Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/j60P2U9ew9b40KT1eQixMF89Kiw.roa
File:                     j60P2U9ew9b40KT1eQixMF89Kiw.roa (raw, json)
Hash identifier:          6QyYZiDRnfs4gi+c7xIeW7neFF2AWa/7UFLNyJVZkkI=
Subject key identifier:   8F:AD:0F:D9:4F:5E:C3:D6:F8:D0:A4:F5:79:08:B1:30:5F:3D:2A:2C
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       0197BA6444964F16F4736FEAC385F445335F
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/j60P2U9ew9b40KT1eQixMF89Kiw.roa
Signing time:             Sun 29 Jun 2025 06:33:42 +0000
ROA not before:           Sun 29 Jun 2025 06:33:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49020
IP address blocks:        46.20.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ba:64:44:96:4f:16:f4:73:6f:ea:c3:85:f4:45:33:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Jun 29 06:33:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fad0fd94f5ec3d6f8d0a4f57908b1305f3d2a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ef:cb:f4:3a:de:f5:f5:bb:f1:22:98:61:62:
                    49:49:df:06:1e:1d:ee:0b:67:00:88:1e:4e:25:30:
                    65:32:7e:28:81:2b:7f:18:89:cf:89:8a:ee:5f:7c:
                    d2:56:34:b7:c0:a2:90:bc:22:f8:12:1a:cc:61:1b:
                    bf:cc:71:69:7f:75:4c:31:3d:61:e7:a4:62:6d:bd:
                    ae:81:9e:98:6a:14:be:46:3a:8a:dc:12:bf:7a:2e:
                    78:af:81:66:99:ee:e2:b2:da:43:63:66:5c:74:c5:
                    82:70:a7:ac:1d:a3:f8:57:7b:9c:eb:84:f1:4b:a8:
                    10:31:dd:9f:34:0b:ab:f6:d9:a4:29:ce:0d:d0:5d:
                    18:ef:95:1e:ee:4a:68:63:14:ab:4d:a0:64:75:40:
                    fa:2b:25:f4:65:26:d5:77:6e:ba:fc:30:73:dc:f1:
                    cb:cd:33:73:2c:cf:69:0b:9e:1b:56:34:bf:18:d2:
                    70:a0:3f:3a:b5:64:12:a6:03:b4:ea:49:51:12:b6:
                    6d:db:a1:66:a3:92:7b:47:67:21:99:86:76:78:64:
                    b5:be:05:9b:8a:64:8e:5b:38:1b:9c:9c:ba:df:03:
                    f6:dd:24:53:3a:6f:1c:6d:e2:90:80:dc:94:3e:5c:
                    bb:65:83:a8:5a:6c:a2:4a:c6:0c:dd:6d:7c:3d:cf:
                    34:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:AD:0F:D9:4F:5E:C3:D6:F8:D0:A4:F5:79:08:B1:30:5F:3D:2A:2C
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/j60P2U9ew9b40KT1eQixMF89Kiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:c1:d9:c1:95:13:25:93:e2:77:3e:b8:08:17:79:58:f3:e9:
         1f:53:8a:62:c7:aa:1e:eb:b6:7b:1f:28:cc:25:3f:ee:24:6b:
         14:a4:89:af:4a:b5:df:8a:ee:b6:96:7e:07:10:58:54:08:13:
         8f:96:4c:e0:29:ba:53:d6:2d:cf:56:e4:b4:49:5c:e1:7f:d6:
         85:d0:7b:72:24:5d:98:a9:20:97:85:73:c2:c0:d9:16:80:06:
         4d:da:86:87:c9:31:2c:09:a9:e1:77:d4:01:40:92:8b:60:3c:
         97:c8:92:82:60:0f:dc:f0:cf:8f:95:f5:83:7c:e6:a0:58:09:
         c0:0c:01:a2:62:d1:96:a5:85:96:88:76:66:e1:6c:14:0f:26:
         e8:91:4f:33:9d:5f:61:76:f9:f0:2a:5e:d8:64:12:75:f9:ff:
         02:90:d7:cb:c0:b2:c8:30:f3:29:8d:7b:df:48:9d:4f:b5:8f:
         ea:b6:db:26:db:2d:34:61:db:d5:83:56:65:fb:01:56:fa:b4:
         db:6c:0b:d5:38:08:82:a8:8e:53:d2:ee:89:42:75:3a:4c:f5:
         c4:c8:eb:4e:86:63:02:7b:53:8c:e3:e4:a9:ca:cd:5e:8f:88:
         7f:38:a6:c5:c5:85:0f:b9:15:7b:82:18:bb:c0:c0:44:35:60:
         aa:a2:42:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe6ZESWTxb0c2/qw4X0RTNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjUwNjI5MDYzMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmFkMGZkOTRmNWVjM2Q2ZjhkMGE0ZjU3OTA4YjEzMDVmM2QyYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+/L9Dre9fW78SKYYWJJSd8GHh3u
C2cAiB5OJTBlMn4ogSt/GInPiYruX3zSVjS3wKKQvCL4EhrMYRu/zHFpf3VMMT1h
56Ribb2ugZ6YahS+RjqK3BK/ei54r4Fmme7istpDY2ZcdMWCcKesHaP4V3uc64Tx
S6gQMd2fNAur9tmkKc4N0F0Y75Ue7kpoYxSrTaBkdUD6KyX0ZSbVd266/DBz3PHL
zTNzLM9pC54bVjS/GNJwoD86tWQSpgO06klRErZt26Fmo5J7R2chmYZ2eGS1vgWb
imSOWzgbnJy63wP23SRTOm8cbeKQgNyUPly7ZYOoWmyiSsYM3W18Pc80GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+tD9lPXsPW+NCk9XkIsTBfPSosMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvajYwUDJVOWV3OWI0MEtUMWVRaXhNRjg5S2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRnMA0G
CSqGSIb3DQEBCwUAA4IBAQBrwdnBlRMlk+J3PrgIF3lY8+kfU4pix6oe67Z7HyjM
JT/uJGsUpImvSrXfiu62ln4HEFhUCBOPlkzgKbpT1i3PVuS0SVzhf9aF0HtyJF2Y
qSCXhXPCwNkWgAZN2oaHyTEsCanhd9QBQJKLYDyXyJKCYA/c8M+PlfWDfOagWAnA
DAGiYtGWpYWWiHZm4WwUDybokU8znV9hdvnwKl7YZBJ1+f8CkNfLwLLIMPMpjXvf
SJ1PtY/qttsm2y00YdvVg1Zl+wFW+rTbbAvVOAiCqI5T0u6JQnU6TPXEyOtOhmMC
e1OM4+Spys1ej4h/OKbFxYUPuRV7ghi7wMBENWCqokKQ
-----END CERTIFICATE-----