Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/e7z0oRKCehd6Ea7tsIDH_CrT8g0.roa
File:                     e7z0oRKCehd6Ea7tsIDH_CrT8g0.roa (raw, json)
Hash identifier:          rqMdlglqnoJd6sqLsXF+uIqk3nINirrRe1Hs5mOfPEU=
Subject key identifier:   7B:BC:F4:A1:12:82:7A:17:7A:11:AE:ED:B0:80:C7:FC:2A:D3:F2:0D
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       01989981EA0EE08ADC26A598FB094922CFEB
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/e7z0oRKCehd6Ea7tsIDH_CrT8g0.roa
Signing time:             Mon 11 Aug 2025 14:21:24 +0000
ROA not before:           Mon 11 Aug 2025 14:21:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        46.20.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:99:81:ea:0e:e0:8a:dc:26:a5:98:fb:09:49:22:cf:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Aug 11 14:21:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bbcf4a112827a177a11aeedb080c7fc2ad3f20d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e2:a5:33:68:0b:7b:45:32:b6:b8:47:77:58:
                    a1:7b:48:cd:cc:0d:81:ee:09:3a:10:e0:95:b2:05:
                    0a:54:30:44:3d:e6:fc:ca:69:95:c4:79:95:02:78:
                    c5:06:f0:63:7b:ac:3a:a6:a3:71:ab:30:7d:1a:38:
                    19:db:34:f9:99:77:2a:5e:66:06:dc:4f:9f:5b:64:
                    6e:6e:ff:98:90:39:57:0f:9d:cc:2d:41:c4:79:18:
                    25:70:1d:97:cc:f3:ad:d5:bf:a6:44:27:b7:77:52:
                    63:8b:5a:0c:88:ee:36:40:a3:79:88:fb:22:50:7c:
                    c5:36:57:c0:4a:52:e3:03:3d:1c:59:41:89:e6:bc:
                    f2:03:b2:b7:3a:c8:01:79:c3:e3:12:e0:01:17:be:
                    fd:c5:a3:bf:76:b1:ce:30:a7:47:f2:b7:b4:e7:8c:
                    94:d8:67:e6:6b:89:d2:69:b0:67:b6:e1:99:b7:81:
                    f1:db:ac:b2:a3:41:c1:2b:9f:58:2d:41:c9:a1:3d:
                    34:e3:f9:da:e3:45:9c:0c:e0:c1:cd:45:3a:8f:e6:
                    f3:1a:f0:08:66:f6:7b:58:91:b1:67:4c:a4:aa:5f:
                    16:92:94:fa:73:82:89:99:f8:5e:48:3d:cf:7c:3c:
                    eb:ce:62:b7:ac:5a:46:f6:0e:ac:f2:fc:b6:f8:f1:
                    a6:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:BC:F4:A1:12:82:7A:17:7A:11:AE:ED:B0:80:C7:FC:2A:D3:F2:0D
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/e7z0oRKCehd6Ea7tsIDH_CrT8g0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:54:41:50:7d:7f:fb:c4:1f:20:a8:5f:1f:45:dd:1e:14:78:
         3b:fb:0c:ef:eb:10:ba:f3:74:05:2b:80:0a:ea:54:f5:b2:6d:
         c2:90:9d:7f:ab:06:e3:bf:83:0c:e1:81:6e:fe:0d:b9:6a:ad:
         7a:d7:01:c4:5b:79:09:18:84:09:27:e8:a4:b8:d0:4d:70:ea:
         a6:b2:7b:99:83:ec:38:8e:cc:d9:d3:5a:c1:57:60:9a:9f:ca:
         c3:c9:4e:45:6c:44:95:41:d7:38:bc:7f:21:b2:30:bd:f3:03:
         84:6a:d9:e9:9a:0d:62:c8:fc:44:c5:6f:da:9d:40:8c:b7:d1:
         be:ef:4e:5a:08:05:a4:0c:9b:9e:d5:ae:52:c9:0e:19:ca:59:
         a9:0f:e6:a7:f4:9f:ef:f3:16:10:f0:06:f6:8e:b1:60:84:22:
         24:28:e8:39:ad:ca:56:60:af:9e:7a:c0:37:57:b6:2a:ff:7b:
         75:81:e9:2b:01:b4:e0:ea:dc:d1:9f:ef:21:2d:13:28:fc:0c:
         a2:54:e9:f2:6f:11:cc:67:31:23:c8:d6:65:14:e6:c0:2c:99:
         3d:61:ef:d0:99:e1:26:9f:8e:90:16:ac:65:6c:e1:46:1a:63:
         74:6f:56:35:0d:0e:50:4d:7f:aa:d4:c1:e5:ab:d3:e0:68:9b:
         32:52:0a:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiZgeoO4IrcJqWY+wlJIs/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjUwODExMTQyMTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmJjZjRhMTEyODI3YTE3N2ExMWFlZWRiMDgwYzdmYzJhZDNmMjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOKlM2gLe0UytrhHd1ihe0jNzA2B
7gk6EOCVsgUKVDBEPeb8ymmVxHmVAnjFBvBje6w6pqNxqzB9GjgZ2zT5mXcqXmYG
3E+fW2Rubv+YkDlXD53MLUHEeRglcB2XzPOt1b+mRCe3d1Jji1oMiO42QKN5iPsi
UHzFNlfASlLjAz0cWUGJ5rzyA7K3OsgBecPjEuABF779xaO/drHOMKdH8re054yU
2Gfma4nSabBntuGZt4Hx26yyo0HBK59YLUHJoT004/na40WcDODBzUU6j+bzGvAI
ZvZ7WJGxZ0ykql8WkpT6c4KJmfheSD3PfDzrzmK3rFpG9g6s8vy2+PGmUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHu89KESgnoXehGu7bCAx/wq0/INMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvZTd6MG9SS0NlaGQ2RWE3dHNJREhfQ3JUOGcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRvMA0G
CSqGSIb3DQEBCwUAA4IBAQBXVEFQfX/7xB8gqF8fRd0eFHg7+wzv6xC683QFK4AK
6lT1sm3CkJ1/qwbjv4MM4YFu/g25aq161wHEW3kJGIQJJ+ikuNBNcOqmsnuZg+w4
jszZ01rBV2Can8rDyU5FbESVQdc4vH8hsjC98wOEatnpmg1iyPxExW/anUCMt9G+
705aCAWkDJue1a5SyQ4ZylmpD+an9J/v8xYQ8Ab2jrFghCIkKOg5rcpWYK+eesA3
V7Yq/3t1gekrAbTg6tzRn+8hLRMo/AyiVOnybxHMZzEjyNZlFObALJk9Ye/QmeEm
n46QFqxlbOFGGmN0b1Y1DQ5QTX+q1MHlq9PgaJsyUgoe
-----END CERTIFICATE-----