Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/foR2m61HjPqfHMhA9Ix6Kf8yr6M.roa
File:                     foR2m61HjPqfHMhA9Ix6Kf8yr6M.roa (raw, json)
Hash identifier:          maf/3FkUEYfY53s6cIQgES3ADrhkolDvLrwLZz7ie3E=
Subject key identifier:   7E:84:76:9B:AD:47:8C:FA:9F:1C:C8:40:F4:8C:7A:29:FF:32:AF:A3
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       01978E938AA0E2FE9D8F385C0DCCBAEA9F79
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/foR2m61HjPqfHMhA9Ix6Kf8yr6M.roa
Signing time:             Fri 20 Jun 2025 18:22:03 +0000
ROA not before:           Fri 20 Jun 2025 18:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400696
IP address blocks:        46.244.98.0/24 maxlen: 24
                          92.240.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 18:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8e:93:8a:a0:e2:fe:9d:8f:38:5c:0d:cc:ba:ea:9f:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jun 20 18:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e84769bad478cfa9f1cc840f48c7a29ff32afa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:39:6c:42:7b:8d:32:d3:96:c7:3e:5c:f6:76:
                    fc:2c:2e:43:f4:d6:c9:fa:1c:4e:a3:c7:f5:88:bd:
                    fe:33:9e:7a:44:ab:c5:c9:85:72:46:ff:0a:c8:ef:
                    24:3c:8d:2d:51:2e:00:43:1e:f2:59:9f:f1:c4:ea:
                    a6:76:09:dd:2d:c6:ba:36:3c:54:23:7b:fd:05:61:
                    ba:5e:7f:50:aa:ae:4d:3f:a3:57:0b:11:92:0e:65:
                    17:97:0d:ba:b0:ff:71:9f:61:12:b9:36:24:2a:7e:
                    5d:34:fc:b4:79:06:56:7f:c3:77:22:70:ae:a0:6e:
                    ea:82:d8:4b:99:8c:12:e8:19:12:20:29:f1:28:5e:
                    f9:ff:ea:6f:c0:27:64:eb:dc:51:f1:12:eb:36:07:
                    a5:eb:de:23:7b:e0:af:4c:51:95:39:74:29:01:11:
                    ef:6f:ec:fe:9c:f0:4b:36:58:90:f7:44:2a:e4:4f:
                    b7:2a:99:b7:9c:02:f4:c7:4f:34:3b:f2:61:71:ca:
                    23:b5:5d:66:b1:a7:cd:18:77:ba:95:ab:1c:3e:0b:
                    36:6a:f5:c4:d8:31:cb:61:38:58:9a:78:6d:5b:4e:
                    a3:6b:c8:fe:a2:d1:e4:37:34:24:cc:d7:48:1c:46:
                    f4:e9:82:d0:a6:f0:fc:c9:3f:34:08:cf:e2:a8:a7:
                    14:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:84:76:9B:AD:47:8C:FA:9F:1C:C8:40:F4:8C:7A:29:FF:32:AF:A3
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/foR2m61HjPqfHMhA9Ix6Kf8yr6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.244.98.0/24
                  92.240.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:8d:ed:0f:0d:64:b0:b1:80:e2:3c:17:bc:37:f1:55:be:c2:
         67:fd:1a:e9:a7:c0:3e:f7:8f:41:e3:67:2d:2b:fa:a4:12:27:
         b1:ed:84:da:c7:01:4a:a7:b3:7b:45:c0:bb:70:68:73:44:97:
         89:8d:a9:81:01:0a:da:f3:01:4e:90:8e:00:03:34:e6:3b:dd:
         9f:71:68:c2:21:de:3f:33:cc:71:b5:9c:45:90:db:f0:47:6a:
         25:a3:a8:36:75:13:e2:34:f0:97:8b:a1:8d:42:a7:8e:02:59:
         d5:ce:1a:fe:4c:a2:f0:20:dc:23:17:e3:14:0b:26:52:aa:fc:
         9d:2e:61:db:f3:82:7c:23:76:99:d7:98:97:4d:1e:3e:53:86:
         6b:6f:f8:dc:7e:43:66:60:5d:3c:93:a0:b4:27:5a:1b:f0:15:
         f8:f4:03:09:1e:30:29:56:c7:f2:f5:a9:c8:57:6f:b5:75:a2:
         4c:3d:8c:32:96:40:a1:62:cf:10:e2:63:9c:60:72:da:48:58:
         fc:19:d4:b7:2f:eb:4c:9e:24:11:25:da:32:00:48:71:e9:9f:
         18:7d:7d:e0:30:a3:ee:51:39:f9:fb:e7:fd:43:74:63:9f:cc:
         b8:d9:25:b7:85:d4:26:3b:03:7e:b1:cb:ce:1c:0c:84:0e:50:
         4e:9a:47:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeOk4qg4v6djzhcDcy66p95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjUwNjIwMTgyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTg0NzY5YmFkNDc4Y2ZhOWYxY2M4NDBmNDhjN2EyOWZmMzJhZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTlsQnuNMtOWxz5c9nb8LC5D9NbJ
+hxOo8f1iL3+M556RKvFyYVyRv8KyO8kPI0tUS4AQx7yWZ/xxOqmdgndLca6NjxU
I3v9BWG6Xn9Qqq5NP6NXCxGSDmUXlw26sP9xn2ESuTYkKn5dNPy0eQZWf8N3InCu
oG7qgthLmYwS6BkSICnxKF75/+pvwCdk69xR8RLrNgel694je+CvTFGVOXQpARHv
b+z+nPBLNliQ90Qq5E+3Kpm3nAL0x080O/JhccojtV1msafNGHe6lascPgs2avXE
2DHLYThYmnhtW06ja8j+otHkNzQkzNdIHEb06YLQpvD8yT80CM/iqKcUsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6EdputR4z6nxzIQPSMein/Mq+jMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvZm9SMm02MUhqUHFmSE1oQTlJeDZLZjh5cjZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALvRiAwQA
XPCUMA0GCSqGSIb3DQEBCwUAA4IBAQBhje0PDWSwsYDiPBe8N/FVvsJn/Rrpp8A+
949B42ctK/qkEiex7YTaxwFKp7N7RcC7cGhzRJeJjamBAQra8wFOkI4AAzTmO92f
cWjCId4/M8xxtZxFkNvwR2olo6g2dRPiNPCXi6GNQqeOAlnVzhr+TKLwINwjF+MU
CyZSqvydLmHb84J8I3aZ15iXTR4+U4Zrb/jcfkNmYF08k6C0J1ob8BX49AMJHjAp
Vsfy9anIV2+1daJMPYwylkChYs8Q4mOcYHLaSFj8GdS3L+tMniQRJdoyAEhx6Z8Y
fX3gMKPuUTn5++f9Q3Rjn8y42SW3hdQmOwN+scvOHAyEDlBOmkee
-----END CERTIFICATE-----