Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/nExuetV9MCMJWIoZU5Vd2o1iylU.roa
File:                     nExuetV9MCMJWIoZU5Vd2o1iylU.roa (raw, json)
Hash identifier:          63bmpu0+5SyyRA291GX6DBZPH4lWBzWa267jOBa6cug=
Subject key identifier:   9C:4C:6E:7A:D5:7D:30:23:09:58:8A:19:53:95:5D:DA:8D:62:CA:55
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0198A2C435FCFA027CAD61375A5AF3B8EAB0
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/nExuetV9MCMJWIoZU5Vd2o1iylU.roa
Signing time:             Wed 13 Aug 2025 09:30:24 +0000
ROA not before:           Wed 13 Aug 2025 09:30:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399073
IP address blocks:        46.236.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:c4:35:fc:fa:02:7c:ad:61:37:5a:5a:f3:b8:ea:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Aug 13 09:30:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c4c6e7ad57d302309588a1953955dda8d62ca55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8d:b1:19:0e:67:53:4c:5e:e9:2c:39:c1:9e:
                    a9:4e:0b:6d:49:e3:40:fd:1a:6e:4b:c6:ed:dc:81:
                    a9:66:3a:e6:bf:1c:fb:da:80:d1:dc:90:8e:33:7f:
                    ed:19:b6:22:ce:a4:ef:a8:f9:1a:b5:fb:1d:80:8a:
                    d9:00:ef:bb:f4:7a:d1:90:b5:d4:c4:5a:94:dd:2e:
                    eb:fc:ee:22:d7:21:ae:24:b1:f0:62:e5:7f:f7:a8:
                    5a:b2:b2:0d:4b:3d:37:4a:11:97:2a:03:66:c4:1b:
                    78:6f:de:ec:39:3e:3e:37:08:32:69:6a:41:b6:81:
                    77:e3:99:85:82:8b:27:f8:a6:c6:8d:f1:b6:4b:5d:
                    0f:3f:a8:25:f6:84:46:70:7f:48:03:c9:bd:80:41:
                    4a:22:ac:06:0f:f3:a6:72:4b:25:45:5e:48:ca:5a:
                    c7:28:16:46:eb:4d:ec:54:8f:5e:8f:1a:1c:32:b7:
                    f6:81:ed:e9:ea:37:93:07:24:c9:e8:52:4a:59:73:
                    45:d3:0a:71:ae:8e:5c:9b:ef:9f:2a:9e:30:98:e9:
                    81:c0:22:e6:bd:81:50:80:d3:86:39:1c:94:2f:b4:
                    d7:b5:2a:34:b5:14:22:ef:ea:17:7c:d6:93:e9:36:
                    11:2b:62:be:dc:b9:63:47:f0:17:6a:1e:d4:8d:ab:
                    59:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4C:6E:7A:D5:7D:30:23:09:58:8A:19:53:95:5D:DA:8D:62:CA:55
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/nExuetV9MCMJWIoZU5Vd2o1iylU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:37:f5:5a:0d:24:49:a0:0e:3a:3c:12:82:d9:8b:57:05:ad:
         b6:5b:0d:d0:2d:99:07:9d:5d:f9:64:02:de:76:96:26:38:6a:
         6a:7c:2b:9e:2c:dd:b1:42:17:8b:2e:9d:e4:d2:44:4d:3c:90:
         39:b6:44:02:02:44:3a:1a:66:aa:73:9a:96:6b:03:ba:a9:37:
         4d:b7:50:ca:8e:64:77:01:35:13:d9:c1:c3:98:d4:fd:17:81:
         f2:85:bd:19:f9:94:c9:81:fa:e8:1e:72:cb:70:04:4d:a6:ab:
         a5:75:2f:16:0f:b7:ee:62:97:d0:7c:ec:6b:2b:13:34:82:95:
         49:61:d3:75:ae:94:fc:30:7f:b9:17:60:55:19:bf:bc:b6:41:
         4c:71:b7:02:70:c7:5d:dc:c7:37:70:f8:2b:79:b1:2a:44:0a:
         6b:df:db:67:8c:bf:e1:4d:dc:6a:a2:61:4f:85:a6:16:24:1e:
         83:ca:65:31:75:92:e6:2a:f8:98:25:44:3c:aa:80:07:26:2d:
         58:1d:12:3e:c4:43:ce:ce:b2:7d:c5:89:20:17:f4:4a:da:0f:
         04:15:ca:84:2f:1a:44:3c:e8:f7:37:83:31:fe:8c:2d:f1:77:
         4f:99:31:68:d3:62:32:06:54:19:78:72:0c:8c:1c:04:bf:17:
         f4:0f:c1:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiixDX8+gJ8rWE3WlrzuOqwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwODEzMDkzMDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRjNmU3YWQ1N2QzMDIzMDk1ODhhMTk1Mzk1NWRkYThkNjJjYTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI2xGQ5nU0xe6Sw5wZ6pTgttSeNA
/RpuS8bt3IGpZjrmvxz72oDR3JCOM3/tGbYizqTvqPkatfsdgIrZAO+79HrRkLXU
xFqU3S7r/O4i1yGuJLHwYuV/96hasrINSz03ShGXKgNmxBt4b97sOT4+NwgyaWpB
toF345mFgosn+KbGjfG2S10PP6gl9oRGcH9IA8m9gEFKIqwGD/OmckslRV5IylrH
KBZG603sVI9ejxocMrf2ge3p6jeTByTJ6FJKWXNF0wpxro5cm++fKp4wmOmBwCLm
vYFQgNOGORyUL7TXtSo0tRQi7+oXfNaT6TYRK2K+3LljR/AXah7UjatZOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxMbnrVfTAjCViKGVOVXdqNYspVMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvbkV4dWV0VjlNQ01KV0lvWlU1VmQybzFpeWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzyMA0G
CSqGSIb3DQEBCwUAA4IBAQCZN/VaDSRJoA46PBKC2YtXBa22Ww3QLZkHnV35ZALe
dpYmOGpqfCueLN2xQheLLp3k0kRNPJA5tkQCAkQ6Gmaqc5qWawO6qTdNt1DKjmR3
ATUT2cHDmNT9F4Hyhb0Z+ZTJgfroHnLLcARNpquldS8WD7fuYpfQfOxrKxM0gpVJ
YdN1rpT8MH+5F2BVGb+8tkFMcbcCcMdd3Mc3cPgrebEqRApr39tnjL/hTdxqomFP
haYWJB6DymUxdZLmKviYJUQ8qoAHJi1YHRI+xEPOzrJ9xYkgF/RK2g8EFcqELxpE
POj3N4Mx/owt8XdPmTFo02IyBlQZeHIMjBwEvxf0D8Fx
-----END CERTIFICATE-----