Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/RBnwpqzlc9TBDZASvVPEAjuX7Rw.roa
File:                     RBnwpqzlc9TBDZASvVPEAjuX7Rw.roa (raw, json)
Hash identifier:          9Xw6rUQ+UEHileke6uv0nhej/HOGc+mY9NGx2oOIPgw=
Subject key identifier:   44:19:F0:A6:AC:E5:73:D4:C1:0D:90:12:BD:53:C4:02:3B:97:ED:1C
Certificate issuer:       /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial:       0199A61DEBD7FA2501E48EB362A39C5F3CFF
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/RBnwpqzlc9TBDZASvVPEAjuX7Rw.roa
Signing time:             Thu 02 Oct 2025 18:10:02 +0000
ROA not before:           Thu 02 Oct 2025 18:10:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208317
IP address blocks:        176.46.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a6:1d:eb:d7:fa:25:01:e4:8e:b3:62:a3:9c:5f:3c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
        Validity
            Not Before: Oct  2 18:10:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4419f0a6ace573d4c10d9012bd53c4023b97ed1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5e:cb:dc:19:d9:70:fb:15:60:b8:91:b7:86:
                    62:4c:64:0e:1c:93:57:da:ca:3d:ff:52:ba:d3:47:
                    28:3a:7b:d0:63:32:95:f3:ca:e1:e8:89:21:e0:90:
                    44:1b:ed:e2:d8:be:5b:fd:fa:29:9b:9d:98:22:55:
                    43:24:68:0f:16:62:81:34:30:e0:e4:93:c1:8f:a2:
                    f8:b5:01:d4:4c:39:ad:45:f8:b3:30:ce:cc:4c:ba:
                    b3:d3:e8:f3:2d:4a:37:ce:f6:4c:96:95:c9:88:a9:
                    a6:ad:88:ec:81:8f:ca:74:35:fc:c9:07:ab:37:52:
                    51:89:a2:ee:52:da:0e:a5:53:d1:72:ab:db:12:fc:
                    4f:07:d4:d7:f1:86:6c:8a:5f:26:7e:51:2d:07:6e:
                    ef:9b:be:ed:f3:fa:04:7a:7e:04:44:4e:a8:78:5d:
                    d6:83:b8:d1:69:77:15:f4:80:b3:cf:ff:c0:82:6b:
                    36:96:30:f8:5d:cb:9d:7b:97:26:d9:20:d2:50:aa:
                    12:10:17:e0:4b:37:93:9c:61:53:28:af:d4:fb:7e:
                    5e:09:80:a5:dc:cf:67:75:f3:a8:3a:ed:9e:58:83:
                    5f:d1:19:c8:93:5b:a2:9f:77:2b:81:de:92:81:54:
                    cb:8e:44:aa:83:dd:3e:f5:3d:51:1a:36:ed:70:04:
                    11:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:19:F0:A6:AC:E5:73:D4:C1:0D:90:12:BD:53:C4:02:3B:97:ED:1C
            X509v3 Authority Key Identifier:
                keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/RBnwpqzlc9TBDZASvVPEAjuX7Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.46.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f5:35:6b:41:3f:7b:ac:e6:44:0c:71:fd:5f:c4:fb:ec:1c:
         a4:4a:57:b8:9f:0f:99:91:25:76:04:e2:73:6e:ed:b5:fa:85:
         9f:c8:7d:5e:ea:7d:5c:c1:7d:14:30:49:17:69:9e:d8:2a:c5:
         db:41:3b:53:f2:13:3a:6d:00:d0:53:25:f8:ab:0b:a0:23:ef:
         91:92:31:12:5f:00:0a:aa:a4:99:71:36:fe:6d:6f:06:3a:3f:
         c2:bc:cc:1f:25:19:eb:b3:34:97:70:c4:10:5d:71:a1:f1:9a:
         1e:86:98:fe:c8:8f:f9:6d:4c:0b:a7:31:21:7d:7d:06:5e:06:
         20:41:01:a8:c4:a7:2e:7e:a8:1e:4c:f1:c3:57:d6:49:68:72:
         24:74:c1:ec:80:ae:3e:af:94:fd:09:45:d0:16:15:f9:a3:c0:
         e9:c2:b5:54:d8:99:bd:5c:f3:0c:31:3a:c4:82:77:5d:04:d8:
         77:d7:bb:e6:d8:f5:79:8d:35:e0:3b:e3:64:61:9d:51:cb:47:
         6c:52:08:d4:df:29:44:6a:92:9a:dd:4a:65:c5:a1:d9:98:97:
         db:48:55:8a:80:8e:be:a3:e1:89:1d:32:9a:77:5f:ed:d8:02:
         49:a9:a1:55:17:b8:3a:a0:4d:ac:71:c4:54:b8:91:e8:1a:97:
         a6:76:8d:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmmHevX+iUB5I6zYqOcXzz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUxMDAyMTgxMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDE5ZjBhNmFjZTU3M2Q0YzEwZDkwMTJiZDUzYzQwMjNiOTdlZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl7L3BnZcPsVYLiRt4ZiTGQOHJNX
2so9/1K600coOnvQYzKV88rh6Ikh4JBEG+3i2L5b/fopm52YIlVDJGgPFmKBNDDg
5JPBj6L4tQHUTDmtRfizMM7MTLqz0+jzLUo3zvZMlpXJiKmmrYjsgY/KdDX8yQer
N1JRiaLuUtoOpVPRcqvbEvxPB9TX8YZsil8mflEtB27vm77t8/oEen4ERE6oeF3W
g7jRaXcV9ICzz//Agms2ljD4Xcude5cm2SDSUKoSEBfgSzeTnGFTKK/U+35eCYCl
3M9ndfOoOu2eWINf0RnIk1uin3crgd6SgVTLjkSqg90+9T1RGjbtcAQRnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQZ8Kas5XPUwQ2QEr1TxAI7l+0cMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEvUkJud3BxemxjOVRCRFpBU3ZWUEVBanVYN1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsC6eMA0G
CSqGSIb3DQEBCwUAA4IBAQAP9TVrQT97rOZEDHH9X8T77BykSle4nw+ZkSV2BOJz
bu21+oWfyH1e6n1cwX0UMEkXaZ7YKsXbQTtT8hM6bQDQUyX4qwugI++RkjESXwAK
qqSZcTb+bW8GOj/CvMwfJRnrszSXcMQQXXGh8Zoehpj+yI/5bUwLpzEhfX0GXgYg
QQGoxKcufqgeTPHDV9ZJaHIkdMHsgK4+r5T9CUXQFhX5o8DpwrVU2Jm9XPMMMTrE
gnddBNh317vm2PV5jTXgO+NkYZ1Ry0dsUgjU3ylEapKa3UplxaHZmJfbSFWKgI6+
o+GJHTKad1/t2AJJqaFVF7g6oE2sccRUuJHoGpemdo2r
-----END CERTIFICATE-----