Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/t8FNK2i0rMEbxc7JFCN8YTSfue4.roa
File:                     t8FNK2i0rMEbxc7JFCN8YTSfue4.roa (raw, json)
Hash identifier:          TGDqC9aPRLO5Bs4rgvqauI1vjbtsLGhPLrnrECD+NJc=
Subject key identifier:   B7:C1:4D:2B:68:B4:AC:C1:1B:C5:CE:C9:14:23:7C:61:34:9F:B9:EE
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0199E1CDB20DBAF1392CA380702DCDD64673
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/t8FNK2i0rMEbxc7JFCN8YTSfue4.roa
Signing time:             Tue 14 Oct 2025 08:19:38 +0000
ROA not before:           Tue 14 Oct 2025 08:19:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211162
IP address blocks:        46.38.132.0/24 maxlen: 24
                          46.38.133.0/24 maxlen: 24
                          46.38.134.0/24 maxlen: 24
                          46.38.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e1:cd:b2:0d:ba:f1:39:2c:a3:80:70:2d:cd:d6:46:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Oct 14 08:19:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7c14d2b68b4acc11bc5cec914237c61349fb9ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d9:e7:d8:77:2a:47:73:17:c9:49:6c:9e:28:
                    0f:78:c4:48:cd:ed:ea:47:5e:be:37:6b:d5:9c:7f:
                    8b:3f:b5:b0:0c:c0:98:f4:a2:3b:2a:9a:08:60:8b:
                    04:be:17:37:e2:2f:f0:37:44:08:86:ce:d2:30:05:
                    63:12:16:7c:45:be:d0:63:57:3c:65:aa:6e:1a:1a:
                    aa:de:3a:ac:0b:8c:75:47:d2:62:60:1b:8a:91:0f:
                    ac:40:02:b1:4b:41:e0:59:d9:50:ee:2b:af:48:a7:
                    c1:8b:27:ba:d2:63:f1:ae:bd:e6:4e:8c:30:5f:80:
                    b5:68:39:a4:f8:ab:a3:07:86:79:16:b8:be:7d:c1:
                    29:4b:a8:a1:8e:d6:30:38:61:c7:81:22:da:18:45:
                    3f:0f:95:34:e6:bd:78:3c:69:30:8d:3a:5d:b4:49:
                    1c:d7:4b:b5:7b:a3:98:0e:ff:ca:fe:d8:e2:a8:7f:
                    bf:a6:b2:51:af:01:80:0c:56:b6:dc:17:24:80:66:
                    2a:c3:34:17:40:a0:4b:24:b2:36:67:7e:dd:0c:bd:
                    81:42:57:2d:0a:d6:f7:c4:69:1b:58:dc:d5:54:cc:
                    2a:d0:6f:07:04:3b:32:dd:54:ce:28:89:fd:91:13:
                    32:46:ee:f6:db:ce:c0:41:d3:de:64:e0:58:73:48:
                    80:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:C1:4D:2B:68:B4:AC:C1:1B:C5:CE:C9:14:23:7C:61:34:9F:B9:EE
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/t8FNK2i0rMEbxc7JFCN8YTSfue4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:46:0c:44:a2:61:7e:93:4c:20:f0:87:d0:73:ef:35:e1:9f:
         00:c4:7a:39:4a:da:74:50:61:e1:dd:1b:18:e9:f2:41:fa:3e:
         d6:39:4f:88:e7:75:55:8b:81:79:47:d8:d5:08:aa:c6:ea:bc:
         ab:01:23:d3:67:61:ed:5b:3f:f1:79:38:9d:2c:f0:8a:0f:0f:
         87:be:cd:8a:0b:6e:6f:bd:ed:00:8a:4e:8e:9c:fd:5c:a1:c7:
         f0:30:b1:2f:12:ef:9a:b8:d4:5f:5d:ce:27:91:40:71:6d:24:
         fe:84:b0:49:02:bd:98:36:21:1f:44:0e:db:8f:e1:68:79:fc:
         6e:95:39:1a:ee:5d:5d:bd:dc:59:fa:44:16:6b:9e:65:ed:42:
         41:a5:95:d2:fb:06:c8:11:cf:2c:a5:c1:64:f0:bd:07:bc:7d:
         3a:ac:b0:45:1f:f6:fa:c6:3d:c4:c4:8b:94:f4:52:fe:db:29:
         71:fb:60:cf:7c:2c:6d:90:95:ec:7f:33:52:87:20:9e:c9:24:
         19:b8:ca:20:cb:48:e6:e3:62:fd:a6:78:27:24:bc:c9:59:3b:
         57:f6:f4:ea:97:dc:b4:f4:44:c9:60:0e:92:fb:ca:2b:85:51:
         3b:f5:dc:25:e3:23:a6:fb:52:1b:44:b2:13:43:50:59:91:a5:
         fb:99:5b:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnhzbINuvE5LKOAcC3N1kZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUxMDE0MDgxOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2MxNGQyYjY4YjRhY2MxMWJjNWNlYzkxNDIzN2M2MTM0OWZiOWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdnn2HcqR3MXyUlsnigPeMRIze3q
R16+N2vVnH+LP7WwDMCY9KI7KpoIYIsEvhc34i/wN0QIhs7SMAVjEhZ8Rb7QY1c8
ZapuGhqq3jqsC4x1R9JiYBuKkQ+sQAKxS0HgWdlQ7iuvSKfBiye60mPxrr3mToww
X4C1aDmk+KujB4Z5Fri+fcEpS6ihjtYwOGHHgSLaGEU/D5U05r14PGkwjTpdtEkc
10u1e6OYDv/K/tjiqH+/prJRrwGADFa23BckgGYqwzQXQKBLJLI2Z37dDL2BQlct
Ctb3xGkbWNzVVMwq0G8HBDsy3VTOKIn9kRMyRu72287AQdPeZOBYc0iATwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfBTStotKzBG8XOyRQjfGE0n7nuMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvdDhGTksyaTByTUVieGM3SkZDTjhZVFNmdWU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiaEMA0G
CSqGSIb3DQEBCwUAA4IBAQAkRgxEomF+k0wg8IfQc+814Z8AxHo5Stp0UGHh3RsY
6fJB+j7WOU+I53VVi4F5R9jVCKrG6ryrASPTZ2HtWz/xeTidLPCKDw+Hvs2KC25v
ve0Aik6OnP1cocfwMLEvEu+auNRfXc4nkUBxbST+hLBJAr2YNiEfRA7bj+Foefxu
lTka7l1dvdxZ+kQWa55l7UJBpZXS+wbIEc8spcFk8L0HvH06rLBFH/b6xj3ExIuU
9FL+2ylx+2DPfCxtkJXsfzNShyCeySQZuMogy0jm42L9pngnJLzJWTtX9vTql9y0
9ETJYA6S+8orhVE79dwl4yOm+1IbRLITQ1BZkaX7mVse
-----END CERTIFICATE-----