Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/P-xdH5szgMQXhP27nYN82uBlj4k.roa
File:                     P-xdH5szgMQXhP27nYN82uBlj4k.roa (raw, json)
Hash identifier:          wErvIL1WI1egSnklkuRsLUz42g0IG42ATwZat+dtmP4=
Subject key identifier:   3F:EC:5D:1F:9B:33:80:C4:17:84:FD:BB:9D:83:7C:DA:E0:65:8F:89
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019976D9B7E61A1127FBD9701C88E08D8372
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/P-xdH5szgMQXhP27nYN82uBlj4k.roa
Signing time:             Tue 23 Sep 2025 13:53:23 +0000
ROA not before:           Tue 23 Sep 2025 13:53:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216169
IP address blocks:        46.38.142.0/24 maxlen: 24
                          109.94.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:d9:b7:e6:1a:11:27:fb:d9:70:1c:88:e0:8d:83:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Sep 23 13:53:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fec5d1f9b3380c41784fdbb9d837cdae0658f89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c2:7c:93:ac:45:34:27:ea:2f:f7:52:32:bf:
                    69:14:e4:fb:5a:01:12:eb:ce:94:8f:d4:ad:1f:e5:
                    b6:d4:f5:8f:4d:ed:85:09:94:dc:96:f2:ee:f4:00:
                    a5:ed:4d:c9:c0:01:23:14:f0:53:33:01:03:e4:1e:
                    8d:47:00:04:38:8d:7d:e3:c4:ac:b1:81:2b:a4:e4:
                    e7:04:b1:f9:88:31:ac:21:c3:93:56:a6:e8:69:7a:
                    b1:63:84:70:e9:86:5a:26:88:85:d7:41:ba:53:6d:
                    96:d3:7a:97:54:e1:7f:24:6f:04:8b:f0:50:2f:be:
                    6e:46:1a:3a:5a:aa:bd:01:0c:77:da:9d:70:61:ba:
                    37:fb:e1:ba:e6:f4:61:d5:94:df:3f:26:b7:33:78:
                    c3:09:1b:02:95:15:48:03:e8:3d:f0:46:d3:b9:66:
                    cb:31:d5:e9:e4:fe:13:b6:b9:32:ae:b8:73:5a:ca:
                    10:77:5f:2e:91:ce:91:27:8f:ab:fe:1e:f2:9c:a1:
                    f7:d9:b4:82:b7:02:18:3c:31:d0:49:20:cf:d9:82:
                    94:24:30:04:ce:5d:cd:4d:20:26:81:fd:67:a4:ac:
                    33:03:51:76:23:4d:ca:fc:6f:96:72:e7:1d:df:aa:
                    22:d6:6a:cf:9b:f6:63:3b:72:dc:7f:58:c0:da:1f:
                    70:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:EC:5D:1F:9B:33:80:C4:17:84:FD:BB:9D:83:7C:DA:E0:65:8F:89
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/P-xdH5szgMQXhP27nYN82uBlj4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.142.0/24
                  109.94.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:f6:11:3e:2c:6b:55:fa:5a:c1:64:7f:88:49:41:5f:17:ce:
         ab:46:82:5c:0d:27:7f:46:5b:2c:d1:0c:9f:33:fd:7f:8f:82:
         f8:6a:f7:14:cd:d5:9a:0a:cc:ed:c5:d3:2f:d0:0a:f9:06:d5:
         98:ca:e1:76:87:32:48:81:88:b8:ef:17:a9:00:6d:e3:1c:c5:
         62:9c:98:54:91:c9:29:f4:4d:f4:9c:20:1f:6e:30:89:33:91:
         f2:8d:f1:89:a3:dd:63:d5:cc:e9:95:7d:41:90:fe:ea:d9:ad:
         ee:8d:f5:b1:30:b5:45:d3:e2:db:cb:f5:d4:79:56:2e:ff:18:
         c9:9d:5e:50:26:5d:3a:fb:2d:9f:09:ee:80:23:01:4c:83:34:
         b7:2a:73:37:1b:0b:bf:cd:7c:da:b4:4b:f3:7d:50:d1:4d:44:
         4f:c5:8f:ab:60:ae:ec:52:40:73:1b:1b:6e:4f:09:bb:fd:f7:
         d0:7c:2d:53:a5:2f:86:d3:96:77:a1:50:79:70:52:9d:10:59:
         af:f6:af:92:db:f6:0c:87:11:1c:bf:13:7c:f6:48:38:ff:65:
         c5:6f:9f:60:a3:31:55:18:1a:a7:7f:21:94:26:a3:60:34:3e:
         de:3a:2f:40:c8:2a:8e:bc:79:93:0c:67:5a:81:89:63:2f:af:
         09:3a:e8:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl22bfmGhEn+9lwHIjgjYNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwOTIzMTM1MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmVjNWQxZjliMzM4MGM0MTc4NGZkYmI5ZDgzN2NkYWUwNjU4Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMJ8k6xFNCfqL/dSMr9pFOT7WgES
686Uj9StH+W21PWPTe2FCZTclvLu9ACl7U3JwAEjFPBTMwED5B6NRwAEOI1948Ss
sYErpOTnBLH5iDGsIcOTVqboaXqxY4Rw6YZaJoiF10G6U22W03qXVOF/JG8Ei/BQ
L75uRho6Wqq9AQx32p1wYbo3++G65vRh1ZTfPya3M3jDCRsClRVIA+g98EbTuWbL
MdXp5P4TtrkyrrhzWsoQd18ukc6RJ4+r/h7ynKH32bSCtwIYPDHQSSDP2YKUJDAE
zl3NTSAmgf1npKwzA1F2I03K/G+Wcucd36oi1mrPm/ZjO3Lcf1jA2h9wgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD/sXR+bM4DEF4T9u52DfNrgZY+JMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvUC14ZEg1c3pnTVFYaFAyN25ZTjgydUJsajRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiaOAwQA
bV6kMA0GCSqGSIb3DQEBCwUAA4IBAQAC9hE+LGtV+lrBZH+ISUFfF86rRoJcDSd/
Rlss0QyfM/1/j4L4avcUzdWaCsztxdMv0Ar5BtWYyuF2hzJIgYi47xepAG3jHMVi
nJhUkckp9E30nCAfbjCJM5HyjfGJo91j1czplX1BkP7q2a3ujfWxMLVF0+Lby/XU
eVYu/xjJnV5QJl06+y2fCe6AIwFMgzS3KnM3Gwu/zXzatEvzfVDRTURPxY+rYK7s
UkBzGxtuTwm7/ffQfC1TpS+G05Z3oVB5cFKdEFmv9q+S2/YMhxEcvxN89kg4/2XF
b59gozFVGBqnfyGUJqNgND7eOi9AyCqOvHmTDGdagYljL68JOuiY
-----END CERTIFICATE-----