Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/b-kXBnz2enkupZbt8hmkaM9cRdY.roa
File:                     b-kXBnz2enkupZbt8hmkaM9cRdY.roa (raw, json)
Hash identifier:          7JMUhGk/UNvBnPJ0huhw0y/oVgp7Khpe/Nkt2yoYqTo=
Subject key identifier:   6F:E9:17:06:7C:F6:7A:79:2E:A5:96:ED:F2:19:A4:68:CF:5C:45:D6
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01999F61FB3B19F99871F94113F55A241B93
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/b-kXBnz2enkupZbt8hmkaM9cRdY.roa
Signing time:             Wed 01 Oct 2025 10:47:02 +0000
ROA not before:           Wed 01 Oct 2025 10:47:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29182
IP address blocks:        46.38.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:61:fb:3b:19:f9:98:71:f9:41:13:f5:5a:24:1b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Oct  1 10:47:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fe917067cf67a792ea596edf219a468cf5c45d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:57:93:ff:19:fc:27:f6:54:44:73:51:42:d1:
                    c1:ba:1b:f3:d6:bd:cb:84:ef:fb:c7:c6:d5:eb:c3:
                    23:b4:f4:c1:43:1f:7e:79:16:37:69:79:5a:1f:fa:
                    f3:73:7d:d4:b9:b0:d0:68:96:fc:e5:14:44:d9:43:
                    19:b9:96:3c:c0:e1:b7:51:2b:d9:36:8f:c0:f5:67:
                    c2:34:3f:5d:0f:25:75:d6:76:d6:78:e1:e8:97:3f:
                    68:e9:4a:72:24:20:01:7b:8a:12:69:ae:8b:ce:00:
                    cd:d0:ad:45:c2:18:88:6d:68:3b:0a:80:c4:b3:d5:
                    ec:eb:60:33:9e:7d:c0:41:02:d9:ff:d4:82:5a:59:
                    78:fd:d4:7f:34:14:69:24:35:fd:f6:19:e3:e8:d0:
                    07:42:55:81:d8:2f:19:08:cc:c6:a8:15:2b:cc:8b:
                    dc:1a:16:02:d5:fb:3b:19:be:8b:ed:bd:c8:43:56:
                    73:54:27:7b:2f:e9:dc:12:38:94:44:c5:80:ec:3c:
                    ee:cd:b0:3b:04:9a:63:c7:55:28:ae:4b:6b:2a:ee:
                    65:90:55:a2:12:ec:36:16:36:4c:59:aa:04:35:5c:
                    ae:a8:6c:aa:93:0f:ce:9e:93:fa:59:32:97:75:e8:
                    2e:1e:20:7c:d5:65:09:ba:b5:5e:80:51:d5:47:fb:
                    d6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E9:17:06:7C:F6:7A:79:2E:A5:96:ED:F2:19:A4:68:CF:5C:45:D6
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/b-kXBnz2enkupZbt8hmkaM9cRdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:22:0a:43:46:a9:25:ae:ca:a0:98:0e:78:7a:cd:83:4e:9d:
         70:88:e7:9e:7e:91:81:5f:81:b3:33:31:a4:72:d6:f3:24:c3:
         1a:f0:94:31:ff:32:3c:38:7e:99:7c:ff:4b:3e:8b:82:09:ba:
         2b:05:49:cc:01:20:21:c7:03:7f:7d:f4:30:81:ba:bc:3d:1b:
         53:1e:8a:22:ce:d5:06:61:56:40:85:44:35:d9:9a:85:48:c2:
         47:83:fc:9d:c0:93:c6:6a:53:18:5a:e5:7a:e2:05:a2:71:0b:
         16:50:9e:72:49:87:c9:ad:03:64:c2:de:45:a5:57:3e:52:30:
         30:0f:ac:9c:aa:5d:46:2f:68:21:73:3a:66:84:0a:f7:dc:f7:
         72:2d:04:62:fb:00:fb:30:e2:36:47:38:dc:c5:9a:fd:2c:71:
         9b:c6:e9:6b:28:13:ff:43:6c:2b:34:c5:51:46:72:01:f7:72:
         55:ff:ae:91:e2:d8:cd:b1:5c:8f:31:f4:e2:cf:49:ed:62:07:
         b3:35:20:f4:74:98:1d:41:6c:4a:3f:9c:13:64:0f:24:2f:3c:
         7d:99:25:c6:87:5d:39:57:18:5e:43:0e:8a:4d:22:01:f1:ff:
         92:66:73:44:48:6b:59:bf:86:2f:26:c2:64:14:c0:8c:bc:63:
         84:db:fe:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmfYfs7GfmYcflBE/VaJBuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUxMDAxMTA0NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmU5MTcwNjdjZjY3YTc5MmVhNTk2ZWRmMjE5YTQ2OGNmNWM0NWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFeT/xn8J/ZURHNRQtHBuhvz1r3L
hO/7x8bV68MjtPTBQx9+eRY3aXlaH/rzc33UubDQaJb85RRE2UMZuZY8wOG3USvZ
No/A9WfCND9dDyV11nbWeOHolz9o6UpyJCABe4oSaa6LzgDN0K1FwhiIbWg7CoDE
s9Xs62Aznn3AQQLZ/9SCWll4/dR/NBRpJDX99hnj6NAHQlWB2C8ZCMzGqBUrzIvc
GhYC1fs7Gb6L7b3IQ1ZzVCd7L+ncEjiURMWA7DzuzbA7BJpjx1UorktrKu5lkFWi
Euw2FjZMWaoENVyuqGyqkw/OnpP6WTKXdeguHiB81WUJurVegFHVR/vW2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/pFwZ89np5LqWW7fIZpGjPXEXWMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvYi1rWEJuejJlbmt1cFpidDhobWthTTljUmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiaYMA0G
CSqGSIb3DQEBCwUAA4IBAQAQIgpDRqklrsqgmA54es2DTp1wiOeefpGBX4GzMzGk
ctbzJMMa8JQx/zI8OH6ZfP9LPouCCborBUnMASAhxwN/ffQwgbq8PRtTHooiztUG
YVZAhUQ12ZqFSMJHg/ydwJPGalMYWuV64gWicQsWUJ5ySYfJrQNkwt5FpVc+UjAw
D6ycql1GL2ghczpmhAr33PdyLQRi+wD7MOI2RzjcxZr9LHGbxulrKBP/Q2wrNMVR
RnIB93JV/66R4tjNsVyPMfTiz0ntYgezNSD0dJgdQWxKP5wTZA8kLzx9mSXGh105
VxheQw6KTSIB8f+SZnNESGtZv4YvJsJkFMCMvGOE2/6P
-----END CERTIFICATE-----