Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/qhsLkpj6Wrl0ASdMqA6gGC_2-jU.roa
File:                     qhsLkpj6Wrl0ASdMqA6gGC_2-jU.roa (raw, json)
Hash identifier:          7Xy5r5JW6+KnuJkyy6Byc58YacMMqqselpKCEogZhrs=
Subject key identifier:   AA:1B:0B:92:98:FA:5A:B9:74:01:27:4C:A8:0E:A0:18:2F:F6:FA:35
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       01990A1D4DA398E8A21EE0D4F1AFA1B83F96
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/qhsLkpj6Wrl0ASdMqA6gGC_2-jU.roa
Signing time:             Tue 02 Sep 2025 11:08:36 +0000
ROA not before:           Tue 02 Sep 2025 11:08:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        212.46.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:1d:4d:a3:98:e8:a2:1e:e0:d4:f1:af:a1:b8:3f:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Sep  2 11:08:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa1b0b9298fa5ab97401274ca80ea0182ff6fa35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c2:29:1a:e7:a5:b6:48:58:87:64:61:23:59:
                    7d:2d:6e:c2:8e:a0:7c:51:10:6e:31:28:37:45:d8:
                    85:fa:0b:fe:4e:0b:88:d9:b3:aa:cd:99:51:b7:f9:
                    15:17:e0:80:1b:16:b9:50:5d:45:d7:b5:ca:0a:6d:
                    d8:02:d6:70:96:aa:a7:be:bb:bb:0b:09:21:4c:91:
                    92:14:19:da:b0:e9:57:a5:ea:89:2f:a6:f2:78:2d:
                    76:a1:a9:1b:ff:ce:f6:d5:98:a2:40:ee:b1:12:68:
                    5a:57:55:4f:76:09:82:bb:cc:0a:c9:0c:b0:51:ee:
                    63:18:f9:62:07:be:0d:5b:6c:11:37:8d:07:20:cc:
                    d5:27:db:25:b1:6c:d0:36:05:9e:86:ca:e9:43:6d:
                    5d:d7:c7:fd:e6:62:76:34:a0:30:f1:5e:5f:2b:f2:
                    00:f2:ac:d1:7c:d1:96:1c:54:cf:12:0a:81:cf:58:
                    17:de:01:6b:fe:9d:de:19:20:ba:ea:41:59:f1:52:
                    2e:83:0e:3a:a4:72:6f:17:f9:14:5b:f1:e7:27:60:
                    4b:aa:99:e8:df:a3:fa:f3:ec:02:c2:72:39:34:03:
                    9a:9a:ac:d4:8f:cb:99:ff:01:1e:9d:0f:71:fb:ce:
                    77:ea:b0:27:0a:6d:c9:d3:e9:02:01:e2:08:1a:39:
                    03:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:1B:0B:92:98:FA:5A:B9:74:01:27:4C:A8:0E:A0:18:2F:F6:FA:35
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/qhsLkpj6Wrl0ASdMqA6gGC_2-jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:8e:b1:5a:22:12:99:29:b5:74:17:78:7b:0d:5a:8e:2a:36:
         d5:c6:1d:73:06:5d:2b:e2:5b:cc:9f:14:e9:6c:ba:3d:e4:64:
         be:18:ba:26:03:52:ba:f5:c7:77:b5:02:76:39:fd:07:f3:92:
         79:8b:30:b3:1c:6c:38:5f:1f:39:df:4d:27:76:6b:c6:51:30:
         09:2d:21:ef:d0:40:62:23:0c:1d:4e:f5:16:94:26:ed:a6:ca:
         9e:e6:f0:e9:48:14:57:65:dc:8b:ef:a9:4b:4b:55:89:85:1a:
         db:08:24:5e:de:05:cc:41:2d:1a:0d:d2:89:08:89:c1:7e:ca:
         82:23:21:10:b9:1d:3b:55:02:75:34:5a:b7:09:77:6e:70:f1:
         2b:72:d0:39:72:77:ed:13:3a:a0:bb:bc:42:0a:33:00:c6:dd:
         3a:41:ab:ed:c9:46:e0:bd:0b:e0:eb:fc:ce:6b:a1:56:ff:c9:
         aa:73:95:09:1a:4c:5e:11:4d:33:62:66:66:67:6b:03:91:83:
         75:9e:c1:7b:af:5b:dd:44:b8:c0:7b:a4:7d:97:a8:f1:1f:e2:
         45:f7:11:8e:be:f2:c7:aa:a8:fc:5c:ca:13:9d:0c:17:2d:a2:
         7f:b7:c3:a5:f6:d4:ed:3f:05:03:ff:28:ca:2a:57:66:99:0c:
         42:ea:74:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkKHU2jmOiiHuDU8a+huD+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwOTAyMTEwODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTFiMGI5Mjk4ZmE1YWI5NzQwMTI3NGNhODBlYTAxODJmZjZmYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMIpGueltkhYh2RhI1l9LW7CjqB8
URBuMSg3RdiF+gv+TguI2bOqzZlRt/kVF+CAGxa5UF1F17XKCm3YAtZwlqqnvru7
CwkhTJGSFBnasOlXpeqJL6byeC12oakb/8721ZiiQO6xEmhaV1VPdgmCu8wKyQyw
Ue5jGPliB74NW2wRN40HIMzVJ9slsWzQNgWehsrpQ21d18f95mJ2NKAw8V5fK/IA
8qzRfNGWHFTPEgqBz1gX3gFr/p3eGSC66kFZ8VIugw46pHJvF/kUW/HnJ2BLqpno
36P68+wCwnI5NAOamqzUj8uZ/wEenQ9x+8536rAnCm3J0+kCAeIIGjkD7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKobC5KY+lq5dAEnTKgOoBgv9vo1MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvcWhzTGtwajZXcmwwQVNkTXFBNmdHQ18yLWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4hMA0G
CSqGSIb3DQEBCwUAA4IBAQAgjrFaIhKZKbV0F3h7DVqOKjbVxh1zBl0r4lvMnxTp
bLo95GS+GLomA1K69cd3tQJ2Of0H85J5izCzHGw4Xx85300ndmvGUTAJLSHv0EBi
IwwdTvUWlCbtpsqe5vDpSBRXZdyL76lLS1WJhRrbCCRe3gXMQS0aDdKJCInBfsqC
IyEQuR07VQJ1NFq3CXducPErctA5cnftEzqgu7xCCjMAxt06QavtyUbgvQvg6/zO
a6FW/8mqc5UJGkxeEU0zYmZmZ2sDkYN1nsF7r1vdRLjAe6R9l6jxH+JF9xGOvvLH
qqj8XMoTnQwXLaJ/t8Ol9tTtPwUD/yjKKldmmQxC6nQE
-----END CERTIFICATE-----