Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/2EgNkY8LCfJBqiF5G8pJe3q0hB4.roa
File:                     2EgNkY8LCfJBqiF5G8pJe3q0hB4.roa (raw, json)
Hash identifier:          wdnhU8m5AMaVCnPJuJ1ikMuyahXryJ7xnwDGzqvqxIk=
Subject key identifier:   D8:48:0D:91:8F:0B:09:F2:41:AA:21:79:1B:CA:49:7B:7A:B4:84:1E
Certificate issuer:       /CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
Certificate serial:       0197A7079142B0DBE47C2A581CFE7ED6A894
Authority key identifier: 7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/2EgNkY8LCfJBqiF5G8pJe3q0hB4.roa
Signing time:             Wed 25 Jun 2025 12:19:40 +0000
ROA not before:           Wed 25 Jun 2025 12:19:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210984
IP address blocks:        46.243.52.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a7:07:91:42:b0:db:e4:7c:2a:58:1c:fe:7e:d6:a8:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e65dab23940cb394f9aaa664fea4d6f8f42e318
        Validity
            Not Before: Jun 25 12:19:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8480d918f0b09f241aa21791bca497b7ab4841e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d3:23:f4:8a:cf:38:1c:66:b1:9f:f6:91:9a:
                    92:58:69:71:85:94:53:41:f1:eb:42:85:ec:db:f5:
                    0d:97:4e:27:98:8d:99:2e:68:19:11:51:f2:c2:d2:
                    64:33:7d:e6:cf:17:65:c1:79:63:cf:a5:db:24:18:
                    af:ab:3c:96:ba:8d:ab:23:06:24:b9:a0:24:8c:b9:
                    24:2b:92:e4:56:7d:e4:c9:b1:9d:ae:7e:8e:84:63:
                    b4:69:9d:77:71:91:d3:a7:18:9d:a5:aa:4f:1b:78:
                    36:3f:de:9d:04:bf:51:36:3d:b0:88:e6:5a:48:db:
                    4d:61:56:8b:8a:47:fd:ac:cf:5f:c4:01:0a:bc:b7:
                    d0:e8:f4:44:57:1e:0c:c1:14:0a:c4:26:33:e8:96:
                    b6:29:54:da:08:34:98:c6:ec:d5:43:91:a4:25:85:
                    46:21:6d:1f:fe:9d:2b:52:cd:e8:bf:3c:18:ad:0b:
                    2d:53:f8:33:e2:b5:04:ed:13:84:34:1f:54:d6:5f:
                    0a:a9:04:7d:43:28:d3:d7:7f:72:37:9e:a2:25:3f:
                    ef:50:5c:c7:b9:6d:1c:0f:9e:83:f8:fc:bb:07:90:
                    93:99:71:88:a0:b2:68:fb:e2:6d:e3:f9:f9:12:91:
                    2a:de:ed:34:0a:3b:32:83:e8:fa:80:b2:da:fd:65:
                    ff:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:48:0D:91:8F:0B:09:F2:41:AA:21:79:1B:CA:49:7B:7A:B4:84:1E
            X509v3 Authority Key Identifier:
                keyid:7E:65:DA:B2:39:40:CB:39:4F:9A:AA:66:4F:EA:4D:6F:8F:42:E3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fmXasjlAyzlPmqpmT-pNb49C4xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/2EgNkY8LCfJBqiF5G8pJe3q0hB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58ebb1-dbec-47f9-bb96-849cfcabb657/1/fmXasjlAyzlPmqpmT-pNb49C4xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:81:50:a9:f5:0e:9d:b6:55:92:dc:6a:aa:3f:af:da:4a:93:
         9d:e7:e4:b0:d7:47:90:e3:c7:ff:ee:ca:55:6b:57:c6:46:36:
         42:52:86:2c:07:4c:28:23:1b:4b:46:dc:f3:e1:84:d7:58:51:
         bc:ca:dd:1f:25:f1:a6:b7:4e:3b:42:2e:b5:03:d5:28:19:7a:
         d3:94:83:45:e2:05:7f:4a:d8:73:89:b3:42:b7:65:0d:49:01:
         d0:91:d8:c9:1b:3b:d2:85:12:e2:44:a1:ea:52:eb:38:29:2a:
         27:ef:b8:36:ea:0e:00:a9:95:7b:09:bb:d4:bf:a8:d9:41:ec:
         2b:9b:68:02:e7:34:fa:bd:c0:6d:46:a7:1d:f1:76:23:e2:1c:
         18:53:bb:91:9d:07:5d:9d:7f:d8:30:c4:cb:08:82:0b:b3:46:
         fc:04:20:fb:77:49:d3:e5:2b:e4:40:34:e6:4c:8b:fe:bf:5e:
         16:18:eb:a0:65:2c:92:d6:84:73:f3:0c:18:5b:52:8a:f2:c3:
         b9:12:84:cc:20:e8:8e:cf:e4:e8:b7:d4:d0:bd:db:d1:f0:f9:
         18:ad:d8:f8:5a:66:f3:bc:99:1a:6d:48:d4:b4:10:d2:b8:2f:
         7c:c3:05:cd:b3:ec:49:c3:ba:1d:cd:97:39:9e:79:c8:30:b6:
         11:d9:d6:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZenB5FCsNvkfCpYHP5+1qiUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNjVkYWIyMzk0MGNiMzk0ZjlhYWE2NjRmZWE0ZDZmOGY0
MmUzMTgwHhcNMjUwNjI1MTIxOTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQ4MGQ5MThmMGIwOWYyNDFhYTIxNzkxYmNhNDk3YjdhYjQ4NDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstMj9IrPOBxmsZ/2kZqSWGlxhZRT
QfHrQoXs2/UNl04nmI2ZLmgZEVHywtJkM33mzxdlwXljz6XbJBivqzyWuo2rIwYk
uaAkjLkkK5LkVn3kybGdrn6OhGO0aZ13cZHTpxidpapPG3g2P96dBL9RNj2wiOZa
SNtNYVaLikf9rM9fxAEKvLfQ6PREVx4MwRQKxCYz6Ja2KVTaCDSYxuzVQ5GkJYVG
IW0f/p0rUs3ovzwYrQstU/gz4rUE7ROENB9U1l8KqQR9QyjT139yN56iJT/vUFzH
uW0cD56D+Py7B5CTmXGIoLJo++Jt4/n5EpEq3u00Cjsyg+j6gLLa/WX/ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhIDZGPCwnyQaoheRvKSXt6tIQeMB8GA1UdIwQY
MBaAFH5l2rI5QMs5T5qqZk/qTW+PQuMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYt
ODQ5Y2ZjYWJiNjU3LzEvMkVnTmtZOExDZkpCcWlGNUc4cEplM3EwaEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81OGViYjEtZGJlYy00N2Y5LWJiOTYtODQ5Y2ZjYWJiNjU3
LzEvZm1YYXNqbEF5emxQbXFwbVQtcE5iNDlDNHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLvM0MA0G
CSqGSIb3DQEBCwUAA4IBAQBOgVCp9Q6dtlWS3GqqP6/aSpOd5+Sw10eQ48f/7spV
a1fGRjZCUoYsB0woIxtLRtzz4YTXWFG8yt0fJfGmt047Qi61A9UoGXrTlINF4gV/
SthzibNCt2UNSQHQkdjJGzvShRLiRKHqUus4KSon77g26g4AqZV7CbvUv6jZQewr
m2gC5zT6vcBtRqcd8XYj4hwYU7uRnQddnX/YMMTLCIILs0b8BCD7d0nT5SvkQDTm
TIv+v14WGOugZSyS1oRz8wwYW1KK8sO5EoTMIOiOz+Tot9TQvdvR8PkYrdj4Wmbz
vJkabUjUtBDSuC98wwXNs+xJw7odzZc5nnnIMLYR2db0
-----END CERTIFICATE-----