Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/kUILatL9C3JCAevms2KcvqpaePU.roa
File:                     kUILatL9C3JCAevms2KcvqpaePU.roa (raw, json)
Hash identifier:          T8iCGZZzAAYZpcp3Y20YYRkjioFry09uVkLdcf4AktE=
Subject key identifier:   91:42:0B:6A:D2:FD:0B:72:42:01:EB:E6:B3:62:9C:BE:AA:5A:78:F5
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0198EB34D388848978C7D5FB32128A5E151E
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/kUILatL9C3JCAevms2KcvqpaePU.roa
Signing time:             Wed 27 Aug 2025 11:06:04 +0000
ROA not before:           Wed 27 Aug 2025 11:06:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47440
IP address blocks:        46.243.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:eb:34:d3:88:84:89:78:c7:d5:fb:32:12:8a:5e:15:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Aug 27 11:06:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91420b6ad2fd0b724201ebe6b3629cbeaa5a78f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:f0:2e:60:b3:89:fc:1d:63:32:a2:0e:e5:fa:
                    75:e2:46:a5:d0:83:63:64:1e:de:20:3f:66:18:94:
                    af:6b:98:16:cd:1e:36:79:10:19:60:1d:e2:fb:69:
                    5f:f1:d1:36:bd:b5:2f:84:ce:56:c0:71:be:e7:ed:
                    19:1d:25:a1:44:28:0b:08:5e:c3:7f:3e:41:bf:57:
                    3f:08:10:e3:f0:74:6e:4d:57:9a:17:f5:12:8d:01:
                    30:77:4e:e5:8b:18:3b:c0:2d:d9:e3:dc:83:4b:58:
                    87:73:49:2a:f2:7c:d5:71:85:a1:ba:de:9b:ce:34:
                    d7:e7:27:07:39:39:76:87:01:67:50:72:1e:ac:e3:
                    1d:63:84:00:5d:6f:8d:8e:e6:01:1f:7f:0a:b0:8c:
                    f1:86:87:b9:d6:ff:73:31:6b:a4:f8:ec:44:fb:1b:
                    94:d7:ff:90:f2:e9:ed:8b:d0:58:d2:d7:25:7d:7e:
                    5e:bf:4b:a6:3b:eb:73:a9:53:1c:d6:60:67:b3:fb:
                    30:94:8f:ad:7c:d5:96:b2:24:3d:a0:a5:34:12:ae:
                    03:da:f5:8a:fe:29:66:53:e1:36:2a:6c:99:c9:e1:
                    1c:29:0a:28:26:6e:75:ef:29:e6:d8:97:cb:7e:d7:
                    a3:d8:ba:54:d3:04:b2:10:2f:db:fe:6f:4d:cf:f7:
                    10:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:42:0B:6A:D2:FD:0B:72:42:01:EB:E6:B3:62:9C:BE:AA:5A:78:F5
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/kUILatL9C3JCAevms2KcvqpaePU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:ee:9c:79:f4:62:5d:58:53:4f:0f:db:cc:40:b5:5f:cd:d4:
         8a:1d:24:15:0d:0e:5a:d8:82:a9:3e:13:c8:2e:08:e4:25:c6:
         e2:72:67:e1:bc:fc:d6:7e:8b:32:8e:12:31:de:99:73:2d:c4:
         dc:50:0c:14:89:87:cc:f2:6b:86:15:73:a4:3a:80:5f:cd:f9:
         25:1d:89:ba:1b:c1:88:3e:18:96:23:d0:86:5f:91:3b:71:f0:
         e3:e1:0e:b0:e9:7b:a1:5a:9a:f5:36:90:18:23:76:81:ee:4c:
         7c:cb:2c:4a:03:6e:76:27:f7:b1:f3:2b:0c:c0:0a:62:f1:6e:
         2b:ce:b7:ea:e0:17:ed:e0:da:6c:b6:68:3c:f1:f1:d6:7f:8e:
         62:e7:15:d9:d8:9d:91:c4:d1:03:e8:2a:64:c5:0c:4c:a0:e3:
         a5:a8:11:c3:6e:84:cf:14:a8:b6:27:43:9f:04:09:85:61:9e:
         42:88:1e:f7:c2:af:91:5d:b1:6a:5c:93:66:85:59:ff:97:4a:
         eb:28:14:23:3d:71:11:87:ae:61:d8:fe:82:55:e7:9f:ec:87:
         8f:e7:e2:03:69:fb:c0:4f:f7:e3:b7:9f:0d:c6:cf:6a:d8:62:
         8c:40:4d:99:a8:e0:52:43:ff:fe:28:8b:ec:1c:75:81:80:9d:
         b6:18:39:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjrNNOIhIl4x9X7MhKKXhUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwODI3MTEwNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTQyMGI2YWQyZmQwYjcyNDIwMWViZTZiMzYyOWNiZWFhNWE3OGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvAuYLOJ/B1jMqIO5fp14kal0INj
ZB7eID9mGJSva5gWzR42eRAZYB3i+2lf8dE2vbUvhM5WwHG+5+0ZHSWhRCgLCF7D
fz5Bv1c/CBDj8HRuTVeaF/USjQEwd07lixg7wC3Z49yDS1iHc0kq8nzVcYWhut6b
zjTX5ycHOTl2hwFnUHIerOMdY4QAXW+NjuYBH38KsIzxhoe51v9zMWuk+OxE+xuU
1/+Q8unti9BY0tclfX5ev0umO+tzqVMc1mBns/swlI+tfNWWsiQ9oKU0Eq4D2vWK
/ilmU+E2KmyZyeEcKQooJm517ynm2JfLftej2LpU0wSyEC/b/m9Nz/cQXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFCC2rS/QtyQgHr5rNinL6qWnj1MB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEva1VJTGF0TDlDM0pDQWV2bXMyS2N2cXBhZVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvMCMA0G
CSqGSIb3DQEBCwUAA4IBAQAl7px59GJdWFNPD9vMQLVfzdSKHSQVDQ5a2IKpPhPI
LgjkJcbicmfhvPzWfosyjhIx3plzLcTcUAwUiYfM8muGFXOkOoBfzfklHYm6G8GI
PhiWI9CGX5E7cfDj4Q6w6XuhWpr1NpAYI3aB7kx8yyxKA252J/ex8ysMwApi8W4r
zrfq4Bft4Npstmg88fHWf45i5xXZ2J2RxNED6CpkxQxMoOOlqBHDboTPFKi2J0Of
BAmFYZ5CiB73wq+RXbFqXJNmhVn/l0rrKBQjPXERh65h2P6CVeef7IeP5+IDafvA
T/fjt58Nxs9q2GKMQE2ZqOBSQ//+KIvsHHWBgJ22GDnC
-----END CERTIFICATE-----