknxbDb0yWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjUwOTA4MTQ0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTI0NWQ0NGVhMmZhZTFjOTc1ODZiNTY1ZTcwYzU4NWJhNjRjOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl58qh0u2PP8rDu0iA8EoulpcXs32
+Ftd2KiSr02PresZwMqUjQnjFvG5xHGiquPArRPwkC7skAl4LVrdQ2DkD6YjN8Sz
ZAOs9S/DZHrHIJfuuWepcnXGgIJGQkw8Nm4+Q8GzZELvueFfyCwvKUHy/hkcBrOa
XcoDPC80Kv8HY6mmztDgLov8UqNLY6ZL4jY7NcBAbWwWK4rEf7IwYvgkL6jT65a/
HJbz3UzdsCShptJfS1wy9WOUTJm5Nab2tMpBVdLG97bPUXlErDDQbZEIt9pMwC94
3mQKWpcWsdUE8kDRzzxhVtzzx7aGN9t1BEGMProxp4yIy++Ad1OxjymrmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUkXUTqL64cl1hrVl5wxYW6ZMjRMB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvNVNSZFJPb3ZyaHlYV0d0V1huREZoYnBreU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5zMA0G
CSqGSIb3DQEBCwUAA4IBAQCf7Lq5qrRBV/9AQJz1K/5aSntO21TrDEROAvIKayaa
bHfr8yx+xIvSKv5hIpdtT5DpK6imFBlyJ2nexzkLZ5czS52DLMC3CKzusDzB+DPw
sTwRVu39XGYGsg6j6Y5nA4UTH8Oihmz1YoW1FEVYqAiqUoXQM8BC2iX2ZdMUjCa+
E88jyKCpgcthtD93jeSZ09gfm5yf075vVzgVuWsF9esZcX/QOrxeTG+q0fGLIv5c
inIr5Fp9jfivce3rYWlJPP/ZeHA6TLX/5waudrm8ZROniaUR4wMS9jD8jXk8HO92
1ey4+i0H0RBD6HMc2S/1U8/Q6D4aqPsEuj8OFgGKw49O
-----END CERTIFICATE-----