Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/sb8iFvZQpOKvIJHbQq_wneS-_xo.roa
File:                     sb8iFvZQpOKvIJHbQq_wneS-_xo.roa (raw, json)
Hash identifier:          ZcwJ2Aq0h+x6gFyGaf2iA1L+iKFHuWvjzDw5EUsE6Js=
Subject key identifier:   B1:BF:22:16:F6:50:A4:E2:AF:20:91:DB:42:AF:F0:9D:E4:BE:FF:1A
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       019759079261306F39E1691A6284EABBD5DF
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/sb8iFvZQpOKvIJHbQq_wneS-_xo.roa
Signing time:             Tue 10 Jun 2025 08:49:17 +0000
ROA not before:           Tue 10 Jun 2025 08:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215070
IP address blocks:        90.156.244.0/22 maxlen: 24
                          90.156.244.0/24 maxlen: 24
                          2a03:720:60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 20:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:07:92:61:30:6f:39:e1:69:1a:62:84:ea:bb:d5:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Jun 10 08:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1bf2216f650a4e2af2091db42aff09de4beff1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3e:5a:63:ec:01:6a:c3:4e:07:f3:c2:ca:b1:
                    d2:16:9d:e5:7e:67:2b:ce:7d:ae:c4:35:b6:88:02:
                    80:15:8e:ff:da:7c:d2:fc:35:de:44:68:5a:bd:3f:
                    84:4e:3d:6e:e9:b8:78:37:f5:80:67:cd:a4:79:30:
                    7d:c3:c6:c4:06:68:0a:f0:bf:91:0b:b7:7c:f5:70:
                    18:c9:85:31:fd:b5:16:15:4d:d7:8a:49:aa:6a:25:
                    f4:01:19:0d:f8:36:19:87:a4:32:2c:d8:66:0d:7c:
                    97:78:0a:9c:ad:ae:47:83:5a:de:7f:9b:f7:e6:3c:
                    41:0e:1a:3d:1d:4d:21:fa:f2:04:52:78:c9:27:32:
                    a7:45:9a:80:05:32:7b:4f:f6:10:1c:0c:e5:8c:a0:
                    dd:a3:f2:7f:35:70:ca:33:cd:ba:36:25:c2:ce:f4:
                    9a:b3:b5:a9:2e:fc:c4:e4:3b:47:35:47:84:22:cb:
                    25:c4:9f:2b:85:70:0e:d8:7b:0c:aa:49:2e:03:a7:
                    d8:f8:a2:a2:2f:7e:6a:45:aa:dc:76:c5:22:d8:4c:
                    76:12:91:85:49:b5:89:61:72:14:2d:a7:55:bb:b7:
                    e0:e1:65:2e:a1:f4:6b:b3:8f:c4:98:1f:77:a6:14:
                    b0:44:0d:be:6b:d5:5e:c5:1d:24:b0:54:72:17:a7:
                    dd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:BF:22:16:F6:50:A4:E2:AF:20:91:DB:42:AF:F0:9D:E4:BE:FF:1A
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/sb8iFvZQpOKvIJHbQq_wneS-_xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.156.244.0/22
                IPv6:
                  2a03:720:60::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:f5:f0:2c:d2:28:8a:e8:21:91:fc:a7:97:a3:35:90:e1:51:
         38:b0:98:04:3a:96:25:18:c5:90:64:a8:02:a0:8e:26:da:54:
         45:d5:39:82:38:0d:df:5c:4b:91:db:49:80:a9:fa:5b:a8:95:
         a7:a8:9f:bd:d8:89:bb:9e:4e:88:51:d5:2a:ad:93:35:d9:5e:
         a1:02:77:b3:d3:73:39:28:e2:34:6a:af:e9:ef:ea:29:83:bb:
         43:40:1b:a4:ff:da:c4:67:19:9a:28:12:e7:68:a5:79:3f:97:
         7e:13:28:62:c9:d7:b8:69:df:88:8a:99:2d:5c:53:a4:d9:1e:
         64:45:e8:ab:2c:10:86:63:77:08:5c:c2:22:c4:ff:45:bf:1f:
         f5:3b:56:11:e9:cd:58:a9:27:89:8f:74:1f:75:58:c7:62:0f:
         68:34:11:eb:fa:fb:90:87:c8:7b:7e:fd:aa:99:30:5d:eb:3a:
         94:8e:27:11:73:30:ef:67:bd:e7:af:77:80:d6:02:af:f9:c0:
         5f:71:a7:9f:b1:f0:75:5d:55:3a:aa:9b:63:72:d2:e9:e0:fd:
         ad:1b:6a:f6:42:7c:89:66:2d:cf:a7:6c:b3:2d:29:a3:24:80:
         f5:19:53:52:12:d7:e5:9c:f8:7a:0c:dc:8f:88:b3:e0:11:0a:
         72:1b:ed:6b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZdZB5JhMG854WkaYoTqu9XfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjUwNjEwMDg0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWJmMjIxNmY2NTBhNGUyYWYyMDkxZGI0MmFmZjA5ZGU0YmVmZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzz5aY+wBasNOB/PCyrHSFp3lfmcr
zn2uxDW2iAKAFY7/2nzS/DXeRGhavT+ETj1u6bh4N/WAZ82keTB9w8bEBmgK8L+R
C7d89XAYyYUx/bUWFU3XikmqaiX0ARkN+DYZh6QyLNhmDXyXeAqcra5Hg1ref5v3
5jxBDho9HU0h+vIEUnjJJzKnRZqABTJ7T/YQHAzljKDdo/J/NXDKM826NiXCzvSa
s7WpLvzE5DtHNUeEIsslxJ8rhXAO2HsMqkkuA6fY+KKiL35qRarcdsUi2Ex2EpGF
SbWJYXIULadVu7fg4WUuofRrs4/EmB93phSwRA2+a9VexR0ksFRyF6fd7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLG/Ihb2UKTiryCR20Kv8J3kvv8aMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvc2I4aUZ2WlFwT0t2SUpIYlFxX3duZVMtX3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCWpz0MA8E
AgACMAkDBwAqAwcgAGAwDQYJKoZIhvcNAQELBQADggEBAGD18CzSKIroIZH8p5ej
NZDhUTiwmAQ6liUYxZBkqAKgjibaVEXVOYI4Dd9cS5HbSYCp+luolaeon73Yibue
TohR1SqtkzXZXqECd7PTczko4jRqr+nv6imDu0NAG6T/2sRnGZooEudopXk/l34T
KGLJ17hp34iKmS1cU6TZHmRF6KssEIZjdwhcwiLE/0W/H/U7VhHpzVipJ4mPdB91
WMdiD2g0Eev6+5CHyHt+/aqZMF3rOpSOJxFzMO9nveevd4DWAq/5wF9xp5+x8HVd
VTqqm2Ny0ung/a0bavZCfIlmLc+nbLMtKaMkgPUZU1IS1+Wc+HoM3I+Is+ARCnIb
7Ws=
-----END CERTIFICATE-----