Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/68Je14HfbMGCfCmnq9F6n7nsxV4.roa
File:                     68Je14HfbMGCfCmnq9F6n7nsxV4.roa (raw, json)
Hash identifier:          HRQSDiqtMhKBvSd4tKgyQpXDDx18X6TpMnJXOBZsI9k=
Subject key identifier:   EB:C2:5E:D7:81:DF:6C:C1:82:7C:29:A7:AB:D1:7A:9F:B9:EC:C5:5E
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       019899073AE9E0294BF282682E3F36BFBA3C
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/68Je14HfbMGCfCmnq9F6n7nsxV4.roa
Signing time:             Mon 11 Aug 2025 12:07:24 +0000
ROA not before:           Mon 11 Aug 2025 12:07:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214483
IP address blocks:        46.236.196.0/23 maxlen: 24
                          46.236.204.0/23 maxlen: 24
                          46.236.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:99:07:3a:e9:e0:29:4b:f2:82:68:2e:3f:36:bf:ba:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Aug 11 12:07:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebc25ed781df6cc1827c29a7abd17a9fb9ecc55e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cf:84:83:03:36:db:74:8e:d0:aa:d1:bd:06:
                    ea:24:97:98:72:d7:06:10:8c:c8:88:1d:67:31:76:
                    c7:5d:01:cf:da:38:6c:77:59:fe:d4:c6:8e:0a:56:
                    2c:88:86:7e:50:6a:d4:e6:b0:78:57:55:25:c1:9a:
                    82:a0:35:dc:7a:8d:bc:2f:05:d5:91:11:fe:d4:4e:
                    c6:8e:fb:a7:17:b8:45:7e:5c:15:8b:24:06:49:e1:
                    1c:7a:8d:ac:10:ff:5f:58:b3:b5:21:8b:e7:d4:77:
                    63:79:bb:3c:b6:b7:fa:fd:b9:00:1a:50:c4:98:3f:
                    5f:67:53:8e:6a:6f:7f:25:97:50:a2:d9:3f:3d:f3:
                    f2:4a:b5:ff:29:84:2e:31:aa:37:56:7c:f1:4b:0c:
                    fd:7f:2c:21:19:02:e1:29:c0:7e:79:d4:05:d7:a9:
                    8c:eb:a4:43:d4:5e:48:74:27:2d:60:3b:27:f3:e9:
                    ec:df:36:fd:c7:3b:60:90:3a:5e:75:0f:43:12:93:
                    32:e5:9c:14:a2:60:82:21:df:b9:7c:54:a5:88:53:
                    18:5e:82:42:55:29:c8:0c:b1:ab:f9:40:7c:f6:3d:
                    49:98:8c:f3:1b:0c:f0:9e:f2:44:98:be:fa:74:c8:
                    22:88:60:38:44:8c:ce:2d:c3:ac:0a:32:65:7b:8c:
                    bd:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C2:5E:D7:81:DF:6C:C1:82:7C:29:A7:AB:D1:7A:9F:B9:EC:C5:5E
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/68Je14HfbMGCfCmnq9F6n7nsxV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.196.0/23
                  46.236.204.0-46.236.206.255

    Signature Algorithm: sha256WithRSAEncryption
         24:09:ef:ad:af:83:d6:95:98:e2:e4:3b:28:1f:33:4d:48:fa:
         6d:92:77:30:d4:d3:ae:a8:bf:b0:a9:e1:58:bb:74:f4:4e:3f:
         c7:17:0d:35:c1:26:18:03:da:fe:1e:02:95:59:8f:8a:b2:d5:
         66:a5:bb:01:b7:6e:d9:2a:de:f0:f8:02:d7:48:3c:b2:6f:0b:
         d1:0c:ec:c1:07:22:ac:03:26:36:2a:5a:c2:06:a2:dc:89:34:
         62:f6:c8:33:88:36:b9:bd:84:8a:37:5b:de:93:23:45:62:5a:
         5b:f7:67:7f:0f:b2:d3:de:9e:99:66:99:3b:60:d8:09:07:07:
         c6:6c:4a:7d:52:b4:26:fb:d8:b2:8a:d4:a0:c2:65:49:32:64:
         86:37:1e:93:25:6a:ae:aa:52:15:67:e0:54:f0:1b:eb:76:8e:
         87:67:2d:5d:55:50:56:e4:1a:05:b6:ec:84:7d:89:03:b0:64:
         5a:27:85:d9:e7:bf:72:0f:ec:03:90:6a:0b:d3:a4:10:9d:c9:
         c4:f9:db:89:9d:93:ab:12:e3:75:0a:b3:0c:60:4e:ab:46:2f:
         37:26:c1:fd:77:4d:25:6e:6d:d5:18:d0:2d:5b:eb:01:9c:97:
         6a:5d:41:89:78:77:14:35:8d:be:5a:cb:e3:6e:42:ac:69:22:
         84:34:fe:24
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZiZBzrp4ClL8oJoLj82v7o8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwODExMTIwNzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMyNWVkNzgxZGY2Y2MxODI3YzI5YTdhYmQxN2E5ZmI5ZWNjNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2M+EgwM223SO0KrRvQbqJJeYctcG
EIzIiB1nMXbHXQHP2jhsd1n+1MaOClYsiIZ+UGrU5rB4V1UlwZqCoDXceo28LwXV
kRH+1E7GjvunF7hFflwViyQGSeEceo2sEP9fWLO1IYvn1Hdjebs8trf6/bkAGlDE
mD9fZ1OOam9/JZdQotk/PfPySrX/KYQuMao3VnzxSwz9fywhGQLhKcB+edQF16mM
66RD1F5IdCctYDsn8+ns3zb9xztgkDpedQ9DEpMy5ZwUomCCId+5fFSliFMYXoJC
VSnIDLGr+UB89j1JmIzzGwzwnvJEmL76dMgiiGA4RIzOLcOsCjJle4y9MwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOvCXteB32zBgnwpp6vRep+57MVeMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvNjhKZTE0SGZiTUdDZkNtbnE5RjZuN25zeFY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBLuzEMAwD
BAIu7MwDBAAu7M4wDQYJKoZIhvcNAQELBQADggEBACQJ762vg9aVmOLkOygfM01I
+m2SdzDU066ov7Cp4Vi7dPROP8cXDTXBJhgD2v4eApVZj4qy1WaluwG3btkq3vD4
AtdIPLJvC9EM7MEHIqwDJjYqWsIGotyJNGL2yDOINrm9hIo3W96TI0ViWlv3Z38P
stPenplmmTtg2AkHB8ZsSn1StCb72LKK1KDCZUkyZIY3HpMlaq6qUhVn4FTwG+t2
jodnLV1VUFbkGgW27IR9iQOwZFonhdnnv3IP7AOQagvTpBCdycT524mdk6sS43UK
swxgTqtGLzcmwf13TSVubdUY0C1b6wGcl2pdQYl4dxQ1jb5ay+NuQqxpIoQ0/iQ=
-----END CERTIFICATE-----