Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/qKhGSn-anlVBbLwa8kuLCuYeIg4.roa
File:                     qKhGSn-anlVBbLwa8kuLCuYeIg4.roa (raw, json)
Hash identifier:          GMbSoeO7Bt68N/Bj/6mj7uVPJ/WZKmJE6Cg5RyuDqEs=
Subject key identifier:   A8:A8:46:4A:7F:9A:9E:55:41:6C:BC:1A:F2:4B:8B:0A:E6:1E:22:0E
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       0196387010DD33A37F325ACE8EC3573C95FF
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/qKhGSn-anlVBbLwa8kuLCuYeIg4.roa
Signing time:             Tue 15 Apr 2025 07:53:10 +0000
ROA not before:           Tue 15 Apr 2025 07:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        46.236.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 13:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:70:10:dd:33:a3:7f:32:5a:ce:8e:c3:57:3c:95:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Apr 15 07:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8a8464a7f9a9e55416cbc1af24b8b0ae61e220e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1e:14:a2:94:47:20:44:48:a7:b8:2b:a9:f0:
                    fc:30:80:3f:6e:be:1f:6e:9b:ef:03:2c:5e:35:cb:
                    3a:ef:e0:a3:a4:7a:2b:fc:06:f7:43:bd:1c:a0:5d:
                    46:21:57:e4:41:f0:e8:1d:33:95:93:95:d5:5f:ae:
                    b0:25:e9:a2:9c:9a:be:de:bf:91:ec:07:65:9a:96:
                    58:ec:7d:4b:8b:39:e7:85:46:11:2a:f2:99:7a:24:
                    fe:49:37:0d:28:f7:dc:ce:75:1d:4c:3c:81:e8:b5:
                    aa:07:e3:d6:e1:28:d4:00:2e:c0:c9:a0:f5:c1:50:
                    3d:79:07:b8:c4:36:10:f8:91:f6:cf:07:62:be:ea:
                    0a:28:fc:fb:ac:7b:49:05:79:58:f0:ae:5a:e0:67:
                    50:ad:14:9b:19:0f:35:95:4f:6e:79:14:82:1e:74:
                    cb:87:64:a7:ad:7f:53:e2:62:dd:fd:c9:8b:56:18:
                    b6:74:3f:d6:cd:f9:c1:a7:7e:fc:e1:fc:74:3d:93:
                    35:5e:d0:9e:a1:3d:2d:49:f8:b9:de:c2:68:1a:20:
                    ba:64:14:b3:d1:5c:b9:0e:d6:d9:9c:d0:a3:c6:d9:
                    51:c8:f3:ab:d2:08:68:3d:d3:63:04:19:54:94:51:
                    cc:ec:eb:53:bc:a6:54:cb:aa:92:d8:b4:61:21:b9:
                    ee:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A8:46:4A:7F:9A:9E:55:41:6C:BC:1A:F2:4B:8B:0A:E6:1E:22:0E
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/qKhGSn-anlVBbLwa8kuLCuYeIg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:6a:c9:ee:45:d2:1e:1e:c5:e7:cd:7c:c2:c5:e9:77:b8:d6:
         e2:be:b7:07:a5:73:fb:7c:fc:45:30:a0:99:8b:9e:cf:ed:5c:
         fb:3c:74:e9:3e:7f:f7:06:e0:a5:40:eb:0c:70:38:9b:74:d2:
         ec:1f:8d:aa:72:c5:5c:cf:65:04:40:e0:fb:e9:88:ea:88:7d:
         65:36:6b:8b:6f:2b:60:e9:b0:03:bc:72:a6:d7:52:90:f6:ca:
         e0:62:32:fd:e7:a2:d8:a3:57:0d:9c:7a:3b:72:86:bb:e8:b8:
         1b:ff:48:34:93:78:67:5f:90:a2:c0:ac:14:8a:a0:bb:b4:39:
         bb:da:f6:03:bb:20:19:e0:21:5e:91:21:e0:57:c5:2e:1f:0a:
         07:94:d5:ac:f6:4a:68:ec:1a:6b:5e:5f:62:e5:39:45:8c:f9:
         4d:ea:2e:f6:5e:bf:d4:de:bd:dd:87:bf:2a:30:ac:ba:2f:67:
         0b:53:52:b5:ab:22:e6:94:d4:2c:c5:1b:86:2d:dd:5d:bf:5d:
         c5:a3:3c:c9:0e:40:c3:47:82:3b:cd:11:7e:f1:7e:c3:e3:1e:
         99:5b:d1:27:46:da:96:9e:a5:23:d2:97:57:f0:b9:d1:ca:b7:
         16:b7:fe:8d:42:ae:3f:94:18:01:4e:6e:95:0a:63:2d:56:2f:
         c5:66:e4:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY4cBDdM6N/MlrOjsNXPJX/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNDE1MDc1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE4NDY0YTdmOWE5ZTU1NDE2Y2JjMWFmMjRiOGIwYWU2MWUyMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR4UopRHIERIp7grqfD8MIA/br4f
bpvvAyxeNcs67+CjpHor/Ab3Q70coF1GIVfkQfDoHTOVk5XVX66wJeminJq+3r+R
7AdlmpZY7H1LiznnhUYRKvKZeiT+STcNKPfcznUdTDyB6LWqB+PW4SjUAC7AyaD1
wVA9eQe4xDYQ+JH2zwdivuoKKPz7rHtJBXlY8K5a4GdQrRSbGQ81lU9ueRSCHnTL
h2SnrX9T4mLd/cmLVhi2dD/WzfnBp3784fx0PZM1XtCeoT0tSfi53sJoGiC6ZBSz
0Vy5DtbZnNCjxtlRyPOr0ghoPdNjBBlUlFHM7OtTvKZUy6qS2LRhIbnuZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKioRkp/mp5VQWy8GvJLiwrmHiIOMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvcUtoR1NuLWFubFZCYkx3YThrdUxDdVllSWc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzHMA0G
CSqGSIb3DQEBCwUAA4IBAQB4asnuRdIeHsXnzXzCxel3uNbivrcHpXP7fPxFMKCZ
i57P7Vz7PHTpPn/3BuClQOsMcDibdNLsH42qcsVcz2UEQOD76YjqiH1lNmuLbytg
6bADvHKm11KQ9srgYjL956LYo1cNnHo7coa76Lgb/0g0k3hnX5CiwKwUiqC7tDm7
2vYDuyAZ4CFekSHgV8UuHwoHlNWs9kpo7BprXl9i5TlFjPlN6i72Xr/U3r3dh78q
MKy6L2cLU1K1qyLmlNQsxRuGLd1dv13FozzJDkDDR4I7zRF+8X7D4x6ZW9EnRtqW
nqUj0pdX8LnRyrcWt/6NQq4/lBgBTm6VCmMtVi/FZuT0
-----END CERTIFICATE-----