Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/ZxM4wURmy8vS679u-WqAm5TpqRo.roa
File:                     ZxM4wURmy8vS679u-WqAm5TpqRo.roa (raw, json)
Hash identifier:          rBXB7y06bQsdKzgtd1Z8p6o286XkP+fDEEAT1wMN/OI=
Subject key identifier:   67:13:38:C1:44:66:CB:CB:D2:EB:BF:6E:F9:6A:80:9B:94:E9:A9:1A
Certificate issuer:       /CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
Certificate serial:       019A4C8CBDBA2BE9048D79F71229D8939738
Authority key identifier: 8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/ZxM4wURmy8vS679u-WqAm5TpqRo.roa
Signing time:             Tue 04 Nov 2025 01:48:03 +0000
ROA not before:           Tue 04 Nov 2025 01:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48529
IP address blocks:        46.16.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 07 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:4c:8c:bd:ba:2b:e9:04:8d:79:f7:12:29:d8:93:97:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
        Validity
            Not Before: Nov  4 01:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=671338c14466cbcbd2ebbf6ef96a809b94e9a91a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5b:73:74:83:97:0f:05:e6:cd:c5:29:0d:1e:
                    3e:c7:2a:39:a2:26:82:6a:7a:42:47:df:f2:09:45:
                    b4:be:47:3b:e0:ea:63:da:86:d4:26:6c:9a:0a:f8:
                    90:b5:68:26:2b:70:a8:26:e7:dd:9a:07:74:dd:35:
                    c6:23:58:de:11:1b:f3:00:9c:bf:bd:9b:22:ff:e3:
                    17:2e:6c:17:5b:ac:0b:fe:22:e6:a3:a5:3d:b6:6b:
                    80:4b:3d:5e:9b:8f:19:05:5a:74:44:8a:00:33:0b:
                    93:57:42:0a:f1:2d:70:e8:b4:06:8b:43:a1:25:91:
                    e2:38:6e:92:59:a8:82:b0:72:42:50:87:7d:85:3c:
                    63:92:81:ad:ab:62:95:07:50:9c:92:15:5e:64:6c:
                    72:ea:e6:c4:5e:1c:f1:07:ed:95:41:f1:1e:34:a5:
                    81:cb:8f:b9:d7:f4:a2:a9:90:62:08:9c:5e:75:b2:
                    29:56:ed:31:0e:ba:19:02:52:df:ae:d4:82:c1:50:
                    40:d0:05:53:d8:17:0a:22:e6:70:82:d6:ef:51:09:
                    d1:18:85:eb:1c:fa:9c:06:5e:ba:d7:1a:8a:32:ea:
                    c6:f3:ba:ed:cf:a5:5a:d1:f9:d4:df:72:9d:37:44:
                    b5:e2:46:46:0e:02:c9:87:2a:cc:c5:d6:5f:47:10:
                    ec:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:13:38:C1:44:66:CB:CB:D2:EB:BF:6E:F9:6A:80:9B:94:E9:A9:1A
            X509v3 Authority Key Identifier:
                keyid:8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/ZxM4wURmy8vS679u-WqAm5TpqRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:dd:f0:66:a4:03:58:df:eb:41:a1:97:f3:a2:56:4a:c3:2e:
         60:6c:12:26:72:32:45:f5:cf:0d:f8:5e:c5:84:31:25:f3:d9:
         0e:39:14:fa:8d:34:f0:a7:21:4d:5f:b0:d3:e7:85:b7:bc:af:
         42:49:12:51:78:43:0a:65:bd:02:49:27:11:3e:cd:9b:11:63:
         eb:5f:2d:b9:7d:e9:ea:0d:48:fe:ef:0a:60:f0:92:be:f0:47:
         a5:ca:ea:6a:c1:77:29:81:58:4f:c3:7c:e7:16:0c:7f:78:b1:
         9d:08:23:61:83:d3:94:4a:f4:6d:b8:87:d6:46:1d:99:d9:22:
         21:a9:e2:3c:70:fc:ee:fe:84:bd:0c:aa:09:25:7f:a7:c9:9b:
         0c:d7:f9:e8:49:21:59:53:e6:d2:e4:9e:99:d9:29:15:9d:3f:
         d3:01:f0:e2:ba:27:23:5e:14:7a:eb:69:c7:62:44:c2:b1:a4:
         05:8a:58:54:60:bf:7d:c1:f5:92:42:87:33:40:a9:cd:a7:5f:
         f1:22:d6:55:ed:f4:83:ee:29:e1:fd:a2:b3:45:09:65:b9:92:
         b7:c6:dd:af:b8:d4:76:e7:1d:f3:df:9e:3e:57:da:bc:21:14:
         1c:95:5b:e7:f6:9a:47:b9:9c:75:02:90:6d:ec:82:19:18:ba:
         e8:dc:ae:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpMjL26K+kEjXn3EinYk5c4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjk4ZDYzOTcwYWIwM2NkZmJmNTE0ZmEwZThlZDIxMzEw
OTg1ZjEwHhcNMjUxMTA0MDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzEzMzhjMTQ0NjZjYmNiZDJlYmJmNmVmOTZhODA5Yjk0ZTlhOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVtzdIOXDwXmzcUpDR4+xyo5oiaC
anpCR9/yCUW0vkc74Opj2obUJmyaCviQtWgmK3CoJufdmgd03TXGI1jeERvzAJy/
vZsi/+MXLmwXW6wL/iLmo6U9tmuASz1em48ZBVp0RIoAMwuTV0IK8S1w6LQGi0Oh
JZHiOG6SWaiCsHJCUId9hTxjkoGtq2KVB1CckhVeZGxy6ubEXhzxB+2VQfEeNKWB
y4+51/SiqZBiCJxedbIpVu0xDroZAlLfrtSCwVBA0AVT2BcKIuZwgtbvUQnRGIXr
HPqcBl661xqKMurG87rtz6Va0fnU33KdN0S14kZGDgLJhyrMxdZfRxDszwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcTOMFEZsvL0uu/bvlqgJuU6akaMB8GA1UdIwQY
MBaAFI0pjWOXCrA8379RT6Do7SExCYXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDIt
NDk0NzEzYTk5NjNhLzEvWnhNNHdVUm15OHZTNjc5dS1XcUFtNVRwcVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDItNDk0NzEzYTk5NjNh
LzEvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhCjMA0G
CSqGSIb3DQEBCwUAA4IBAQCT3fBmpANY3+tBoZfzolZKwy5gbBImcjJF9c8N+F7F
hDEl89kOORT6jTTwpyFNX7DT54W3vK9CSRJReEMKZb0CSScRPs2bEWPrXy25fenq
DUj+7wpg8JK+8EelyupqwXcpgVhPw3znFgx/eLGdCCNhg9OUSvRtuIfWRh2Z2SIh
qeI8cPzu/oS9DKoJJX+nyZsM1/noSSFZU+bS5J6Z2SkVnT/TAfDiuicjXhR662nH
YkTCsaQFilhUYL99wfWSQoczQKnNp1/xItZV7fSD7inh/aKzRQlluZK3xt2vuNR2
5x3z354+V9q8IRQclVvn9ppHuZx1ApBt7IIZGLro3K7Z
-----END CERTIFICATE-----