Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/edCBX2bH5JlrOM_QYlwIG8d4E4g.roa
File:                     edCBX2bH5JlrOM_QYlwIG8d4E4g.roa (raw, json)
Hash identifier:          D/lcCXEyS94uIVdWAFKKcQotMTbEz/Yt6PtnEyp38ME=
Subject key identifier:   79:D0:81:5F:66:C7:E4:99:6B:38:CF:D0:62:5C:08:1B:C7:78:13:88
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01973B3C5084E95FB3527395D3CEEC8A91B3
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/edCBX2bH5JlrOM_QYlwIG8d4E4g.roa
Signing time:             Wed 04 Jun 2025 13:58:17 +0000
ROA not before:           Wed 04 Jun 2025 13:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207952
IP address blocks:        46.8.104.0/24 maxlen: 24
                          109.248.57.0/24 maxlen: 24
                          188.130.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 22:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:3c:50:84:e9:5f:b3:52:73:95:d3:ce:ec:8a:91:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jun  4 13:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79d0815f66c7e4996b38cfd0625c081bc7781388
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:23:3f:0e:03:20:76:c2:de:4d:42:ab:92:12:
                    f1:46:f7:bc:72:c7:94:87:b8:01:01:e3:92:4a:9f:
                    eb:41:51:fe:26:eb:a3:6e:8d:d7:f7:e9:a8:45:f4:
                    50:fa:86:74:c5:31:c8:20:02:ca:25:19:3d:2d:2f:
                    68:4f:06:28:34:e7:b6:19:15:bf:b6:49:e4:be:ec:
                    ed:a1:07:1b:ae:11:9b:91:21:d8:bb:8f:6b:dd:8d:
                    b9:40:91:dc:96:c4:84:6e:a9:95:ca:86:5c:8c:86:
                    5a:ac:32:57:89:5f:c6:02:5e:e4:76:c0:a8:92:22:
                    19:5f:d5:18:eb:8b:23:9f:9c:5d:d3:76:1c:7e:fe:
                    94:3d:c7:57:a5:ce:05:af:03:b7:e0:ce:0c:19:2e:
                    78:1e:76:72:32:13:0f:7a:2f:36:d0:49:92:d4:ff:
                    ed:61:46:6b:14:02:46:94:2f:51:95:27:48:1e:35:
                    1d:85:05:84:ba:88:e1:ae:e1:f3:6f:e9:9e:3e:13:
                    e3:a5:70:38:fe:61:fc:ea:d9:13:07:94:69:6a:23:
                    df:e7:d2:da:b9:1a:83:f1:cb:7b:f3:25:a4:a8:ee:
                    a5:9f:09:dd:22:a3:1b:7a:c7:27:39:96:10:09:12:
                    9e:94:d1:5d:2b:dc:38:1e:49:21:f5:bd:3d:0a:33:
                    f9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:D0:81:5F:66:C7:E4:99:6B:38:CF:D0:62:5C:08:1B:C7:78:13:88
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/edCBX2bH5JlrOM_QYlwIG8d4E4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.104.0/24
                  109.248.57.0/24
                  188.130.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:fb:d9:a0:31:07:2e:f8:9b:61:27:5a:69:62:08:53:d8:e9:
         00:fe:f1:45:4d:a8:16:7d:6c:a0:b8:52:cc:41:4b:37:2b:76:
         76:76:a4:7b:e7:e8:80:17:4b:ed:36:29:60:03:83:ae:45:67:
         22:fa:bf:71:77:18:20:7f:d9:fa:c9:38:d2:c8:a2:69:99:4b:
         50:c5:3a:0e:60:73:82:51:dd:c4:c3:19:1d:e0:57:b7:92:aa:
         13:08:38:77:cb:a9:19:3c:62:a7:af:d2:c1:f0:1a:11:6d:29:
         18:6f:ff:86:35:85:7b:0d:80:ea:cc:b9:ea:3e:fa:9a:c7:d7:
         d5:e6:45:8d:35:c8:4e:b5:1d:0a:3c:d5:cc:af:c8:32:d1:7c:
         c2:61:24:99:2e:04:15:5f:47:e9:9d:55:88:66:af:52:22:4f:
         9f:33:91:20:5e:9b:82:a0:97:3f:c1:5e:87:9e:48:bf:09:c8:
         4a:8a:78:4c:01:29:53:ef:4b:31:cd:32:a6:04:f9:6f:b9:29:
         fb:a2:16:95:1e:29:57:21:85:e7:0d:b2:b3:f2:b7:c2:02:ab:
         c5:4b:13:f5:bd:58:a8:3a:9a:88:6c:1a:22:15:46:34:5e:59:
         2f:30:ed:d9:53:33:12:87:0a:bc:31:55:5f:20:0a:af:30:9f:
         af:db:5b:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZc7PFCE6V+zUnOV087sipGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwNjA0MTM1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWQwODE1ZjY2YzdlNDk5NmIzOGNmZDA2MjVjMDgxYmM3NzgxMzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyM/DgMgdsLeTUKrkhLxRve8cseU
h7gBAeOSSp/rQVH+Juujbo3X9+moRfRQ+oZ0xTHIIALKJRk9LS9oTwYoNOe2GRW/
tknkvuztoQcbrhGbkSHYu49r3Y25QJHclsSEbqmVyoZcjIZarDJXiV/GAl7kdsCo
kiIZX9UY64sjn5xd03Ycfv6UPcdXpc4FrwO34M4MGS54HnZyMhMPei820EmS1P/t
YUZrFAJGlC9RlSdIHjUdhQWEuojhruHzb+mePhPjpXA4/mH86tkTB5RpaiPf59La
uRqD8ct78yWkqO6lnwndIqMbescnOZYQCRKelNFdK9w4Hkkh9b09CjP5wwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHnQgV9mx+SZazjP0GJcCBvHeBOIMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvZWRDQlgyYkg1SmxyT01fUVlsd0lHOGQ0RTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALghoAwQA
bfg5AwQAvIKVMA0GCSqGSIb3DQEBCwUAA4IBAQBG+9mgMQcu+JthJ1ppYghT2OkA
/vFFTagWfWyguFLMQUs3K3Z2dqR75+iAF0vtNilgA4OuRWci+r9xdxggf9n6yTjS
yKJpmUtQxToOYHOCUd3Ewxkd4Fe3kqoTCDh3y6kZPGKnr9LB8BoRbSkYb/+GNYV7
DYDqzLnqPvqax9fV5kWNNchOtR0KPNXMr8gy0XzCYSSZLgQVX0fpnVWIZq9SIk+f
M5EgXpuCoJc/wV6Hnki/CchKinhMASlT70sxzTKmBPlvuSn7ohaVHilXIYXnDbKz
8rfCAqvFSxP1vVioOpqIbBoiFUY0XlkvMO3ZUzMShwq8MVVfIAqvMJ+v21uH
-----END CERTIFICATE-----